fix: [NPM] add check for invalid /0 cidr (#1739)

ck319 · huntergregory · web-flow · commit d7e4f6c98453 · 2023-03-08T12:50:07.000-08:00
* add check for invalid /0 cidr

* added UT for valid cidr

---------

Co-authored-by: Hunter Gregory &lt;42728408+huntergregory@users.noreply.github.com&gt;
diff --git a/npm/pkg/dataplane/ipsets/ipsetmanager_test.go b/npm/pkg/dataplane/ipsets/ipsetmanager_test.go
@@ -1546,6 +1546,16 @@ func TestValidateIPSetMemberIP(t *testing.T) {
 			ipblock: "2345:0425:2CA1:0000:0000:0567:5673:23b5 nomatch",
 			want:    false,
 		},
+		{
+			name:    "invalid/0",
+			ipblock: "1.1.1.1/0",
+			want:    false,
+		},
+		{
+			name:    "valid/0",
+			ipblock: "0.0.0.0/0",
+			want:    true,
+		},
 	}
 
 	for _, tt := range tests {
diff --git a/npm/util/util.go b/npm/util/util.go
@@ -322,6 +322,10 @@ func SliceToString(list []string) string {
 func IsIPV4(ip string) bool {
 	isIPBlock := strings.Contains(ip, "/")
 	ipOnly := strings.Split(ip, "/")
+	if strings.Contains(ip, "/0") && ipOnly[0] != "0.0.0.0" {
+		return false
+	}
+
 	address, err := netip.ParseAddr(ipOnly[0])
 	if err != nil {
 		return false
