Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 291ef1c

Browse files
Ninosfabpot
Ninos
authored and
fabpot
committed
[Validator] Add additional versions (*_NO_PUBLIC, *_ONLY_PRIV & *_ONLY_RES) in IP address & CIDR constraint
1 parent d00444c commit 291ef1c

File tree

8 files changed

+266
-62
lines changed

8 files changed

+266
-62
lines changed

src/Symfony/Component/Validator/CHANGELOG.md

+2
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ CHANGELOG
66

77
* Add support for `Stringable` values when using the `Cidr`, `CssColor`, `ExpressionSyntax` and `PasswordStrength` constraints
88
* Add `MacAddress` constraint
9+
* Add `*_NO_PUBLIC`, `*_ONLY_PRIVATE` and `*_ONLY_RESERVED` versions to `Ip` constraint
10+
* Possibility to use all `Ip` constraint versions for `Cidr` constraint
911
* Add `list` and `associative_array` types to `Type` constraint
1012
* Add the `Charset` constraint
1113

src/Symfony/Component/Validator/Constraints/Cidr.php

+36-8
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313

1414
use Symfony\Component\Validator\Constraint;
1515
use Symfony\Component\Validator\Exception\ConstraintDefinitionException;
16+
use Symfony\Component\Validator\Exception\InvalidArgumentException;
1617

1718
/**
1819
* Validates that a value is a valid CIDR notation.
@@ -21,6 +22,7 @@
2122
*
2223
* @author Sorin Pop <[email protected]>
2324
* @author Calin Bolea <[email protected]>
25+
* @author Ninos Ego <[email protected]>
2426
*/
2527
#[\Attribute(\Attribute::TARGET_PROPERTY | \Attribute::TARGET_METHOD | \Attribute::IS_REPEATABLE)]
2628
class Cidr extends Constraint
@@ -34,9 +36,33 @@ class Cidr extends Constraint
3436
];
3537

3638
private const NET_MAXES = [
37-
Ip::ALL => 128,
3839
Ip::V4 => 32,
3940
Ip::V6 => 128,
41+
Ip::ALL => 128,
42+
43+
Ip::V4_NO_PUBLIC => 32,
44+
Ip::V6_NO_PUBLIC => 128,
45+
Ip::ALL_NO_PUBLIC => 128,
46+
47+
Ip::V4_NO_PRIVATE => 32,
48+
Ip::V6_NO_PRIVATE => 128,
49+
Ip::ALL_NO_PRIVATE => 128,
50+
51+
Ip::V4_NO_RESERVED => 32,
52+
Ip::V6_NO_RESERVED => 128,
53+
Ip::ALL_NO_RESERVED => 128,
54+
55+
Ip::V4_ONLY_PUBLIC => 32,
56+
Ip::V6_ONLY_PUBLIC => 128,
57+
Ip::ALL_ONLY_PUBLIC => 128,
58+
59+
Ip::V4_ONLY_PRIVATE => 32,
60+
Ip::V6_ONLY_PRIVATE => 128,
61+
Ip::ALL_ONLY_PRIVATE => 128,
62+
63+
Ip::V4_ONLY_RESERVED => 32,
64+
Ip::V6_ONLY_RESERVED => 128,
65+
Ip::ALL_ONLY_RESERVED => 128,
4066
];
4167

4268
public string $version = Ip::ALL;
@@ -45,13 +71,9 @@ class Cidr extends Constraint
4571
public int $netmaskMin = 0;
4672
public int $netmaskMax;
4773

48-
/**
49-
* @param array<string,mixed>|null $options
50-
* @param string|null $version The CIDR version to validate (4, 6 or all, defaults to all)
51-
* @param int|null $netmaskMin The lowest valid for a valid netmask (defaults to 0)
52-
* @param int|null $netmaskMax The biggest valid for a valid netmask (defaults to 32 for IPv4, 128 for IPv6)
53-
* @param string[]|null $groups
54-
*/
74+
/** @var callable|null */
75+
public $normalizer;
76+
5577
public function __construct(
5678
?array $options = null,
5779
?string $version = null,
@@ -60,6 +82,7 @@ public function __construct(
6082
?string $message = null,
6183
?array $groups = null,
6284
$payload = null,
85+
?callable $normalizer = null,
6386
) {
6487
$this->version = $version ?? $options['version'] ?? $this->version;
6588

