Merge branch 'develop' of https://github.com/SolidProgramming/firewall-orchestrator into feature_2822

SolidProgramming · SolidProgramming · commit b72e1476c2f0 · 2025-03-19T16:11:54.000+01:00
diff --git a/roles/lib/files/FWO.Api.Client/APIcalls/owner/newNetworkOwnership.graphql b/roles/lib/files/FWO.Api.Client/APIcalls/owner/newNetworkOwnership.graphql
@@ -7,6 +7,8 @@ mutation newNetworkOwnership(
     owner_id: $ownerId
     ip: $ip
     ip_end: $ip_end
+    is_deleted: false
+    nw_type: 10
   }) {
     returning {
       newIdLong: id
diff --git a/roles/lib/files/FWO.Report/ReportAppRules.cs b/roles/lib/files/FWO.Report/ReportAppRules.cs
@@ -1,4 +1,4 @@
-﻿using FWO.Api.Client;
+using FWO.Api.Client;
 using FWO.Api.Client.Queries;
 using FWO.Data;
 using FWO.Data.Report;
@@ -63,13 +63,13 @@ private async Task PrepareAppRulesReport(ApiConnection apiConnection)
                                 List<NetworkLocation> disregardedFroms = [.. rule.Froms];
                                 if(modellingFilter.ShowSourceMatch)
                                 {
-                                    (relevantFroms, disregardedFroms) = CheckNetworkObjects(rule.Froms);
+                                    (relevantFroms, disregardedFroms) = CheckNetworkObjects(rule.Froms, rule.SourceNegated);
                                 }
                                 List<NetworkLocation> relevantTos = [];
                                 List<NetworkLocation> disregardedTos = [.. rule.Tos];
                                 if(modellingFilter.ShowDestinationMatch)
                                 {
-                                    (relevantTos, disregardedTos) = CheckNetworkObjects(rule.Tos);
+                                    (relevantTos, disregardedTos) = CheckNetworkObjects(rule.Tos, rule.DestinationNegated);
                                 }
 
                                 if(relevantFroms.Count > 0 || relevantTos.Count > 0)
@@ -107,7 +107,7 @@ private async Task GetAppServers(ApiConnection apiConnection)
                 IPAddress.Parse((s.IpEnd != "" ? s.IpEnd : s.Ip).StripOffNetmask())))];
         }
 
-        private (List<NetworkLocation>, List<NetworkLocation>) CheckNetworkObjects(NetworkLocation[] objList)
+        private (List<NetworkLocation>, List<NetworkLocation>) CheckNetworkObjects(NetworkLocation[] objList, bool negated)
         {
             List<NetworkLocation> relevantObjects = [];
             List<NetworkLocation> disregardedObjects = [];
@@ -131,15 +131,15 @@ private async Task GetAppServers(ApiConnection apiConnection)
                     {
                         foreach(var grpobj in obj.Object.ObjectGroupFlats)
                         {
-                            if(grpobj.Object != null && CheckObj(grpobj.Object))
+                            if(grpobj.Object != null && CheckObj(grpobj.Object, negated))
                             {
                                 relevantObjects.Add(obj);
                                 found = true;
                                 break;
                             }
                         }
                     }
-                    else if(CheckObj(obj.Object))
+                    else if(CheckObj(obj.Object, negated))
                     {
                         relevantObjects.Add(obj);
                         found = true;
@@ -153,13 +153,27 @@ private async Task GetAppServers(ApiConnection apiConnection)
             return (relevantObjects, disregardedObjects);
