Better IPv4 validation (#177)

JohnPreston · web-flow · commit e91fc9285c81 · 2020-08-31T17:27:21.000+01:00
* Using ipaddress lib to validate entry
* Adding unittest
diff --git a/ecs_composex/ecs/ecs_service.py b/ecs_composex/ecs/ecs_service.py
@@ -60,6 +60,8 @@
     Instance as SdInstance,
 )
 
+from ipaddress import IPv4Interface
+
 from ecs_composex.common import add_parameters
 from ecs_composex.common import keyisset, LOG, NONALPHANUM
 from ecs_composex.common.cfn_conditions import USE_STACK_NAME_CON_T
@@ -88,11 +90,6 @@
 from ecs_composex.vpc import vpc_params
 from ecs_composex.vpc.vpc_params import VPC_ID, PUBLIC_SUBNETS
 
-CIDR_REG = r"""((((((([0-9]{1}\.))|([0-9]{2}\.)|
-(1[0-9]{2}\.)|(2[0-5]{2}\.)))){3})(((((([0-9]{1}))|
-([0-9]{2})|(1[0-9]{2})|(2[0-5]{2}))))){1,3})\/(([0-9])|([1-2][0-9])|((3[0-2])))$"""
-CIDR_PAT = re.compile(CIDR_REG)
-
 
 def flatten_ip(ip_str):
     """
@@ -297,12 +294,14 @@ def generate_security_group_props(allowed_source, service_name):
     if (
         keyisset("CidrIp", props)
         and isinstance(props["CidrIp"], str)
-        and not CIDR_PAT.match(props["CidrIp"])
     ):
-        LOG.error(f"Falty IP Address: {allowed_source} - ecs_service {service_name}")
-        raise ValueError(
-            "Not a valid IPv4 CIDR notation", props["CidrIp"], "Expected", CIDR_REG,
-        )
+        try:
+            IPv4Interface(props["CidrIp"])
+        except Exception as error:
+            LOG.error(f"Falty IP Address: {allowed_source} - ecs_service {service_name}")
+            raise ValueError(
+                "Not a valid IPv4 CIDR notation", props["CidrIp"], error
+            )
     return props
 
 
diff --git a/pytests/test_static_functions.py b/pytests/test_static_functions.py
@@ -0,0 +1,27 @@
+﻿#  -*- coding: utf-8 -*-
+#   ECS ComposeX <https://github.com/lambda-my-aws/ecs_composex>
+#   Copyright (C) 2020  John Mille <john@lambda-my-aws.io>
+#  #
+#   This program is free software: you can redistribute it and/or modify
+#   it under the terms of the GNU General Public License as published by
+#   the Free Software Foundation, either version 3 of the License, or
+#   (at your option) any later version.
+#  #
+#   This program is distributed in the hope that it will be useful,
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#   GNU General Public License for more details.
+#  #
+#   You should have received a copy of the GNU General Public License
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from pytest import raises
+
+from ecs_composex.ecs.ecs_service import generate_security_group_props
+
+
+def test_cidr_validation():
+    a = generate_security_group_props({"ipv4": "1.1.1.1/32"}, "abcd")
+    with raises(ValueError):
+        a = generate_security_group_props({"ipv4": "1.1.1.256/32"}, "abcd")
+        a = generate_security_group_props({"ipv4": "1.1.1.1/33"}, "abcd")
