25 files changed, 428 insertions, 0 deletions
diff --git a/src/validators/dotted-decimal b/src/validators/dotted-decimal
new file mode 100755
index 000000000..652110346
--- /dev/null
+++ b/src/validators/dotted-decimal
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+import sys
+
+area = sys.argv[1]
+
+res = re.match(r'^(\d+)\.(\d+)\.(\d+)\.(\d+)$', area)
+if not res:
+    print("\'{0}\' is not a valid dotted decimal value".format(area))
+    sys.exit(1)
+else:
+    components = res.groups()
+    for n in range(0, 4):
+        if (int(components[n]) > 255):
+            print("Invalid component of a dotted decimal value: {0} exceeds 255".format(components[n]))
+            sys.exit(1)
+
+sys.exit(0)
diff --git a/src/validators/file-exists b/src/validators/file-exists
new file mode 100755
index 000000000..5cef6b199
--- /dev/null
+++ b/src/validators/file-exists
@@ -0,0 +1,61 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# Description:
+# Check if a given file exists on the system. Used for files that
+# are referenced from the CLI and need to be preserved during an image upgrade.
+# Warn the user if these aren't under /config
+
+import os
+import sys
+import argparse
+
+
+def exit(strict, message):
+    if strict:
+        sys.exit(f'ERROR: {message}')
+    print(f'WARNING: {message}', file=sys.stderr)
+    sys.exit()
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-d", "--directory", type=str, help="File must be present in this directory.")
+    parser.add_argument("-e", "--error", action="store_true", help="Tread warnings as errors - change exit code to '1'")
+    parser.add_argument("file", type=str, help="Path of file to validate")
+
+    args = parser.parse_args()
+
+    #
+    # Always check if the given file exists
+    #
+    if not os.path.exists(args.file):
+        exit(args.error, f"File '{args.file}' not found")
+
+    #
+    # Optional check if the file is under a certain directory path
+    #
+    if args.directory:
+        # remove directory path from path to verify
+        rel_filename = args.file.replace(args.directory, '').lstrip('/')
+
+        if not os.path.exists(args.directory + '/' + rel_filename):
+            exit(args.error,
+                f"'{args.file}' lies outside of '{args.directory}' directory.\n"
+                  "It will not get preserved during image upgrade!"
+            )
+
+    sys.exit()
diff --git a/src/validators/fqdn b/src/validators/fqdn
new file mode 100755
index 000000000..347ffda42
--- /dev/null
+++ b/src/validators/fqdn
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+import sys
+
+
+# pattern copied from: https://www.regextester.com/103452
+pattern = "(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)"
+
+
+if __name__ == '__main__':
+    if len(sys.argv) != 2:
+        sys.exit(1)
+    if not re.match(pattern, sys.argv[1]):
+        sys.exit(1)
+    sys.exit(0)
diff --git a/src/validators/interface-address b/src/validators/interface-address
new file mode 100755
index 000000000..4c203956b
--- /dev/null
+++ b/src/validators/interface-address
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv4-host $1 || ipaddrcheck --is-ipv6-host $1 
diff --git a/src/validators/ip-address b/src/validators/ip-address
new file mode 100755
index 000000000..51fb72c85
--- /dev/null
+++ b/src/validators/ip-address
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-any-single $1
diff --git a/src/validators/ip-cidr b/src/validators/ip-cidr
new file mode 100755
index 000000000..987bf84ca
--- /dev/null
+++ b/src/validators/ip-cidr
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-any-cidr $1
diff --git a/src/validators/ip-host b/src/validators/ip-host
new file mode 100755
index 000000000..f2906e8cf
--- /dev/null
+++ b/src/validators/ip-host
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-any-host $1
diff --git a/src/validators/ip-prefix b/src/validators/ip-prefix
new file mode 100755
index 000000000..e58aad395
--- /dev/null
+++ b/src/validators/ip-prefix
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-any-net $1
diff --git a/src/validators/ip-protocol b/src/validators/ip-protocol
new file mode 100755
