refacotring IP validation and anonymization. fixes Open-Web-Analytics…

…#818.
jmturner · Feb 15, 2022 · e223521 · e223521
1 parent 613f5f8
commit e223521
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 85 deletions.
diff --git a/modules/base/classes/trackingEventHelpers.php b/modules/base/classes/trackingEventHelpers.php
@@ -255,6 +255,7 @@ static function languageDefault() {
     static function ipAddressDefault() {
 
         $ip = '';
+        $chosen_ip = '';
 
         // array of SERVER params that could possibly contain the IP address
         // ordered by probability of relevant match
@@ -274,7 +275,8 @@ static function ipAddressDefault() {
             if ( owa_coreAPI::getServerParam( $param ) ) {
 
                  $ip = owa_coreAPI::getServerParam( $param );
-                 owa_coreAPI::debug("ip address found in $param");
+                 owa_coreAPI::debug("ip address $ip found in $param");
+
                  break;
              }
         }
@@ -290,39 +292,40 @@ static function ipAddressDefault() {
 
                  $candidate_ip = trim( $candidate_ip );
 
-                 if ( owa_lib::isValidIp( $candidate_ip ) && ! owa_lib::isPrivateIp( $candidate_ip ) ) {
+                 if ( owa_lib::isNotPrivateIp( $candidate_ip ) ) {
 
-                     $ip = $candidate_ip;
+                     $chosen_ip = $candidate_ip;
+                     owa_coreAPI::debug("Candidate IP address $candidate_ip was chosen.");
 
                      break;
+
+                 } else {
+
+	                 owa_coreAPI::debug("Candidate IP address $candidate_ip was private.");
                  }
              }
-
-             // if still no valid public IP then just use the first one found
-             if ( strpos( $ip, ',' ) ) {
-
-                 $ip = trim( $candidate_ips[0] ) ;
-             }
-
+
+         } else {
+
+	         if ( owa_lib::isNotPrivateIp( $ip ) ) {
+
+		     	$chosen_ip = $ip;
+		     	owa_coreAPI::debug("IP address $ip was chosen.");
+
+		     } else {
+
+			     owa_coreAPI::debug("IP address $ip was private.");
+		     }
          }
 
-         // Anonymize IP if needed.
-         if ( owa_coreAPI::getSetting( 'base', 'anonymize_ips' ) ) {
-             if ( $ip && strpos( $ip , '.' ) ) {
-
-                $ip = explode( '.', $ip );
-                array_pop($ip);
-                $ip = implode('.', $ip);
-                $ip .= '.0';
-            }elseif ($ip && strpos($ip, ':')) {
-                $ip = explode(':', $ip, 4);
-                array_pop($ip);
-                $ip = implode(':', $ip);
-                $ip .= '::';
-            }
+        // Anonymize IP if needed.
+        if ( $chosen_ip && owa_coreAPI::getSetting( 'base', 'anonymize_ips' ) ) {
+
+			$chosen_ip = owa_lib::anonymizeIp( $chosen_ip );
+			owa_coreAPI::debug("IP address was anonymized.");
         }
 
-         return $ip;
+        return $chosen_ip;
     }
 
     static function timestampDefault() {
@@ -830,11 +833,11 @@ static function resolveFullHost( $full_host, $event ) {
             // get ip address
             $ip_address = $event->get( 'ip_address' );
 
-            if ( filter_var( $ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE, FILTER_FLAG_NO_RES_RANGE ) ) {
+            if ( owa_lib::isNotPrivateIp( $ip_address ) ) {
 
 	            // valid v4 or v6 IP address
 
-	            if ( filter_var( $ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) {
+	            if ( owa_lib::isValidIpv6( $ip_address ) ) {
 
 		            // is v6 format
 		            $result = @dns_get_record( $ip_address, DNS_AAAA );

diff --git a/owa_lib.php b/owa_lib.php
@@ -3,33 +3,13 @@
 //
 // Open Web Analytics - An Open Source Web Analytics Framework
 //
-// Copyright 2006 Peter Adams. All rights reserved.
+// Copyright Peter Adams. All rights reserved.
 //
 // Licensed under GPL v2.0 http://www.gnu.org/copyleft/gpl.html
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-// $Id$
-//
-
-//require_once 'owa_env.php';
-
-//require_once(OWA_BASE_CLASS_DIR.'settings.php');
 
 /**
  * Utility Functions
  * 
- * @author      Peter Adams <[email protected]>
- * @copyright   Copyright &copy; 2006 Peter Adams <[email protected]>
- * @license     http://www.gnu.org/copyleft/gpl.html GPL v2.0
- * @category    owa
- * @package     owa
- * @version        $Revision$
- * @since        owa 1.0.0
  */
 class owa_lib {
 
@@ -1353,50 +1333,46 @@ public static function moveFile( $oldfile, $newfile ) {
             }
         }
     }
+
+    public static function anonymizeIp( $ip_address ) {
+
+	    $ipv4NetMask = "255.255.255.0";
+	    $ipv6NetMask = "ffff:ffff:ffff:ffff:0000:0000:0000:0000";
+
+	    $packed_address = inet_pton( $ip_address);
 
-    public static function isValidIp( $ip_address ) {
-
-        // if valid ip address
-        if ( ! empty( $ip_address )
-            && ip2long( $ip_address ) != -1
-            && ip2long( $ip_address ) != false
-        ) {
-
-            return true;
+        if ( strlen( $packed_address ) == 4 ) {
+
+            return inet_ntop( inet_pton( $ip_address ) & inet_pton( $ipv4NetMask ) );
+
+        } elseif ( strlen( $packed_address ) == 16 ) {
+
+            return inet_ntop( inet_pton( $ip_address ) & inet_pton( $ipv6NetMask ) );
         }
+    }
+
+    public static function isIpv6SupportEnabled() {
+
+		if ( defined( 'AF_INET6' ) ) {
+
+			return true;
+		}
+    }
 
+    public static function isValidIp( $ip_address ) {
+
+		return filter_var( $ip_address, FILTER_VALIDATE_IP, [] );
     }
 
     // check to see if the IP address falls within known private IP ranges
-    public static function isPrivateIp( $ip_address ) {
-
-        $ip = ip2long( $ip_address);
-
-        $private_ip_ranges = array (
-            array('0.0.0.0','2.255.255.255'),
-            array('10.0.0.0','10.255.255.255'),
-            array('127.0.0.0','127.255.255.255'),
-            array('169.254.0.0','169.254.255.255'),
-            array('172.16.0.0','172.31.255.255'),
-            array('192.0.2.0','192.0.2.255'),
-            array('192.168.0.0','192.168.255.255'),
-            array('255.255.255.0','255.255.255.255')
-        );
-
-        //check to see if it falls within a known private range
-        foreach ( $private_ip_ranges as $range ) {
-
-            $min = ip2long( $range[0] );
-            $max = ip2long( $range[1] );
+    public static function isNotPrivateIp( $ip_address ) {
 
-            if ( ( $ip >= $min ) && ( $ip <= $max ) ) {
-
-                return true;
-            }
-        }
-
-        // if it makes it through the checks then it's not private.
-        return false;
+		return filter_var( $ip_address, FILTER_VALIDATE_IP, ['flags' => FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE ] );
+    }
+
+    public static function isValidIpv6( $ip_address ) {
+
+	    return filter_var( $ip_address, FILTER_VALIDATE_IP, ['flags' => FILTER_FLAG_IPV6 ] );
     }
 
     public static function keyExistsNotEmpty( $key, $array ) {