summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolas Fort <nicolasfort1988@gmail.com>2022-03-12 15:10:52 +0000
committerNicolas Fort <nicolasfort1988@gmail.com>2022-03-12 15:10:52 +0000
commitff0e43807789f3c5c228683eaeb5fc4fbb8f75ce (patch)
tree01304cc7204e41769771b9aedb2990209ec9acb5
parent7d69edf280fd5c5757b8975e9310edfd8e1ea3be (diff)
downloadvyos-1x-ff0e43807789f3c5c228683eaeb5fc4fbb8f75ce.tar.gz
vyos-1x-ff0e43807789f3c5c228683eaeb5fc4fbb8f75ce.zip
Firewall: T4286: Correct ipv6-range validator
-rwxr-xr-xsrc/validators/ipv6-range31
1 files changed, 17 insertions, 14 deletions
diff --git a/src/validators/ipv6-range b/src/validators/ipv6-range
index a3c401281..7080860c4 100755
--- a/src/validators/ipv6-range
+++ b/src/validators/ipv6-range
@@ -1,17 +1,20 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
-import sys
-import re
-from vyos.template import is_ipv6
+from ipaddress import IPv6Address
+from sys import argv, exit
if __name__ == '__main__':
- if len(sys.argv)>1:
- ipv6_range = sys.argv[1]
- # Regex for ipv6-ipv6 https://regexr.com/
- if re.search('([a-f0-9:]+:+)+[a-f0-9]+-([a-f0-9:]+:+)+[a-f0-9]+', ipv6_range):
- for tmp in ipv6_range.split('-'):
- if not is_ipv6(tmp):
- print(f'Error: {ipv6_range} is not a valid IPv6 range')
- sys.exit(1)
-
- sys.exit(0)
+ if len(argv) > 1:
+ # try to pass validation and raise an error if failed
+ try:
+ ipv6_range = argv[1]
+ range_left = ipv6_range.split('-')[0]
+ range_right = ipv6_range.split('-')[1]
+ if not IPv6Address(range_left) < IPv6Address(range_right):
+ raise ValueError(f'left element {range_left} must be less than right element {range_right}')
+ except Exception as err:
+ print(f'Error: {ipv6_range} is not a valid IPv6 range: {err}')
+ exit(1)
+ else:
+ print('Error: an IPv6 range argument must be provided')
+ exit(1)