index 000000000..078f8e319
--- /dev/null
+++ b/src/validators/ip-protocol
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+from sys import argv,exit
+
+if __name__ == '__main__':
+    if len(argv) != 2:
+        exit(1)
+
+    input = argv[1]
+    try:
+        # IP protocol can be in the range 0 - 255, thus the range must end with 256
+        if int(input) in range(0, 256):
+            exit(0)
+    except ValueError:
+        pass
+
+    pattern = "!?\\b(all|ip|hopopt|icmp|igmp|ggp|ipencap|st|tcp|egp|igp|pup|udp|" \
+              "tcp_udp|hmp|xns-idp|rdp|iso-tp4|dccp|xtp|ddp|idpr-cmtp|ipv6|" \
+              "ipv6-route|ipv6-frag|idrp|rsvp|gre|esp|ah|skip|ipv6-icmp|" \
+              "ipv6-nonxt|ipv6-opts|rspf|vmtp|eigrp|ospf|ax.25|ipip|etherip|" \
+              "encap|99|pim|ipcomp|vrrp|l2tp|isis|sctp|fc|mobility-header|" \
+              "udplite|mpls-in-ip|manet|hip|shim6|wesp|rohc)\\b"
+    if re.match(pattern, input):
+        exit(0)
+
+    exit(1)
diff --git a/src/validators/ipv4-address b/src/validators/ipv4-address
new file mode 100755
index 000000000..872a7645a
--- /dev/null
+++ b/src/validators/ipv4-address
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv4-single $1
diff --git a/src/validators/ipv4-address-exclude b/src/validators/ipv4-address-exclude
new file mode 100755
index 000000000..80ad17d45
--- /dev/null
+++ b/src/validators/ipv4-address-exclude
@@ -0,0 +1,7 @@
+#!/bin/sh
+arg="$1"
+if [ "${arg:0:1}" != "!" ]; then
+  exit 1
+fi
+path=$(dirname "$0")
+${path}/ipv4-address "${arg:1}"
diff --git a/src/validators/ipv4-host b/src/validators/ipv4-host
new file mode 100755
index 000000000..f42feffa4
--- /dev/null
+++ b/src/validators/ipv4-host
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv4-host $1
diff --git a/src/validators/ipv4-prefix b/src/validators/ipv4-prefix
new file mode 100755
index 000000000..8ec8a2c45
--- /dev/null
+++ b/src/validators/ipv4-prefix
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv4-net $1
diff --git a/src/validators/ipv4-prefix-exclude b/src/validators/ipv4-prefix-exclude
new file mode 100755
index 000000000..4f7de400a
--- /dev/null
+++ b/src/validators/ipv4-prefix-exclude
@@ -0,0 +1,7 @@
+#!/bin/sh
+arg="$1"
+if [ "${arg:0:1}" != "!" ]; then
+  exit 1
+fi
+path=$(dirname "$0")
+${path}/ipv4-prefix "${arg:1}"
diff --git a/src/validators/ipv4-range b/src/validators/ipv4-range
new file mode 100755
index 000000000..ae3f3f163
--- /dev/null
+++ b/src/validators/ipv4-range
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+# snippet from https://stackoverflow.com/questions/10768160/ip-address-converter
+ip2dec () {
+    local a b c d ip=$@
+    IFS=. read -r a b c d <<< "$ip"
+    printf '%d\n' "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))"
+}
+
+# Only run this if there is a hypen present in $1
+if [[ "$1" =~ "-" ]]; then
+  # This only works with real bash (<<<) - split IP addresses into array with
+  # hyphen as delimiter
+  readarray -d - -t strarr <<< $1
+
+  ipaddrcheck --is-ipv4-single ${strarr[0]}
+  if [ $? -gt 0 ]; then
+    exit 1
+  fi
+
+  ipaddrcheck --is-ipv4-single ${strarr[1]}
+  if [ $? -gt 0 ]; then
+    exit 1
+  fi
+
+  start=$(ip2dec ${strarr[0]})
+  stop=$(ip2dec ${strarr[1]})
+  if [ $start -ge $stop ]; then
+    exit 1
+  fi
+fi
+
+exit 0
diff --git a/src/validators/ipv4-range-exclude b/src/validators/ipv4-range-exclude
new file mode 100755
index 000000000..3787b4dec
--- /dev/null
+++ b/src/validators/ipv4-range-exclude
@@ -0,0 +1,7 @@
+#!/bin/sh
+arg="$1"
+if [ "${arg:0:1}" != "!" ]; then
+  exit 1
+fi
+path=$(dirname "$0")
+${path}/ipv4-range "${arg:1}"
diff --git a/src/validators/ipv6 b/src/validators/ipv6
new file mode 100755
index 000000000..f18d4a63e
--- /dev/null
+++ b/src/validators/ipv6
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv6 $1
diff --git a/src/validators/ipv6-address b/src/validators/ipv6-address
new file mode 100755
index 000000000..e5d68d756
--- /dev/null
+++ b/src/validators/ipv6-address
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv6-single $1
diff --git a/src/validators/ipv6-host b/src/validators/ipv6-host
new file mode 100755
