HCK-10586: add ipv6 escaping (#60)

WilhelmWesser · web-flow · commit f3b64af7f0d9 · 2025-05-20T13:58:43.000Z
* HCK-10586: add ipv6 escaping

* HCK-10586: remove template

* HCK-10586: enchanced ipv6 escaping logic
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -50,6 +50,7 @@
     "disabled": false,
     "dependencies": {
         "async": "3.2.6",
+        "ip": "2.0.1",
         "lodash": "4.17.21",
         "neo4j-driver": "4.4.11"
     },
diff --git a/reverse_engineering/escapeV6IPForURL.js b/reverse_engineering/escapeV6IPForURL.js
@@ -0,0 +1,64 @@
+const ip = require('ip');
+
+/**
+ * @see https://en.wikipedia.org/wiki/IPv6_address
+ * Literal IPv6 addresses in resources (URLs):
+------------------------------------------------
+ * Colon (:) characters in IPv6 addresses may conflict with the established syntax of resource identifiers,
+ * such as URIs and URLs. The colon is conventionally used to terminate the host path before a port number.[10]
+ * To alleviate this conflict, literal IPv6 addresses are enclosed in square brackets in such resource identifiers;
+ * When the URL doesn't conatoin the port the notation is http://[2001:db8:85a3:8d3:1319:8a2e:370:7348]/
+ * When the URL also contains a port number the notation is: https://[2001:db8:85a3:8d3:1319:8a2e:370:7348]:443/
+ *
+ * @param {{
+ * 	host: string
+ * }} param
+ * @returns {string}
+*/
+function escapeV6IpForURL({ host }) {
+	/**
+	 * If the host is already URL compatible then the ip lib will return false > ip.isV6Format('[::1]') false
+	 * If the host is a proper ipv6 ip then the `new URL(host)` will fail with Uncaught TypeError: Invalid URL code: 'ERR_INVALID_URL',
+	 * !ip.isV4Format(host) check required because isV6Format returns true for ipv4 address because of backward compatibility
+	 */
+	if (ip.isV6Format(host) && !ip.isV4Format(host)) {
+		return `[${host}]`;
+	}
+
+	const isUrlValid = isValidURL(host);
+	if (isUrlValid) {
+		return host;
+	}
+
+	const urlWithIpV6HostRegExp = new RegExp(/^http(s)?:\/\/(?<unescapedIpWithPort>([a-z0-9]{0,4}:?)+)/gim);
+	const { unescapedIpWithPort } = urlWithIpV6HostRegExp.exec(host)?.groups ?? {};
+
+	if (!unescapedIpWithPort) {
+		return host;
+	}
+
+	const separatedIpPortionsAndPort = unescapedIpWithPort.split(':');
+	const ipPortions = separatedIpPortionsAndPort.slice(0, separatedIpPortionsAndPort.length - 1);
+	const port = separatedIpPortionsAndPort.at(-1);
+	const escapedIpWithPort = `[${ipPortions.join(':')}]:${port}`;
+
+	return host.replace(unescapedIpWithPort, escapedIpWithPort);
+}
+
+/**
+ * @param {string} url
+ * @returns {boolean}
+ */
+function isValidURL(url) {
+	try {
+		new URL(url);
+
+		return true;
+	} catch {
+		return false;
+	}
+}
+
+module.exports = {
+	escapeV6IpForURL,
+};
diff --git a/reverse_engineering/neo4jHelper.js b/reverse_engineering/neo4jHelper.js
@@ -1,6 +1,7 @@
 const neo4j = require('neo4j-driver');
 const fs = require('fs');
 const _ = require('lodash');
+const { escapeV6IpForURL } = require('./escapeV6IPForURL');
 
 let driver;
 let isSshTunnel = false;
@@ -430,10 +431,10 @@ const getConnectionURI = info => {
 	if (neo4jProtocolRegex.test(info.host)) {
 		host = info.host;
 	} else {
-		host = `bolt://${info.host}`;
+		host = `bolt://${escapeV6IpForURL({ host: info.host })}`;
 	}
 	if (info.port) {
-		host = `${host}:${info.port}`;
+		host = `${escapeV6IpForURL({ host: info.host })}:${info.port}`;
 	}
 
 	return host;
