def validate_ipv4_address(cls, _, value):
"""
Ensures the :attr:`ip` address is valid. This checks to ensure
that the value provided is:
* not a hostmask
* not link local (:rfc:`3927`)
* not used for multicast (:rfc:`1112`)
* not a netmask (:rfc:`4632`)
* not reserved (:rfc:`6052`)
* a private address (:rfc:`1918`)
"""
if value is None:
return value
try:
address = IPAddress(value)
except (AddrFormatError, ValueError) as e:
raise ValueError(
"%s is not a valid address format: %s" % (value, e))
if ALLOW_AGENT_LOOPBACK:
loopback = lambda: False
else:
loopback = address.is_loopback
if any([address.is_hostmask(), address.is_link_local(),
loopback(), address.is_multicast(),
address.is_netmask(), address.is_reserved()]):
raise ValueError("%s is not a valid address type" % value)
return value
def _validate_network_information(self):
all_errs = []
if self.subnet_mask_size > self.MAX_SUBNET_MASK_SIZE:
all_errs.append(
"Subnet size too small. Subnet mask should <= {}, current value: {}"
.format(self.MAX_SUBNET_MASK_SIZE, self.subnet_mask_size))
cidr_base_validator = re.compile(self.VPC_CIDR_BASE_REGEX)
if not cidr_base_validator.match(self.vpc_cidr_base):
all_errs.append(
"Invalid VPC CIDR base {}. VPC CIDR base should match regex {}"
.format(self.vpc_cidr_base, self.VPC_CIDR_BASE_REGEX))
if self.trusted_cidrs:
try:
for cidr in self.trusted_cidrs:
[ip, mask] = cidr.split("/")
if ip == "0.0.0.0":
if mask != "0":
all_errs.append(
"Trusting traffic from everywhere should specify \"0.0.0.0/0\" as trusted CIDR."
)
else:
if not 0 < int(mask) <= 32:
all_errs.append(
"Subnet mask {} should be greater than 0 but less than 32."
.format(mask))
ipaddr = IPAddress(ip)
if ipaddr.is_netmask():
all_errs.append(
"Trusted CIDR {} should not be a net mask".
format(ip))
if ipaddr.is_hostmask():
all_errs.append(
"Trusted CIDR {} should not be a host mask".
format(ip))
if ipaddr.is_reserved():
all_errs.append(
"Trusted CIDR {} should not be in reserved range"
.format(ip))
if ipaddr.is_loopback():
all_errs.append(
"Trusted CIDR {} should not be a loop back address"
.format(ip))
# Currently we don't support private VPC
if ipaddr.is_private():
all_errs.append(
"Trusted CIDR {} should not be a private address"
.format(ip))
except ValueError as ve:
all_errs.append(
"Cannot parse trusted CIDRs ({}). Err: {}".format(
self.trusted_cidrs, ve))
else:
all_errs.append(
"Please provide trusted CIDRs through --trusted-cidrs flag")
return all_errs
def validate(url,
schemes=None,
tlds=None,
private=None,
local=None,
credentials=None):
'''
Validate and normalize an URL
:param str url: The URL to validate and normalize
:return str: The normalized URL
:raises ValidationError: when URL does not validate
'''
url = url.strip()
private = config_for(private, 'URLS_ALLOW_PRIVATE')
local = config_for(local, 'URLS_ALLOW_LOCAL')
credentials = config_for(credentials, 'URLS_ALLOW_CREDENTIALS')
schemes = config_for(schemes, 'URLS_ALLOWED_SCHEMES')
tlds = config_for(tlds, 'URLS_ALLOWED_TLDS')
match = URL_REGEX.match(url)
if not match:
error(url)
scheme = (match.group('scheme') or '').lower()
if scheme and scheme not in schemes:
error(url, 'Invalid scheme {0}'.format(scheme))
if not credentials and match.group('credentials'):
error(url, 'Credentials in URL are not allowed')
tld = match.group('tld')
if tld and tld not in tlds and idna(tld) not in tlds:
error(url, 'Invalid TLD {0}'.format(tld))
ip = match.group('ipv6') or match.group('ipv4')
if ip:
try:
ip = IPAddress(ip)
except AddrFormatError:
error(url)
if ip.is_multicast():
error(url, '{0} is a multicast IP'.format(ip))
elif not ip.is_loopback() and ip.is_hostmask() or ip.is_netmask():
error(url, '{0} is a mask IP'.format(ip))
if not local:
if ip and ip.is_loopback() or match.group('localhost'):
error(url, 'is a local URL')
if not private and ip and ip.is_private():
error(url, 'is a private URL')
return url
def _trusted_cidr_validator(input):
from netaddr import IPAddress
ret = []
for cidr in input.split(" "):
cidr = cidr.strip()
if not cidr:
# skip whitespace
continue
ip, mask = cidr.split("/")
if int(mask) < 0 or int(mask) > 32:
raise ValueError(
"CIDR {} is not valid as mask {} is not in range [0-32]".
