From bf51c9ebdebb6f955350103a03ac4d47e5a949e8 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Tue, 5 Dec 2023 15:39:10 +0100 Subject: [PATCH] chg: [validation] Remove CIDR from /32 IPv4 and /128 IPv6 to normalize values --- app/Lib/Tools/AttributeValidationTool.php | 27 +++++++++++++++++++---- app/Test/AttributeValidationToolTest.php | 10 +++++++++ 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/app/Lib/Tools/AttributeValidationTool.php b/app/Lib/Tools/AttributeValidationTool.php index 752fbe1e0..cc9c6e075 100644 --- a/app/Lib/Tools/AttributeValidationTool.php +++ b/app/Lib/Tools/AttributeValidationTool.php @@ -41,7 +41,7 @@ class AttributeValidationTool switch ($type) { case 'ip-src': case 'ip-dst': - return self::compressIpv6($value); + return self::normalizeIp($value); case 'md5': case 'sha1': case 'sha224': @@ -98,7 +98,7 @@ class AttributeValidationTool $parts[0] = $punyCode; } } - $parts[1] = self::compressIpv6($parts[1]); + $parts[1] = self::normalizeIp($parts[1]); return "$parts[0]|$parts[1]"; case 'filename|md5': case 'filename|sha1': @@ -175,7 +175,7 @@ class AttributeValidationTool } else { return $value; } - return self::compressIpv6($parts[0]) . '|' . $parts[1]; + return self::normalizeIp($parts[0]) . '|' . $parts[1]; case 'mac-address': case 'mac-eui-64': $value = str_replace(array('.', ':', '-', ' '), '', strtolower($value)); @@ -700,11 +700,30 @@ class AttributeValidationTool * @param string $value * @return string */ - private static function compressIpv6($value) + private static function normalizeIp($value) { + // If IP is a CIDR + if (strpos($value, '/')) { + list($ip, $range) = explode('/', $value, 2); + + // Compress IPv6 + if (strpos($ip, ':') && $converted = inet_pton($ip)) { + $ip = inet_ntop($converted); + } + + // If IP is in CIDR format, but the network is 32 for IPv4 or 128 for IPv6, normalize to non CIDR type + if (($range === '32' && strpos($value, '.')) || ($range === '128' && strpos($value, ':'))) { + return $ip; + } + + return "$ip/$range"; + } + + // Compress IPv6 if (strpos($value, ':') && $converted = inet_pton($value)) { return inet_ntop($converted); } + return $value; } diff --git a/app/Test/AttributeValidationToolTest.php b/app/Test/AttributeValidationToolTest.php index b1781220d..b08a13fda 100644 --- a/app/Test/AttributeValidationToolTest.php +++ b/app/Test/AttributeValidationToolTest.php @@ -124,6 +124,16 @@ class AttributeValidationToolTest extends TestCase ]); } + public function testRemoveCidrFromIp(): void + { + $this->assertEquals('127.0.0.1', AttributeValidationTool::modifyBeforeValidation('ip-src', '127.0.0.1/32')); + $this->assertEquals('127.0.0.1/31', AttributeValidationTool::modifyBeforeValidation('ip-src', '127.0.0.1/31')); + $this->assertEquals('example.com|1234:fd2:5621:1:89::4500', AttributeValidationTool::modifyBeforeValidation('domain|ip', 'example.com|1234:0fd2:5621:0001:0089:0000:0000:4500/128')); + $this->assertEquals('1234:fd2:5621:1:89::4500|80', AttributeValidationTool::modifyBeforeValidation('ip-src|port', '1234:0fd2:5621:0001:0089:0000:0000:4500/128|80')); + $this->assertEquals('1234:fd2:5621:1:89::4500/127|80', AttributeValidationTool::modifyBeforeValidation('ip-src|port', '1234:0fd2:5621:0001:0089:0000:0000:4500/127|80')); + $this->assertEquals('127.0.0.1', AttributeValidationTool::modifyBeforeValidation('ip-src', '127.0.0.1')); + } + public function testCompressIpv6(): void { $this->assertEquals('1234:fd2:5621:1:89::4500', AttributeValidationTool::modifyBeforeValidation('ip-src', '1234:0fd2:5621:0001:0089:0000:0000:4500'));