From 4ae7d0f814624a32754a3c2b45e324400c625d56 Mon Sep 17 00:00:00 2001 From: Cristina Kovacs Date: Thu, 29 Dec 2022 13:17:29 -0600 Subject: [PATCH 1/2] add check for invalid /0 cidr --- npm/pkg/dataplane/ipsets/ipsetmanager_test.go | 5 +++++ npm/util/util.go | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/npm/pkg/dataplane/ipsets/ipsetmanager_test.go b/npm/pkg/dataplane/ipsets/ipsetmanager_test.go index 45a2f043b7..64c3fc68fd 100644 --- a/npm/pkg/dataplane/ipsets/ipsetmanager_test.go +++ b/npm/pkg/dataplane/ipsets/ipsetmanager_test.go @@ -1546,6 +1546,11 @@ func TestValidateIPSetMemberIP(t *testing.T) { ipblock: "2345:0425:2CA1:0000:0000:0567:5673:23b5 nomatch", want: false, }, + { + name: "invalid/0", + ipblock: "1.1.1.1/0", + want: false, + }, } for _, tt := range tests { diff --git a/npm/util/util.go b/npm/util/util.go index d85d086d62..b564439194 100644 --- a/npm/util/util.go +++ b/npm/util/util.go @@ -322,6 +322,10 @@ func SliceToString(list []string) string { func IsIPV4(ip string) bool { isIPBlock := strings.Contains(ip, "/") ipOnly := strings.Split(ip, "/") + if strings.Contains(ip, "/0") && ipOnly[0] != "0.0.0.0" { + return false + } + address, err := netip.ParseAddr(ipOnly[0]) if err != nil { return false From e5cdc150183a1f014294913bca37adbeb75f43b6 Mon Sep 17 00:00:00 2001 From: Cristina Kovacs Date: Wed, 4 Jan 2023 16:27:14 -0600 Subject: [PATCH 2/2] added UT for valid cidr --- npm/pkg/dataplane/ipsets/ipsetmanager_test.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/npm/pkg/dataplane/ipsets/ipsetmanager_test.go b/npm/pkg/dataplane/ipsets/ipsetmanager_test.go index 64c3fc68fd..bbb17646dc 100644 --- a/npm/pkg/dataplane/ipsets/ipsetmanager_test.go +++ b/npm/pkg/dataplane/ipsets/ipsetmanager_test.go @@ -1551,6 +1551,11 @@ func TestValidateIPSetMemberIP(t *testing.T) { ipblock: "1.1.1.1/0", want: false, }, + { + name: "valid/0", + ipblock: "0.0.0.0/0", + want: true, + }, } for _, tt := range tests {