From 278a44988e0a708d3b60529fff25c6bb7f1a570d Mon Sep 17 00:00:00 2001 From: Sebastian Lohff Date: Sun, 30 Apr 2017 15:27:51 +0200 Subject: [PATCH] Check if glue records are inside DarkNet --- domains/forms.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/domains/forms.py b/domains/forms.py index fb9c23a..791af26 100644 --- a/domains/forms.py +++ b/domains/forms.py @@ -70,6 +70,36 @@ class NameserverForm(MntFormMixin, WhoisObjectFormMixin, forms.ModelForm): instance = getattr(self, "instance", None) self._create = not (instance and instance.pk) + def cleanNetwork(self, glue): + ip = ipaddress.ip_address(glue) + proto = InetNum.IPv4 if ip.version == 4 else InetNum.IPv6 + nets = InetNum.objects.filter(parent_range=None, protocol=proto) + + if len(nets) == 0: + raise forms.ValidationError("No range has been registered for IPv%s in the whois interface" % ip.version) + + for net in nets: + if ip in net.getNetwork(): + break + else: + raise forms.ValidationError("Glue record address is not inside DarkNet (subnet %s)" % ", ".join(map(lambda _x: _x.prefix(), nets))) + + def clean_glueIPv4(self): + glue = self.cleaned_data['glueIPv4'] + + if glue: + self.cleanNetwork(glue) + + return glue + + def clean_glueIPv6(self): + glue = self.cleaned_data['glueIPv6'] + + if glue: + self.cleanNetwork(glue) + + return glue + def clean_name(self): name = self.cleaned_data['name'].lower().strip() if not name.endswith("."):