On Fri, 6 Aug 2021 19:50:48 GMT, Jonathan Dowland <jdowl...@openjdk.org> wrote:
>> The tests `test/jdk/java/net/HttpURLConnection/HttpURLConWithProxy.java` >> uses the IP address "1.1.1.1" as a value. I think at the time the address >> was picked, the assumption was the address was not valid / not routable. >> Since April 2018 the address is part of CloudFlare's "Free" DNS product: >> <https://en.wikipedia.org/wiki/1.1.1.1>. (this test was originally written >> in 2016, before the service was launched) >> >> I've verified using local packet captures that running the test does result >> in IP traffic being sent to 1.1.1.1. (Several other tests in JDK use 1.1.1.1 >> as a placeholder IP. I've checked them all and none of the others connect >> out to the IP like this one) >> >> This PR substitutes that IP address value (and two others) for ones from a >> reserved IP range (240.0.0.0/4 according to RFC 6761) which will not result >> in runners of the test suit inadvertently sending IP packets to the >> CloudFlare service. >> >> This could be invalidated again if that address range is allocated at some >> point in the future. A more future-proof fix would be to bind to random >> ports on localhost for each dummy proxy (as done for the target HTTP server >> in the test already). I can do that if preferred. >> >> <https://bugs.openjdk.java.net/browse/JDK-8270553> > > Jonathan Dowland has updated the pull request with a new target base due to a > merge or a rebase. The pull request now contains one commit: > > 8270553: Tests should not use (real, in-use, routable) 1.1.1.1 as dummy IP > value LGTM. Thanks for adding the comment Jonathan! If you integrate I will sponsor this. (PS: I hadn't notice your changes because you used force-push - instead of merge - and the update sent by github let me believe the commit was a merge commit - apologies for the delay) ------------- Marked as reviewed by dfuchs (Reviewer). PR: https://git.openjdk.java.net/jdk/pull/4806
