diff --git a/pkg/router/template/template_helper.go b/pkg/router/template/template_helper.go index 3bf0c821b..a1a47d93b 100644 --- a/pkg/router/template/template_helper.go +++ b/pkg/router/template/template_helper.go @@ -367,26 +367,40 @@ func parseIPList(list string) string { trimmedList := strings.TrimSpace(list) if trimmedList == "" { + log.V(0).Info("parseIPList empty list found") return "" } // same behavior as the previous approach with regexp if trimmedList != list { - log.V(7).Info("parseIPList leading/trailing spaces found") + log.V(0).Info("parseIPList leading/trailing spaces found") return "" } + var validIPs []string + ipList := strings.Fields(list) for _, ip := range ipList { - if net.ParseIP(ip) == nil { - if _, _, err := net.ParseCIDR(ip); err != nil { - log.V(7).Info("parseIPList found not IP/CIDR item", "value", ip, "err", err) - return "" - } + // check if it's a valid IP + if net.ParseIP(ip) != nil { + validIPs = append(validIPs, ip) + } else if _, _, err := net.ParseCIDR(ip); err == nil { + // check if it's a valid CIDR + validIPs = append(validIPs, ip) + } else { + // Log invalid IP/CIDR + log.V(0).Info("parseIPList found invalid IP/CIDR", ip) } } - log.V(7).Info("parseIPList parsed the list", "value", list) - return list + + if len(validIPs) == 0 { + log.V(0).Info("No valid IP/CIDR in the list") + return "" + } + + result := strings.Join(validIPs, " ") + log.V(7).Info("parseIPList parsed the list", "validIPs", result) + return result } var helperFunctions = template.FuncMap{ diff --git a/pkg/router/template/template_helper_test.go b/pkg/router/template/template_helper_test.go index 03b1177bc..535326900 100644 --- a/pkg/router/template/template_helper_test.go +++ b/pkg/router/template/template_helper_test.go @@ -981,33 +981,40 @@ func TestGenerateHAProxyWhiteListFile(t *testing.T) { func TestParseIPList(t *testing.T) { testCases := []struct { - name string - input string - expectedEmpty bool + name string + input string + expectedEmpty bool + expectedReturn string }{ { - name: "All mixed", - input: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 2600:14a0::/40", + name: "All mixed", + input: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 2600:14a0::/40", + expectedReturn: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 2600:14a0::/40", }, { - name: "IPs only", - input: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 64:ff9b::192.168.0.1 172.16.14.10", + name: "IPs only", + input: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 64:ff9b::192.168.0.1 172.16.14.10", + expectedReturn: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 64:ff9b::192.168.0.1 172.16.14.10", }, { - name: "CIDRs only", - input: "192.168.1.0/16 2001:0db8:85a3:0000:0000:8a2e:0370:7334/48 172.16.14.10/24 2001:0db8:85a3::8a2e:0370:10/64 2600:14a0::/40", + name: "CIDRs only", + input: "192.168.1.0/16 2001:0db8:85a3:0000:0000:8a2e:0370:7334/48 172.16.14.10/24 2001:0db8:85a3::8a2e:0370:10/64 2600:14a0::/40", + expectedReturn: "192.168.1.0/16 2001:0db8:85a3:0000:0000:8a2e:0370:7334/48 172.16.14.10/24 2001:0db8:85a3::8a2e:0370:10/64 2600:14a0::/40", }, { - name: "IPv6 only", - input: "2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:0db8:85a3::8a2e:370:10/64 2001:db8::2:1 ::ffff:192.168.0.1 2600:14a0::/40", + name: "IPv6 only", + input: "2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:0db8:85a3::8a2e:370:10/64 2001:db8::2:1 ::ffff:192.168.0.1 2600:14a0::/40", + expectedReturn: "2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:0db8:85a3::8a2e:370:10/64 2001:db8::2:1 ::ffff:192.168.0.1 2600:14a0::/40", }, { - name: "IPv4 only", - input: "192.168.10.10 10.168.12.10/8 8.8.8.8 172.16.0.0/24", + name: "IPv4 only", + input: "192.168.10.10 10.168.12.10/8 8.8.8.8 172.16.0.0/24", + expectedReturn: "192.168.10.10 10.168.12.10/8 8.8.8.8 172.16.0.0/24", }, { - name: "Single IP", - input: "192.168.15.15", + name: "Single IP", + input: "192.168.15.15", + expectedReturn: "192.168.15.15", }, { // as behavior as the previous (regexp) approach @@ -1046,9 +1053,39 @@ func TestParseIPList(t *testing.T) { expectedEmpty: true, }, { - name: "Wrong IP in a list", - input: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 10.", - expectedEmpty: true, + name: "Wrong IPv4 in an IPs only list", + input: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 10.", + expectedReturn: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1", + }, + { + name: "Wrong IPv6 in an IPs only list", + input: "192.168.1.0 2001:0db8:85a3:0000:0000:8a2e:0370 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 10.", + expectedReturn: "192.168.1.0 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1", + }, + { + name: "Wrong IPv4 in an IPv4 list", + input: "192.168.1.0 10.10.0.1 192.168. 10.", + expectedReturn: "192.168.1.0 10.10.0.1", + }, + { + name: "Wrong IPv6 in an IPv6 list", + input: "2001:0db8:85a3:0000:8a2e:0370:7334 2001:0db8:85a3::8a2e:370:10/64 2001:db8::2:1 ::ffff:192.168.0.1 :/40", + expectedReturn: "2001:0db8:85a3::8a2e:370:10/64 2001:db8::2:1 ::ffff:192.168.0.1", + }, + { + name: "All mixed type with invalid IPv4", + input: "192.168.1 2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 2600:14a0::/40", + expectedReturn: "2001:0db8:85a3:0000:0000:8a2e:0370:7334 172.16.14.10/24 2001:0db8:85a3::8a2e:370:10/64 64:ff9b::192.168.0.1 2600:14a0::/40", + }, + { + name: "Wrong IPv4 CIDR in a CIDRs only list", + input: "192.168.1./16 2001:0db8:85a3:0000:0000:8a2e:0370:7334/48 172.16.14.10/24 2001:0db8:85a3::8a2e:0370:10/64 2600:14a0::/40", + expectedReturn: "2001:0db8:85a3:0000:0000:8a2e:0370:7334/48 172.16.14.10/24 2001:0db8:85a3::8a2e:0370:10/64 2600:14a0::/40", + }, + { + name: "Wrong IPv6 CIDR in a CIDRs only list", + input: "192.168.1.0/16 2001:0db8:85a3:0000:0000:8a2e:0370/48 172.16.14.10/24 2001:0db8:85a3::8a2e:0370:10/64 2600:14a0::/40", + expectedReturn: "192.168.1.0/16 172.16.14.10/24 2001:0db8:85a3::8a2e:0370:10/64 2600:14a0::/40", }, } @@ -1061,9 +1098,24 @@ func TestParseIPList(t *testing.T) { } return } - if got != tc.input { + if tc.expectedEmpty && got != "" || got != tc.expectedReturn { t.Errorf("Failure: expected %q, got %q", tc.input, got) } }) } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + got := parseIPList(tc.input) + if tc.expectedEmpty { + if got != "" { + t.Errorf("Expected empty, but got %q", got) + } + return + } + if got != tc.expectedReturn { + t.Errorf("Failure: expected %q, got %q", tc.expectedReturn, got) + } + }) + } }