Implement config driven prefix length validation (#269) (#477)

2024-05-11 05:55:09 +00:00 · 2019-04-18 13:14:52 -05:00
parent 115956cecb
commit 1ef4188bb7
5 changed files with 54 additions and 0 deletions
--- a/config/facsimile/peeringdb.yaml
+++ b/config/facsimile/peeringdb.yaml
@@ -60,6 +60,15 @@ data_quality:
  max_prefix_v4_limit: 500000
  # maximum value to allow in network.info_prefixes6
  max_prefix_v6_limit: 50000
+  # minimum allowed length of a v4 prefix
+  min_prefixlen_v4: 18
+  # maximum allowed length of a v4 prefix
+  max_prefixlen_v4: 28
+  # minimum allowed length of a v6 prefix
+  min_prefixlen_v6: 64
+  # maximum allowed length of a v6 prefix
+  max_prefixlen_v6: 116
+

 install:
  groups:
--- a/config/facsimile/tmpl/_ALL_/_DEPLOY_/peeringdb/peeringdb_com/settings.d/10-base_pdb.conf
+++ b/config/facsimile/tmpl/_ALL_/_DEPLOY_/peeringdb/peeringdb_com/settings.d/10-base_pdb.conf
@@ -104,6 +104,19 @@ DATA_QUALITY_MAX_PREFIX_V4_LIMIT = {{ env.data_quality.max_prefix_v4_limit }}
 # maximum value to allow in network.info_prefixes6
 DATA_QUALITY_MAX_PREFIX_V6_LIMIT = {{ env.data_quality.max_prefix_v6_limit }}

+# minimum value to allow for prefix length on a v4 prefix
+DATA_QUALITY_MIN_PREFIXLEN_V4 = {{ env.data_quality.min_prefixlen_v4 }}
+
+# maximum value to allow for prefix length on a v4 prefix
+DATA_QUALITY_MAX_PREFIXLEN_V4 = {{ env.data_quality.max_prefixlen_v4 }}
+
+# minimum value to allow for prefix length on a v6 prefix
+DATA_QUALITY_MIN_PREFIXLEN_V6 = {{ env.data_quality.min_prefixlen_v6 }}
+
+# maximum value to allow for prefix length on a v6 prefix
+DATA_QUALITY_MAX_PREFIXLEN_V6 = {{ env.data_quality.max_prefixlen_v6 }}
+
+
 RATELIMITS = {
 {% for k,v in env.misc.ratelimits.items() %}
    "{{ k }}" : "{{ v }}",
--- a/peeringdb_server/validators.py
+++ b/peeringdb_server/validators.py
@@ -31,6 +31,15 @@ def validate_address_space(prefix):
    if not network_is_pdb_valid(prefix):
        raise ValidationError(_("Address space invalid: {}").format(prefix))

+    prefixlen_min = getattr(settings, "DATA_QUALITY_MIN_PREFIXLEN_V{}".format(prefix.version))
+    prefixlen_max = getattr(settings, "DATA_QUALITY_MAX_PREFIXLEN_V{}".format(prefix.version))
+
+    if prefix.prefixlen < prefixlen_min:
+        raise ValidationError(
+            _("Minimum allowed prefix length is {}").format(prefixlen_min))
+    elif prefix.prefixlen > prefixlen_max:
+        raise ValidationError(
+            _("Maximum allowed prefix length is {}").format(prefixlen_max))

 def validate_info_prefixes4(value):
    if value > settings.DATA_QUALITY_MAX_PREFIX_V4_LIMIT:
--- a/tests/django_init.py
+++ b/tests/django_init.py
@@ -154,6 +154,10 @@ settings.configure(
    CORS_ALLOW_CREDENTIALS=False,
    DATA_QUALITY_MAX_PREFIX_V4_LIMIT=500000,
    DATA_QUALITY_MAX_PREFIX_V6_LIMIT=500000,
+    DATA_QUALITY_MIN_PREFIXLEN_V4 = 18,
+    DATA_QUALITY_MAX_PREFIXLEN_V4 = 28,
+    DATA_QUALITY_MIN_PREFIXLEN_V6 = 64,
+    DATA_QUALITY_MAX_PREFIXLEN_V6 = 116,
    TUTORIAL_MODE=False,
    RATELIMITS={
        "view_affiliate_to_org_POST": "100/m",
--- a/tests/test_validators.py
+++ b/tests/test_validators.py
@@ -99,3 +99,22 @@ def test_validate_info_prefixes6():
    with pytest.raises(ValidationError):
        validate_info_prefixes6(-1)
    validate_info_prefixes6(500000)
+
+
+@override_settings(DATA_QUALITY_MIN_PREFIXLEN_V4=24,
+                   DATA_QUALITY_MAX_PREFIXLEN_V4=24,
+                   DATA_QUALITY_MIN_PREFIXLEN_V6=48,
+                   DATA_QUALITY_MAX_PREFIXLEN_V6=48,
+                   )
+def test_validate_prefixlen():
+    """
+    Tests prefix length limits
+    """
+    with pytest.raises(ValidationError):
+        validate_address_space(u"37.77.32.0/20")
+    with pytest.raises(ValidationError):
+        validate_address_space(u"131.72.77.240/28")
+    with pytest.raises(ValidationError):
+        validate_address_space(u"2403:c240::/32")
+    with pytest.raises(ValidationError):
+        validate_address_space(u"2001:504:0:2::/64")