diff --git a/config/facsimile/peeringdb.yaml b/config/facsimile/peeringdb.yaml index cd1a998b..6756d50e 100644 --- a/config/facsimile/peeringdb.yaml +++ b/config/facsimile/peeringdb.yaml @@ -60,6 +60,15 @@ data_quality: max_prefix_v4_limit: 500000 # maximum value to allow in network.info_prefixes6 max_prefix_v6_limit: 50000 + # minimum allowed length of a v4 prefix + min_prefixlen_v4: 18 + # maximum allowed length of a v4 prefix + max_prefixlen_v4: 28 + # minimum allowed length of a v6 prefix + min_prefixlen_v6: 64 + # maximum allowed length of a v6 prefix + max_prefixlen_v6: 116 + install: groups: diff --git a/config/facsimile/tmpl/_ALL_/_DEPLOY_/peeringdb/peeringdb_com/settings.d/10-base_pdb.conf b/config/facsimile/tmpl/_ALL_/_DEPLOY_/peeringdb/peeringdb_com/settings.d/10-base_pdb.conf index b83cc816..4b9d3361 100644 --- a/config/facsimile/tmpl/_ALL_/_DEPLOY_/peeringdb/peeringdb_com/settings.d/10-base_pdb.conf +++ b/config/facsimile/tmpl/_ALL_/_DEPLOY_/peeringdb/peeringdb_com/settings.d/10-base_pdb.conf @@ -104,6 +104,19 @@ DATA_QUALITY_MAX_PREFIX_V4_LIMIT = {{ env.data_quality.max_prefix_v4_limit }} # maximum value to allow in network.info_prefixes6 DATA_QUALITY_MAX_PREFIX_V6_LIMIT = {{ env.data_quality.max_prefix_v6_limit }} +# minimum value to allow for prefix length on a v4 prefix +DATA_QUALITY_MIN_PREFIXLEN_V4 = {{ env.data_quality.min_prefixlen_v4 }} + +# maximum value to allow for prefix length on a v4 prefix +DATA_QUALITY_MAX_PREFIXLEN_V4 = {{ env.data_quality.max_prefixlen_v4 }} + +# minimum value to allow for prefix length on a v6 prefix +DATA_QUALITY_MIN_PREFIXLEN_V6 = {{ env.data_quality.min_prefixlen_v6 }} + +# maximum value to allow for prefix length on a v6 prefix +DATA_QUALITY_MAX_PREFIXLEN_V6 = {{ env.data_quality.max_prefixlen_v6 }} + + RATELIMITS = { {% for k,v in env.misc.ratelimits.items() %} "{{ k }}" : "{{ v }}", diff --git a/peeringdb_server/validators.py b/peeringdb_server/validators.py index 47478f8e..6a04848b 100644 --- a/peeringdb_server/validators.py +++ b/peeringdb_server/validators.py @@ -31,6 +31,15 @@ def validate_address_space(prefix): if not network_is_pdb_valid(prefix): raise ValidationError(_("Address space invalid: {}").format(prefix)) + prefixlen_min = getattr(settings, "DATA_QUALITY_MIN_PREFIXLEN_V{}".format(prefix.version)) + prefixlen_max = getattr(settings, "DATA_QUALITY_MAX_PREFIXLEN_V{}".format(prefix.version)) + + if prefix.prefixlen < prefixlen_min: + raise ValidationError( + _("Minimum allowed prefix length is {}").format(prefixlen_min)) + elif prefix.prefixlen > prefixlen_max: + raise ValidationError( + _("Maximum allowed prefix length is {}").format(prefixlen_max)) def validate_info_prefixes4(value): if value > settings.DATA_QUALITY_MAX_PREFIX_V4_LIMIT: diff --git a/tests/django_init.py b/tests/django_init.py index 428eb54e..fafbb93d 100644 --- a/tests/django_init.py +++ b/tests/django_init.py @@ -154,6 +154,10 @@ settings.configure( CORS_ALLOW_CREDENTIALS=False, DATA_QUALITY_MAX_PREFIX_V4_LIMIT=500000, DATA_QUALITY_MAX_PREFIX_V6_LIMIT=500000, + DATA_QUALITY_MIN_PREFIXLEN_V4 = 18, + DATA_QUALITY_MAX_PREFIXLEN_V4 = 28, + DATA_QUALITY_MIN_PREFIXLEN_V6 = 64, + DATA_QUALITY_MAX_PREFIXLEN_V6 = 116, TUTORIAL_MODE=False, RATELIMITS={ "view_affiliate_to_org_POST": "100/m", diff --git a/tests/test_validators.py b/tests/test_validators.py index 28282f2a..70bd27e5 100644 --- a/tests/test_validators.py +++ b/tests/test_validators.py @@ -99,3 +99,22 @@ def test_validate_info_prefixes6(): with pytest.raises(ValidationError): validate_info_prefixes6(-1) validate_info_prefixes6(500000) + + +@override_settings(DATA_QUALITY_MIN_PREFIXLEN_V4=24, + DATA_QUALITY_MAX_PREFIXLEN_V4=24, + DATA_QUALITY_MIN_PREFIXLEN_V6=48, + DATA_QUALITY_MAX_PREFIXLEN_V6=48, + ) +def test_validate_prefixlen(): + """ + Tests prefix length limits + """ + with pytest.raises(ValidationError): + validate_address_space(u"37.77.32.0/20") + with pytest.raises(ValidationError): + validate_address_space(u"131.72.77.240/28") + with pytest.raises(ValidationError): + validate_address_space(u"2403:c240::/32") + with pytest.raises(ValidationError): + validate_address_space(u"2001:504:0:2::/64")