fix(NET-760): check for private network range (#2722)

This commit is contained in:
Aceix 2023-12-13 10:02:57 +00:00 committed by GitHub
parent 643950f9eb
commit c8ae70bd69
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -4,6 +4,7 @@ import (
"encoding/json"
"errors"
"fmt"
"net"
"net/http"
"strings"
@ -246,6 +247,40 @@ func createNetwork(w http.ResponseWriter, r *http.Request) {
return
}
// validate address ranges: must be private
if network.AddressRange != "" {
_, ipNet, err := net.ParseCIDR(network.AddressRange)
if err != nil {
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if !ipNet.IP.IsPrivate() {
err := errors.New("address range must be private")
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
}
if network.AddressRange6 != "" {
_, ipNet, err := net.ParseCIDR(network.AddressRange6)
if err != nil {
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
if !ipNet.IP.IsPrivate() {
err := errors.New("address range must be private")
logger.Log(0, r.Header.Get("user"), "failed to create network: ",
err.Error())
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
}
network, err = logic.CreateNetwork(network)
if err != nil {
logger.Log(0, r.Header.Get("user"), "failed to create network: ",