Check if glue records are inside DarkNet

2017-04-30 15:27:51 +02:00 · 2017-04-30 15:27:51 +02:00 · 278a44988e
parent 67ec9904b2
commit 278a44988e
1 changed files with 30 additions and 0 deletions
--- a/domains/forms.py
+++ b/domains/forms.py
@ -70,6 +70,36 @@ class NameserverForm(MntFormMixin, WhoisObjectFormMixin, forms.ModelForm):
 		instance = getattr(self, "instance", None)
 		self._create = not (instance and instance.pk)

+	def cleanNetwork(self, glue):
+		ip = ipaddress.ip_address(glue)
+		proto = InetNum.IPv4 if ip.version == 4 else InetNum.IPv6
+		nets = InetNum.objects.filter(parent_range=None, protocol=proto)
+
+		if len(nets) == 0:
+			raise forms.ValidationError("No range has been registered for IPv%s in the whois interface" % ip.version)
+
+		for net in nets:
+			if ip in net.getNetwork():
+				break
+		else:
+			raise forms.ValidationError("Glue record address is not inside DarkNet (subnet %s)" % ", ".join(map(lambda _x: _x.prefix(), nets)))
+
+	def clean_glueIPv4(self):
+		glue = self.cleaned_data['glueIPv4']
+
+		if glue:
+			self.cleanNetwork(glue)
+
+		return glue
+
+	def clean_glueIPv6(self):
+		glue = self.cleaned_data['glueIPv6']
+
+		if glue:
+			self.cleanNetwork(glue)
+
+		return glue
+
 	def clean_name(self):
 		name = self.cleaned_data['name'].lower().strip()
 		if not name.endswith("."):