From 3731a30cf06670c476f683b4210caa84b52e7b1c Mon Sep 17 00:00:00 2001
From: Benjamin Michaelis <git@relay.benjamin.michaelis.net>
Date: Sun, 17 May 2026 00:41:24 -0700
Subject: [PATCH] Use IPNetwork.TryParse() for CIDR parsing

Replace custom TryParseCidr implementation with the built-in System.Net.IPNetwork.TryParse() API. This eliminates manual parsing logic and leverages the framework's validated implementation.

Changes:
- Simplified TryParseCidr to one-liner using IPNetwork.TryParse
- Removed manual split/validation of prefix length and address family
- Removed unused AddressFamily import
---
 .../IServiceCollectionExtensions.cs           | 29 +------------------
 1 file changed, 1 insertion(+), 28 deletions(-)

diff --git a/EssentialCSharp.Web/Extensions/IServiceCollectionExtensions.cs b/EssentialCSharp.Web/Extensions/IServiceCollectionExtensions.cs
index 74967040..fecb7c4e 100644
--- a/EssentialCSharp.Web/Extensions/IServiceCollectionExtensions.cs
+++ b/EssentialCSharp.Web/Extensions/IServiceCollectionExtensions.cs
@@ -1,5 +1,4 @@
 using System.Net;
-using System.Net.Sockets;
 using EssentialCSharp.Web.Services;
 using Microsoft.AspNetCore.HttpOverrides;
 
@@ -48,7 +47,7 @@ public static void AddTrustedForwardedHeaders(this IServiceCollection services,
 
             foreach (var cidr in trustedProxyCidrs)
             {
-                if (!TryParseCidr(cidr, out var network))
+                if (string.IsNullOrWhiteSpace(cidr) || !System.Net.IPNetwork.TryParse(cidr.Trim(), out var network))
                     throw new InvalidOperationException($"Invalid ForwardedHeaders:TrustedProxyCidrs entry '{cidr}'. Use CIDR notation, e.g. '10.0.0.0/8'.");
 
                 options.KnownIPNetworks.Add(network);
@@ -63,30 +62,4 @@ public static void AddTrustedForwardedHeaders(this IServiceCollection services,
             }
         });
     }
-
-    private static bool TryParseCidr(string cidr, out System.Net.IPNetwork network)
-    {
-        network = default!;
-        if (string.IsNullOrWhiteSpace(cidr))
-            return false;
-
-        string[] parts = cidr.Split('/', 2, StringSplitOptions.TrimEntries);
-        if (parts.Length != 2
-            || !IPAddress.TryParse(parts[0], out var networkAddress)
-            || !int.TryParse(parts[1], out var prefixLength))
-            return false;
-
-        int maxPrefixLength = networkAddress.AddressFamily switch
-        {
-            AddressFamily.InterNetwork => 32,
-            AddressFamily.InterNetworkV6 => 128,
-            _ => -1
-        };
-
-        if (maxPrefixLength < 0 || prefixLength < 0 || prefixLength > maxPrefixLength)
-            return false;
-
-        network = new System.Net.IPNetwork(networkAddress, prefixLength);
-        return true;
-    }
 }