From 47f05facefb02cdd604bb8e0ebd7d00fc739cdd1 Mon Sep 17 00:00:00 2001 From: Jeremy Hanmer Date: Thu, 18 Oct 2012 16:26:41 -0700 Subject: [PATCH] IP subnet validation fixes Fixes bug #1067959 Assure prefix length is included in CIDR definition. Change-Id: I32bb3dd1e5bffb409b3adee03015e21cce71caea --- quantum/api/v2/attributes.py | 11 +++++--- quantum/tests/unit/test_attributes.py | 40 +++++++++++++++++++++++++++ quantum/tests/unit/test_db_plugin.py | 22 +++++++++++++++ 3 files changed, 69 insertions(+), 4 deletions(-) diff --git a/quantum/api/v2/attributes.py b/quantum/api/v2/attributes.py index ff834169644..205e7cc47e2 100644 --- a/quantum/api/v2/attributes.py +++ b/quantum/api/v2/attributes.py @@ -92,11 +92,14 @@ def _validate_ip_address_or_none(data, valid_values=None): def _validate_subnet(data, valid_values=None): try: netaddr.IPNetwork(data) - return + if len(data.split('/')) == 2: + return except Exception: - msg = _("%s is not a valid IP subnet") % data - LOG.debug("validate_subnet: %s", msg) - return msg + pass + + msg = _("%s is not a valid IP subnet") % data + LOG.debug("validate_subnet: %s", msg) + return msg def _validate_regex(data, valid_values=None): diff --git a/quantum/tests/unit/test_attributes.py b/quantum/tests/unit/test_attributes.py index b4704a6b51c..a140e53985c 100644 --- a/quantum/tests/unit/test_attributes.py +++ b/quantum/tests/unit/test_attributes.py @@ -85,6 +85,46 @@ def test_mac_addresses(self): error = '%s is not valid' % base_mac self.assertEquals(msg, error) + def test_cidr(self): + # Valid - IPv4 + cidr = "10.0.2.0/24" + msg = attributes._validate_subnet(cidr, + None) + self.assertEquals(msg, None) + + # Valid - IPv6 without final octets + cidr = "fe80::/24" + msg = attributes._validate_subnet(cidr, + None) + self.assertEquals(msg, None) + + # Valid - IPv6 with final octets + cidr = "fe80::0/24" + msg = attributes._validate_subnet(cidr, + None) + self.assertEquals(msg, None) + + # Invalid - IPv4 missing mask + cidr = "10.0.2.0" + msg = attributes._validate_subnet(cidr, + None) + error = "%s is not a valid IP subnet" % cidr + self.assertEquals(msg, error) + + # Invalid - IPv6 without final octets, missing mask + cidr = "fe80::" + msg = attributes._validate_subnet(cidr, + None) + error = "%s is not a valid IP subnet" % cidr + self.assertEquals(msg, error) + + # Invalid - IPv6 with final octets, missing mask + cidr = "fe80::0" + msg = attributes._validate_subnet(cidr, + None) + error = "%s is not a valid IP subnet" % cidr + self.assertEquals(msg, error) + class TestConvertKvp(unittest2.TestCase): diff --git a/quantum/tests/unit/test_db_plugin.py b/quantum/tests/unit/test_db_plugin.py index 8c9377387eb..38a21f66473 100644 --- a/quantum/tests/unit/test_db_plugin.py +++ b/quantum/tests/unit/test_db_plugin.py @@ -1771,6 +1771,28 @@ def test_create_two_subnets_same_cidr_returns_400(self): pass self.assertEquals(ctx_manager.exception.code, 400) + def test_create_subnet_bad_V4_cidr(self): + with self.network() as network: + data = {'subnet': {'network_id': network['network']['id'], + 'cidr': '10.0.2.0', + 'ip_version': '4', + 'tenant_id': network['network']['tenant_id'], + 'gateway_ip': '10.0.2.1'}} + subnet_req = self.new_create_request('subnets', data) + res = subnet_req.get_response(self.api) + self.assertEquals(res.status_int, 400) + + def test_create_subnet_bad_V6_cidr(self): + with self.network() as network: + data = {'subnet': {'network_id': network['network']['id'], + 'cidr': 'fe80::', + 'ip_version': '6', + 'tenant_id': network['network']['tenant_id'], + 'gateway_ip': 'fe80::1'}} + subnet_req = self.new_create_request('subnets', data) + res = subnet_req.get_response(self.api) + self.assertEquals(res.status_int, 400) + def test_create_2_subnets_overlapping_cidr_allowed_returns_200(self): cidr_1 = '10.0.0.0/23' cidr_2 = '10.0.0.0/24'