Browse Source

Check if glue records are inside DarkNet

Sebastian Lohff 2 years ago
parent
commit
278a44988e
1 changed files with 30 additions and 0 deletions
  1. 30
    0
      domains/forms.py

+ 30
- 0
domains/forms.py View File

@@ -70,6 +70,36 @@ class NameserverForm(MntFormMixin, WhoisObjectFormMixin, forms.ModelForm):
70 70
 		instance = getattr(self, "instance", None)
71 71
 		self._create = not (instance and instance.pk)
72 72
 
73
+	def cleanNetwork(self, glue):
74
+		ip = ipaddress.ip_address(glue)
75
+		proto = InetNum.IPv4 if ip.version == 4 else InetNum.IPv6
76
+		nets = InetNum.objects.filter(parent_range=None, protocol=proto)
77
+
78
+		if len(nets) == 0:
79
+			raise forms.ValidationError("No range has been registered for IPv%s in the whois interface" % ip.version)
80
+
81
+		for net in nets:
82
+			if ip in net.getNetwork():
83
+				break
84
+		else:
85
+			raise forms.ValidationError("Glue record address is not inside DarkNet (subnet %s)" % ", ".join(map(lambda _x: _x.prefix(), nets)))
86
+
87
+	def clean_glueIPv4(self):
88
+		glue = self.cleaned_data['glueIPv4']
89
+
90
+		if glue:
91
+			self.cleanNetwork(glue)
92
+
93
+		return glue
94
+
95
+	def clean_glueIPv6(self):
96
+		glue = self.cleaned_data['glueIPv6']
97
+
98
+		if glue:
99
+			self.cleanNetwork(glue)
100
+
101
+		return glue
102
+
73 103
 	def clean_name(self):
74 104
 		name = self.cleaned_data['name'].lower().strip()
75 105
 		if not name.endswith("."):

Loading…
Cancel
Save