Simplifies the config

neo4j-contrib · Feb 1, 2022 · 5ac2f68 · 5ac2f68
1 parent 1a4c67f
commit 5ac2f68
Showing 1 changed file with 16 additions and 25 deletions.
diff --git a/core/src/main/java/apoc/ApocConfig.java b/core/src/main/java/apoc/ApocConfig.java
@@ -25,6 +25,7 @@
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.net.InetAddress;
+import java.net.MalformedURLException;
 import java.net.URL;
 import java.time.Duration;
 import java.time.ZoneId;
@@ -113,6 +114,7 @@ public class ApocConfig extends LifecycleAdapter {
 
     public ApocConfig(Config neo4jConfig, LogService log, GlobalProcedures globalProceduresRegistry, DatabaseManagementService databaseManagementService) {
         this.neo4jConfig = neo4jConfig;
+        this.blockedIpRanges = neo4jConfig.get(ApocSettings.cypher_ip_blocklist);
         this.log = log.getInternalLog(ApocConfig.class);
         this.databaseManagementService = databaseManagementService;
         theInstance = this;
@@ -203,11 +205,7 @@ protected void loadConfiguration() {
 
             boolean allowFileUrls = neo4jConfig.get(GraphDatabaseSettings.allow_file_urls);
             config.setProperty(APOC_IMPORT_FILE_ALLOW__READ__FROM__FILESYSTEM, allowFileUrls);
-
-            var blockedIpRanges = neo4jConfig.get(ApocSettings.cypher_ip_blocklist);
-            if (!config.containsKey(CYPHER_IP_BLOCKLIST) && blockedIpRanges != null)
-                config.setProperty(CYPHER_IP_BLOCKLIST, blockedIpRanges);
-
+
             // todo - evaluate default timezone here [maybe is reusable], otherwise through db.execute('CALL dbms.listConfig()')
             final Setting<ZoneId> db_temporal_timezone = GraphDatabaseSettings.db_temporal_timezone;
             config.setProperty(db_temporal_timezone.name(), neo4jConfig.get(db_temporal_timezone));
@@ -270,32 +268,25 @@ public void isImportFileEnabled() {
         }
     }
 
-    private void checkNotBlocked(URL url) throws Exception
-    {
-        List<IPAddressString> blockedIpRanges = config.getList(IPAddressString.class, CYPHER_IP_BLOCKLIST);
-
-        if (blockedIpRanges != null && !blockedIpRanges.isEmpty()) {
-            InetAddress inetAddress = InetAddress.getByName( url.getHost() );
-
-            for (var blockedIpRange : blockedIpRanges) {
-                if (blockedIpRange.contains(new IPAddressString(inetAddress.getHostAddress()))) {
-                    throw new URLAccessValidationError("access to " + inetAddress + " is blocked via the configuration property "
-                                                        + ApocSettings.cypher_ip_blocklist.name());
-                }
-            }
-        }
-    }
-
     private void checkAllowedUrl(String url) throws IOException {
         try {
-            checkNotBlocked(new URL(url));
-        } catch (Exception e) {
+            URL parsedUrl = new URL(url);
+            InetAddress inetAddress = InetAddress.getByName(parsedUrl.getHost());
+
+            for (var blockedIpRange : blockedIpRanges)
+            {
+                if (blockedIpRange.contains(new IPAddressString( inetAddress.getHostAddress())))
+                {
+                    throw new IOException("access to " + inetAddress + " is blocked via the configuration property "
+                                           + ApocSettings.cypher_ip_blocklist.name());
+                }
+            }
+        } catch (MalformedURLException e) {
             throw new IOException(e);
         }
     }
 
-    public void checkReadAllowed(String url) throws IOException
-    {
+    public void checkReadAllowed(String url) throws IOException {
         if (isFile(url)) {
             isImportFileEnabled();
         } else {