def validate_ipv4_address(cls, _, value): """ Ensures the :attr:`ip` address is valid. This checks to ensure that the value provided is: * not a hostmask * not link local (:rfc:`3927`) * not used for multicast (:rfc:`1112`) * not a netmask (:rfc:`4632`) * not reserved (:rfc:`6052`) * a private address (:rfc:`1918`) """ if value is None: return value try: address = IPAddress(value) except (AddrFormatError, ValueError) as e: raise ValueError( "%s is not a valid address format: %s" % (value, e)) if ALLOW_AGENT_LOOPBACK: loopback = lambda: False else: loopback = address.is_loopback if any([address.is_hostmask(), address.is_link_local(), loopback(), address.is_multicast(), address.is_netmask(), address.is_reserved()]): raise ValueError("%s is not a valid address type" % value) return value
def _validate_network_information(self): all_errs = [] if self.subnet_mask_size > self.MAX_SUBNET_MASK_SIZE: all_errs.append( "Subnet size too small. Subnet mask should <= {}, current value: {}" .format(self.MAX_SUBNET_MASK_SIZE, self.subnet_mask_size)) cidr_base_validator = re.compile(self.VPC_CIDR_BASE_REGEX) if not cidr_base_validator.match(self.vpc_cidr_base): all_errs.append( "Invalid VPC CIDR base {}. VPC CIDR base should match regex {}" .format(self.vpc_cidr_base, self.VPC_CIDR_BASE_REGEX)) if self.trusted_cidrs: try: for cidr in self.trusted_cidrs: [ip, mask] = cidr.split("/") if ip == "0.0.0.0": if mask != "0": all_errs.append( "Trusting traffic from everywhere should specify \"0.0.0.0/0\" as trusted CIDR." ) else: if not 0 < int(mask) <= 32: all_errs.append( "Subnet mask {} should be greater than 0 but less than 32." .format(mask)) ipaddr = IPAddress(ip) if ipaddr.is_netmask(): all_errs.append( "Trusted CIDR {} should not be a net mask". format(ip)) if ipaddr.is_hostmask(): all_errs.append( "Trusted CIDR {} should not be a host mask". format(ip)) if ipaddr.is_reserved(): all_errs.append( "Trusted CIDR {} should not be in reserved range" .format(ip)) if ipaddr.is_loopback(): all_errs.append( "Trusted CIDR {} should not be a loop back address" .format(ip)) # Currently we don't support private VPC if ipaddr.is_private(): all_errs.append( "Trusted CIDR {} should not be a private address" .format(ip)) except ValueError as ve: all_errs.append( "Cannot parse trusted CIDRs ({}). Err: {}".format( self.trusted_cidrs, ve)) else: all_errs.append( "Please provide trusted CIDRs through --trusted-cidrs flag") return all_errs
def validate(url, schemes=None, tlds=None, private=None, local=None, credentials=None): ''' Validate and normalize an URL :param str url: The URL to validate and normalize :return str: The normalized URL :raises ValidationError: when URL does not validate ''' url = url.strip() private = config_for(private, 'URLS_ALLOW_PRIVATE') local = config_for(local, 'URLS_ALLOW_LOCAL') credentials = config_for(credentials, 'URLS_ALLOW_CREDENTIALS') schemes = config_for(schemes, 'URLS_ALLOWED_SCHEMES') tlds = config_for(tlds, 'URLS_ALLOWED_TLDS') match = URL_REGEX.match(url) if not match: error(url) scheme = (match.group('scheme') or '').lower() if scheme and scheme not in schemes: error(url, 'Invalid scheme {0}'.format(scheme)) if not credentials and match.group('credentials'): error(url, 'Credentials in URL are not allowed') tld = match.group('tld') if tld and tld not in tlds and idna(tld) not in tlds: error(url, 'Invalid TLD {0}'.format(tld)) ip = match.group('ipv6') or match.group('ipv4') if ip: try: ip = IPAddress(ip) except AddrFormatError: error(url) if ip.is_multicast(): error(url, '{0} is a multicast IP'.format(ip)) elif not ip.is_loopback() and ip.is_hostmask() or ip.is_netmask(): error(url, '{0} is a mask IP'.format(ip)) if not local: if ip and ip.is_loopback() or match.group('localhost'): error(url, 'is a local URL') if not private and ip and ip.is_private(): error(url, 'is a private URL') return url