@@ -70,13 +93,18 @@ public function __construct(
7093
$this->netmaskMin = $netmaskMin ?? $options['netmaskMin'] ?? $this->netmaskMin;
7194
$this->netmaskMax = $netmaskMax ?? $options['netmaskMax'] ?? self::NET_MAXES[$this->version];
7295
$this->message = $message ?? $this->message;
96+
$this->normalizer = $normalizer ?? $this->normalizer;
7397

7498
unset($options['netmaskMin'], $options['netmaskMax'], $options['version']);
7599

76100
if ($this->netmaskMin < 0 || $this->netmaskMax > self::NET_MAXES[$this->version] || $this->netmaskMin > $this->netmaskMax) {
77101
throw new ConstraintDefinitionException(sprintf('The netmask range must be between 0 and %d.', self::NET_MAXES[$this->version]));
78102
}
79103

104+
if (null !== $this->normalizer && !\is_callable($this->normalizer)) {
105+
throw new InvalidArgumentException(sprintf('The "normalizer" option must be a valid callable ("%s" given).', get_debug_type($this->normalizer)));
106+
}
107+
80108
parent::__construct($options, $groups, $payload);
81109
}
82110
}

src/Symfony/Component/Validator/Constraints/CidrValidator.php

+19-9
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,13 @@
1616
use Symfony\Component\Validator\Exception\UnexpectedTypeException;
1717
use Symfony\Component\Validator\Exception\UnexpectedValueException;
1818

19+
/**
20+
* Validates whether a value is a CIDR notation.
21+
*
22+
* @author Sorin Pop <[email protected]>
23+
* @author Calin Bolea <[email protected]>
24+
* @author Ninos Ego <[email protected]>
25+
*/
1926
class CidrValidator extends ConstraintValidator
2027
{
2128
public function validate($value, Constraint $constraint): void
@@ -28,10 +35,16 @@ public function validate($value, Constraint $constraint): void
2835
return;
2936
}
3037

31-
if (!\is_string($value) && !$value instanceof \Stringable) {
38+
if (!\is_scalar($value) && !$value instanceof \Stringable) {
3239
throw new UnexpectedValueException($value, 'string');
3340
}
3441

42+
$value = (string) $value;
43+
44+
if (null !== $constraint->normalizer) {
45+
$value = ($constraint->normalizer)($value);
46+
}
47+
3548
$cidrParts = explode('/', $value, 2);
3649

3750
if (!isset($cidrParts[1])
@@ -49,14 +62,7 @@ public function validate($value, Constraint $constraint): void
4962
$ipAddress = $cidrParts[0];
5063
$netmask = (int) $cidrParts[1];
5164

52-
$validV4 = Ip::V6 !== $constraint->version
53-
&& filter_var($ipAddress, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4)
54-
&& $netmask <= 32;
55-
56-
$validV6 = Ip::V4 !== $constraint->version
57-
&& filter_var($ipAddress, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV6);
58-
59-
if (!$validV4 && !$validV6) {
65+
if (!IpValidator::checkIP($ipAddress, $constraint->version)) {
6066
$this->context
6167
->buildViolation($constraint->message)
6268
->setCode(Cidr::INVALID_CIDR_ERROR)
@@ -65,6 +71,10 @@ public function validate($value, Constraint $constraint): void
6571
return;
6672
}
6773

74+
if (filter_var($ipAddress, \FILTER_VALIDATE_IP, \FILTER_FLAG_IPV4) && $constraint->netmaskMax > 32) {
75+
$constraint->netmaskMax = 32;
76+
}
77+
6878
if ($netmask < $constraint->netmaskMin || $netmask > $constraint->netmaskMax) {
6979
$this->context
7080
->buildViolation($constraint->netmaskRangeViolationMessage)

src/Symfony/Component/Validator/Constraints/Ip.php

+46-12
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
*
2121
* @author Bernhard Schussek <[email protected]>
2222
* @author Joseph Bielawski <[email protected]>
23+
* @author Ninos Ego <[email protected]>
2324
*/
2425
#[\Attribute(\Attribute::TARGET_PROPERTY | \Attribute::TARGET_METHOD | \Attribute::IS_REPEATABLE)]
2526
class Ip extends Constraint
@@ -28,39 +29,72 @@ class Ip extends Constraint
2829
public const V6 = '6';
2930
public const ALL = 'all';
3031

