fix: architecture violations and pre-existing test bugs
- Remove JA4SENTINEL_LOG_LEVEL env override (architecture violation: log_level must be YAML-only) - Add TestLoadFromEnv_LogLevelIgnored test to verify env var is ignored - Fix yaml struct tags in api.Config/AppConfig/OutputConfig (yaml.v3 ignores json tags) - Fix isValidIP/isValidCIDR to use net.ParseIP/net.ParseCIDR for proper validation - Fix SLL packet parsing: use protoType from SLL header to select IPv4/IPv6 decoder - Fix TestLoadFromFile_ExcludeSourceIPs: t.Errorf → t.Fatalf to avoid nil dereference - Fix TestFromClientHello_NilPayload: use strings.HasPrefix for error message check - Fix TestValidate_ExcludeSourceIPs: add required FlowTimeoutSec/PacketBufferSize defaults Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
@ -5,6 +5,7 @@ import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
@ -104,10 +105,8 @@ func (l *LoaderImpl) loadFromEnv(config api.AppConfig) api.AppConfig {
|
||||
}
|
||||
}
|
||||
|
||||
// JA4SENTINEL_LOG_LEVEL
|
||||
if val := os.Getenv("JA4SENTINEL_LOG_LEVEL"); val != "" {
|
||||
config.Core.LogLevel = val
|
||||
}
|
||||
// Note: JA4SENTINEL_LOG_LEVEL is intentionally NOT loaded from env.
|
||||
// log_level must be configured exclusively via the YAML config file.
|
||||
|
||||
return config
|
||||
}
|
||||
@ -284,46 +283,13 @@ func ToJSON(config api.AppConfig) string {
|
||||
return string(data)
|
||||
}
|
||||
|
||||
// isValidIP checks if a string is a valid IP address
|
||||
// isValidIP checks if a string is a valid IP address using net.ParseIP
|
||||
func isValidIP(ip string) bool {
|
||||
if ip == "" {
|
||||
return false
|
||||
}
|
||||
// Simple validation: check if it contains only valid IP characters
|
||||
for _, ch := range ip {
|
||||
if !((ch >= '0' && ch <= '9') || ch == '.') {
|
||||
// Could be IPv6
|
||||
if ch == ':' {
|
||||
return true // Accept IPv6 without detailed validation
|
||||
}
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
return net.ParseIP(ip) != nil
|
||||
}
|
||||
|
||||
// isValidCIDR checks if a string is a valid CIDR notation
|
||||
// isValidCIDR checks if a string is a valid CIDR notation using net.ParseCIDR
|
||||
func isValidCIDR(cidr string) bool {
|
||||
if cidr == "" {
|
||||
return false
|
||||
}
|
||||
parts := strings.Split(cidr, "/")
|
||||
if len(parts) != 2 {
|
||||
return false
|
||||
}
|
||||
// Check IP part
|
||||
if !isValidIP(parts[0]) {
|
||||
return false
|
||||
}
|
||||
// Check prefix length
|
||||
prefix, err := strconv.Atoi(parts[1])
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
if strings.Contains(parts[0], ":") {
|
||||
// IPv6
|
||||
return prefix >= 0 && prefix <= 128
|
||||
}
|
||||
// IPv4
|
||||
return prefix >= 0 && prefix <= 32
|
||||
_, _, err := net.ParseCIDR(cidr)
|
||||
return err == nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user