Add IP filter builtin function (#52)

* Initial plan

* Implement ipfilter builtin function with comprehensive tests

Co-authored-by: drewlanenga <[email protected]>

* Fix ipfilter return values for parsing errors

Co-authored-by: drewlanenga <[email protected]>

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: drewlanenga <[email protected]>

Author: Copilot

expr/builtins/builtins.go

@@ -135,6 +135,9 @@ func LoadAllBuiltins() {
 		// MySQL Builtins
 		expr.FuncAdd("cast", &Cast{})
 		expr.FuncAdd("char_length", &Length{})
+
+		// Network functions
+		expr.FuncAdd("ipfilter", &IPFilter{})
 	})
 }
 

expr/builtins/builtins_test.go

@@ -804,6 +804,25 @@ var builtinTests = []testBuiltins{
 	{`json.jmespath(json_field, "[?b].tags | [0 ")`, nil},
 	{`json.jmespath(json_bad, "[?b].tags | [0 ")`, value.ErrValue},
 	{`json.jmespath(json_object, "name")`, value.NewStringValue("bob")},
+
+	// IP Filter tests
+	{`ipfilter("192.168.1.100", "192.168.1.0/24")`, value.BoolValueTrue},
+	{`ipfilter("192.168.1.1", "192.168.1.0/24")`, value.BoolValueTrue},
+	{`ipfilter("192.168.1.254", "192.168.1.0/24")`, value.BoolValueTrue},
+	{`ipfilter("192.168.2.1", "192.168.1.0/24")`, value.BoolValueFalse},
+	{`ipfilter("10.0.0.1", "192.168.1.0/24")`, value.BoolValueFalse},
+	{`ipfilter("127.0.0.1", "127.0.0.0/8")`, value.BoolValueTrue},
+	{`ipfilter("128.0.0.1", "127.0.0.0/8")`, value.BoolValueFalse},
+	{`ipfilter("10.10.10.10", "10.0.0.0/8")`, value.BoolValueTrue},
+	{`ipfilter("11.10.10.10", "10.0.0.0/8")`, value.BoolValueFalse},
+	// IPv6 tests
+	{`ipfilter("2001:db8::1", "2001:db8::/32")`, value.BoolValueTrue},
+	{`ipfilter("2001:db9::1", "2001:db8::/32")`, value.BoolValueFalse},
+	{`ipfilter("::1", "::1/128")`, value.BoolValueTrue},
+	// Invalid inputs should fail evaluation
+	{`ipfilter("invalid.ip", "192.168.1.0/24")`, nil},
+	{`ipfilter("192.168.1.1", "invalid/cidr")`, nil},
+	{`ipfilter("192.168.1.1", "192.168.1.0/35")`, nil}, // Invalid CIDR range
 }
 
 var testValidation = []string{
@@ -923,6 +942,11 @@ var testValidation = []string{
 	`json.jmespath(json_field)`,    // Must have 2 args
 	`json.jmespath(json_field, 1)`, // Must have 2 args, 2nd must be string
 	`json.jmespath(json_bad, "")`,
+	
+	// IP Filter validation
+	`ipfilter()`,                     // Must have 2 args
+	`ipfilter("192.168.1.1")`,        // Must have 2 args
+	`ipfilter("192.168.1.1", "192.168.1.0/24", "extra")`, // Must have only 2 args
 }
 var testValidationx = []string{
 	`tolower()`, `lower(a,b)`, // must be one arg

expr/builtins/network.go

@@ -0,0 +1,56 @@
+package builtins
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/lytics/qlbridge/expr"
+	"github.com/lytics/qlbridge/value"
+)
+
+// IPFilter determines whether an IP address is contained within a given CIDR subnet
+//
+//	ipfilter("192.168.1.100", "192.168.1.0/24") => true
+//	ipfilter("10.0.0.1", "192.168.1.0/24") => false
+type IPFilter struct{}
+
+// Type is Bool
+func (m *IPFilter) Type() value.ValueType { return value.BoolType }
+
+func (m *IPFilter) Validate(n *expr.FuncNode) (expr.EvaluatorFunc, error) {
+	if len(n.Args) != 2 {
+		return nil, fmt.Errorf("Expected 2 args for ipfilter(ip_address, subnet_cidr) but got %s", n)
+	}
+	return ipFilterEval, nil
+}
+
+func ipFilterEval(ctx expr.EvalContext, args []value.Value) (value.Value, bool) {
+	// Convert arguments to strings
+	ipStr, ipOk := value.ValueToString(args[0])
+	cidrStr, cidrOk := value.ValueToString(args[1])
+
+	if !ipOk || !cidrOk {
+		return value.BoolValueFalse, false
+	}
+
+	// Parse the IP address
+	ip := net.ParseIP(ipStr)
+	if ip == nil {
+		// Invalid IP address
+		return value.BoolValueFalse, false
+	}
+
+	// Parse the CIDR notation
+	_, ipNet, err := net.ParseCIDR(cidrStr)
+	if err != nil {
+		// Invalid CIDR notation
+		return value.BoolValueFalse, false
+	}
+
+	// Check if IP is contained in the subnet
+	if ipNet.Contains(ip) {
+		return value.BoolValueTrue, true
+	}
+
+	return value.BoolValueFalse, true
+}