[ISSUE #407] Support wildcard IPs in ACL whitelist#10596
[ISSUE #407] Support wildcard IPs in ACL whitelist#10596itxaiohanglover wants to merge 1 commit into
Conversation
IPAddressUtils.isIPInRange did not recognize 0.0.0.0, ::, or * as wildcard addresses. When a user configured 0.0.0.0 in the ACL IP whitelist, it only matched the exact IP 0.0.0.0 instead of all IPs. Add support for: - 0.0.0.0 and 0.0.0.0/0: match any IPv4 address - :: and ::/0: match any IPv6 address - *: match any address Added test cases for all wildcard patterns.
RockteMQ-AI
left a comment
There was a problem hiding this comment.
Review by github-manager-bot
Summary
Adds wildcard/match-all IP support to IPAddressUtils.isIPInRange() for ACL whitelist configuration. Supports *, 0.0.0.0, 0.0.0.0/0, ::, and ::/0 as universal match patterns.
Findings
-
[Warning]
IPAddressUtils.java:86-89— Treating bare0.0.0.0as "match all" is a semantic choice that could be surprising. In standard networking,0.0.0.0can mean "any address" but also "this host" depending on context. Consider documenting this behavior explicitly in the method Javadoc, or only treating CIDR forms (0.0.0.0/0,::/0) and*as wildcards to reduce ambiguity. -
[Info]
IPAddressUtilsTest.java— The tests show cross-protocol matching:isIPInRange("192.168.1.10", "::/0")returns true andisIPInRange("2001:0db8::1", "0.0.0.0/0")returns true. This is consistent with the "match all" semantics but worth a brief comment in the test to make the intent clear. -
[Info] Good test coverage for the new wildcard paths. The implementation is clean and the early-return pattern avoids unnecessary CIDR parsing overhead.
Suggestions
- Add a Javadoc note on
isIPInRange()explaining which values are treated as wildcards and the cross-protocol matching behavior. - Consider whether
0.0.0.0(without/0) should really be a wildcard — this could be a footgun if someone accidentally configures a single IP of0.0.0.0expecting it to match only that specific address.
Automated review by github-manager-bot
Fixes apache/rocketmq-dashboard#407. IPAddressUtils.isIPInRange did not recognize 0.0.0.0, ::, or * as wildcard addresses. When users configured 0.0.0.0 in ACL IP whitelist, it only matched the exact IP instead of all IPs.