refact whitelist/allowlist: net.IP to net/netip

Author: mmetc

pkg/parser/whitelist.go

@@ -2,7 +2,7 @@ package parser
 
 import (
 	"fmt"
-	"net"
+	"net/netip"
 
 	"github.com/expr-lang/expr"
 	"github.com/expr-lang/expr/vm"
@@ -15,9 +15,9 @@ import (
 type Whitelist struct {
 	Reason  string   `yaml:"reason,omitempty"`
 	Ips     []string `yaml:"ip,omitempty"`
-	B_Ips   []net.IP
+	B_Ips   []netip.Addr
 	Cidrs   []string `yaml:"cidr,omitempty"`
-	B_Cidrs []*net.IPNet
+	B_Cidrs []netip.Prefix
 	Exprs   []string `yaml:"expression,omitempty"`
 	B_Exprs []*ExprWhitelist
 }
@@ -50,7 +50,7 @@ func (n *Node) CheckIPsWL(p *types.Event) bool {
 			break
 		}
 		for _, v := range n.Whitelist.B_Ips {
-			if v.Equal(src) {
+			if v == src {
 				n.Logger.Debugf("Event from [%s] is whitelisted by IP (%s), reason [%s]", src, v, n.Whitelist.Reason)
 				isWhitelisted = true
 				break
@@ -110,14 +110,17 @@ func (n *Node) CheckExprWL(cachedExprEnv map[string]interface{}, p *types.Event)
 
 func (n *Node) CompileWLs() (bool, error) {
 	for _, v := range n.Whitelist.Ips {
-		n.Whitelist.B_Ips = append(n.Whitelist.B_Ips, net.ParseIP(v))
-		n.Logger.Debugf("adding ip %s to whitelists", net.ParseIP(v))
+		if addr, err := netip.ParseAddr(v); err == nil {
+			n.Whitelist.B_Ips = append(n.Whitelist.B_Ips, addr)
+			n.Logger.Debugf("adding ip %s to whitelists", addr)
+		}
+		// XXX: handle error?
 	}
 
 	for _, v := range n.Whitelist.Cidrs {
-		_, tnet, err := net.ParseCIDR(v)
+		tnet, err := netip.ParsePrefix(v)
 		if err != nil {
-			return false, fmt.Errorf("unable to parse cidr whitelist '%s' : %v", v, err)
+			return false, fmt.Errorf("parsing whitelist: %w", err)
 		}
 		n.Whitelist.B_Cidrs = append(n.Whitelist.B_Cidrs, tnet)
 		n.Logger.Debugf("adding cidr %s to whitelists", tnet)

pkg/parser/whitelist_test.go

@@ -38,7 +38,7 @@ func TestWhitelistCompile(t *testing.T) {
 					"127.0.0.1/1000",
 				},
 			},
-			expectedErr: "invalid CIDR address",
+			expectedErr: `parsing whitelist: netip.ParsePrefix("127.0.0.1/1000"): prefix length out of range`,
 		},
 		{
 			name: "Valid EXPR whitelist",

pkg/types/event.go

@@ -1,7 +1,7 @@
 package types
 
 import (
-	"net"
+	"net/netip"
 	"strings"
 	"time"
 
@@ -117,17 +117,23 @@ func (e *Event) GetMeta(key string) string {
 	return ""
 }
 
-func (e *Event) ParseIPSources() []net.IP {
-	var srcs []net.IP
+func (e *Event) ParseIPSources() []netip.Addr {
+	var srcs []netip.Addr
 
 	switch e.Type {
 	case LOG:
-		if _, ok := e.Meta["source_ip"]; ok {
-			srcs = append(srcs, net.ParseIP(e.Meta["source_ip"]))
+		if val, ok := e.Meta["source_ip"]; ok {
+			if addr, err := netip.ParseAddr(val); err == nil {
+				srcs = append(srcs, addr)
+			}
+			// XXX handle error?
 		}
 	case OVFLW:
 		for k := range e.Overflow.Sources {
-			srcs = append(srcs, net.ParseIP(k))
+			if addr, err := netip.ParseAddr(k); err == nil {
+				srcs = append(srcs, addr)
+			}
+			// XXX handle error?
 		}
 	}