From 8fa6359ba047fd8ea55706d47133390fb54d18cb Mon Sep 17 00:00:00 2001 From: Tee Ngo Date: Fri, 21 Jun 2019 11:00:24 -0400 Subject: [PATCH] Fix URL and IP address validators The current URL and IP address validators ported from config controller have some defficiencies. This commit leverages django URLValidator for URL validation and supplements the existing domain name/ip address validation with Ansible ipaddr filter test to catch missing/future formats. Verify the validation tasks with the following input - http://[2001:db8::1]:3128 - https://test.abc.com - ::1 - localhost - 127.0.0.1 - fe80::100/10 - 2001:db8:1::/64 - "[2001:db8::1]:8080" - 128.224.150.0/23 - test.abc.com - test.abc.com:3000 - 2001:db8:?::/32 (failed case) Closes-Bug: 1833710 Change-Id: Ib3345b41ab932cd434906725f709a8b9a0195e3f Signed-off-by: Tee Ngo --- playbookconfig/centos/playbookconfig.spec | 1 + .../tasks/validate_address.yml | 30 ++++++------------- .../validate-config/tasks/validate_url.yml | 9 +++--- 3 files changed, 15 insertions(+), 25 deletions(-) diff --git a/playbookconfig/centos/playbookconfig.spec b/playbookconfig/centos/playbookconfig.spec index c9e3d1ea6..ae270c5a1 100644 --- a/playbookconfig/centos/playbookconfig.spec +++ b/playbookconfig/centos/playbookconfig.spec @@ -13,6 +13,7 @@ Requires: python-netaddr Requires: sshpass Requires: python2-ptyprocess Requires: python2-pexpect +Requires: python2-django Requires: ansible %description diff --git a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml index 7d98b4f32..d51a9da04 100644 --- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml +++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_address.yml @@ -8,7 +8,7 @@ # Validate the format of docker registry/no-proxy address # -- name: Check if the supplied address is a valid domain name or ipv4 address +- name: Check if the supplied address is a valid domain name or ip address vars: script_content: | # Use this utility to be consistent with the current config_controller @@ -20,24 +20,12 @@ args: executable: /usr/bin/python failed_when: false - register: domain_name_ipv4_check + register: domain_name_ip_check - # The domain name check above should cover the domain name as well as - # IPv4 addressing with/without port. If it fails, check if it's ipv6 format -- block: - - name: Check if the supplied address is of ipv6 with port format - set_fact: - ipv6_with_port: true - when: input_address is search("\[") and input_address is search("\]") - - - name: Fail if the supplied address is not a valid ipv6 - fail: - msg: "{{ input_address }} is an invalid address!." - when: (not ipv6_with_port) and (input_address|ipv6 == false) - - - name: Fail if the supplied address is not a valid ipv6 with port - fail: - msg: "{{ input_address }} is an invalid address!." - when: (ipv6_with_port) and - ((input_address.split('[')[1]).split(']')[0]|ipv6 == false) - when: domain_name_ipv4_check.rc != 0 +# Do the final catch-all check using Ansible ipaddr filter to pick up +# addresses with CIDR notation and whatever future valid formats will be. +- name: Fail if the supplied address is not a valid domain name or ip address + fail: + msg: "{{ input_address }} is an invalid address!." + when: (domain_name_ip_check.rc != 0) and + (input_address | ipaddr == false) diff --git a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_url.yml b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_url.yml index 753323297..afd323d60 100644 --- a/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_url.yml +++ b/playbookconfig/playbookconfig/playbooks/bootstrap/roles/validate-config/tasks/validate_url.yml @@ -12,10 +12,11 @@ - name: Check if the supplied proxy is a valid URL vars: script_content: | - # Use this utility to be consistent with the current config_controller - # and sysinv - from controllerconfig.utils import is_valid_url - if not is_valid_url( "{{ input_url }}" ): + # Make use of django URL Validator + from django.core.validators import URLValidator + try: + URLValidator()( "{{ input_url }}" ) + except Exception: raise Exception("Invalid url format!") shell: "{{ script_content }}" args: