Project

General

Profile

Actions

Bug #7630

closed

Network address validator and internal whois have inconsistent expectations

Added by Pavel Kácha over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Development - Core
Target version:
Start date:
02/24/2023
Due date:
% Done:

100%

Estimated time:
To be discussed:
No

Description

Network field in /networks/XXX/update allows to input IP address without CIDR (slash) part, however internal network resolution breaks on that. We should either tighten the input field validation to allow only CIDR, or fix the whois framework to correctly work with single IPs. (I'd prefer the latter as one IP is valid network.)

Actions #1

Updated by Rajmund Hruška over 1 year ago

This might actually be fixed in #7603, which is not on mentat-hub yet.

I am not sure about the way how to reproduce the bug you reported. Could you please try that on mentat-alt or at least describe in more details what is the issue?

Actions #2

Updated by Pavel Kácha over 1 year ago

Probably not. I've created group Sner with networks

  • CESNET-6FLAB--SNER1 2001:718:1808:f1ab::1:48
  • CESNET-6FLAB--SNER2 2001:718:1808:f1ab::1:49
  • CESNET-FLAB--SNER-1 78.128.214.48
  • CESNET-FLAB--SNER-2 78.128.214.49

And here you go:

2023-03-17 13:54:02,980 mentat-enricher.py [27624] INFO: Component 'enricher': Reloading enrichment plugin mentat.plugin.enricher.geoip.GeoipEnricherPlugin'
2023-03-17 13:54:02,984 mentat-enricher.py [27624] INFO: Initialized 'GeoipEnricherPlugin' enricher plugin: {'asn': '/usr/share/GeoIP/GeoLite2-ASN.mmdb',
 'city': '/usr/share/GeoIP/GeoLite2-City.mmdb',
 'country': None}
2023-03-17 13:54:02,985 mentat-enricher.py [27624] INFO: Component 'enricher': Reloading enrichment plugin mentat.plugin.enricher.whois.WhoisEnricherPlugin'
2023-03-17 13:54:03,511 mentat-enricher.py [27624] ERROR: Exception <class 'AttributeError'>: 'IP6' object has no attribute 'base'
2023-03-17 13:54:03,575 mentat-enricher.py [27624] ERROR: 
  File "/var/mentat/venv/lib/python3.7/site-packages/pyzenkit/zendaemon.py", line 1209, in _sub_stage_process
    self._event_loop()
  File "/var/mentat/venv/lib/python3.7/site-packages/pyzenkit/zendaemon.py", line 1188, in _event_loop
    (flag, args) = handler(self, args)
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/daemon/component/enricher.py", line 283, in cbk_event_reload
    self._reload_plugins(daemon)
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/daemon/component/enricher.py", line 175, in _reload_plugins
    plugin_conf.get('config', None)
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/plugin/enricher/whois.py", line 56, in setup
    self.whois_service = whois_manager.service()
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/whois.py", line 384, in service
    raise exc
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/whois.py", line 381, in service
    self._service.add_module(whois_module.setup())
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/services/whois.py", line 264, in setup
    networks.append(mentat.datatype.internal.t_network_record(netw))
  File "/var/mentat/venv/lib/python3.7/site-packages/mentat/datatype/internal.py", line 310, in t_network_record
    record['ip6_addr']   = record['nrobj'].to_str(record['nrobj'].base)

2023-03-17 13:54:03,581 mentat-enricher.py [27624] INFO: Application runtime: '23:44:57.699706' (effectivity 100.00 %)
2023-03-17 13:54:03,582 mentat-enricher.py [27624] INFO: Application persistent state saved to file '/var/mentat/run/mentat-enricher.py.pstate'
2023-03-17 13:54:03,582 mentat-enricher.py [27624] INFO: Application runlog saved to file '/var/mentat/run/mentat-enricher.py/202303161409.06bdc.runlog'

Actions #3

Updated by Rajmund Hruška over 1 year ago

  • Assignee set to Rajmund Hruška
  • Target version changed from Backlog to 2.11

Pavel Kácha wrote in #note-2:

Probably not. I've created group Sner with networks

  • CESNET-6FLAB--SNER1 2001:718:1808:f1ab::1:48
  • CESNET-6FLAB--SNER2 2001:718:1808:f1ab::1:49
  • CESNET-FLAB--SNER-1 78.128.214.48
  • CESNET-FLAB--SNER-2 78.128.214.49

And here you go:
[...]

