rengine
rengine copied to clipboard
yogeshojha
bug: CIDR resolutions on Targets tab not working
Is there an existing issue for this?
- [X] I have searched the existing issues
Current Behavior
if use add target, switch to tab resolive and add ip address there is an input ip addresss or CIDR
- 1 IP works
- CIDR doesnt work!
Expected Behavior
if use add target, switch to tab resolive and add ip address there is an input ip addresss or CIDR
- 1 IP works
- CIDR doesnt work!
Steps To Reproduce
if use add target, switch to tab resolive and add ip address there is an input ip addresss or CIDR
- 1 IP works
- CIDR doesnt work!
Environment
- reNgine: latest
Anything else?
No response
👋 Hi @d4op, Issues is only for reporting a bug/feature request. Please read documentation before raising an issue https://rengine.wiki For very limited support, questions, and discussions, please join reNgine Discord channel: https://discord.gg/azv6fzhNCE Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm also experiencing this issue. There may be multiple issues here; I'm continuing to investigate. The first thing I've noticed is that CIDR blocks are not expanded before socket.gethostbyaddr() is called during API call to /api/tools/ip_to_domain/?format=json&ip_address=X.X.X.X/Y
The code is here: https://github.com/yogeshojha/rengine/blob/000b116173137e429faf269f96ce4f94cb2b7324/web/api/views.py#L1087
This API call is made from the "Resolve and add IP Address" tab of the "Add Target" page. This tab explicitly states CIDR blocks are supported as input.
There is a second issue when adding CIDR blocks via the "Add Targets" tab (i.e. where newline delimited domains are entered). The issue is due to the reuse of a variable name ("ips") defined here: https://github.com/yogeshojha/rengine/blob/2e903ac4a9bfe85bd4677de400e7bdfa4fffc4fe/web/targetApp/views.py#L97 and additionally on line 60: https://github.com/yogeshojha/rengine/blob/2e903ac4a9bfe85bd4677de400e7bdfa4fffc4fe/web/targetApp/views.py#L60
You're getting a list of IPs from get_ips_from_cidr_range() on line 95 and storing them in a list called "ips", then you're looping through that list and appending each IP to a different list also called "ips" defined on line 60. However, because of the name clash, you're actually appending each IP back onto the list on line 95. This results in an infinite loop and memory leak. The variable on line 95 should be called something else. I can submit a PR if desired.
@psyray
Sure. I have a fix ready for the second issue. The first issue is a bit more involved and I'm not really a javascript person but I can take a stab at it.
I've fixed both the issues above, but there's another issue when adding IPs on the "Resolve and add IP Address" where it errors out stating the target is already in the database. I'll dig into that and then create the PR once it's all working. Please feel free to look at the commits outlined above and provide any feedback in the meantime
@psyray - I created https://github.com/yogeshojha/rengine/pull/1205 to fix these issues. Let me know if you have any comments or questions! I have these changes running locally and they all appear to work as expected.
