From f6826c7e47c7d7b3f4584f272af36884c6581078 Mon Sep 17 00:00:00 2001
From: erenJag <64777133+erenJag@users.noreply.github.com>
Date: Thu, 2 Jul 2020 11:09:40 +0200
Subject: [PATCH] add expr helper to check if IP is in ipRange (#113)

* add expr helper to check if IP is in ipRange

* update helper name

Co-authored-by: erenJag <erenJag>
---
 pkg/exprhelpers/expr_test.go | 20 ++++++++++++++++++++
 pkg/exprhelpers/exprlib.go   | 22 ++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/pkg/exprhelpers/expr_test.go b/pkg/exprhelpers/expr_test.go
index e62e051d0..b44fbd919 100644
--- a/pkg/exprhelpers/expr_test.go
+++ b/pkg/exprhelpers/expr_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/antonmedv/expr"
+	"github.com/stretchr/testify/require"
 	"gotest.tools/assert"
 )
 
@@ -113,3 +114,22 @@ func TestFile(t *testing.T) {
 		assert.Equal(t, test.result, result)
 	}
 }
+
+func TestIpInRange(t *testing.T) {
+	env := map[string]interface{}{
+		"ip":        "192.168.0.1",
+		"ipRange":   "192.168.0.0/24",
+		"IpInRange": IpInRange,
+	}
+	code := "IpInRange(ip, ipRange)"
+	log.Printf("Running filter : %s", code)
+
+	program, err := expr.Compile(code, expr.Env(env))
+	require.NoError(t, err)
+
+	output, err := expr.Run(program, env)
+	require.NoError(t, err)
+
+	require.Equal(t, true, output)
+
+}
diff --git a/pkg/exprhelpers/exprlib.go b/pkg/exprhelpers/exprlib.go
index e1ae0eef2..152ce851e 100644
--- a/pkg/exprhelpers/exprlib.go
+++ b/pkg/exprhelpers/exprlib.go
@@ -3,6 +3,7 @@ package exprhelpers
 import (
 	"bufio"
 	"fmt"
+	"net"
 	"os"
 	"path"
 	"regexp"
@@ -36,6 +37,7 @@ func GetExprEnv(ctx map[string]interface{}) map[string]interface{} {
 		"File":           File,
 		"RegexpInFile":   RegexpInFile,
 		"Upper":          Upper,
+		"IpInRange":      IpInRange,
 	}
 	for k, v := range ctx {
 		ExprLib[k] = v
@@ -101,3 +103,23 @@ func RegexpInFile(data string, filename string) bool {
 	}
 	return false
 }
+
+func IpInRange(ip string, ipRange string) bool {
+	var err error
+	var ipParsed net.IP
+	var ipRangeParsed *net.IPNet
+
+	ipParsed = net.ParseIP(ip)
+	if ipParsed == nil {
+		log.Errorf("'%s' is not a valid IP", ip)
+		return false
+	}
+	if _, ipRangeParsed, err = net.ParseCIDR(ipRange); err != nil {
+		log.Errorf("'%s' is not a valid IP Range", ipRange)
+		return false
+	}
+	if ipRangeParsed.Contains(ipParsed) {
+		return true
+	}
+	return false
+}