-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CIDR function as custom SQLite function #7563
Conversation
a0b722f
to
d536c6a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this be added to the documentation along with other SQL additions here -- https://github.com/osquery/osquery/blob/master/docs/wiki/introduction/sql.md#sql-additions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I love the intent. A couple of questions...
docs/wiki/introduction/sql.md
Outdated
@@ -480,6 +480,25 @@ There are also encoding functions available, to process query results. | |||
</p> | |||
</details> | |||
|
|||
#### Network functions | |||
|
|||
- `in_cidr_range(CIDR_RANGE, IP_ADDRESS)`: return 1 if the IP address is within the CIDR range, otherwise 0. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My inclination is to name this in_cidr_block
, but maybe that doesn't matter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've totally agreed with your inclination. I have amended it accordingly.
EXPECT_EQ(sql.rows()[0], r); | ||
|
||
sql = SQL( | ||
"SELECT in_cidr_range('198.51.100.14/24', '198.51.100.14') AS result;"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<3 I wanted exactly this test
Would you expect |
Co-authored-by: seph <seph@kolide.co>
|
f311c65
to
b685c83
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! thank you for this
Add custom SQLite function to check if IP address v4/v6 is within supplied CIDR block.
The function gets two arguments. The first is the actual CIDR block, and the second is the IP address.
First, it parses the IP address and determines whether it's valid, and then checks, if the CIDR block has matched the IP address version, otherwise an error is returned.
If the IP address is within the CIDR block, the function returns 1 otherwise 0.
usage examples:
Closes #7555