         }
 
-        private bool CheckObj(NetworkObject obj)
+        private bool CheckObj(NetworkObject obj, bool negated)
         {
             foreach(var ownerIpRange in ownerIps)
             {
-                if(obj.IP != null &&
-                    IpOperations.RangeOverlapExists(new IPAddressRange(IPAddress.Parse(obj.IP.StripOffNetmask()),
-                    IPAddress.Parse((obj.IpEnd != null && obj.IpEnd != "" ? obj.IpEnd : obj.IP).StripOffNetmask())), ownerIpRange))
+                if(obj.IP == null)
+                {
+                    continue;
+                }
+
+                IPAddressRange objRange = new(IPAddress.Parse(obj.IP.StripOffNetmask()),
+                    IPAddress.Parse((obj.IpEnd != null && obj.IpEnd != "" ? obj.IpEnd : obj.IP).StripOffNetmask()));
+
+                if(negated)
+                {
+                    if (IpOperations.IpToUint(ownerIpRange.Begin) < IpOperations.IpToUint(objRange.Begin) ||
+                            (IpOperations.IpToUint(ownerIpRange.End) > IpOperations.IpToUint(objRange.End)))
+                    {
+                        return true;
+                    }
+                }
+                else if(IpOperations.RangeOverlapExists(objRange, ownerIpRange))
                 {
                     return true;
                 }
@@ -185,7 +199,7 @@ private void PrepareFilter(ManagementReport mgt)
                             {
                                 foreach(var grpobj in from.Object.ObjectGroupFlats)
                                 {
-                                    if(grpobj.Object != null && CheckObj(grpobj.Object))
+                                    if(grpobj.Object != null && CheckObj(grpobj.Object, rule.SourceNegated))
                                     {
                                         mgt.HighlightedObjectIds.Add(grpobj.Object.Id);
                                     }
@@ -207,7 +221,7 @@ private void PrepareFilter(ManagementReport mgt)
                             {
                                 foreach(var grpobj in to.Object.ObjectGroupFlats)
                                 {
-                                    if(grpobj.Object != null && CheckObj(grpobj.Object))
+                                    if(grpobj.Object != null && CheckObj(grpobj.Object, rule.DestinationNegated))
                                     {
                                         mgt.HighlightedObjectIds.Add(grpobj.Object.Id);
                                     }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-using FWO.Api.Client;`
	`1`	`+using FWO.Api.Client;`
`2`	`2`	`using FWO.Api.Client.Queries;`
`3`	`3`	`using FWO.Data;`
`4`	`4`	`using FWO.Data.Report;`
`@@ -63,13 +63,13 @@ private async Task PrepareAppRulesReport(ApiConnection apiConnection)`
`63`	`63`	`List<NetworkLocation> disregardedFroms = [.. rule.Froms];`
`64`	`64`	`if(modellingFilter.ShowSourceMatch)`
`65`	`65`	`{`
`66`		`- (relevantFroms, disregardedFroms) = CheckNetworkObjects(rule.Froms);`
	`66`	`+ (relevantFroms, disregardedFroms) = CheckNetworkObjects(rule.Froms, rule.SourceNegated);`
`67`	`67`	`}`
`68`	`68`	`List<NetworkLocation> relevantTos = [];`
`69`	`69`	`List<NetworkLocation> disregardedTos = [.. rule.Tos];`
`70`	`70`	`if(modellingFilter.ShowDestinationMatch)`
`71`	`71`	`{`
`72`		`- (relevantTos, disregardedTos) = CheckNetworkObjects(rule.Tos);`
	`72`	`+ (relevantTos, disregardedTos) = CheckNetworkObjects(rule.Tos, rule.DestinationNegated);`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`if(relevantFroms.Count > 0 \|\| relevantTos.Count > 0)`
