From 8914b7881677eedebf087bd053933d6a332446b4 Mon Sep 17 00:00:00 2001
From: Jonathan Coates <git@squiddev.cc>
Date: Sat, 8 Jul 2023 09:27:09 +0100
Subject: [PATCH 1/3] Also block the CGNAT range (100.64.0.0/10)

---
 .../core/apis/http/options/AddressPredicate.java | 16 +++++++++++++++-
 .../core/apis/http/options/AddressRuleTest.java  | 11 +++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java b/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java
index 1dfd098192..2ebed272c4 100644
--- a/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java
+++ b/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java
@@ -6,6 +6,7 @@
 
 import com.google.common.net.InetAddresses;
 
+import java.net.Inet4Address;
 import java.net.Inet6Address;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
@@ -113,7 +114,6 @@ final class PrivatePattern implements AddressPredicate {
 
         private static final Set<InetAddress> additionalAddresses = Arrays.stream(new String[]{
             // Block various cloud providers internal IPs.
-            "100.100.100.200", // Alibaba
             "192.0.0.192", // Oracle
         }).map(InetAddresses::forString).collect(Collectors.toUnmodifiableSet());
 
@@ -126,6 +126,7 @@ public boolean matches(InetAddress socketAddress) {
                 || socketAddress.isSiteLocalAddress()  // 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fec0::/10
                 || socketAddress.isMulticastAddress()  // 224.0.0.0/4, ff00::/8
                 || isUniqueLocalAddress(socketAddress) // fd00::/8
+                || isCarrierGradeNatAddress(socketAddress) // 100.64.0.0/10
                 || additionalAddresses.contains(socketAddress);
         }
 
@@ -141,6 +142,19 @@ private boolean isUniqueLocalAddress(InetAddress address) {
             // defined right now, so let's be conservative.
             return address instanceof Inet6Address && (address.getAddress()[0] & 0xff) == 0xfd;
         }
+
+        /**
+         * Determine if an IP address lives within the CGNAT address range (100.64.0.0/10).
+         *
+         * @param address The IP address to test.
+         * @return Whether this address sits in the CGNAT address range.
+         * @see <a href="https://en.wikipedia.org/wiki/Carrier-grade_NAT">Carrier-grade NAT on Wikipedia</a>
+         */
+        private boolean isCarrierGradeNatAddress(InetAddress address) {
+            if (!(address instanceof Inet4Address)) return false;
+            var bytes = address.getAddress();
+            return bytes[0] == 100 && ((bytes[1] & 0xFF) >= 64 && (bytes[1] & 0xFF) <= 127);
+        }
     }
 
 }
diff --git a/projects/core/src/test/java/dan200/computercraft/core/apis/http/options/AddressRuleTest.java b/projects/core/src/test/java/dan200/computercraft/core/apis/http/options/AddressRuleTest.java
index a7a7bf4886..45f8c97e16 100644
--- a/projects/core/src/test/java/dan200/computercraft/core/apis/http/options/AddressRuleTest.java
+++ b/projects/core/src/test/java/dan200/computercraft/core/apis/http/options/AddressRuleTest.java
@@ -34,6 +34,8 @@ public void matchesPort() {
         "172.17.0.1", "192.168.1.114", "[0:0:0:0:0:ffff:c0a8:172]", "10.0.0.1",
         // Multicast
         "224.0.0.1", "ff02::1",
+        // CGNAT
+        "100.64.0.0", "100.127.255.255",
         // Cloud metadata providers
         "100.100.100.200", // Alibaba
         "192.0.0.192", // Oracle
@@ -44,6 +46,15 @@ public void blocksLocalDomains(String domain) {
         assertEquals(apply(CoreConfig.httpRules, domain, 80).action, Action.DENY);
     }
 
+    @ParameterizedTest
+    @ValueSource(strings = {
+        // Ensure either side of the CGNAT range is allowed.
+        "100.63.255.255", "100.128.0.0"
+    })
+    public void allowsNonLocalDomains(String domain) {
+        assertEquals(apply(CoreConfig.httpRules, domain, 80).action, Action.ALLOW);
+    }
+
     private Options apply(Iterable<AddressRule> rules, String host, int port) {
         return AddressRule.apply(rules, host, new InetSocketAddress(host, port));
     }

From df26cd267a8b15f97bf45c297f5e3d92a9c06def Mon Sep 17 00:00:00 2001
From: Jonathan Coates <git@squiddev.cc>
Date: Sat, 8 Jul 2023 09:35:06 +0100
Subject: [PATCH 2/3] Fix conflicts with other mods replacing reach distance

---
 .../dan200/computercraft/mixin/ItemMixin.java | 32 +++++++++++++------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/projects/fabric/src/main/java/dan200/computercraft/mixin/ItemMixin.java b/projects/fabric/src/main/java/dan200/computercraft/mixin/ItemMixin.java
index b1b18593bb..9384c67425 100644
--- a/projects/fabric/src/main/java/dan200/computercraft/mixin/ItemMixin.java
+++ b/projects/fabric/src/main/java/dan200/computercraft/mixin/ItemMixin.java
@@ -9,24 +9,38 @@
 import net.minecraft.world.item.Item;
 import net.minecraft.world.level.ClipContext;
 import net.minecraft.world.level.Level;
+import net.minecraft.world.phys.BlockHitResult;
 import org.spongepowered.asm.mixin.Mixin;
-import org.spongepowered.asm.mixin.injection.Constant;
-import org.spongepowered.asm.mixin.injection.ModifyConstant;
+import org.spongepowered.asm.mixin.Unique;
+import org.spongepowered.asm.mixin.injection.At;
+import org.spongepowered.asm.mixin.injection.Inject;
+import org.spongepowered.asm.mixin.injection.callback.CallbackInfoReturnable;
 
