Disallow localhost in deployment (#1064)

* disallow localhost in deployment

* tests

* fmt

* integration tests do not have a flag to check

* fmt

Cargo.toml

@@ -61,6 +61,7 @@ unstable = []
 ipv6 = []
 cuda = []
 erasure = []
+test = []
 
 [dependencies]
 atty = "0.2"

ci/test-large-network.sh

@@ -42,4 +42,4 @@ if [[ $(sysctl -n net.core.wmem_max) -lt 1610612736 ]]; then
 fi
 
 set -x
-exec cargo test --release --features=erasure test_multi_node_dynamic_network -- --ignored
+exec cargo test --release --features=erasure,test test_multi_node_dynamic_network -- --ignored

ci/test-nightly.sh

@@ -11,7 +11,7 @@ _() {
 }
 
 _ cargo build --verbose --features unstable
-_ cargo test --verbose --features unstable
+_ cargo test --verbose --features=unstable,test
 _ cargo clippy -- --deny=warnings
 
 exit 0

ci/test-stable-perf.sh

@@ -19,7 +19,7 @@ _() {
   "$@"
 }
 
-_ cargo test --features=cuda,erasure
+_ cargo test --features=cuda,erasure,test
 
 echo --- ci/localnet-sanity.sh
 (

ci/test-stable.sh

@@ -12,7 +12,7 @@ _() {
 
 _ cargo fmt -- --check
 _ cargo build --verbose
-_ cargo test --verbose
+_ cargo test --features=test --verbose
 
 echo --- ci/localnet-sanity.sh
 (

src/crdt.rs

@@ -1239,9 +1239,17 @@ impl Crdt {
             })
             .unwrap()
     }
-
+    fn is_valid_address_internal(addr: SocketAddr, cfg_test: bool) -> bool {
+        (addr.port() != 0)
+            && !(addr.ip().is_unspecified()
+                || addr.ip().is_multicast()
+                || (addr.ip().is_loopback() && !cfg_test))
+    }
+    /// port must not be 0
+    /// ip must be specified and not mulitcast
+    /// loopback ip is only allowed in tests
     pub fn is_valid_address(addr: SocketAddr) -> bool {
-        (addr.port() != 0) && !(addr.ip().is_unspecified() || addr.ip().is_multicast())
+        Self::is_valid_address_internal(addr, cfg!(test) || cfg!(feature = "test"))
     }
 }
 
@@ -2116,12 +2124,16 @@ mod tests {
 
     #[test]
     fn test_is_valid_address() {
+        assert!(cfg!(test));
         let bad_address_port = "127.0.0.1:0".parse().unwrap();
         assert!(!Crdt::is_valid_address(bad_address_port));
         let bad_address_unspecified = "0.0.0.0:1234".parse().unwrap();
         assert!(!Crdt::is_valid_address(bad_address_unspecified));
         let bad_address_multicast = "224.254.0.0:1234".parse().unwrap();
         assert!(!Crdt::is_valid_address(bad_address_multicast));
+        let loopback = "127.0.0.1:1234".parse().unwrap();
+        assert!(Crdt::is_valid_address(loopback));
+        assert!(!Crdt::is_valid_address_internal(loopback, false));
     }
 
     #[test]

tests/data_replicator.rs

@@ -193,6 +193,7 @@ pub fn crdt_retransmit() -> result::Result<()> {
 #[ignore]
 fn test_external_liveness_table() {
     logger::setup();
+    assert!(cfg!(feature = "test"));
     let c1_c4_exit = Arc::new(AtomicBool::new(false));
     let c2_c3_exit = Arc::new(AtomicBool::new(false));
 

tests/multinode.rs

@@ -120,6 +120,7 @@ fn make_tiny_test_entries(start_hash: Hash, num: usize) -> Vec<Entry> {
 
 #[test]
 fn test_multi_node_ledger_window() -> result::Result<()> {
+    assert!(cfg!(feature = "test"));
     logger::setup();
 
     let leader_keypair = Keypair::new();
@@ -518,6 +519,7 @@ fn test_leader_restart_validator_start_from_old_ledger() -> result::Result<()> {
 #[ignore]
 fn test_multi_node_dynamic_network() {
     logger::setup();
+    assert!(cfg!(feature = "test"));
     let key = "SOLANA_DYNAMIC_NODES";
     let num_nodes: usize = match env::var(key) {
         Ok(val) => val