Thank you, I will look into that.

Actions #4

Updated by Pavel Kácha over 1 year ago

Also - I had to remove those networks to not leave mentat-alt at a standstill, as I was not able to edit the network and change it to for example 2001:718:1808:f1ab::1:48/128 - the result was still 2001:718:1808:f1ab::1:48 (without slash part). Also, I was able to change it to different IP, like 2001:718:1808:f1ab::1:49, however not to different network part, like 2001:718:1808:f1ab::1:48/127, here I've got a validation error.

Isn't it the case that IPs are normalised (which might be ok), but incorrectly previous IPRanges type is used for input validation, and thus size 1 IP4Net is correctly coerced to IP4, but size 2 IP4Net not?

Actions #5

Updated by Rajmund Hruška over 1 year ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 90

Rajmund Hruška wrote in #note-3:

Pavel Kácha wrote in #note-2:

Probably not. I've created group Sner with networks

  • CESNET-6FLAB--SNER1 2001:718:1808:f1ab::1:48
  • CESNET-6FLAB--SNER2 2001:718:1808:f1ab::1:49
  • CESNET-FLAB--SNER-1 78.128.214.48
  • CESNET-FLAB--SNER-2 78.128.214.49

And here you go:
[...]

Thank you, I will look into that.

This should be fixed in 95937b6b.

Actions #6

Updated by Rajmund Hruška over 1 year ago

Pavel Kácha wrote in #note-4:

Also - I had to remove those networks to not leave mentat-alt at a standstill, as I was not able to edit the network and change it to for example 2001:718:1808:f1ab::1:48/128 - the result was still 2001:718:1808:f1ab::1:48 (without slash part). Also, I was able to change it to different IP, like 2001:718:1808:f1ab::1:49, however not to different network part, like 2001:718:1808:f1ab::1:48/127, here I've got a validation error.

Isn't it the case that IPs are normalised (which might be ok), but incorrectly previous IPRanges type is used for input validation, and thus size 1 IP4Net is correctly coerced to IP4, but size 2 IP4Net not?

I was able to change the network to 2001:718:1808:f1ab::1:48/127. However, I was not able to change it to 2001:718:1808:f1ab::1:49/127. It's the same for IPv4, e.g. 192.168.0.31/24. I think that's OK for networks though, isn't it?

Actions #7

Updated by Pavel Kácha over 1 year ago

Rajmund Hruška wrote in #note-6:

I was able to change the network to 2001:718:1808:f1ab::1:48/127. However, I was not able to change it to 2001:718:1808:f1ab::1:49/127. It's the same for IPv4, e.g. 192.168.0.31/24. I think that's OK for networks though, isn't it?

Ahha, you're right, my bad, 49/127 is of course not aligned (thus wrong).

Actions #8

Updated by Rajmund Hruška over 1 year ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100
Actions #9

Updated by Rajmund Hruška over 1 year ago

  • Status changed from Resolved to In Review

Merged into devel and deployed on mentat-alt.

Pavel Kácha do you want to try creating those networks by yourself or should I do it?

Actions #10

Updated by Pavel Kácha over 1 year ago

Rajmund Hruška wrote in #note-9:

Pavel Kácha do you want to try creating those networks by yourself or should I do it?

I see you've already did it, thanks.

Actions #11

Updated by Rajmund Hruška over 1 year ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF