From 052192e1d6918c1913a87e29d12b4af8b108019a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 15 Nov 2021 09:43:18 -0500 Subject: [PATCH] Revert "Use python lib to make cidr validation more strict" This reverts commit 569cb24861d016934a4b874b1839928c383d5880. --- salt/common/tools/sbin/so-common | 57 ++++++++------------------------ tests/validation.sh | 18 +++++----- 2 files changed, 23 insertions(+), 52 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 314cf3d9f..fe97c9b27 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -390,30 +390,20 @@ has_uppercase() { } valid_cidr() { - local cidr=$1 + # Verify there is a backslash in the string + echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1 + + local cidr + local ip - read -r -d '' cidr_python <<- EOM - import ipaddress - import sys - - def validate_cidr(cidr: str) -> bool: - # We want the string to be a cidr block and not a single ip - if '/' not in cidr: - return False - try: - ipaddress.ip_network(cidr) - except ValueError: - return False - return True - - if validate_cidr('$cidr'): - sys.exit(0) - else: - sys.exit(1) - EOM - - python3 -c "$cidr_python" - return $? + cidr=$(echo "$1" | sed 's/.*\///') + ip=$(echo "$1" | sed 's/\/.*//' ) + + if valid_ip4 "$ip"; then + [[ $cidr =~ ([0-9]|[1-2][0-9]|3[0-2]) ]] && return 0 || return 1 + else + return 1 + fi } valid_cidr_list() { @@ -457,26 +447,7 @@ valid_hostname() { valid_ip4() { local ip=$1 - local ip_python - read -r -d '' ip_python <<- EOM - import ipaddress - import sys - - def validate_ip(ip: str) -> bool: - try: - ipaddress.ip_address(ip) - except ValueError: - return False - return True - - if validate_ip('$ip'): - sys.exit(0) - else: - sys.exit(1) - EOM - - python3 -c "$ip_python" - return $? + echo "$ip" | grep -qP '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$' && return 0 || return 1 } valid_int() { diff --git a/tests/validation.sh b/tests/validation.sh index cfec11198..6ec2a5247 100644 --- a/tests/validation.sh +++ b/tests/validation.sh @@ -46,7 +46,7 @@ test_fun 1 valid_fqdn "rwwiv." test_fun 1 valid_fqdn "" -sleep 0.15 +sleep 0.15s header "ip4" @@ -62,13 +62,13 @@ test_fun 1 valid_ip4 "192.168.1.1." test_fun 1 valid_ip4 "" -sleep 0.15 +sleep 0.15s header "CIDR (ipv4)" test_fun 0 valid_cidr "192.168.1.0/24" -test_fun 0 valid_cidr "192.160.0.0/12" +test_fun 0 valid_cidr "192.168.1.0/12" test_fun 1 valid_cidr "192.168.1.0" @@ -78,7 +78,7 @@ test_fun 1 valid_ip4 "/24" test_fun 1 valid_cidr "" -sleep 0.15 +sleep 0.15s header "CIDR list" @@ -90,7 +90,7 @@ test_fun 1 valid_cidr_list "10.0.0.0/8,192.168.0.0/16172.16.0.0/12" test_fun 1 valid_cidr_list "10.0.0.0" -sleep 0.15 +sleep 0.15s header "DNS" @@ -104,7 +104,7 @@ test_fun 1 valid_dns_list "8.8.8.,8.8.4.4" test_fun 1 valid_dns_list "192.168.9." -sleep 0.15 +sleep 0.15s header "int (default min: 1, default max: 1000000000)" @@ -130,7 +130,7 @@ test_fun 1 valid_int "not_a_num" test_fun 1 valid_int "" -sleep 0.15 +sleep 0.15s header "hostname" @@ -146,7 +146,7 @@ test_fun 1 valid_hostname "localhost" test_fun 1 valid_hostname "" -sleep 0.15 +sleep 0.15s header "string (default min_length: 1, default max_length: 64)" @@ -168,7 +168,7 @@ test_fun 1 valid_string "too_long" "" "4" test_fun 1 valid_string "" -sleep 0.15 +sleep 0.15s header "Linux user"