def _trusted_cidr_validator(input): from netaddr import IPAddress ret = [] for cidr in input.split(" "): cidr = cidr.strip() if not cidr: # skip whitespace continue ip, mask = cidr.split("/") if int(mask) < 0 or int(mask) > 32: raise ValueError( "CIDR {} is not valid as mask {} is not in range [0-32]". format(cidr, mask)) if ip != "0.0.0.0" or mask != '0': ipaddr = IPAddress(ip) if ipaddr.is_netmask(): raise ValueError( "Trusted CIDR {} should not be a net mask".format(ip)) if ipaddr.is_hostmask(): raise ValueError( "Trusted CIDR {} should not be a host mask".format(ip)) if ipaddr.is_reserved(): raise ValueError( "Trusted CIDR {} should not be in reserved range". format(ip)) if ipaddr.is_loopback(): raise ValueError( "Trusted CIDR {} should not be a loop back address". format(ip)) # Currently we don't support private VPC if ipaddr.is_private(): raise ValueError( "Trusted CIDR {} should not be a private address". format(ip)) ret.append(cidr) return ret
def reserved_ip_check(ip_string): """determine if IP address in RFC1918 or reserved""" # IP details for invalid IP addresses invalid_ip_details = { "country": "INVALID", "location": RESERVED_IP_COORDINATES, "subdivisions": "INVALID", "dch_company": "", "asn_number": "", "asn_name": "" } # IP details for MULTICAST IP addresses multicast_ip_details = { "country": "MULTICAST", "location": RESERVED_IP_COORDINATES, "subdivisions": "MULTICAST", "dch_company": "", "asn_number": "", "asn_name": "" } # IP details for PRIVATE IP addresses private_ip_details = { "country": "PRIVATE", "location": RESERVED_IP_COORDINATES, "subdivisions": "PRIVATE", "dch_company": "", "asn_number": "", "asn_name": "" } # IP details for RESERVED IP addresses reserved_ip_details = { "country": "RESERVED", "location": RESERVED_IP_COORDINATES, "subdivisions": "RESERVED", "dch_company": "", "asn_number": "", "asn_name": "" } # IP details for NETMASK IP addresses netmask_ip_details = { "country": "NETMASK", "location": RESERVED_IP_COORDINATES, "subdivisions": "NETMASK", "dch_company": "", "asn_number": "", "asn_name": "" } # IP details for HOSTMASK IP addresses hostmask_ip_details = { "country": "HOSTMASK", "location": RESERVED_IP_COORDINATES, "subdivisions": "HOSTMASK", "dch_company": "", "asn_number": "", "asn_name": "" } # IP details for LOOPBACK IP addresses loopback_ip_details = { "country": "LOOPBACK", "location": RESERVED_IP_COORDINATES, "subdivisions": "LOOPBACK", "dch_company": "", "asn_number": "", "asn_name": "" } # Check to see if IP matches a reserved category try: ip_address = IPAddress(ip_string) except AddrFormatError: return invalid_ip_details if ip_address.is_multicast(): return multicast_ip_details elif ip_address.is_private(): return private_ip_details elif ip_address.is_reserved(): return reserved_ip_details elif ip_address.is_netmask(): return netmask_ip_details elif ip_address.is_hostmask(): return hostmask_ip_details elif ip_address.is_loopback(): return loopback_ip_details elif ip_address.is_unicast() and not ip_address.is_private(): # Boolean to be returned if IP is Public ip_reserved = False return ip_reserved else: return invalid_ip_details