mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-05-08 21:12:04 +02:00
a354e57659
IPv4 addresses can also be in decimal or hex formats. These were not checked during the Global IP check, and could bypass it. We now convert everything to the right format before running this check and it will catch these formats. Also updated the `is_global()` function to match Rust's still unstable version. And updated the Image Magic checks to be more precise and filter out any possible broken or invalid formats. While at it, also added several checks to ensure these special formatted IPv4 addresses are still blocked and punycode domains are also correctly resolved. Signed-off-by: BlackDex <black.dex@gmail.com>
28 lines
996 B
TOML
28 lines
996 B
TOML
[files]
|
|
extend-exclude = [
|
|
".git/",
|
|
"playwright/",
|
|
"*.js", # Ignore all JavaScript files
|
|
"!admin*.js", # Except our own JavaScript files
|
|
]
|
|
ignore-hidden = false
|
|
|
|
[default]
|
|
extend-ignore-re = [
|
|
# We use this in place of the reserved type identifier at some places
|
|
"typ",
|
|
# In SMTP it's called HELO, so ignore it
|
|
"(?i)helo_name",
|
|
"Server name sent during.+HELO",
|
|
# COSE Is short for CBOR Object Signing and Encryption, ignore these specific items
|
|
"COSEKey",
|
|
"COSEAlgorithm",
|
|
# Ignore this specific string as it's valid
|
|
"Ensure they are valid OTPs",
|
|
# This word is misspelled upstream
|
|
# https://github.com/bitwarden/server/blob/dff9f1cf538198819911cf2c20f8cda3307701c5/src/Notifications/HubHelpers.cs#L86
|
|
# https://github.com/bitwarden/clients/blob/9612a4ac45063e372a6fbe87eb253c7cb3c588fb/libs/common/src/auth/services/anonymous-hub.service.ts#L45
|
|
"AuthRequestResponseRecieved",
|
|
# Ignore Punycode/IDN tests
|
|
"xn--.+"
|
|
]
|