Enterprises have to make sure, that their business applications are IPv6 capable, this is dependent of the coding language. For that the code MUST use ip address family independed functions.
Good news: There are about 10 pitfalls and there will no new ones to come in the future.
IPv4-only-functions:
INADDR_ addr_in
F_INET
gethostbyname
gethostbyaddr
inet_addr inet_ntoa
Inet4Address
inet_aton
gethostbyname_ex
0.0.0.0
127.0.0.1
255.255.255.255
The last three are only common examples of IPv4 addresses (may be a regular expression, which find all IPv4 addresses is better)
For all the above IPv4-only-function is an ip address independent function available e.g. getaddrinfo instead of gethostbyname.
Every developer would benefit from using those ip address family independent functions. Some are releated to all languages (e.g. usage of ipv4 addresses), some others are more common in specific languages (e.g. gethostbyname in C/C++).
Please don’t hesitate to ask me, if you need any information.
Hello Ann,
thank you for the warm welcome.
Although Java is the most used language for business software, I choose C/C++, because - as I think - most/all ipv4-only functions belong to it.
So we need eight rules for the functions and one for IPv4 addresses in the code, which should match this regular expression: „((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) “
Please come back to me, if you need more information about each rule etc.
Thank you for your interesting suggestion. I have put it up on our ProductBoard to record traction. I cannot give you any commitment at the moment as we have many priorities. You can subscribe to the card to receive any updates on the topic.
On the other hand, I can give you a spoiler that could help. We are implementing the “Customizable forbidden functions” rule template for C and C++.
You could create one rule per function and at least spot the uses of these IPV4-only functions.
