diff --git a/internal/fields/testdata/fields/fields.yml b/internal/fields/testdata/fields/fields.yml index 054de09654..77f5d66e31 100644 --- a/internal/fields/testdata/fields/fields.yml +++ b/internal/fields/testdata/fields/fields.yml @@ -11,3 +11,5 @@ - name: constant type: constant_keyword value: correct + - name: ip_address + type: ip diff --git a/internal/fields/testdata/ip-address-allowed.json b/internal/fields/testdata/ip-address-allowed.json new file mode 100644 index 0000000000..b7e5408447 --- /dev/null +++ b/internal/fields/testdata/ip-address-allowed.json @@ -0,0 +1,5 @@ +{ + "foo": { + "ip_address": "::" + } +} \ No newline at end of file diff --git a/internal/fields/testdata/ip-address-forbidden.json b/internal/fields/testdata/ip-address-forbidden.json new file mode 100644 index 0000000000..d92258120f --- /dev/null +++ b/internal/fields/testdata/ip-address-forbidden.json @@ -0,0 +1,5 @@ +{ + "foo": { + "ip_address": "98.76.54.32" + } +} \ No newline at end of file diff --git a/internal/fields/validate.go b/internal/fields/validate.go index 77cd03e77d..aa380afea7 100644 --- a/internal/fields/validate.go +++ b/internal/fields/validate.go @@ -121,7 +121,7 @@ var allowedGeoIPs string func initializeAllowedIPsList() map[string]struct{} { m := map[string]struct{}{ "0.0.0.0": {}, "255.255.255.255": {}, - "0:0:0:0:0:0:0:0": {}, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff": {}, + "0:0:0:0:0:0:0:0": {}, "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff": {}, "::": {}, } for _, ip := range strings.Split(allowedGeoIPs, "\n") { ip = strings.Trim(ip, " \n\t") @@ -363,7 +363,7 @@ func (v *Validator) parseElementValue(key string, definition FieldDefinition, va } if v.enabledAllowedIPCheck && !v.isAllowedIPValue(valStr) { - return fmt.Errorf("the IP %q is not one of the allowed test IPs", valStr) + return fmt.Errorf("the IP %q is not one of the allowed test IPs (see: https://github.com/elastic/elastic-package/blob/master/internal/fields/_static/allowed_geo_ips.txt)", valStr) } case "float", "long", "double": _, valid = val.(float64) diff --git a/internal/fields/validate_test.go b/internal/fields/validate_test.go index 016c644df9..f6e0fc176a 100644 --- a/internal/fields/validate_test.go +++ b/internal/fields/validate_test.go @@ -61,7 +61,7 @@ func TestValidate_WithNumericKeywordFields(t *testing.T) { require.Empty(t, errs) } -func TestValidate_constant_keyword(t *testing.T) { +func TestValidate_constantKeyword(t *testing.T) { validator, err := CreateValidatorForDataStream("testdata") require.NoError(t, err) require.NotNil(t, validator) @@ -75,6 +75,21 @@ func TestValidate_constant_keyword(t *testing.T) { require.Empty(t, errs) } +func TestValidate_ipAddress(t *testing.T) { + validator, err := CreateValidatorForDataStream("testdata", WithEnabledAllowedIPCheck()) + require.NoError(t, err) + require.NotNil(t, validator) + + e := readSampleEvent(t, "testdata/ip-address-forbidden.json") + errs := validator.ValidateDocumentBody(e) + require.Len(t, errs, 1) + require.Contains(t, errs[0].Error(), `the IP "98.76.54.32" is not one of the allowed test IPs`) + + e = readSampleEvent(t, "testdata/ip-address-allowed.json") + errs = validator.ValidateDocumentBody(e) + require.Empty(t, errs) +} + func Test_parseElementValue(t *testing.T) { for _, test := range []struct { key string