- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
These wildcards don't make sense. There is no special significance to the division of IP addresses into bytes. The size of a subnet doesn't need to be divisible by 8.
Admin
Also note that
permutations
will not double any items – so 10.1.. will never go over 10.1.5.5, and ... will never produce 90.1.90.2 nor 106.106.106.106.Addendum 2019-07-16 06:46: dammit markdown, stripping my asterisks. 10.1.*.* and *.*.*.* respectively.
Admin
The real WTF is that it's IPv4 only.
Admin
I'm curious as to the built-in methods used.
On a side note, what's the purpose of expanding the possibles IP for the rule['host']: would it be enough to check the non wildcarded field ? as in if rule['host'] is '192.168..', you only have to check that your ip starts with 192.168. and you don't care what the rest is, right ?
Admin
I love the comments. They tell you so much what you wouldn't know otherwise.
Oh, wait...
Admin
I dunno. I'd like to know the experience level of the person who concocted this. An experienced programmer would ask "what if someone enters X?" I have gained experience from mistakes like this. In the early 90s I built a successful product where the member search used a simple binary tree. I did not foresee the problem when member lists shot over about 5000 on those old WFW machines. I see the mistake clearly now and at the time jumped at a hash method that cured the problem. Same thing again 10 years later when a friend an I put together a system we knew could handle folders with a few thousand files. We didn't anticipate someone having close to a million. I'm in some physical pain right now, so brain isn't working right to remember the big-name fax software of the 90s, but a friend of mine killed it. He ran his entire loan business out of the fax software and he far exceeded anything the designers ever thought anyone would do. EVERY document of his was a fax and the fax software was his database. It was a bit like using a toothpick for a crowbar: principle was right; scope was wrong.
Admin
Which is basically what the rewrite would do.
it into 4 strings at the dots and check each string in order. If the string is "*", then skip that. If it is a number, compare it. If anything does not match, return False. Otherwise return True.Admin
That's not really a wtf if this code is from before the introduction of IPv6.
Admin
This looks like a job for regular expressions. Which, I know, sounds like an odd thing to say.
But turning 10.1.7.* into 10.1.7.* would be a trivial string replacement. Then doing a regex match would do the job just fine.
And this is all assuming that we actually do need to reinvent the wheel because the language doesn't already have a library for testing that a string is a valid IP address and to check that it matches a particular address range.
Admin
Don't feed the spambot.
Admin
The idea of a "wildcard" for an IP has been around since netmasks, surely? And it's all done with boolean operations on integers.
Admin
You have a 32-bit number. You want to check if certain bits of that number match certain bits of a different 32 bit number.
Surely, the only thing to do is convert it into a string and then perform a regex on that string.
Admin
But we NEED to be able to wildcard the first byte to look for *.2.3.4! Because it's important to find that same address in all Class-A blocks! Or even better, *.*.36.*, now that's a wildcard!
But yes, the real WTF is not lack of support for IPv6, it's the lack of support for CIDR, which in 1993 was a thing five years before IPv6, and adopted much more rapidly.
Admin
Yet another codebase that has been made dysfunctional & unreadable by the dreaded "single point of return" rule...
Admin
The easy builtin way to do this in Python:
This assumes that 'rule' is really a CIDR address, like '192.168.1.0/24', but there's no reason for it not to be (and it's more functional). If you insist on using 192.168.1.* then a simple split('.') and '*' check can routine can easily convert wildcard to CIDR.
Admin
FFS: Where is the markup for this misbegotten comment system documented?
Admin
No it isn't. IPv6 is for terrorists.
Admin
Noooo, this is perfectly fine, it is just hardened against timing attacks. ;-)
Admin
It's Märkdöwn.
Admin
Regular expressions? For handling IP addresses? Are you high?
Turn it in to an integer, or if it is a wildcard, two integers, and compare numerically with the input.
Admin
And this is why we need to give aspiring programmers some solid math education with Big-O notation, instead of relying on script kiddies who have typed a lot of javascript but are essentially only doing cargo cult programming. Stuff like this isn't funny. It's painful and it makes me angry. And no, adding 10k unit tests and benchmarks is not going to prevent this. That's like putting a teenager without a license in a Ferrari, detecting he's driving too unsafely, and then punishing him for it. Ugh.