security::secure_hostname

security::secure_hostname_p (public)

 security::secure_hostname_p host

Defined in packages/acs-tcl/tcl/security-procs.tcl

Check, if the content of host is a "secure" value, which means, it is either white-listed or belongs to a non-public IP adddress, such it cannot harm in redirect operations.

Parameters:: host
Returns:: boolean value
Partial Call Graph (max 5 caller/called nodes):
Testcases:: No testcase defined.

Source code:

    #
    # If the host has an non-public IP address (such as
    # e.g. "localhost") it is regarded as "secure". The first test is
    # the most simple case, working for all versions of NaviServer or
    # AOLserver.
    #
    if {$host in {localhost 127.0.0.1 ::1}} {
        return 1
    }

    set validationOk 0
    if {[acs::icanuse "ns_ip"]} {
        #
        # Check, if the address is not public. It resolves the
        # $hostName and checks the properties of the first IP address
        # returned.
        #
        set validationOk [expr {![ns_ip public [ns_addrbyhost $host]]}]

    } elseif {[acs::icanuse "ns_subnetmatch"]} {
        #
        # Test for older versions of NaviServer testing if value is an
        # IP address belonging to a "private network".
        #
        try {
            ns_subnetmatch 0.0.0.0/0 $host
        } on error {errorMsg} {
            set ip_address_p 0
        } on ok {ip_address_p} {
        }
        if {$ip_address_p} {
            if {[ns_subnetmatch 10.0.0.0/8 $host]
                || [ns_subnetmatch 172.16.0.0/12 $host]
                || [ns_subnetmatch 192.168.0.0/16 $host]
                || [ns_subnetmatch fd00::/8 $host]
            } {
                return 1
            }
        }
    }

    return 0

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql

[ hide source ] | [ make this the default ]