From 4873dcbf1ede48d3a79be9abd997fb0b85d493fb Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 31 Oct 2024 16:59:27 -0400
Subject: [PATCH 1/5] fix(security): Handle IPv6 zone IDs used in link-local
 addresses

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/private/Security/Ip/Address.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/private/Security/Ip/Address.php b/lib/private/Security/Ip/Address.php
index e0bb906e82d7a..0e94ec2d9ea41 100644
--- a/lib/private/Security/Ip/Address.php
+++ b/lib/private/Security/Ip/Address.php
@@ -11,6 +11,7 @@
 use InvalidArgumentException;
 use IPLib\Address\AddressInterface;
 use IPLib\Factory;
+use IPLib\ParseStringFlag;
 use OCP\Security\Ip\IAddress;
 use OCP\Security\Ip\IRange;
 
@@ -21,7 +22,7 @@ class Address implements IAddress {
 	private readonly AddressInterface $ip;
 
 	public function __construct(string $ip) {
-		$ip = Factory::parseAddressString($ip);
+		$ip = Factory::parseAddressString($ip, ParseStringFlag::MAY_INCLUDE_ZONEID);
 		if ($ip === null) {
 			throw new InvalidArgumentException('Given IP address can’t be parsed');
 		}
@@ -29,7 +30,7 @@ public function __construct(string $ip) {
 	}
 
 	public static function isValid(string $ip): bool {
-		return Factory::parseAddressString($ip) !== null;
+		return Factory::parseAddressString($ip, ParseStringFlag::MAY_INCLUDE_ZONEID) !== null;
 	}
 
 	public function matches(IRange ... $ranges): bool {

From 077eea18b517ef25315c3cb5c8bca8202c12bfa4 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 31 Oct 2024 17:01:34 -0400
Subject: [PATCH 2/5] fix(security): Handle IPv6 zone IDs used in link-local
 addresses

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/private/Security/Ip/Range.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/private/Security/Ip/Range.php b/lib/private/Security/Ip/Range.php
index 39c03677f8100..e32b7a5abc095 100644
--- a/lib/private/Security/Ip/Range.php
+++ b/lib/private/Security/Ip/Range.php
@@ -10,6 +10,7 @@
 
 use InvalidArgumentException;
 use IPLib\Factory;
+use IPLib\ParseStringFlag;
 use IPLib\Range\RangeInterface;
 use OCP\Security\Ip\IAddress;
 use OCP\Security\Ip\IRange;
@@ -30,7 +31,7 @@ public static function isValid(string $range): bool {
 	}
 
 	public function contains(IAddress $address): bool {
-		return $this->range->contains(Factory::parseAddressString((string)$address));
+		return $this->range->contains(Factory::parseAddressString((string)$address, ParseStringFlag::MAY_INCLUDE_ZONEID));
 	}
 
 	public function __toString(): string {

From da4066ae3966f9996eda1017b7e72e444b5a6421 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Thu, 31 Oct 2024 17:06:36 -0400
Subject: [PATCH 3/5] fix(net): Add IPv6 zone handling to IpAddressClassifier

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 lib/private/Net/IpAddressClassifier.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/Net/IpAddressClassifier.php b/lib/private/Net/IpAddressClassifier.php
index 5f41f4a086aa1..b73d41fd79b7e 100644
--- a/lib/private/Net/IpAddressClassifier.php
+++ b/lib/private/Net/IpAddressClassifier.php
@@ -34,7 +34,7 @@ class IpAddressClassifier {
 	public function isLocalAddress(string $ip): bool {
 		$parsedIp = Factory::parseAddressString(
 			$ip,
-			ParseStringFlag::IPV4_MAYBE_NON_DECIMAL | ParseStringFlag::IPV4ADDRESS_MAYBE_NON_QUAD_DOTTED
+			ParseStringFlag::IPV4_MAYBE_NON_DECIMAL | ParseStringFlag::IPV4ADDRESS_MAYBE_NON_QUAD_DOTTED | ParseStringFlag::MAY_INCLUDE_ZONEID
 		);
 		if ($parsedIp === null) {
 			/* Not an IP */

From 97421fb1436ca4d130d3dd2600c605e92325be80 Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 4 Nov 2024 09:30:21 -0500
Subject: [PATCH 4/5] fix(tests): Add RemoteAddress v6 zone ID test

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 tests/lib/Security/Ip/RemoteAddressTest.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/lib/Security/Ip/RemoteAddressTest.php b/tests/lib/Security/Ip/RemoteAddressTest.php
index d780c3bc19861..d1f621796feee 100644
--- a/tests/lib/Security/Ip/RemoteAddressTest.php
+++ b/tests/lib/Security/Ip/RemoteAddressTest.php
@@ -52,6 +52,8 @@ public function dataProvider(): array {
 			// No configuration
 			['1.2.3.4', false, true],
 			['1234:4567:8910::', false, true],
+			// v6 Zone ID
+			['fe80::1fc4:15d8:78db:2319%enp4s0', false, true],
 			// Empty configuration
 			['1.2.3.4', [], true],
 			['1234:4567:8910::', [], true],

From e885e4f13dde99c56ee84106205d348fb399646e Mon Sep 17 00:00:00 2001
From: Josh <josh.t.richards@gmail.com>
Date: Mon, 4 Nov 2024 09:31:48 -0500
Subject: [PATCH 5/5] fix(tests): Add  IpAddressClassifier v6 zone ID test

Signed-off-by: Josh <josh.t.richards@gmail.com>
---
 tests/lib/Net/IpAddressClassifierTest.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/lib/Net/IpAddressClassifierTest.php b/tests/lib/Net/IpAddressClassifierTest.php
index 616a6872bdbbc..803be00f74075 100644
--- a/tests/lib/Net/IpAddressClassifierTest.php
+++ b/tests/lib/Net/IpAddressClassifierTest.php
@@ -43,6 +43,7 @@ public function localIpAddressData(): array {
 		return [
 			['192.168.0.1'],
 			['fe80::200:5aee:feaa:20a2'],
+			['fe80::1fc4:15d8:78db:2319%enp4s0'], // v6 zone ID
 			['0:0:0:0:0:ffff:10.0.0.1'],
 			['0:0:0:0:0:ffff:127.0.0.0'],
 			['10.0.0.1'],