Commit f515c50c authored by Christos Stavrakakis's avatar Christos Stavrakakis
Browse files

Validate all network-create parameters

parent 61ffc617
......@@ -187,7 +187,7 @@ def create_network(serials, request):
raise Forbidden("Can not create %s network" % flavor)
# Check that user provided a valid subnet
util.validate_network_subnet(subnet)
util.validate_network_params(subnet, gateway, subnet6, gateway6)
user_id = request.user_uniq
serial = quotas.issue_network_commission(user_id)
......
......@@ -131,6 +131,48 @@ class NetworkAPITest(BaseAPITest):
json.dumps(request), 'json')
self.assertBadRequest(response)
def test_invalid_gateway_1(self, mrapi):
request = {
'network': {'name': 'foo',
'cidr': '10.0.0.0/28',
'gateway': '10.0.0.0.300'}
}
response = self.post('/api/v1.1/networks/', 'user1',
json.dumps(request), 'json')
self.assertBadRequest(response)
def test_invalid_gateway_2(self, mrapi):
request = {
'network': {'name': 'foo',
'cidr': '10.0.0.0/28',
'gateway': '10.2.0.1'}
}
response = self.post('/api/v1.1/networks/', 'user1',
json.dumps(request), 'json')
self.assertBadRequest(response)
def test_invalid_network6(self, mrapi):
request = {
'network': {'name': 'foo',
'cidr': '10.0.0.0/28',
'subnet6': '10.0.0.0/28',
'gateway': '10.2.0.1'}
}
response = self.post('/api/v1.1/networks/', 'user1',
json.dumps(request), 'json')
self.assertBadRequest(response)
def test_invalid_gateway6(self, mrapi):
request = {
'network': {'name': 'foo',
'cidr': '10.0.0.0/28',
'subnet6': '2001:0db8:0123:4567:89ab:cdef:1234:5678',
'gateway': '10.2.0.1'}
}
response = self.post('/api/v1.1/networks/', 'user1',
json.dumps(request), 'json')
self.assertBadRequest(response)
def test_list_networks(self, mrapi):
"""Test that expected list of networks is returned."""
# Create a deleted network
......
......@@ -32,6 +32,7 @@
# or implied, of GRNET S.A.
import datetime
import ipaddr
from base64 import b64encode, b64decode
from datetime import timedelta, tzinfo
......@@ -43,7 +44,6 @@ from string import digits, lowercase, uppercase
from time import time
from traceback import format_exc
from wsgiref.handlers import format_date_time
from ipaddr import IPNetwork
import dateutil.parser
......@@ -240,16 +240,41 @@ def get_network(network_id, user_id, for_update=False):
raise ItemNotFound('Network not found.')
def validate_network_subnet(subnet):
def validate_network_params(subnet, gateway=None, subnet6=None, gateway6=None):
try:
# Use strict option to not all subnets with host bits set
network = IPNetwork(subnet, strict=True)
network = ipaddr.IPv4Network(subnet, strict=True)
except ValueError:
raise BadRequest("Invalid network subnet")
raise BadRequest("Invalid network IPv4 subnet")
# Check that network size is allowed!
if not validate_network_size(network.prefixlen):
raise OverLimit("Unsupported network size")
raise OverLimit(message="Unsupported network size",
details="Network mask must be in range (%s, 29]" %
MAX_CIDR_BLOCK)
# Check that gateway belongs to network
if gateway:
try:
gateway = ipaddr.IPv4Address(gateway)
except ValueError:
raise BadRequest("Invalid network IPv4 gateway")
if not gateway in network:
raise BadRequest("Invalid network IPv4 gateway")
if subnet6:
try:
# Use strict option to not all subnets with host bits set
network6 = ipaddr.IPv6Network(subnet6, strict=True)
except ValueError:
raise BadRequest("Invalid network IPv6 subnet")
if gateway6:
try:
gateway6 = ipaddr.IPv6Address(gateway6)
except ValueError:
raise BadRequest("Invalid network IPv6 gateway")
if not gateway6 in network6:
raise BadRequest("Invalid network IPv6 gateway")
def validate_network_size(cidr_block):
......
......@@ -40,12 +40,11 @@ from django.utils.timesince import timesince, timeuntil
from django.core.management import CommandError
from synnefo.db.models import Backend, VirtualMachine, Network, Flavor
from synnefo.api.util import get_image as backend_get_image
from synnefo.api.faults import ItemNotFound
from synnefo.api.faults import ItemNotFound, BadRequest, OverLimit
from django.core.exceptions import FieldError
from synnefo.api.util import validate_network_size
from synnefo.settings import (MAX_CIDR_BLOCK,
CYCLADES_ASTAKOS_SERVICE_TOKEN as ASTAKOS_TOKEN,
from synnefo.api.util import validate_network_params
from synnefo.settings import (CYCLADES_ASTAKOS_SERVICE_TOKEN as ASTAKOS_TOKEN,
ASTAKOS_URL)
from synnefo.logic.rapi import GanetiApiError, GanetiRapiClient
from synnefo.lib import astakos
......@@ -91,28 +90,9 @@ def validate_network_info(options):
gateway6 = options['gateway6']
try:
net = ipaddr.IPv4Network(subnet, strict=True)
prefix = net.prefixlen
if not validate_network_size(prefix):
raise CommandError("Unsupport network mask %d."
" Must be in range (%s,29] "
% (prefix, MAX_CIDR_BLOCK))
except ValueError:
raise CommandError('Malformed subnet')
try:
gateway and ipaddr.IPv4Address(gateway) or None
except ValueError:
raise CommandError('Malformed gateway')
try:
subnet6 and ipaddr.IPv6Network(subnet6) or None
except ValueError:
raise CommandError('Malformed subnet6')
try:
gateway6 and ipaddr.IPv6Address(gateway6) or None
except ValueError:
raise CommandError('Malformed gateway6')
validate_network_params(subnet, gateway)
except (BadRequest, OverLimit) as e:
raise CommandError(e)
return subnet, gateway, subnet6, gateway6
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment