Common: Add validators for ScanTargetConfigurationSchema

monkey/common/agent_configuration/agent_sub_configuration_schemas.py

@@ -14,6 +14,7 @@ from .agent_sub_configurations import (
     TCPScanConfiguration,
 )
 from .utils import freeze_lists
+from .validators.ip_ranges import validate_ip, validate_subnet_range
 
 valid_windows_custom_pba_filename_regex = re.compile(r"^[^<>:\"\\\/|?*]*[^<>:\"\\\/|?* \.]+$|^$")
 valid_linux_custom_pba_filename_regex = re.compile(r"^[^\0/]*$")
@@ -73,10 +74,10 @@ class PluginConfigurationSchema(Schema):
 
 
 class ScanTargetConfigurationSchema(Schema):
-    blocked_ips = fields.List(fields.Str())
+    blocked_ips = fields.List(fields.Str(validate=validate_ip))
-    inaccessible_subnets = fields.List(fields.Str())
+    inaccessible_subnets = fields.List(fields.Str(validate=validate_subnet_range))
     local_network_scan = fields.Bool()
-    subnets = fields.List(fields.Str())
+    subnets = fields.List(fields.Str(validate=validate_subnet_range))
 
     @post_load
     @freeze_lists

monkey/common/agent_configuration/validators/ip_ranges.py

@@ -0,0 +1,24 @@
+import re
+
+from marshmallow import ValidationError
+
+ip_regex = r"((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
+cird_notation_regex = r"([0-9]|1[0-9]|2[0-9]|3[0-2])"
+hostname_regex = r"([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*.?)*([A-Za-z0-9]*[A-Za-z]+[A-Za-z0-9]*)"
+
+
+def validate_subnet_range(subnet_range: str):
+    range_regexes = [
+        "^" + ip_regex + "$|",
+        "^" + ip_regex + r"\s*-\s*" + ip_regex + "$|",
+        "^" + ip_regex + "/" + cird_notation_regex + "$|",
+        "^" + hostname_regex + "$",
+    ]
+    range_regexes = re.compile("".join(range_regexes))
+    if not re.match(range_regexes, subnet_range):
+        raise ValidationError(f"Invalid subnet range {subnet_range}")
+
+
+def validate_ip(ip: str):
+    if not re.match(re.compile("".join(["^", ip_regex, "$"])), ip):
+        raise ValidationError(f"Invalid ip address {ip}")

monkey/tests/unit_tests/common/agent_configuration/validators/test_ip_ranges.py

@@ -0,0 +1,50 @@
+import pytest
+from marshmallow import ValidationError
+
+from common.agent_configuration.validators.ip_ranges import validate_ip, validate_subnet_range
+
+
+def test_validate_ip():
+    for good_input in ["192.168.56.1", "0.0.0.0"]:
+        validate_ip(good_input)
+
+    for bad_input in ["1.1.1", "257.256.255.255", "1.1.1.1.1"]:
+        with pytest.raises(ValidationError):
+            validate_ip(bad_input)
+
+
+def test_validate_subnet_range__ip():
+    _test_subent_range(
+        good_inputs=["192.168.56.1", "0.0.0.0"],
+        bad_inputs=["1.1.1", "257.256.255.255", "1.1.1.1.1"],
+    )
+
+
+def test_validate_subnet_range__ip_range():
+    _test_subent_range(
+        good_inputs=["1.1.1.1 - 2.2.2.2", "1.1.1.255-1.1.1.1"],
+        bad_inputs=["1.1.1-2.2.2.2", "0-.1.1.1-2.2.2.2", "a..1.1.1-2.2.2.2", "257.1.1.1-2.2.2.2"],
+    )
+
+
+def test_validate_subnet_range__hostname():
+    _test_subent_range(
+        good_inputs=["infection.monkey", "1nfection-Monkey"],
+        bad_inputs=["hy&!he.host", "čili-peppers.are-hot"],
+    )
+
+
+def test_validate_subnet_range__cidr():
+    _test_subent_range(
+        good_inputs=["1.1.1.1/24", "1.1.1.1/0"],
+        bad_inputs=["1.1.1/24", "1.1.1.1/-1", "1.1.1.1/33", "1.1.1.1/222"],
+    )
+
+
+def _test_subent_range(good_inputs, bad_inputs):
+    for good_input in good_inputs:
+        validate_subnet_range(good_input)
+
+    for bad_input in bad_inputs:
+        with pytest.raises(ValidationError):
+            validate_subnet_range(bad_input)