index 000000000..f7a745077
--- /dev/null
+++ b/src/validators/ipv6-host
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv6-host $1
diff --git a/src/validators/ipv6-prefix b/src/validators/ipv6-prefix
new file mode 100755
index 000000000..e43616350
--- /dev/null
+++ b/src/validators/ipv6-prefix
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+ipaddrcheck --is-ipv6-net $1
diff --git a/src/validators/mac-address b/src/validators/mac-address
new file mode 100755
index 000000000..b2d3496f4
--- /dev/null
+++ b/src/validators/mac-address
@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018-2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+import sys
+
+
+pattern = "^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$"
+
+
+if __name__ == '__main__':
+    if len(sys.argv) != 2:
+        sys.exit(1)
+    if not re.match(pattern, sys.argv[1]):
+        sys.exit(1)
+    sys.exit(0)
diff --git a/src/validators/script b/src/validators/script
new file mode 100755
index 000000000..2665ec1f6
--- /dev/null
+++ b/src/validators/script
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+#
+# numeric value validator
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import sys
+import shlex
+
+import vyos.util
+
+
+if __name__ == '__main__':
+    if len(sys.argv) < 2:
+        sys.exit('Please specify script file to check')
+
+    # if the "script" is a script+ stowaway arguments, this removes the aguements
+    script = shlex.split(sys.argv[1])[0]
+
+    if not os.path.exists(script):
+        sys.exit(f'File {script} does not exist')
+
+    if not (os.path.isfile(script) and os.access(script, os.X_OK)):
+        sys.exit('File {script} is not an executable file')
+
+    # File outside the config dir is just a warning
+    if not vyos.util.file_is_persistent(script):
+        sys.exit(
+            'Warning: file {path} is outside the / config directory\n'
+            'It will not be automatically migrated to a new image on system update'
+        )
diff --git a/src/validators/timezone b/src/validators/timezone
new file mode 100755
index 000000000..baf5abca2
--- /dev/null
+++ b/src/validators/timezone
@@ -0,0 +1,33 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import argparse
+import sys
+
+from vyos.util import cmd
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--validate", action="store", required=True, help="Check if timezone is valid")
+    args = parser.parse_args()
+
+    tz_data = cmd('find /usr/share/zoneinfo/posix -type f -or -type l | sed -e s:/usr/share/zoneinfo/posix/::')
+    tz_data = tz_data.split('\n')
+
+    if args.validate not in tz_data:
+        sys.exit("the timezone can't be found in the timezone list")
+    sys.exit()
diff --git a/src/validators/vrf-name b/src/validators/vrf-name
new file mode 100755
index 000000000..7b6313888
--- /dev/null
+++ b/src/validators/vrf-name
@@ -0,0 +1,41 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+from sys import argv, exit
+
+if __name__ == '__main__':
+    if len(argv) != 2:
+        exit(1)
+
+    vrf = argv[1]
+    length = len(vrf)
+
+    if length not in range(1, 16):
+        exit(1)
+
+    # Treat loopback interface "lo" explicitly. Adding "lo" explicitly to the
+    # following regex pattern would deny any VRF name starting with lo - thuse
+    # local-vrf would be illegal - and that we do not want.
+    if vrf == "lo":
+        exit(1)
+
+    pattern = "^(?!(bond|br|dum|eth|lan|eno|ens|enp|enx|gnv|ipoe|l2tp|l2tpeth|" \
+              "vtun|ppp|pppoe|peth|tun|vti|vxlan|wg|wlan|wlm)\d+(\.\d+(v.+)?)?$).*$"
+    if not re.match(pattern, vrf):
+        exit(1)
+
+    exit(0)
diff --git a/src/validators/wireless-phy b/src/validators/wireless-phy
new file mode 100755
index 000000000..513a902de
--- /dev/null
+++ b/src/validators/wireless-phy
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# Copyright (C) 2018-2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+if [ ! -d /sys/class/ieee80211 ]; then
+    echo No IEEE 802.11 physical interfaces detected
+    exit 1
+fi
+
+if [ ! -e /sys/class/ieee80211/$1 ]; then
+    echo Device interface "$1" does not exist
+    exit 1
+fi