feat(ip): use larger IPv6 range by default

Some providers assign `/48` IPv6 blocks instead of `/64` so it sounds safer
to use this mask by default.

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>

Author: Altahrim

lib/private/Security/Normalizer/IpAddress.php

@@ -24,7 +24,7 @@ public function __construct(
 	}
 
 	/**
-	 * Return the given subnet for an IPv6 address (64 first bits)
+	 * Return the given subnet for an IPv6 address (48 first bits)
 	 */
 	private function getIPv6Subnet(string $ip): string {
 		if ($ip[0] === '[' && $ip[-1] === ']') { // If IP is with brackets, for example [::1]
@@ -38,7 +38,7 @@ private function getIPv6Subnet(string $ip): string {
 		$binary = \inet_pton($ip);
 		$mask = inet_pton('FFFF:FFFF:FFFF:FFFF::');
 
-		return inet_ntop($binary & $mask) . '/64';
+		return inet_ntop($binary & $mask) . '/48';
 	}
 
 	/**
@@ -63,7 +63,7 @@ private function getEmbeddedIpv4(string $ipv6): ?string {
 
 
 	/**
-	 * Gets either the /32 (IPv4) or the /64 (IPv6) subnet of an IP address
+	 * Gets either the /32 (IPv4) or the /48 (IPv6) subnet of an IP address
 	 */
 	public function getSubnet(): string {
 		if (filter_var($this->ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {

tests/lib/Security/Normalizer/IpAddressTest.php

@@ -37,19 +37,19 @@ public function subnetDataProvider() {
 			],
 			[
 				'2001:0db8:85a3:0000:0000:8a2e:0370:7334',
-				'2001:db8:85a3::/64',
+				'2001:db8:85a3::/48',
 			],
 			[
 				'2001:db8:3333:4444:5555:6666:7777:8888',
-				'2001:db8:3333:4444::/64',
+				'2001:db8:3333:4444::/48',
 			],
 			[
 				'::1234:5678',
-				'::/64',
+				'::/48',
 			],
 			[
 				'[::1]',
-				'::/64',
+				'::/48',
 			],
 		];
 	}