format(cidr, mask))
if ip != "0.0.0.0" or mask != '0':
ipaddr = IPAddress(ip)
if ipaddr.is_netmask():
raise ValueError(
"Trusted CIDR {} should not be a net mask".format(ip))
if ipaddr.is_hostmask():
raise ValueError(
"Trusted CIDR {} should not be a host mask".format(ip))
if ipaddr.is_reserved():
raise ValueError(
"Trusted CIDR {} should not be in reserved range".
format(ip))
if ipaddr.is_loopback():
raise ValueError(
"Trusted CIDR {} should not be a loop back address".
format(ip))
# Currently we don't support private VPC
if ipaddr.is_private():
raise ValueError(
"Trusted CIDR {} should not be a private address".
format(ip))
ret.append(cidr)
return ret
def reserved_ip_check(ip_string):
"""determine if IP address in RFC1918 or reserved"""
# IP details for invalid IP addresses
invalid_ip_details = {
"country": "INVALID",
"location": RESERVED_IP_COORDINATES,
"subdivisions": "INVALID",
"dch_company": "",
"asn_number": "",
"asn_name": ""
}
# IP details for MULTICAST IP addresses
multicast_ip_details = {
"country": "MULTICAST",
"location": RESERVED_IP_COORDINATES,
"subdivisions": "MULTICAST",
"dch_company": "",
"asn_number": "",
"asn_name": ""
}
# IP details for PRIVATE IP addresses
private_ip_details = {
"country": "PRIVATE",
"location": RESERVED_IP_COORDINATES,
"subdivisions": "PRIVATE",
"dch_company": "",
"asn_number": "",
"asn_name": ""
}
# IP details for RESERVED IP addresses
reserved_ip_details = {
"country": "RESERVED",
"location": RESERVED_IP_COORDINATES,
"subdivisions": "RESERVED",
"dch_company": "",
"asn_number": "",
"asn_name": ""
}
# IP details for NETMASK IP addresses
netmask_ip_details = {
"country": "NETMASK",
"location": RESERVED_IP_COORDINATES,
"subdivisions": "NETMASK",
"dch_company": "",
"asn_number": "",
"asn_name": ""
}
# IP details for HOSTMASK IP addresses
hostmask_ip_details = {
"country": "HOSTMASK",
"location": RESERVED_IP_COORDINATES,
"subdivisions": "HOSTMASK",
"dch_company": "",
"asn_number": "",
"asn_name": ""
}
# IP details for LOOPBACK IP addresses
loopback_ip_details = {
"country": "LOOPBACK",
"location": RESERVED_IP_COORDINATES,
"subdivisions": "LOOPBACK",
"dch_company": "",
"asn_number": "",
"asn_name": ""
}
# Check to see if IP matches a reserved category
try:
ip_address = IPAddress(ip_string)
except AddrFormatError:
return invalid_ip_details
if ip_address.is_multicast():
return multicast_ip_details
elif ip_address.is_private():
return private_ip_details
elif ip_address.is_reserved():
return reserved_ip_details
elif ip_address.is_netmask():
return netmask_ip_details
elif ip_address.is_hostmask():
return hostmask_ip_details
elif ip_address.is_loopback():
return loopback_ip_details
elif ip_address.is_unicast() and not ip_address.is_private():
# Boolean to be returned if IP is Public
ip_reserved = False
return ip_reserved
else:
return invalid_ip_details
