Don't allow loopback IP addresses for hosts (#2920)

I don't know where in the spec these are explicitly disallowed, but it
seems like good practice and we'll fail the RST tests if we don't
disallow them.

Author: gbrodman

core/src/main/java/google/registry/flows/host/HostCreateFlow.java

@@ -116,6 +116,7 @@ public EppResponse run() throws EppException {
           ? new SubordinateHostMustHaveIpException()
           : new UnexpectedExternalHostIpException();
     }
+    HostFlowUtils.validateInetAddresses(command.getInetAddresses());
     Host newHost =
         new Host.Builder()
             .setCreationRegistrarId(registrarId)

core/src/main/java/google/registry/flows/host/HostFlowUtils.java

@@ -22,6 +22,7 @@
 
 import com.google.common.base.Ascii;
 import com.google.common.base.CharMatcher;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.net.InternetDomainName;
 import google.registry.flows.EppException;
 import google.registry.flows.EppException.AuthorizationErrorException;
@@ -34,6 +35,7 @@
 import google.registry.model.domain.Domain;
 import google.registry.model.eppcommon.StatusValue;
 import google.registry.util.Idn;
+import java.net.InetAddress;
 import java.util.Optional;
 import org.joda.time.DateTime;
 
@@ -108,6 +110,24 @@ public static Optional<Domain> lookupSuperordinateDomain(
     return superordinateDomain;
   }
 
+  /** Makes sure that no provided IP addresses are local / loopback addresses. */
+  public static void validateInetAddresses(ImmutableSet<InetAddress> inetAddresses)
+      throws EppException {
+    if (inetAddresses == null) {
+      return;
+    }
+    if (inetAddresses.stream().anyMatch(InetAddress::isLoopbackAddress)) {
+      throw new LoopbackIpNotValidForHostException();
+    }
+  }
+
+  /** Loopback IPs are not valid for hosts. */
+  static class LoopbackIpNotValidForHostException extends ParameterValuePolicyErrorException {
+    public LoopbackIpNotValidForHostException() {
+      super("Loopback IPs are not valid for hosts");
+    }
+  }
+
   /** Superordinate domain for this hostname does not exist. */
   static class SuperordinateDomainDoesNotExistException extends ObjectDoesNotExistException {
     public SuperordinateDomainDoesNotExistException(String domainName) {

core/src/main/java/google/registry/flows/host/HostUpdateFlow.java

@@ -161,6 +161,7 @@ public EppResponse run() throws EppException {
     AddRemove remove = command.getInnerRemove();
     checkSameValuesNotAddedAndRemoved(add.getStatusValues(), remove.getStatusValues());
     checkSameValuesNotAddedAndRemoved(add.getInetAddresses(), remove.getInetAddresses());
+    HostFlowUtils.validateInetAddresses(add.getInetAddresses());
     VKey<Domain> newSuperordinateDomainKey =
         newSuperordinateDomain.map(Domain::createVKey).orElse(null);
     // If the superordinateDomain field is changing, set the lastSuperordinateChange to now.

core/src/test/java/google/registry/flows/host/HostCreateFlowTest.java

@@ -45,6 +45,7 @@
 import google.registry.flows.host.HostFlowUtils.HostNameNotPunyCodedException;
 import google.registry.flows.host.HostFlowUtils.HostNameTooLongException;
 import google.registry.flows.host.HostFlowUtils.HostNameTooShallowException;
+import google.registry.flows.host.HostFlowUtils.LoopbackIpNotValidForHostException;
 import google.registry.flows.host.HostFlowUtils.SuperordinateDomainDoesNotExistException;
 import google.registry.flows.host.HostFlowUtils.SuperordinateDomainInPendingDeleteException;
 import google.registry.model.ForeignKeyUtils;
@@ -322,6 +323,26 @@ void testFailure_ccTldInBailiwick() {
     assertAboutEppExceptions().that(thrown).marshalsToXml();
   }
 
+  @Test
+  void testFailure_localhostInetAddress_ipv4() {
+    createTld("tld");
+    persistActiveDomain("example.tld");
+    setEppHostCreateInput("ns1.example.tld", "<host:addr ip=\"v4\">127.0.0.1</host:addr>");
+    assertAboutEppExceptions()
+        .that(assertThrows(LoopbackIpNotValidForHostException.class, this::runFlow))
+        .marshalsToXml();
+  }
+
+  @Test
+  void testFailure_localhostInetAddress_ipv6() {
+    createTld("tld");
+    persistActiveDomain("example.tld");
+    setEppHostCreateInput("ns1.example.tld", "<host:addr ip=\"v6\">::1</host:addr>");
+    assertAboutEppExceptions()
+        .that(assertThrows(LoopbackIpNotValidForHostException.class, this::runFlow))
+        .marshalsToXml();
+  }
+
   @Test
   void testIcannActivityReportField_getsLogged() throws Exception {
     runFlow();

core/src/test/java/google/registry/flows/host/HostUpdateFlowTest.java

@@ -61,6 +61,7 @@
 import google.registry.flows.host.HostFlowUtils.HostNameNotPunyCodedException;
 import google.registry.flows.host.HostFlowUtils.HostNameTooLongException;
 import google.registry.flows.host.HostFlowUtils.HostNameTooShallowException;
+import google.registry.flows.host.HostFlowUtils.LoopbackIpNotValidForHostException;
 import google.registry.flows.host.HostFlowUtils.SuperordinateDomainDoesNotExistException;
 import google.registry.flows.host.HostFlowUtils.SuperordinateDomainInPendingDeleteException;
 import google.registry.flows.host.HostUpdateFlow.CannotAddIpToExternalHostException;
@@ -1306,6 +1307,28 @@ void testFailure_ccTldInBailiwick() throws Exception {
     doFailingHostNameTest("foo.co.uk", HostNameTooShallowException.class);
   }
 
+  @Test
+  void testFailure_localhostInetAddress_ipv4() throws Exception {
+    createTld("tld");
+    persistActiveSubordinateHost(oldHostName(), persistActiveDomain("example.tld"));
+    setEppHostUpdateInput(
+        "ns1.example.tld", "ns2.example.tld", "<host:addr ip=\"v4\">127.0.0.1</host:addr>", null);
+    assertAboutEppExceptions()
+        .that(assertThrows(LoopbackIpNotValidForHostException.class, this::runFlow))
+        .marshalsToXml();
+  }
+
+  @Test
+  void testFailure_localhostInetAddress_ipv6() throws Exception {
+    createTld("tld");
+    persistActiveSubordinateHost(oldHostName(), persistActiveDomain("example.tld"));
+    setEppHostUpdateInput(
+        "ns1.example.tld", "ns2.example.tld", "<host:addr ip=\"v6\">::1</host:addr>", null);
+    assertAboutEppExceptions()
+        .that(assertThrows(LoopbackIpNotValidForHostException.class, this::runFlow))
+        .marshalsToXml();
+  }
+
   @Test
   void testSuccess_metadata() throws Exception {
     createTld("tld");