From d7f202937f85ac2af4643e846aee85c61fbb323f Mon Sep 17 00:00:00 2001 From: Esteban Beltran Date: Tue, 26 Oct 2021 10:49:32 +0200 Subject: [PATCH] [Security Solution] Validate ipv4/CIDR with format x.x.x.x/xx (#116127) --- .../pages/host_isolation_exceptions/utils.ts | 19 ++++++--- .../view/components/form.test.tsx | 39 +++++++++++++------ 2 files changed, 41 insertions(+), 17 deletions(-) diff --git a/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/utils.ts b/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/utils.ts index bfb1ac048e286..aecdfd9f0c464 100644 --- a/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/utils.ts +++ b/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/utils.ts @@ -31,11 +31,20 @@ export function createEmptyHostIsolationException(): CreateExceptionListItemSche }; } +/** + * Validates that an IP is a valid ipv4 or CIDR. + * The initial regex validates the format for x.x.x.x/xx + * Then ipaddr is used for a deeper ipv4 validation + */ export function isValidIPv4OrCIDR(maybeIp: string): boolean { - try { - ipaddr.IPv4.parseCIDR(maybeIp); - return true; - } catch (e) { - return ipaddr.IPv4.isValid(maybeIp); + const ipv4re = /^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$/; + if (ipv4re.test(maybeIp)) { + try { + ipaddr.IPv4.parseCIDR(maybeIp); + return true; + } catch (e) { + return ipaddr.IPv4.isValid(maybeIp); + } } + return false; } diff --git a/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/form.test.tsx b/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/form.test.tsx index 826f7bf6c4d8a..eb8294a1f4658 100644 --- a/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/form.test.tsx +++ b/x-pack/plugins/security_solution/public/management/pages/host_isolation_exceptions/view/components/form.test.tsx @@ -44,6 +44,7 @@ describe('When on the host isolation exceptions add entry form', () => { newException = createEmptyHostIsolationException(); renderResult = render(newException); }); + it('should render the form with empty inputs', () => { expect(renderResult.getByTestId('hostIsolationExceptions-form-name-input')).toHaveValue(''); expect(renderResult.getByTestId('hostIsolationExceptions-form-ip-input')).toHaveValue(''); @@ -51,20 +52,31 @@ describe('When on the host isolation exceptions add entry form', () => { renderResult.getByTestId('hostIsolationExceptions-form-description-input') ).toHaveValue(''); }); - it('should call onError with true when a wrong ip value is introduced', () => { - const ipInput = renderResult.getByTestId('hostIsolationExceptions-form-ip-input'); - userEvent.type(ipInput, 'not an ip'); - expect(onError).toHaveBeenCalledWith(true); - }); - it('should call onError with false when a correct values are introduced', () => { - const ipInput = renderResult.getByTestId('hostIsolationExceptions-form-ip-input'); - const nameInput = renderResult.getByTestId('hostIsolationExceptions-form-name-input'); - userEvent.type(nameInput, 'test name'); - userEvent.type(ipInput, '10.0.0.1'); + it.each(['not an ip', '100', '900.0.0.1', 'x.x.x.x', '10.0.0'])( + 'should call onError with true when a wrong ip value is introduced. Case: "%s"', + (value: string) => { + const nameInput = renderResult.getByTestId('hostIsolationExceptions-form-name-input'); + const ipInput = renderResult.getByTestId('hostIsolationExceptions-form-ip-input'); + userEvent.type(nameInput, 'test name'); + userEvent.type(ipInput, value); + expect(onError).toHaveBeenCalledWith(true); + } + ); + + it.each(['192.168.0.1', '10.0.0.1', '100.90.1.1/24', '192.168.200.6/30'])( + 'should call onError with false when a correct ip value is introduced. Case: "%s"', + (value: string) => { + const ipInput = renderResult.getByTestId('hostIsolationExceptions-form-ip-input'); + const nameInput = renderResult.getByTestId('hostIsolationExceptions-form-name-input'); + + userEvent.type(nameInput, 'test name'); + userEvent.type(ipInput, value); + + expect(onError).toHaveBeenLastCalledWith(false); + } + ); - expect(onError).toHaveBeenLastCalledWith(false); - }); it('should call onChange when a value is introduced in a field', () => { const ipInput = renderResult.getByTestId('hostIsolationExceptions-form-ip-input'); userEvent.type(ipInput, '10.0.0.1'); @@ -76,6 +88,7 @@ describe('When on the host isolation exceptions add entry form', () => { }); }); }); + describe('When editing an existing exception', () => { let existingException: UpdateExceptionListItemSchema; beforeEach(() => { @@ -96,6 +109,7 @@ describe('When on the host isolation exceptions add entry form', () => { }; renderResult = render(existingException); }); + it('should render the form with pre-filled inputs', () => { expect(renderResult.getByTestId('hostIsolationExceptions-form-name-input')).toHaveValue( 'name edit me' @@ -107,6 +121,7 @@ describe('When on the host isolation exceptions add entry form', () => { renderResult.getByTestId('hostIsolationExceptions-form-description-input') ).toHaveValue('initial description'); }); + it('should call onChange when a value is introduced in a field', () => { const ipInput = renderResult.getByTestId('hostIsolationExceptions-form-ip-input'); userEvent.clear(ipInput);