consider a valid ipv4 address as a validish ipv4 /32 cidr (apache#10174)

DaanHoogland · dhslove · commit b6ff1714215f · 2025-01-16T11:54:12.000+09:00
* consider a valid ipv4 address as a validish ipv4 /32 cidr

* refactor cidr evaluation for internal nets

* Apply suggestions from code review

* Update services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java

* Update services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
diff --git a/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java b/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
@@ -400,10 +400,13 @@ private List<String> getAllowedInternalSiteCidrs() {
         }
         String[] cidrs = _allowedInternalSites.split(",");
         for (String cidr : cidrs) {
-            if (NetUtils.isValidIp4Cidr(cidr) || NetUtils.isValidIp4(cidr) || !cidr.startsWith("0.0.0.0")) {
-                if (NetUtils.getCleanIp4Cidr(cidr).equals(cidr)) {
-                    logger.warn(String.format("Invalid CIDR %s in %s", cidr, SecStorageAllowedInternalDownloadSites.key()));
+            if (NetUtils.isValidIp4Cidr(cidr) && !cidr.startsWith("0.0.0.0")) {
+                if (! NetUtils.getCleanIp4Cidr(cidr).equals(cidr)) {
+                    s_logger.warn(String.format("Invalid CIDR %s in %s", cidr, SecStorageAllowedInternalDownloadSites.key()));
                 }
+                allowedCidrs.add(NetUtils.getCleanIp4Cidr(cidr));
+            } else if (NetUtils.isValidIp4(cidr) && !cidr.startsWith("0.0.0.0")) {
+                s_logger.warn(String.format("Ip address is not a valid CIDR; %s consider using %s/32", cidr, cidr));
                 allowedCidrs.add(cidr);
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -400,10 +400,13 @@ private List<String> getAllowedInternalSiteCidrs() {`
`400`	`400`	`}`
`401`	`401`	`String[] cidrs = _allowedInternalSites.split(",");`
`402`	`402`	`for (String cidr : cidrs) {`
`403`		`- if (NetUtils.isValidIp4Cidr(cidr) \|\| NetUtils.isValidIp4(cidr) \|\| !cidr.startsWith("0.0.0.0")) {`
`404`		`- if (NetUtils.getCleanIp4Cidr(cidr).equals(cidr)) {`
`405`		`- logger.warn(String.format("Invalid CIDR %s in %s", cidr, SecStorageAllowedInternalDownloadSites.key()));`
	`403`	`+ if (NetUtils.isValidIp4Cidr(cidr) && !cidr.startsWith("0.0.0.0")) {`
	`404`	`+ if (! NetUtils.getCleanIp4Cidr(cidr).equals(cidr)) {`
	`405`	`+ s_logger.warn(String.format("Invalid CIDR %s in %s", cidr, SecStorageAllowedInternalDownloadSites.key()));`
`406`	`406`	`}`
	`407`	`+ allowedCidrs.add(NetUtils.getCleanIp4Cidr(cidr));`
	`408`	`+ } else if (NetUtils.isValidIp4(cidr) && !cidr.startsWith("0.0.0.0")) {`
	`409`	`+ s_logger.warn(String.format("Ip address is not a valid CIDR; %s consider using %s/32", cidr, cidr));`
`407`	`410`	`allowedCidrs.add(cidr);`
`408`	`411`	`}`
`409`	`412`	`}`