From 5ba88d124363ee65130b621bbf00cbbe33350d13 Mon Sep 17 00:00:00 2001
From: kl <chenkailing@xd.com>
Date: Tue, 3 Mar 2026 14:10:56 +0800
Subject: [PATCH] test(security): verify CIDR matching for IPv4 upper boundary

---
 .../java/cn/keking/web/filter/TrustHostFilterTests.java  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/server/src/test/java/cn/keking/web/filter/TrustHostFilterTests.java b/server/src/test/java/cn/keking/web/filter/TrustHostFilterTests.java
index 7820cbb6..e69c3593 100644
--- a/server/src/test/java/cn/keking/web/filter/TrustHostFilterTests.java
+++ b/server/src/test/java/cn/keking/web/filter/TrustHostFilterTests.java
@@ -43,6 +43,15 @@ public class TrustHostFilterTests {
         assert !trustHostFilter.isNotTrustHost("199.1.2.3");
     }
 
+    @Test
+    void shouldSupportIpv4UpperBoundaryCidrMatching() {
+        ConfigConstants.setTrustHostValue("*");
+        ConfigConstants.setNotTrustHostValue("255.255.255.255/32");
+
+        assert trustHostFilter.isNotTrustHost("255.255.255.255");
+        assert !trustHostFilter.isNotTrustHost("255.255.255.254");
+    }
+
     @Test
     void shouldDenyWhenHostIsBlankOrNull() {
         ConfigConstants.setTrustHostValue("*");