32+
// adds inverse FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE flags (skip both)
33+
public const V4_NO_PUBLIC = '4_no_public';
34+
public const V6_NO_PUBLIC = '6_no_public';
35+
public const ALL_NO_PUBLIC = 'all_no_public';
36+
3137
// adds FILTER_FLAG_NO_PRIV_RANGE flag (skip private ranges)
32-
public const V4_NO_PRIV = '4_no_priv';
33-
public const V6_NO_PRIV = '6_no_priv';
34-
public const ALL_NO_PRIV = 'all_no_priv';
38+
public const V4_NO_PRIVATE = '4_no_priv';
39+
public const V4_NO_PRIV = self::V4_NO_PRIVATE; // BC: Alias
40+
public const V6_NO_PRIVATE = '6_no_priv';
41+
public const V6_NO_PRIV = self::V6_NO_PRIVATE; // BC: Alias
42+
public const ALL_NO_PRIVATE = 'all_no_priv';
43+
public const ALL_NO_PRIV = self::ALL_NO_PRIVATE; // BC: Alias
3544

3645
// adds FILTER_FLAG_NO_RES_RANGE flag (skip reserved ranges)
37-
public const V4_NO_RES = '4_no_res';
38-
public const V6_NO_RES = '6_no_res';
39-
public const ALL_NO_RES = 'all_no_res';
46+
public const V4_NO_RESERVED = '4_no_res';
47+
public const V4_NO_RES = self::V4_NO_RESERVED; // BC: Alias
48+
public const V6_NO_RESERVED = '6_no_res';
49+
public const V6_NO_RES = self::V6_NO_RESERVED; // BC: Alias
50+
public const ALL_NO_RESERVED = 'all_no_res';
51+
public const ALL_NO_RES = self::ALL_NO_RESERVED; // BC: Alias
4052

4153
// adds FILTER_FLAG_NO_PRIV_RANGE and FILTER_FLAG_NO_RES_RANGE flags (skip both)
4254
public const V4_ONLY_PUBLIC = '4_public';
4355
public const V6_ONLY_PUBLIC = '6_public';
4456
public const ALL_ONLY_PUBLIC = 'all_public';
4557

58+
// adds inverse FILTER_FLAG_NO_PRIV_RANGE
59+
public const V4_ONLY_PRIVATE = '4_private';
60+
public const V6_ONLY_PRIVATE = '6_private';
61+
public const ALL_ONLY_PRIVATE = 'all_private';
62+
63+
// adds inverse FILTER_FLAG_NO_RES_RANGE
64+
public const V4_ONLY_RESERVED = '4_reserved';
65+
public const V6_ONLY_RESERVED = '6_reserved';
66+
public const ALL_ONLY_RESERVED = 'all_reserved';
67+
4668
public const INVALID_IP_ERROR = 'b1b427ae-9f6f-41b0-aa9b-84511fbb3c5b';
4769

4870
protected const VERSIONS = [
4971
self::V4,
5072
self::V6,
5173
self::ALL,
5274

53-
self::V4_NO_PRIV,
54-
self::V6_NO_PRIV,
55-
self::ALL_NO_PRIV,
75+
self::V4_NO_PUBLIC,
76+
self::V6_NO_PUBLIC,
77+
self::ALL_NO_PUBLIC,
5678

57-
self::V4_NO_RES,
58-
self::V6_NO_RES,
59-
self::ALL_NO_RES,
79+
self::V4_NO_PRIVATE,
80+
self::V6_NO_PRIVATE,
81+
self::ALL_NO_PRIVATE,
82+
83+
self::V4_NO_RESERVED,
84+
self::V6_NO_RESERVED,
85+
self::ALL_NO_RESERVED,
6086

