diff --git a/lib/WebGUI/Group.pm b/lib/WebGUI/Group.pm index 2ce5ba0fc..e4e10f51b 100644 --- a/lib/WebGUI/Group.pm +++ b/lib/WebGUI/Group.pm @@ -23,6 +23,7 @@ require WebGUI::Asset; use WebGUI::International; use WebGUI::DatabaseLink; use Scalar::Util qw( weaken ); +use Net::CIDR::Lite; =head1 NAME @@ -773,7 +774,7 @@ sub getIpUsers { my @ipUsers = (); while (my ($userId, $lastIP) = $sth->array() ) { if (!exists $localCache{$lastIP}) { - $localCache{$lastIP} = isInSubnet($lastIP, \@filters); + $localCache{$lastIP} = Net::CIDR::Lite->new(@filters)->find($lastIP); } push @ipUsers, $userId if $localCache{$lastIP}; } @@ -1082,7 +1083,7 @@ sub hasIpUser { ); foreach my $ip (@ips) { - return 1 if (isInSubnet($ip,\@filters)); + return 1 if Net::CIDR::Lite->new(@filters)->find($ip); } return 0; diff --git a/lib/WebGUI/Operation/Cron.pm b/lib/WebGUI/Operation/Cron.pm index 712bc7f1a..216baa738 100644 --- a/lib/WebGUI/Operation/Cron.pm +++ b/lib/WebGUI/Operation/Cron.pm @@ -18,6 +18,7 @@ use WebGUI::International; use WebGUI::Workflow::Cron; use WebGUI::Workflow::Instance; use WebGUI::Utility; +use Net::CIDR::Lite; =head1 NAME @@ -271,7 +272,7 @@ sub www_runCronJob { my $session = shift; $session->http->setMimeType("text/plain"); $session->http->setCacheControl("none"); - unless (isInSubnet($session->request->address, $session->config->get("spectreSubnets")) || canView($session)) { + unless (Net::CIDR::Lite->new(@{ $session->config->get('spectreSubnets') })->find($session->request->address) || canView($session)) { $session->errorHandler->security("make a Spectre cron job runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")})."."); return "error"; } diff --git a/lib/WebGUI/Operation/Spectre.pm b/lib/WebGUI/Operation/Spectre.pm index c8c3d9cec..5e4ceaa62 100644 --- a/lib/WebGUI/Operation/Spectre.pm +++ b/lib/WebGUI/Operation/Spectre.pm @@ -16,6 +16,7 @@ use POE::Component::IKC::ClientLite; use WebGUI::Utility; use WebGUI::Workflow::Cron; use WebGUI::Workflow::Instance; +use Net::CIDR::Lite; =head1 NAME @@ -59,7 +60,7 @@ sub www_spectreGetSiteData { if (!defined $subnets) { $subnets = []; } - if (!isInSubnet($session->request->address, $subnets)) { + if (!Net::CIDR::Lite->new(@$subnets)->find($session->request->address)) { $session->errorHandler->security("Tried to make a Spectre workflow data load request, but we're only allowed to accept requests from " .join(",",@{$subnets})."."); } @@ -182,7 +183,7 @@ sub www_spectreTest { } my $sessionIp = $session->request->address; - unless (isInSubnet($sessionIp, $subnets)) { + unless (Net::CIDR::Lite->new(@$subnets)->find($sessionIp)) { $session->errorHandler->security( sprintf "Tried to make a Spectre workflow runner request from %s, but we're only allowed to accept requests from %s", $sessionIp, join(",",@{$subnets}) diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index b7d0971bb..a50e8b779 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -26,6 +26,7 @@ use WebGUI::User; use WebGUI::Utility; use JSON; use XML::Simple; +use Net::CIDR::Lite; =head1 NAME @@ -141,7 +142,7 @@ sub canUseService { my ( $session ) = @_; my $subnets = $session->config->get('serviceSubnets'); return 1 if !$subnets || !@{$subnets}; - return 1 if WebGUI::Utility::isInSubnet( $session->request->address, $subnets ); + return 1 if Net::CIDR::Lite->new(@$subnets)->find($session->request->address); return 0; # Don't go away mad, just go away } diff --git a/lib/WebGUI/Operation/Workflow.pm b/lib/WebGUI/Operation/Workflow.pm index 2806fc2ca..882434db3 100644 --- a/lib/WebGUI/Operation/Workflow.pm +++ b/lib/WebGUI/Operation/Workflow.pm @@ -21,6 +21,7 @@ use WebGUI::Workflow::Instance; use WebGUI::Utility; use POE::Component::IKC::ClientLite; use JSON qw/ decode_json /; +use Net::CIDR::Lite; =head1 NAME @@ -482,7 +483,7 @@ sub www_runWorkflow { my $session = shift; $session->http->setMimeType("text/plain"); $session->http->setCacheControl("none"); - unless (isInSubnet($session->request->address, $session->config->get("spectreSubnets")) || canRunWorkflow($session)) { + unless (Net::CIDR::Lite->new(@{ $session->config->get('spectreSubnets')} )->find($session->request->address) || canRunWorkflow($session)) { $session->errorHandler->security("make a Spectre workflow runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")})."."); return "error"; } diff --git a/lib/WebGUI/User.pm b/lib/WebGUI/User.pm index da76d39da..7e1fcdc95 100644 --- a/lib/WebGUI/User.pm +++ b/lib/WebGUI/User.pm @@ -22,6 +22,7 @@ use JSON (); use WebGUI::ProfileField; use Tie::CPHash; use Scalar::Util qw( weaken ); +use Net::CIDR::Lite; =head1 NAME @@ -299,7 +300,7 @@ sub canUseAdminMode { my $pass = 1; my $subnets = $self->session->config->get("adminModeSubnets") || []; if (scalar(@$subnets)) { - $pass = WebGUI::Utility::isInSubnet($self->session->request->address, $subnets); + $pass = Net::CIDR::Lite->new(@$subnets)->find($self->session->request->address); } return $pass && $self->isInGroup(12) diff --git a/lib/WebGUI/Utility.pm b/lib/WebGUI/Utility.pm index a3936109e..79ba62895 100644 --- a/lib/WebGUI/Utility.pm +++ b/lib/WebGUI/Utility.pm @@ -22,7 +22,7 @@ use Tie::IxHash; use Net::CIDR::Lite; our @ISA = qw(Exporter); -our @EXPORT = qw(&isInSubnet +our @EXPORT = qw( &sortHash &isIn &round ); @@ -39,7 +39,6 @@ This package provides miscellaneous but useful utilities to the WebGUI programme use WebGUI::Utility; $boolean = isIn($value, @array); - $boolean = isInSubnet($ip, \@subnets); $rounded = round($number, $digits); %hash = sortHash(%hash); @@ -71,49 +70,6 @@ sub isIn { return 0; } - -#------------------------------------------------------------------- - -=head2 isInSubnet ( ipAddress, subnets ) - -Verifies whether an IP address is in a given subnet. Returns a 1 if it -is, undef if there's a formatting error, or 0 if the IP is not in the -list of subnets. - -=head3 ipAddress - -A scalar containing an IP address. - -=head3 subnets - -An array reference containing subnets in CIDR format. Example: 127.0.0.1/32 - -=cut - -sub isInSubnet { - my $ip = shift; - my $subnets = shift; - return 0 unless @{ $subnets }; - for my $cidr ( @{ $subnets } ) { - my @parts = $cidr =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)\/(\d+)$/; - unless ( 5 == @parts ) { # cidr has 5 parts - return undef; - } - unless ( 4 == grep { $_ <= 255 } @parts[0..3] ) { # each octet needs to be between 0 and 255 - return undef; - } - unless ( $parts[4] <= 32 ) { # the subnet needs to be less than or equal to 32, as 32 represents only 1 ip address - return undef; - } - } - my $net = Net::CIDR::Lite->new(@{ $subnets }); - if ($net->find($ip)) { - return 1; - } else { - return 0; - } -} - #------------------------------------------------------------------- =head2 round ( float [, significantDigits ] ) diff --git a/t/Utility.t b/t/Utility.t index 79893bfba..f02ba67d4 100644 --- a/t/Utility.t +++ b/t/Utility.t @@ -43,21 +43,6 @@ is(WebGUI::Utility::round(47.6, 0), 48, 'round() - rounds up, too'); } -# isInSubnets -is(WebGUI::Utility::isInSubnet('192.168.0.1', []), 0, 'isInSubnet: comparing against an empty array ref'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.1/32']), 1, 'isInSubnet: comparing against an exact match'); -is(WebGUI::Utility::isInSubnet('192.168.0.2', ['192.168.0.1/32']), 0, 'isInSubnet: comparing against a mismatch'); -is(WebGUI::Utility::isInSubnet('192.168.0.2', ['192.168.0.1/30']), 1, 'isInSubnet: comparing against a match with mask'); -is(WebGUI::Utility::isInSubnet('256.168.0.2', ['192.168.0.1/30']), 0, 'isInSubnet: ip is out of range'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.1/33']), undef, 'isInSubnet: mask is out of range'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.0.1/33']), undef, 'isInSubnet: ip has too many dots'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['0.0.1/33']), undef, 'isInSubnet: ip has too few dots'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.1']), undef, 'isInSubnet: ip is missing mask'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['256.168.0.1/32']), undef, 'isInSubnet: ip has an out of range quad'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.257.0.1/32']), undef, 'isInSubnet: ip has an out of range quad'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.258.1/32']), undef, 'isInSubnet: ip has an out of range quad'); -is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.259/32']), undef, 'isInSubnet: ip has an out of range quad'); - TODO: { local $TODO = 'Things to do'; ok(0, 'Move email validation tests out of Form/Email into here');