diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-06-30 07:37:49 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-06-30 07:39:10 +0200 |
| commit | 069bd35b3cc58e0deeae02d3a7811d29c1ccea3f (patch) | |
| tree | e9697cbe7ef50908ce96a0a57e76f7d7b7bcaeb2 /lib/Vyatta/TypeChecker.pm | |
| parent | 6f435de5a5ee165d24a11a28c5aa10b735bace03 (diff) | |
| download | vyatta-cfg-069bd35b3cc58e0deeae02d3a7811d29c1ccea3f.tar.gz vyatta-cfg-069bd35b3cc58e0deeae02d3a7811d29c1ccea3f.zip | |
T6527: remove legacy Perl library components
Diffstat (limited to 'lib/Vyatta/TypeChecker.pm')
| -rwxr-xr-x | lib/Vyatta/TypeChecker.pm | 339 |
1 files changed, 0 insertions, 339 deletions
diff --git a/lib/Vyatta/TypeChecker.pm b/lib/Vyatta/TypeChecker.pm deleted file mode 100755 index 321e9f9..0000000 --- a/lib/Vyatta/TypeChecker.pm +++ /dev/null @@ -1,339 +0,0 @@ -# Author: An-Cheng Huang <ancheng@vyatta.com> -# Date: 2007 -# Description: Type checking script - -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2006, 2007, 2008 Vyatta, Inc. -# All Rights Reserved. -# **** End License **** - -# Perl module for type validation. -# Usage 1: validate a value of a specific type. -# use Vyatta::TypeChecker; -# ... -# if (validateType('ipv4', '1.1.1.1')) { -# # valid -# ... -# } else { -# # not valie -# ... -# } -# -# Usage 2: find the type of a value (from a list of candidates), returns -# undef if the value is not valid for any of the candidates. -# $valtype = findType('1.1.1.1', 'ipv4', 'ipv6'); -# if (!defined($valtype)) { -# # neither ipv4 nor ipv6 -# ... -# } else { -# if ($valtype eq 'ipv4') { -# ... -# } else { -# ... -# } -# } - -package Vyatta::TypeChecker; -use strict; - -our @EXPORT = qw(findType validateType); -use base qw(Exporter); - -my %type_handler = ( - 'ipv4' => \&validate_ipv4, - 'ipv4net' => \&validate_ipv4net, - 'ipv4range' => \&validate_ipv4range, - 'ipv4_negate' => \&validate_ipv4_negate, - 'ipv4net_negate' => \&validate_ipv4net_negate, - 'ipv4range_negate' => \&validate_ipv4range_negate, - 'iptables4_addr' => \&validate_iptables4_addr, - 'protocol' => \&validate_protocol, - 'protocol_negate' => \&validate_protocol_negate, - 'macaddr' => \&validate_macaddr, - 'macaddr_negate' => \&validate_macaddr_negate, - 'ipv6' => \&validate_ipv6, - 'ipv6_negate' => \&validate_ipv6_negate, - 'ipv6net' => \&validate_ipv6net, - 'ipv6net_negate' => \&validate_ipv6net_negate, - 'hex16' => \&validate_hex_16_bits, - 'hex32' => \&validate_hex_32_bits, - 'ipv6_addr_param' => \&validate_ipv6_addr_param, - 'restrictive_filename' => \&validate_restrictive_filename, - 'no_bash_special' => \&validate_no_bash_special, - 'u32' => \&validate_u32, - 'bool' => \&validate_bool - ); - -sub validate_ipv4 { - $_ = shift; - return 0 if (!/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/); - return 0 if ($1 > 255 || $2 > 255 || $3 > 255 || $4 > 255); - return 1; -} - -sub validate_u32 { - my $val = shift; - return ($val =~ /^\d+$/ and $val < 2**32); -} - -sub validate_bool { - my $val = shift; - return ($val eq 'true' or $val eq 'false'); -} - -sub validate_ipv4net { - $_ = shift; - return 0 if (!/^(\d+)\.(\d+)\.(\d+)\.(\d+)\/(\d+)$/); - return 0 if ($1 > 255 || $2 > 255 || $3 > 255 || $4 > 255 || $5 > 32); - return 1; -} - -sub validate_ipv4range { - $_ = shift; - return 0 if (!/^([^-]+)-([^-]+)$/); - my ($a1, $a2) = ($1, $2); - return 0 if (!validate_ipv4($a1) || !validate_ipv4($a2)); - #need to check that range is in ascending order - $a1 =~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)/; - my $v1 = $1*256*256*256+$2*256*256+$3*256+$4; - $a2 =~ m/^(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)\.(\d\d?\d?)/; - my $v2 = $1*256*256*256+$2*256*256+$3*256+$4; - return 0 if ($v1 > $v2); - return 1; -} - -sub validate_ipv4_negate { - my $value = shift; - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - return validate_ipv4($value); -} - -sub validate_ipv4net_negate { - my $value = shift; - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - return validate_ipv4net($value); -} - -sub validate_ipv4range_negate { - my $value = shift; - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - return validate_ipv4range($value); -} - -sub validate_iptables4_addr { - my $value = shift; - return 0 if (!validate_ipv4_negate($value) - && !validate_ipv4net_negate($value) - && !validate_ipv4range_negate($value)); - return 1; -} - -sub validate_protocol { - my $value = shift; - $value = lc $value; - return 1 if ($value eq 'all'); - - if ($value =~ /^\d+$/) { - # 0 has special meaning to iptables - return 1 if $value >= 1 and $value <= 255; - } - - return defined getprotobyname($value); -} - -sub validate_protocol_negate { - my $value = shift; - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - return validate_protocol($value); -} - -sub validate_macaddr { - my $value = shift; - $value = lc $value; - my $byte = '[0-9a-f]{2}'; - return 1 if ($value =~ /^$byte(:$byte){5}$/); -} - -sub validate_macaddr_negate { - my $value = shift; - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - return validate_macaddr($value); -} - -# IPv6 syntax definition -my $RE_IPV4_BYTE = '((25[0-5])|(2[0-4][0-9])|([01][0-9][0-9])|([0-9]{1,2}))'; -my $RE_IPV4 = "$RE_IPV4_BYTE(\.$RE_IPV4_BYTE){3}"; -my $RE_H16 = '([a-fA-F0-9]{1,4})'; -my $RE_H16_COLON = "($RE_H16:)"; -my $RE_LS32 = "(($RE_H16:$RE_H16)|($RE_IPV4))"; -my $RE_IPV6_P1 = "($RE_H16_COLON)\{6\}$RE_LS32"; -my $RE_IPV6_P2 = "::($RE_H16_COLON)\{5\}$RE_LS32"; -my $RE_IPV6_P3 = "($RE_H16)?::($RE_H16_COLON)\{4\}$RE_LS32"; -my $RE_IPV6_P4 = "(($RE_H16_COLON)\{0,1\}$RE_H16)?" - . "::($RE_H16_COLON)\{3\}$RE_LS32"; -my $RE_IPV6_P5 = "(($RE_H16_COLON)\{0,2\}$RE_H16)?" - . "::($RE_H16_COLON)\{2\}$RE_LS32"; -my $RE_IPV6_P6 = "(($RE_H16_COLON)\{0,3\}$RE_H16)?" - . "::($RE_H16_COLON)\{1\}$RE_LS32"; -my $RE_IPV6_P7 = "(($RE_H16_COLON)\{0,4\}$RE_H16)?::$RE_LS32"; -my $RE_IPV6_P8 = "(($RE_H16_COLON)\{0,5\}$RE_H16)?::$RE_H16"; -my $RE_IPV6_P9 = "(($RE_H16_COLON)\{0,6\}$RE_H16)?::"; -my $RE_IPV6 = "($RE_IPV6_P1)|($RE_IPV6_P2)|($RE_IPV6_P3)|($RE_IPV6_P4)" - . "|($RE_IPV6_P5)|($RE_IPV6_P6)|($RE_IPV6_P7)|($RE_IPV6_P8)" - . "|($RE_IPV6_P9)"; - -sub validate_ipv6 { - $_ = shift; - return 0 if (!/^$RE_IPV6$/); - return 1; -} - -sub validate_ipv6_negate { - my $value = shift; - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - return validate_ipv6($value); -} - -sub validate_ipv6net { - my $value = shift; - - if ($value =~ m/^(.*)\/(.*)$/) { - my $ipv6_addr = $1; - my $prefix_length = $2; - if ($prefix_length < 0 || $prefix_length > 128) { - return 0; - } - return validate_ipv6($ipv6_addr); - - } else { - return 0; - } -} - -sub validate_ipv6net_negate { - my $value = shift; - - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - return validate_ipv6net($value); -} - -# Validate a 16-bit hex value, no leading "0x" -sub validate_hex_16_bits { - my $value = shift; - $value = lc $value; - return 1 if ($value =~ /^[0-9a-f]{4}$/) -} - -# Validate a 32-bit hex value, no leading "0x" -sub validate_hex_32_bits { - my $value = shift; - $value = lc $value; - return 1 if ($value =~ /^[0-9a-f]{8}$/) -} - -# Validate the overloaded IPv6 source and destination address parameter in -# the firewall configuration tree. -sub validate_ipv6_addr_param { - my $value = shift; - - # leading exclamation point is valid in all three formats - if ($value =~ m/^\!(.*)$/) { - $value = $1; - } - - if ($value =~ m/^(.*)-(.*)$/) { - # first format: <ipv6addr>-<ipv6-addr> - if (validate_ipv6($1)) { - return validate_ipv6($2); - } else { - return 0; - } - } - - elsif ($value =~ m/^(.*)\/(.*)$/) { - # Second format: <ipv6addr>/<prefix-len> - return validate_ipv6net($value); - } - - else { - # third format: <ipv6addr> - return validate_ipv6($value) - } -} - -# validate a restrictive filename -sub validate_restrictive_filename { - my $value = shift; - return (($value =~ /^[-_.a-zA-Z0-9]+$/) ? 1 : 0); -} - -# validate that a string does not contain bash special chars -sub validate_no_bash_special { - my $value = shift; - return (($value =~ /[;&"'`!\$><|]/) ? 0 : 1); -} - -sub validateType { - my ($type, $value, $quiet) = @_; - if (!defined($type) || !defined($value)) { - return 0; - } - if (!defined($type_handler{$type})) { - print "type \"$type\" not defined\n" if (!defined($quiet)); - return 0; - } - if (!&{$type_handler{$type}}($value)) { - print "\"$value\" is not a valid value of type \"$type\"\n" - if (!defined($quiet)); - return 0; - } - - return 1; -} - -sub findType { - my ($value, @candidates) = @_; - return if (!defined($value) || ((scalar @candidates) < 1)); # undef - - foreach my $type (@candidates) { - if (!defined($type_handler{$type})) { - next; - } - if (&{$type_handler{$type}}($value)) { - # the first valid type is returned - return $type; - } - } -} - -1; - -# Local Variables: -# mode: perl -# indent-tabs-mode: nil -# perl-indent-level: 2 -# End: |