 @Mixin(Item.class)
 class ItemMixin {
     /**
      * Replace the reach distance in {@link Item#getPlayerPOVHitResult(Level, Player, ClipContext.Fluid)}.
      *
-     * @param reach  The original reach distance.
-     * @param level  The current level.
-     * @param player The current player.
-     * @return The new reach distance.
+     * @param level     The current level.
+     * @param player    The current player.
+     * @param fluidMode The current clip-context fluid mode.
+     * @param cir       Callback info to store the new reach distance.
      * @see FakePlayer#getBlockReach()
      */
-    @ModifyConstant(method = "getPlayerPOVHitResult", constant = @Constant(doubleValue = 5))
+    @Inject(method = "getPlayerPOVHitResult", at = @At("HEAD"), cancellable = true)
     @SuppressWarnings("UnusedMethod")
-    private static double getReachDistance(double reach, Level level, Player player) {
-        return player instanceof FakePlayer fp ? fp.getBlockReach() : reach;
+    private static void getReachDistance(Level level, Player player, ClipContext.Fluid fluidMode, CallbackInfoReturnable<BlockHitResult> cir) {
+        // It would theoretically be cleaner to use @ModifyConstant here, but as it's treated as a @Redirect, it doesn't
+        // compose with other mods. Instead, we replace the method when working with our fake player.
+        if (player instanceof FakePlayer fp) cir.setReturnValue(getHitResult(level, fp, fluidMode));
+    }
+
+    @Unique
+    private static BlockHitResult getHitResult(Level level, FakePlayer player, ClipContext.Fluid fluidMode) {
+        var start = player.getEyePosition();
+        var reach = player.getBlockReach();
+        var direction = player.getViewVector(1.0f);
+        var end = start.add(direction.x() * reach, direction.y() * reach, direction.z() * reach);
+        return level.clip(new ClipContext(start, end, ClipContext.Block.OUTLINE, fluidMode, player));
     }
 }

From aaf8c248a8c3027ca8f2e19478e3fd5e6b5ba6d6 Mon Sep 17 00:00:00 2001
From: Jonathan Coates <git@squiddev.cc>
Date: Sat, 8 Jul 2023 09:37:43 +0100
Subject: [PATCH 3/3] Bump CC:T to 1.106.1

---
 gradle.properties                             |  2 +-
 .../computercraft/lua/rom/help/changelog.md   |  6 ++++++
 .../computercraft/lua/rom/help/whatsnew.md    | 20 +++----------------
 3 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index 5d3bda5975..ae7279e7dd 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -10,7 +10,7 @@ kotlin.jvm.target.validation.mode=error
 
 # Mod properties
 isUnstable=false
-modVersion=1.106.0
+modVersion=1.106.1
 
 # Minecraft properties: We want to configure this here so we can read it in settings.gradle
 mcVersion=1.19.4
diff --git a/projects/core/src/main/resources/data/computercraft/lua/rom/help/changelog.md b/projects/core/src/main/resources/data/computercraft/lua/rom/help/changelog.md
index ef0af61a85..2579b93e1a 100644
--- a/projects/core/src/main/resources/data/computercraft/lua/rom/help/changelog.md
+++ b/projects/core/src/main/resources/data/computercraft/lua/rom/help/changelog.md
@@ -1,3 +1,9 @@
+# New features in CC: Tweaked 1.106.1
+
+Several bug fixes:
+* Block the CGNAT range (100.64.0.0/10) by default.
+* Fix conflicts with other mods replacing reach distance.
+
 # New features in CC: Tweaked 1.106.0
 
 * Numerous documentation improvements (MCJack123, znepb, penguinencounter).
diff --git a/projects/core/src/main/resources/data/computercraft/lua/rom/help/whatsnew.md b/projects/core/src/main/resources/data/computercraft/lua/rom/help/whatsnew.md
index 172ac059e0..f8f051a025 100644
--- a/projects/core/src/main/resources/data/computercraft/lua/rom/help/whatsnew.md
+++ b/projects/core/src/main/resources/data/computercraft/lua/rom/help/whatsnew.md
@@ -1,21 +1,7 @@
-New features in CC: Tweaked 1.106.0
-
-* Numerous documentation improvements (MCJack123, znepb, penguinencounter).
-* Port `fs.find` to Lua. This also allows using `?` as a wildcard.
-* Computers cursors now glow in the dark.
-* Allow changing turtle upgrades from the GUI.
-* Add option to serialize Unicode strings to JSON (MCJack123).
-* Small optimisations to the `window` API.
-* Turtle upgrades can now preserve NBT from upgrade item stack and when broken.
-* Add support for tool enchantments and durability via datapacks. This is disabled for the built-in tools.
+New features in CC: Tweaked 1.106.1
 
 Several bug fixes:
-* Fix turtles rendering incorrectly when upside down.
-* Fix misplaced calls to IArguments.escapes.
-* Lua REPL no longer accepts `)(` as a valid expression.
-* Fix several inconsistencies with `require`/`package.path` in the Lua REPL (Wojbie).
-* Fix turtle being able to place water buckets outside its reach distance.
-* Fix private several IP address ranges not being blocked by the `$private` rule.
-* Improve permission checks in the `/computercraft` command.
+* Block the CGNAT range (100.64.0.0/10) by default.
+* Fix conflicts with other mods replacing reach distance.
 
 Type "help changelog" to see the full version history.