def test_cidr_match_validation(self):
"""Check that invalid CIDR addresses are detected."""
hints = [
types.dynamic(types.STRING),
types.literal(types.STRING),
types.literal(types.STRING),
types.literal(types.STRING),
]
arguments = [
Field("ip"),
String("10.0.0.0/8"),
String("b"),
String("192.168.1.0/24"),
]
position, _, _ = CidrMatch.validate(arguments, hints)
self.assertEqual(position, 2)
# test that missing / causes failure
arguments[2].value = "55.55.55.0"
position, _, _ = CidrMatch.validate(arguments, hints)
self.assertEqual(position, 2)
# test for invalid ip
arguments[2].value = "55.55.256.0/24"
position, _, _ = CidrMatch.validate(arguments, hints)
self.assertEqual(position, 2)
arguments[2].value = "55.55.55.0/24"
position, _, _ = CidrMatch.validate(arguments, hints)
self.assertIsNone(position)
def test_cidr_match_validation(self):
"""Check that invalid CIDR addresses are detected."""
arguments = [
Field("ip"),
String("10.0.0.0/8"),
String("b"),
String("192.168.1.0/24"),
]
info = [types.NodeInfo(arg, types.TypeHint.String) for arg in arguments]
position = CidrMatch.validate(info)
self.assertEqual(position, 2)
# test that missing / causes failure
info[2].node.value = "55.55.55.0"
position = CidrMatch.validate(info)
self.assertEqual(position, 2)
# test for invalid ip
info[2].node.value = "55.55.256.0/24"
position = CidrMatch.validate(info)
self.assertEqual(position, 2)
info[2].node.value = "55.55.55.0/24"
position = CidrMatch.validate(info)
self.assertIsNone(position)
def test_cidr_ranges(self):
"""Check that CIDR ranges are correctly identified."""
cidr_range = CidrMatch.to_range("10.0.0.0/8")
self.assertListEqual(list(cidr_range), [(10, 0, 0, 0),
(10, 255, 255, 255)])
cidr_range = CidrMatch.to_range("123.45.67.189/32")
self.assertListEqual(list(cidr_range), [(123, 45, 67, 189),
(123, 45, 67, 189)])
cidr_range = CidrMatch.to_range("0.0.0.0/0")
self.assertListEqual(list(cidr_range), [(0, 0, 0, 0),
(255, 255, 255, 255)])
cidr_range = CidrMatch.to_range("192.168.15.2/22")
self.assertListEqual(list(cidr_range), [(192, 168, 12, 0),
(192, 168, 15, 255)])
def equals(cls, term, value):
if utils.is_string(term) and utils.is_string(value):
if CidrMatch.ip_compiled.match(term) and CidrMatch.cidr_compiled.match(value):
# check for an ipv4 cidr
if value not in cls.__cidr_cache:
cls.__cidr_cache[value] = CidrMatch.get_callback(None, eql.ast.String(value))
return cls.__cidr_cache[value](term)
return term == value
def test_cidr_regex(self):
"""Test that octet regex are correctly matching the range."""
for _ in range(200):
# make an ip address
ip_addr = (
random.randrange(256),
random.randrange(256),
random.randrange(256),
random.randrange(256),
)
size = random.randrange(33)
total_ips = 2**(32 - size)
args = list(ip_addr)
args.append(size)
cidr_mask = "{:d}.{:d}.{:d}.{:d}/{:d}".format(*args)
pattern = CidrMatch.make_cidr_regex(cidr_mask)
regex = re.compile("^({})$".format(pattern))
min_ip, max_ip = CidrMatch.to_range(cidr_mask)
# randomly pick IPs that *are* in the range
for _ in range(min(200, total_ips)):
rand_addr = [
random.randrange(mn, mx + 1)
for mn, mx in zip(min_ip, max_ip)
]
rand_ip = "{:d}.{:d}.{:d}.{:d}".format(*rand_addr)
self.assertIsNotNone(regex.match(rand_ip))
# todo: pick IPs that are definitely not in the range
for _ in range(200):
rand_addr = [random.randrange(0, 255) for _ in range(4)]
in_subnet = all(
mn <= o <= mx
for o, mn, mx in zip(rand_addr, min_ip, max_ip))
rand_ip = "{:d}.{:d}.{:d}.{:d}".format(*rand_addr)
rv = regex.match(rand_ip) is not None
self.assertEqual(rv, in_subnet)
def test_cidr_match_rewrite(self):
"""Test that cidrMatch() rewrites the arguments."""
arguments = [
Field("ip"),
String("10.0.0.0/8"),
String("172.169.18.19/31"),
String("192.168.1.25/24"),
]
hints = [
types.dynamic(types.STRING),
types.literal(types.STRING),
types.literal(types.STRING),
types.literal(types.STRING),
]
position, new_arguments, type_hints = CidrMatch.validate(
arguments, hints)
self.assertEqual(position, None)
# check that the original wasn't modified
self.assertIsNot(arguments[2], new_arguments[2])
# and that the values were set to the base of the subnet
self.assertEqual(new_arguments[2].value, "172.169.18.18/31")
self.assertEqual(new_arguments[3].value, "192.168.1.0/24")
# test that /0 is working
arguments[2] = String("1.2.3.4/0")
position, new_arguments, type_hints = CidrMatch.validate(
arguments, hints)
self.assertIsNot(arguments[2], new_arguments[2])
# and /32
self.assertEqual(new_arguments[2].value, "0.0.0.0/0")
arguments[2] = String("12.34.45.56/32")
position, new_arguments, type_hints = CidrMatch.validate(
arguments, hints)
self.assertIsNone(position)
def test_cidr_match_rewrite(self):
"""Test that cidrMatch() rewrites the arguments."""
arguments = [
Field("ip"),
String("10.0.0.0/8"),
String("172.169.18.19/31"),
String("192.168.1.25/24"),
]
info = [types.NodeInfo(arg, types.TypeHint.String) for arg in arguments]
position = CidrMatch.validate(info)
self.assertEqual(position, None)
new_arguments = [arg.node for arg in info]
# check that the original were only modified to round the values
self.assertIsNot(arguments[0], new_arguments[1])
self.assertIsNot(arguments[1], new_arguments[1])
self.assertIsNot(arguments[2], new_arguments[2])
# and that the values were set to the base of the subnet
self.assertEqual(new_arguments[2].value, "172.169.18.18/31")
self.assertEqual(new_arguments[3].value, "192.168.1.0/24")
# test that /0 is working
info[2].node = String("1.2.3.4/0")
position = CidrMatch.validate(info)
new_arguments = [arg.node for arg in info]
self.assertIsNone(position)
self.assertIsNot(arguments[2], new_arguments[2])
# and /32
self.assertEqual(new_arguments[2].value, "0.0.0.0/0")
info[2].node = String("12.34.45.56/32")
position = CidrMatch.validate(info)
self.assertIsNone(position)
def test_octet_regex(self):
"""Test that octet regex are correctly matching the range."""
for _ in range(100):
# too many possible combos, so we can just randomly generate them
start = random.randrange(256)
end = random.randrange(256)
# order them correctly
start, end = min(start, end), max(start, end)
# now build the regex and check that each one matches
regex = re.compile("^(" + CidrMatch.make_octet_re(start, end) +
")$")
for num in range(500):
should_match = start <= num <= end
did_match = regex.match(str(num)) is not None
self.assertEqual(should_match, did_match)