co-pilot comments

- ProxyCustomizer: fail closed when peer address cannot be evaluated
  (non-InetSocketAddress or null InetAddress) instead of trusting PROXY data
- CidrRange: use Guava InetAddresses.forString() instead of InetAddress.getByName()
  to reject hostnames and avoid DNS resolution during config parsing
- CidrRange: trim address and prefix components before parsing

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: devhritwik

core/src/main/java/io/confluent/rest/customizer/CidrRange.java

@@ -16,10 +16,11 @@
 
 package io.confluent.rest.customizer;
 
+import com.google.common.net.InetAddresses;
+
 import org.apache.kafka.common.config.ConfigException;
 
 import java.net.InetAddress;
-import java.net.UnknownHostException;
 
 /**
  * Represents a CIDR range (e.g., "10.240.0.0/16") and provides a method to check
@@ -48,18 +49,22 @@ public static CidrRange parse(String cidr) {
       throw new ConfigException("Invalid CIDR notation: " + cidr);
     }
 
+    String addressStr = parts[0].trim();
+    String prefixStr = parts[1].trim();
+
     InetAddress network;
     try {
-      network = InetAddress.getByName(parts[0]);
-    } catch (UnknownHostException e) {
-      throw new ConfigException("Invalid network address in CIDR: " + parts[0]);
+      // Use InetAddresses.forString() to reject hostnames and avoid DNS resolution.
+      network = InetAddresses.forString(addressStr);
+    } catch (IllegalArgumentException e) {
+      throw new ConfigException("Invalid network address in CIDR: " + addressStr);
     }
 
     int prefixLength;
     try {
-      prefixLength = Integer.parseInt(parts[1]);
+      prefixLength = Integer.parseInt(prefixStr);
     } catch (NumberFormatException e) {
-      throw new ConfigException("Invalid prefix length in CIDR: " + parts[1]);
+      throw new ConfigException("Invalid prefix length in CIDR: " + prefixStr);
     }
 
     byte[] networkBytes = network.getAddress();

core/src/main/java/io/confluent/rest/customizer/ProxyCustomizer.java

@@ -88,19 +88,32 @@ public Request customize(Request request, HttpFields.Mutable mutable) {
     if (endPoint instanceof ProxyConnectionFactory.ProxyEndPoint proxyEndPoint) {
       EndPoint underlyingEndpoint = proxyEndPoint.unwrap();
 
-      // Check peer IP against accepted range before using PROXY data
+      // Check peer IP against accepted range before using PROXY data.
+      // Fail closed: if the peer address cannot be evaluated, ignore PROXY data.
       if (acceptedIpRange != null) {
         SocketAddress rawRemote = underlyingEndpoint.getRemoteSocketAddress();
-        if (rawRemote instanceof InetSocketAddress inetRemote) {
-          InetAddress peerAddress = inetRemote.getAddress();
-          if (!acceptedIpRange.contains(peerAddress)) {
-            log.debug(
-                "Peer IP {} is not in accepted range, ignoring PROXY protocol data",
-                peerAddress.getHostAddress());
-            // Override the connection metadata to use raw TCP addresses,
-            // undoing the ProxyEndPoint's effect on getRemoteAddr()
-            return new RawPeerRequest(request, underlyingEndpoint);
-          }
+        if (!(rawRemote instanceof InetSocketAddress inetRemote)) {
+          log.debug(
+              "Raw remote address {} is not an InetSocketAddress;"
+                  + " ignoring PROXY protocol data",
+              rawRemote);
+          return new RawPeerRequest(request, underlyingEndpoint);
+        }
+
+        InetAddress peerAddress = inetRemote.getAddress();
+        if (peerAddress == null) {
+          log.debug(
+              "Raw remote InetSocketAddress {} has null InetAddress;"
+                  + " ignoring PROXY protocol data",
+              inetRemote);
+          return new RawPeerRequest(request, underlyingEndpoint);
+        }
+
+        if (!acceptedIpRange.contains(peerAddress)) {
+          log.debug(
+              "Peer IP {} is not in accepted range, ignoring PROXY protocol data",
+              peerAddress.getHostAddress());
+          return new RawPeerRequest(request, underlyingEndpoint);
         }
       }