6187
self::V4_ONLY_PUBLIC,
6288
self::V6_ONLY_PUBLIC,
6389
self::ALL_ONLY_PUBLIC,
90+
91+
self::V4_ONLY_PRIVATE,
92+
self::V6_ONLY_PRIVATE,
93+
self::ALL_ONLY_PRIVATE,
94+
95+
self::V4_ONLY_RESERVED,
96+
self::V6_ONLY_RESERVED,
97+
self::ALL_ONLY_RESERVED,
6498
];
6599

66100
protected const ERROR_NAMES = [

src/Symfony/Component/Validator/Constraints/IpValidator.php

+42-16
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,50 @@
2121
*
2222
* @author Bernhard Schussek <[email protected]>
2323
* @author Joseph Bielawski <[email protected]>
24+
* @author Ninos Ego <[email protected]>
2425
*/
2526
class IpValidator extends ConstraintValidator
2627
{
28+
/**
29+
* Checks whether an IP address is valid.
30+
*
31+
* @internal
32+
*/
33+
public static function checkIp(string $ip, mixed $version): bool
34+
{
35+
$flag = match ($version) {
36+
Ip::V4, Ip::V4_NO_PUBLIC, Ip::V4_ONLY_PRIVATE, Ip::V4_ONLY_RESERVED => \FILTER_FLAG_IPV4,
37+
Ip::V6, Ip::V6_NO_PUBLIC, Ip::V6_ONLY_PRIVATE, Ip::V6_ONLY_RESERVED => \FILTER_FLAG_IPV6,
38+
Ip::V4_NO_PRIVATE => \FILTER_FLAG_IPV4 | \FILTER_FLAG_NO_PRIV_RANGE,
39+
Ip::V6_NO_PRIVATE => \FILTER_FLAG_IPV6 | \FILTER_FLAG_NO_PRIV_RANGE,
40+
Ip::ALL_NO_PRIVATE => \FILTER_FLAG_NO_PRIV_RANGE,
41+
Ip::V4_NO_RESERVED => \FILTER_FLAG_IPV4 | \FILTER_FLAG_NO_RES_RANGE,
42+
Ip::V6_NO_RESERVED => \FILTER_FLAG_IPV6 | \FILTER_FLAG_NO_RES_RANGE,
43+
Ip::ALL_NO_RESERVED => \FILTER_FLAG_NO_RES_RANGE,
44+
Ip::V4_ONLY_PUBLIC => \FILTER_FLAG_IPV4 | \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE,
45+
Ip::V6_ONLY_PUBLIC => \FILTER_FLAG_IPV6 | \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE,
46+
Ip::ALL_ONLY_PUBLIC => \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE,
47+
default => 0,
48+
};
49+
50+
if (!filter_var($ip, \FILTER_VALIDATE_IP, $flag)) {
51+
return false;
52+
}
53+
54+
$inverseFlag = match ($version) {
55+
Ip::V4_NO_PUBLIC, Ip::V6_NO_PUBLIC, Ip::ALL_NO_PUBLIC => \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE,
56+
Ip::V4_ONLY_PRIVATE, Ip::V6_ONLY_PRIVATE, Ip::ALL_ONLY_PRIVATE => \FILTER_FLAG_NO_PRIV_RANGE,
57+
Ip::V4_ONLY_RESERVED, Ip::V6_ONLY_RESERVED, Ip::ALL_ONLY_RESERVED => \FILTER_FLAG_NO_RES_RANGE,
58+
default => 0,
59+
};
60+
61+
if ($inverseFlag && filter_var($ip, \FILTER_VALIDATE_IP, $inverseFlag)) {
62+
return false;
63+
}
64+
65+
return true;
66+
}
67+
2768
public function validate(mixed $value, Constraint $constraint): void
2869
{
2970
if (!$constraint instanceof Ip) {
@@ -44,22 +85,7 @@ public function validate(mixed $value, Constraint $constraint): void
4485
$value = ($constraint->normalizer)($value);
4586
}
4687

