From 3e975b1161625abf6040013ab78702a2645a1f91 Mon Sep 17 00:00:00 2001
From: DastInDark <2350416+hitenkoku@users.noreply.github.com>
Date: Sat, 15 Jun 2024 15:27:08 +0900
Subject: [PATCH 1/2] build: updated cidr-utils crate to 0.6 #1222

---
 Cargo.lock                      | 20 +++++++++-----------
 Cargo.toml                      |  2 +-
 src/detections/rule/matchers.rs |  7 ++++---
 src/options/geoip_search.rs     | 23 +++--------------------
 4 files changed, 17 insertions(+), 35 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 901fa1363..a199e5f09 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -291,17 +291,21 @@ dependencies = [
  "windows-targets 0.52.5",
 ]
 
+[[package]]
+name = "cidr"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8d18b093eba54c9aaa1e3784d4361eb2ba944cf7d0a932a830132238f483e8d8"
+
 [[package]]
 name = "cidr-utils"
-version = "0.5.11"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2315f7119b7146d6a883de6acd63ddf96071b5f79d9d98d2adaa84d749f6abf1"
+checksum = "25c0a9fb70c2c2cc2a520aa259b1d1345650046a07df1b6da1d3cefcd327f43e"
 dependencies = [
- "debug-helper",
+ "cidr",
  "num-bigint",
  "num-traits",
- "once_cell",
- "regex",
 ]
 
 [[package]]
@@ -533,12 +537,6 @@ dependencies = [
  "parking_lot_core",
 ]
 
-[[package]]
-name = "debug-helper"
-version = "0.3.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f578e8e2c440e7297e008bb5486a3a8a194775224bbc23729b0dbdfaeebf162e"
-
 [[package]]
 name = "dialoguer"
 version = "0.11.0"
diff --git a/Cargo.toml b/Cargo.toml
index 453c952ed..2a8a94a96 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,7 +12,7 @@ aho-corasick = "*"
 base64 = "*"
 bytesize = "1.*"
 chrono = "0.4.*"
-cidr-utils = "0.5.*"
+cidr-utils = "0.6.*"
 clap = { version = "4.*", features = ["derive", "cargo", "color"]}
 comfy-table = "7.*"
 compact_str = "0.7.*"
diff --git a/src/detections/rule/matchers.rs b/src/detections/rule/matchers.rs
index ceb3e0ce6..5d7f98b95 100644
--- a/src/detections/rule/matchers.rs
+++ b/src/detections/rule/matchers.rs
@@ -1,5 +1,6 @@
 use base64::{engine::general_purpose, Engine as _};
-use cidr_utils::cidr::{IpCidr, IpCidrError};
+use cidr_utils::cidr::errors::NetworkParseError;
+use cidr_utils::cidr::IpCidr;
 use nested::Nested;
 use regex::Regex;
 use std::net::IpAddr;
@@ -568,7 +569,7 @@ impl LeafMatcher for DefaultMatcher {
                     let event_value_str = event_value.unwrap_or(&val);
                     let event_ip = IpAddr::from_str(event_value_str);
                     match event_ip {
-                        Ok(target_ip) => Some(matcher_ip.contains(target_ip)),
+                        Ok(target_ip) => Some(matcher_ip.contains(&target_ip)),
                         Err(_) => Some(false), //IPアドレス以外の形式のとき
                     }
                 }
@@ -648,7 +649,7 @@ enum PipeElement {
     Endswithfield(String),
     Base64offset,
     Windash,
-    Cidr(Result<IpCidr, IpCidrError>),
+    Cidr(Result<IpCidr, NetworkParseError>),
     All,
     AllOnly,
 }
diff --git a/src/options/geoip_search.rs b/src/options/geoip_search.rs
index cd4c1e85b..8f977d0f0 100644
--- a/src/options/geoip_search.rs
+++ b/src/options/geoip_search.rs
@@ -60,24 +60,7 @@ impl GeoIPSearch {
         let private_cidr = if target_ip.is_ipv4() {
             vec![
                 IpCidr::from_str("10/8").unwrap(),
-                // 172.16.0.0/12 private IP address is not defined "172.16/12"
-                IpCidr::from_str("172.16").unwrap(),
-                IpCidr::from_str("172.17").unwrap(),
-                IpCidr::from_str("172.18").unwrap(),
-                IpCidr::from_str("172.19").unwrap(),
-                IpCidr::from_str("172.20").unwrap(),
-                IpCidr::from_str("172.20").unwrap(),
-                IpCidr::from_str("172.21").unwrap(),
-                IpCidr::from_str("172.22").unwrap(),
-                IpCidr::from_str("172.23").unwrap(),
-                IpCidr::from_str("172.24").unwrap(),
-                IpCidr::from_str("172.25").unwrap(),
-                IpCidr::from_str("172.26").unwrap(),
-                IpCidr::from_str("172.27").unwrap(),
-                IpCidr::from_str("172.28").unwrap(),
-                IpCidr::from_str("172.29").unwrap(),
-                IpCidr::from_str("172.30").unwrap(),
-                IpCidr::from_str("172.31").unwrap(),
+                IpCidr::from_str("172.16/12").unwrap(),
                 IpCidr::from_str("192.168/16").unwrap(),
             ]
         } else {
@@ -86,12 +69,12 @@ impl GeoIPSearch {
                 IpCidr::from_str("2000::/3").unwrap(),  // IPv6 Global Unicast
                 IpCidr::from_str("FE80::/10").unwrap(), // IPv6 Link Local Unicast
                 IpCidr::from_str("FC00::/7").unwrap(),  // IPv6 Unique Local Address
-                IpCidr::from_str("FD00::/7").unwrap(),  // IPv6 Unique Local Address
+                IpCidr::from_str("FD00::/8").unwrap(),  // IPv6 Unique Local Address
                 IpCidr::from_str("FF00::/8").unwrap(),  // IPv6 Multicast Address
             ]
         };
         for cidr in private_cidr {
-            if cidr.contains(*target_ip) {
+            if cidr.contains(target_ip) {
                 return true;
             }
         }

From 53a6c22c0e9c0fd1b863df20c37a715a24e52a2a Mon Sep 17 00:00:00 2001
From: Yamato Security <71482215+YamatoSecurity@users.noreply.github.com>
Date: Sat, 15 Jun 2024 17:35:11 +0900
Subject: [PATCH 2/2] update changelog

---
 CHANGELOG-Japanese.md | 6 ++++++
 CHANGELOG.md          | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/CHANGELOG-Japanese.md b/CHANGELOG-Japanese.md
index b42d5611c..169599eb7 100644
--- a/CHANGELOG-Japanese.md
+++ b/CHANGELOG-Japanese.md
@@ -1,5 +1,11 @@
 # 変更点
 
+## x.x.x [xxxx/xx/xx]
+
+**改善:**
+
+- `cidr-utils`クレートを新バージョン0.6.xに対応した。 (#1366) (@hitenkoku)
+
 ## 2.16.0 [2024/06/11]
 
 **新機能:**
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d27ba1a15..10b88c6bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changes
 
+## x.x.x [xxxx/xx/xx]
+
+**Enchancements:**
+
+- Support for the newer version 0.6.x `cidr-utils` crate. (#1366) (@hitenkoku)
+
 ## 2.16.0 [2024/06/11]
 
 **New Features:**