`@@ -107,7 +107,7 @@ private async Task GetAppServers(ApiConnection apiConnection)`
`107`	`107`	`IPAddress.Parse((s.IpEnd != "" ? s.IpEnd : s.Ip).StripOffNetmask())))];`
`108`	`108`	`}`
`109`	`109`
`110`		`- private (List<NetworkLocation>, List<NetworkLocation>) CheckNetworkObjects(NetworkLocation[] objList)`
	`110`	`+ private (List<NetworkLocation>, List<NetworkLocation>) CheckNetworkObjects(NetworkLocation[] objList, bool negated)`
`111`	`111`	`{`
`112`	`112`	`List<NetworkLocation> relevantObjects = [];`
`113`	`113`	`List<NetworkLocation> disregardedObjects = [];`
`@@ -131,15 +131,15 @@ private async Task GetAppServers(ApiConnection apiConnection)`
`131`	`131`	`{`
`132`	`132`	`foreach(var grpobj in obj.Object.ObjectGroupFlats)`
`133`	`133`	`{`
`134`		`- if(grpobj.Object != null && CheckObj(grpobj.Object))`
	`134`	`+ if(grpobj.Object != null && CheckObj(grpobj.Object, negated))`
`135`	`135`	`{`
`136`	`136`	`relevantObjects.Add(obj);`
`137`	`137`	`found = true;`
`138`	`138`	`break;`
`139`	`139`	`}`
`140`	`140`	`}`
`141`	`141`	`}`
`142`		`- else if(CheckObj(obj.Object))`
	`142`	`+ else if(CheckObj(obj.Object, negated))`
`143`	`143`	`{`
`144`	`144`	`relevantObjects.Add(obj);`
`145`	`145`	`found = true;`
`@@ -153,13 +153,27 @@ private async Task GetAppServers(ApiConnection apiConnection)`
`153`	`153`	`return (relevantObjects, disregardedObjects);`
`154`	`154`	`}`
`155`	`155`
`156`		`- private bool CheckObj(NetworkObject obj)`
	`156`	`+ private bool CheckObj(NetworkObject obj, bool negated)`
`157`	`157`	`{`
`158`	`158`	`foreach(var ownerIpRange in ownerIps)`
`159`	`159`	`{`
`160`		`- if(obj.IP != null &&`
`161`		`- IpOperations.RangeOverlapExists(new IPAddressRange(IPAddress.Parse(obj.IP.StripOffNetmask()),`
`162`		`- IPAddress.Parse((obj.IpEnd != null && obj.IpEnd != "" ? obj.IpEnd : obj.IP).StripOffNetmask())), ownerIpRange))`
	`160`	`+ if(obj.IP == null)`
	`161`	`+ {`
	`162`	`+ continue;`
	`163`	`+ }`
	`164`	`+`
	`165`	`+ IPAddressRange objRange = new(IPAddress.Parse(obj.IP.StripOffNetmask()),`
	`166`	`+ IPAddress.Parse((obj.IpEnd != null && obj.IpEnd != "" ? obj.IpEnd : obj.IP).StripOffNetmask()));`
	`167`	`+`
	`168`	`+ if(negated)`
	`169`	`+ {`
	`170`	`+ if (IpOperations.IpToUint(ownerIpRange.Begin) < IpOperations.IpToUint(objRange.Begin) \|\|`
	`171`	`+ (IpOperations.IpToUint(ownerIpRange.End) > IpOperations.IpToUint(objRange.End)))`
	`172`	`+ {`
	`173`	`+ return true;`
	`174`	`+ }`
	`175`	`+ }`
	`176`	`+ else if(IpOperations.RangeOverlapExists(objRange, ownerIpRange))`
`163`	`177`	`{`
`164`	`178`	`return true;`
`165`	`179`	`}`
`@@ -185,7 +199,7 @@ private void PrepareFilter(ManagementReport mgt)`
`185`	`199`	`{`
`186`	`200`	`foreach(var grpobj in from.Object.ObjectGroupFlats)`
`187`	`201`	`{`
`188`		`- if(grpobj.Object != null && CheckObj(grpobj.Object))`
	`202`	`+ if(grpobj.Object != null && CheckObj(grpobj.Object, rule.SourceNegated))`
`189`	`203`	`{`
`190`	`204`	`mgt.HighlightedObjectIds.Add(grpobj.Object.Id);`
`191`	`205`	`}`
`@@ -207,7 +221,7 @@ private void PrepareFilter(ManagementReport mgt)`
`207`	`221`	`{`
`208`	`222`	`foreach(var grpobj in to.Object.ObjectGroupFlats)`
`209`	`223`	`{`
`210`		`- if(grpobj.Object != null && CheckObj(grpobj.Object))`
	`224`	`+ if(grpobj.Object != null && CheckObj(grpobj.Object, rule.DestinationNegated))`
`211`	`225`	`{`
`212`	`226`	`mgt.HighlightedObjectIds.Add(grpobj.Object.Id);`
`213`	`227`	`}`