47-
$flag = match ($constraint->version) {
48-
Ip::V4 => \FILTER_FLAG_IPV4,
49-
Ip::V6 => \FILTER_FLAG_IPV6,
50-
Ip::V4_NO_PRIV => \FILTER_FLAG_IPV4 | \FILTER_FLAG_NO_PRIV_RANGE,
51-
Ip::V6_NO_PRIV => \FILTER_FLAG_IPV6 | \FILTER_FLAG_NO_PRIV_RANGE,
52-
Ip::ALL_NO_PRIV => \FILTER_FLAG_NO_PRIV_RANGE,
53-
Ip::V4_NO_RES => \FILTER_FLAG_IPV4 | \FILTER_FLAG_NO_RES_RANGE,
54-
Ip::V6_NO_RES => \FILTER_FLAG_IPV6 | \FILTER_FLAG_NO_RES_RANGE,
55-
Ip::ALL_NO_RES => \FILTER_FLAG_NO_RES_RANGE,
56-
Ip::V4_ONLY_PUBLIC => \FILTER_FLAG_IPV4 | \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE,
57-
Ip::V6_ONLY_PUBLIC => \FILTER_FLAG_IPV6 | \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE,
58-
Ip::ALL_ONLY_PUBLIC => \FILTER_FLAG_NO_PRIV_RANGE | \FILTER_FLAG_NO_RES_RANGE,
59-
default => 0,
60-
};
61-
62-
if (!filter_var($value, \FILTER_VALIDATE_IP, $flag)) {
88+
if (!self::checkIp($value, $constraint->version)) {
6389
$this->context->buildViolation($constraint->message)
6490
->setParameter('{{ value }}', $this->formatValue($value))
6591
->setCode(Ip::INVALID_IP_ERROR)

src/Symfony/Component/Validator/Tests/Constraints/CidrTest.php

+9-1
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,15 @@ public function testForV6()
4949

5050
public function testWithInvalidVersion()
5151
{
52-
$availableVersions = [Ip::ALL, Ip::V4, Ip::V6];
52+
$availableVersions = [
53+
Ip::V4, Ip::V6, Ip::ALL,
54+
Ip::V4_NO_PUBLIC, Ip::V6_NO_PUBLIC, Ip::ALL_NO_PUBLIC,
55+
Ip::V4_NO_PRIVATE, Ip::V6_NO_PRIVATE, Ip::ALL_NO_PRIVATE,
56+
Ip::V4_NO_RESERVED, Ip::V6_NO_RESERVED, Ip::ALL_NO_RESERVED,
57+
Ip::V4_ONLY_PUBLIC, Ip::V6_ONLY_PUBLIC, Ip::ALL_ONLY_PUBLIC,
58+
Ip::V4_ONLY_PRIVATE, Ip::V6_ONLY_PRIVATE, Ip::ALL_ONLY_PRIVATE,
59+
Ip::V4_ONLY_RESERVED, Ip::V6_ONLY_RESERVED, Ip::ALL_ONLY_RESERVED,
60+
];
5361

5462
self::expectException(ConstraintDefinitionException::class);
5563
self::expectExceptionMessage(sprintf('The option "version" must be one of "%s".', implode('", "', $availableVersions)));

src/Symfony/Component/Validator/Tests/Constraints/CidrValidatorTest.php

+2-3
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ public function testExpectsStringCompatibleType()
5252
{
5353
$this->expectException(UnexpectedValueException::class);
5454

55-
$this->validator->validate(123456, new Cidr());
55+
$this->validator->validate([123456], new Cidr());
5656
}
5757

5858
/**
@@ -205,7 +205,6 @@ public static function getWithInvalidNetmask(): array
205205
return [
206206
['192.168.1.0/-1'],
207207
['0.0.0.0/foobar'],
208-
['10.0.0.0/128'],
209208
['123.45.67.178/aaa'],
210209
['172.16.0.0//'],
211210
['255.255.255.255/1/4'],
@@ -223,7 +222,6 @@ public static function getWithInvalidMasksAndIps(): array
223222
{
224223
return [
225224
['0.0.0.0/foobar'],
226-
['10.0.0.0/128'],
227225
['123.45.67.178/aaa'],
228226
['172.16.0.0//'],
229227
['172.16.0.0/a/'],
@@ -243,6 +241,7 @@ public static function getOutOfRangeNetmask(): array
243241
{
244242
return [
245243
['10.0.0.0/24', Ip::V4, 10, 20],
244+
['10.0.0.0/128'],
246245
['2001:0DB8:85A3:0000:0000:8A2E:0370:7334/24', Ip::V6, 10, 20],
247246
];
248247
}

0 commit comments

Comments
 (0)