From a2f0a59f3f70562078b88282de720d2e21374d19 Mon Sep 17 00:00:00 2001
From: Karel van Klink <karel.vanklink@geant.org>
Date: Fri, 6 Oct 2023 10:23:12 +0200
Subject: [PATCH] restrict IPv4 and v6 netmask values to valid range in
 settings

---
 README.md       |  2 +-
 gso/settings.py | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 2056188c..cb0cac39 100644
--- a/README.md
+++ b/README.md
@@ -2,4 +2,4 @@
 The GÉANT interpretation of [`orchestrator-core`](https://github.com/workfloworchestrator/orchestrator-core).
 
 ## Documentation
-You can build the documentation locally using either [build-docs.sh](build-docs.sh) or [test-docs.sh](test-docs.sh).
+You can build the documentation locally using [build-docs.sh](build-docs.sh).
diff --git a/gso/settings.py b/gso/settings.py
index 701f65fd..61c8b776 100644
--- a/gso/settings.py
+++ b/gso/settings.py
@@ -8,7 +8,7 @@ import json
 import logging
 import os
 
-from pydantic import BaseSettings
+from pydantic import BaseSettings, NonNegativeInt
 
 logger = logging.getLogger(__name__)
 
@@ -31,12 +31,20 @@ class InfoBloxParams(BaseSettings):
     password: str
 
 
+class V4Netmask(NonNegativeInt):
+    le = 32
+
+
+class V6Netmask(NonNegativeInt):
+    le = 128
+
+
 class V4NetworkParams(BaseSettings):
     """A set of parameters that describe an IPv4 network in InfoBlox."""
 
     containers: list[ipaddress.IPv4Network]
     networks: list[ipaddress.IPv4Network]
-    mask: int  # TODO: validation on mask?
+    mask: V4Netmask
 
 
 class V6NetworkParams(BaseSettings):
@@ -44,7 +52,7 @@ class V6NetworkParams(BaseSettings):
 
     containers: list[ipaddress.IPv6Network]
     networks: list[ipaddress.IPv6Network]
-    mask: int  # TODO: validation on mask?
+    mask: V6Netmask
 
 
 class ServiceNetworkParams(BaseSettings):
-- 
GitLab