From def421a176798b9ef3b51adba846e3c2b34cae94 Mon Sep 17 00:00:00 2001 From: Eggbertx Date: Tue, 12 Mar 2024 13:17:57 -0700 Subject: [PATCH] Fix IP subnet range testing, properly check IP length --- pkg/gcutil/iprange.go | 10 ++++++- pkg/gcutil/iprange_test.go | 55 ++++++++++++++++++++++++++------------ 2 files changed, 47 insertions(+), 18 deletions(-) diff --git a/pkg/gcutil/iprange.go b/pkg/gcutil/iprange.go index 87e91215..0b59db25 100644 --- a/pkg/gcutil/iprange.go +++ b/pkg/gcutil/iprange.go @@ -50,13 +50,21 @@ func ParseIPRange(ipOrCIDR string) (string, string, error) { // IP addresses, and any errors that occured func GetIPRangeSubnet(start string, end string) (*net.IPNet, error) { startIP := net.ParseIP(start) - endIP := net.ParseIP(end) if startIP == nil { return nil, fmt.Errorf("invalid IP address %s", start) } + startIP4 := startIP.To4() + if startIP4 != nil { + startIP = startIP4 + } + endIP := net.ParseIP(end) if endIP == nil { return nil, fmt.Errorf("invalid IP address %s", end) } + endIP4 := endIP.To4() + if endIP4 != nil { + endIP = endIP4 + } if len(startIP) != len(endIP) { return nil, errors.New("ip addresses must both be IPv4 or IPv6") } diff --git a/pkg/gcutil/iprange_test.go b/pkg/gcutil/iprange_test.go index 98e7ad48..22e4e90e 100644 --- a/pkg/gcutil/iprange_test.go +++ b/pkg/gcutil/iprange_test.go @@ -1,6 +1,7 @@ package gcutil import ( + "net" "testing" "github.com/stretchr/testify/assert" @@ -13,6 +14,14 @@ func TestIPRangeErrOnInvalidIP(t *testing.T) { assert.Error(t, err) _, _, err = ParseIPRange("192.168.56.0/") assert.Error(t, err) + _, _, err = ParseIPRange("192.168.56.0/24/1") + assert.Error(t, err) + _, err = GetIPRangeSubnet("not", "ip") + assert.Error(t, err) + _, err = GetIPRangeSubnet("::1", "ip") + assert.Error(t, err) + _, err = GetIPRangeSubnet("::1", "127.0.0.1") + assert.Error(t, err) } func TestIPRangeSingleIP(t *testing.T) { @@ -28,11 +37,17 @@ func TestIPRangeIPv4Range(t *testing.T) { ranges := []string{"192.168.56.0/24", "192.168.0.0/16", "192.0.0.0/8"} starts := []string{"192.168.56.0", "192.168.0.0", "192.0.0.0"} ends := []string{"192.168.56.255", "192.168.255.255", "192.255.255.255"} + var start, end string + var err error + var ipn *net.IPNet for i := range ranges { - start, end, err := ParseIPRange(ranges[i]) + start, end, err = ParseIPRange(ranges[i]) assert.NoError(t, err) assert.Equal(t, starts[i], start) assert.Equal(t, ends[i], end) + ipn, err = GetIPRangeSubnet(start, end) + assert.NoError(t, err) + assert.Equal(t, ranges[i], ipn.String()) } } @@ -54,21 +69,21 @@ func TestIPRangeIPv6Range(t *testing.T) { "2607:f8b0:400a:80a::/72", "2607:f8b0:400a:80a::/68", "2607:f8b0:400a:80a::/64", - "2607:f8b0:400a:80a::/60", - "2607:f8b0:400a:80a::/56", - "2607:f8b0:400a:80a::/52", - "2607:f8b0:400a:80a::/48", - "2607:f8b0:400a:80a::/44", - "2607:f8b0:400a:80a::/40", - "2607:f8b0:400a:80a::/36", - "2607:f8b0:400a:80a::/32", - "2607:f8b0:400a:80a::/28", - "2607:f8b0:400a:80a::/24", - "2607:f8b0:400a:80a::/20", - "2607:f8b0:400a:80a::/16", - "2607:f8b0:400a:80a::/12", - "2607:f8b0:400a:80a::/8", - "2607:f8b0:400a:80a::/4", + "2607:f8b0:400a:800::/60", + "2607:f8b0:400a:800::/56", + "2607:f8b0:400a::/52", + "2607:f8b0:400a::/48", + "2607:f8b0:4000::/44", + "2607:f8b0:4000::/40", + "2607:f8b0:4000::/36", + "2607:f8b0::/32", + "2607:f8b0::/28", + "2607:f800::/24", + "2607:f000::/20", + "2607::/16", + "2600::/12", + "2600::/8", + "2000::/4", } starts := []string{ "2607:f8b0:400a:80a::2010", @@ -136,10 +151,16 @@ func TestIPRangeIPv6Range(t *testing.T) { "26ff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", "2fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", } + var start, end string + var err error + var ipn *net.IPNet for i := range ranges { - start, end, err := ParseIPRange(ranges[i]) + start, end, err = ParseIPRange(ranges[i]) assert.NoError(t, err) assert.Equal(t, starts[i], start, "unequal values at index %d", i) assert.Equal(t, ends[i], end, "unequal values at index %d", i) + ipn, err = GetIPRangeSubnet(start, end) + assert.NoError(t, err) + assert.Equal(t, ranges[i], ipn.String()) } }