diff options
author | Christian Poessinger <christian@poessinger.com> | 2022-03-14 19:55:43 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-14 19:55:43 +0100 |
commit | 4924a82cbdc74c3bdaed60640ba805cc842f7f9c (patch) | |
tree | fd95a2a80b8269887083d4a004e0ee928e742541 /src | |
parent | 56febd155792b579d88281940acc97f95a10a712 (diff) | |
parent | ff0e43807789f3c5c228683eaeb5fc4fbb8f75ce (diff) | |
download | vyos-1x-4924a82cbdc74c3bdaed60640ba805cc842f7f9c.tar.gz vyos-1x-4924a82cbdc74c3bdaed60640ba805cc842f7f9c.zip |
Merge pull request #1247 from nicolas-fort/T4286
Firewall: T4286: Correct ipv6-range validator
Diffstat (limited to 'src')
-rwxr-xr-x | src/validators/ipv6-range | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/src/validators/ipv6-range b/src/validators/ipv6-range index a3c401281..7080860c4 100755 --- a/src/validators/ipv6-range +++ b/src/validators/ipv6-range @@ -1,17 +1,20 @@ -#!/usr/bin/python3 +#!/usr/bin/env python3 -import sys -import re -from vyos.template import is_ipv6 +from ipaddress import IPv6Address +from sys import argv, exit if __name__ == '__main__': - if len(sys.argv)>1: - ipv6_range = sys.argv[1] - # Regex for ipv6-ipv6 https://regexr.com/ - if re.search('([a-f0-9:]+:+)+[a-f0-9]+-([a-f0-9:]+:+)+[a-f0-9]+', ipv6_range): - for tmp in ipv6_range.split('-'): - if not is_ipv6(tmp): - print(f'Error: {ipv6_range} is not a valid IPv6 range') - sys.exit(1) - - sys.exit(0) + if len(argv) > 1: + # try to pass validation and raise an error if failed + try: + ipv6_range = argv[1] + range_left = ipv6_range.split('-')[0] + range_right = ipv6_range.split('-')[1] + if not IPv6Address(range_left) < IPv6Address(range_right): + raise ValueError(f'left element {range_left} must be less than right element {range_right}') + except Exception as err: + print(f'Error: {ipv6_range} is not a valid IPv6 range: {err}') + exit(1) + else: + print('Error: an IPv6 range argument must be provided') + exit(1) |