Add CIDR function as custom SQLite function #7563
Conversation
a0b722f
to
d536c6a
Compare
There was a problem hiding this comment.
Can this be added to the documentation along with other SQL additions here -- https://github.com/osquery/osquery/blob/master/docs/wiki/introduction/sql.md#sql-additions
docs/wiki/introduction/sql.md
Outdated
| @@ -480,6 +480,25 @@ There are also encoding functions available, to process query results. | |||
| </p> | |||
| </details> | |||
|
|
|||
| #### Network functions | |||
|
|
|||
| - `in_cidr_range(CIDR_RANGE, IP_ADDRESS)`: return 1 if the IP address is within the CIDR range, otherwise 0. | |||
There was a problem hiding this comment.
My inclination is to name this in_cidr_block, but maybe that doesn't matter.
There was a problem hiding this comment.
I've totally agreed with your inclination. I have amended it accordingly.
| EXPECT_EQ(sql.rows()[0], r); | ||
|
|
||
| sql = SQL( | ||
| "SELECT in_cidr_range('198.51.100.14/24', '198.51.100.14') AS result;"); |
There was a problem hiding this comment.
<3 I wanted exactly this test
|
Would you expect |
Co-authored-by: seph <seph@kolide.co>
|
f311c65
to
b685c83
Compare
Add custom SQLite function to check if IP address v4/v6 is within supplied CIDR block.
The function gets two arguments. The first is the actual CIDR block, and the second is the IP address.
First, it parses the IP address and determines whether it's valid, and then checks, if the CIDR block has matched the IP address version, otherwise an error is returned.
If the IP address is within the CIDR block, the function returns 1 otherwise 0.
usage examples:
Closes #7555