ortexx / ip-cidr Goto Github PK

We use this package to get the whole range of IPs, but the last IP of array is always missed.

We use it like this to get the whole range, but I guess the last value should be included by default:
const ips = [...cidr.toArray({from: cidr.start(), to: cidr.end()}), cidr.end()];

By reading the javascript implementation

class IPCIDR {
  constructor(cidr) {
  ...
}

You are expecting a class. Though, in the type definition you are exporting an interface with a constructor.

declare namespace ipcidr {
  ...
  interface IPCIDR {
        constructor(cidr: string): IPCIDR;
        ...
  }
}

How is this supposed to work?

Hi there,

auditing a different app using your library, I checked with an exploitation primitive described in a recent issue of the package netmask (see also security advisory).

Using IP addresses with octal format, it'd be possible to confuse e.g. your method contains, returning true for an IP address actually pointing to 8.1.1.1 (not belonging to 10.0.0.0/8 in this example).

This could (and does in case of the unmentioned app affected) lead to bypassing of security checks based on IP addresses.

Hi man. Thanks for your work! Not a critical issue, but still :)

Take a look on addressStart and addressEnd values, they have incorrect .subnetMask property which differs from the one of address object

IPCIDR {
  _isValid: true,
  cidr: '10.10.0.0/30',
  ipAddressType:
   { [Function: Address4]
     fromHex: [Function],
     fromInteger: [Function],
     fromBigInteger: [Function] },
  address:
   Address4 {
     valid: true,
     address: '10.10.0.0/30',
     groups: 4,
     v4: true,
     subnet: '/30',
     subnetMask: 30,
     parsedSubnet: '30',
     addressMinusSuffix: '10.10.0.0',
     parsedAddress: [ '10', '10', '0', '0' ] },
  addressStart:
   Address4 {
     valid: true,
     address: '10.10.0.0',
     groups: 4,
     v4: true,
     subnet: '/32',
     subnetMask: 32,
     addressMinusSuffix: '10.10.0.0',
     parsedAddress: [ '10', '10', '0', '0' ] },
  addressEnd:
   Address4 {
     valid: true,
     address: '10.10.0.3',
     groups: 4,
     v4: true,
     subnet: '/32',
     subnetMask: 32,
     addressMinusSuffix: '10.10.0.3',
     parsedAddress: [ '10', '10', '0', '3' ] } }

> const IPCIDR = require("ip-cidr");
> const {BigInteger} = require("jsbn");
> (new IPCIDR("::/0")).start({type: "bigInteger"}) instanceof BigInteger
false

Any idea why those do not pass this instanceof check? I'm currently using val.constructor.name === 'BigInteger' to workaround but this method doesn't play well with minifiers which often mangle function names.

I would like the ability to get a list of CIDRs from a start and end IP address.

Is this something you're open to adding to the library?

Calling toArray simply crashes my app. I'm sorry I don't have more info than that but the whole thing crashes/locks up before any errors are thrown.

• ip-cidr: 2.0.13
• node: 13.8.0
• OSX 10.15.5

This library looks awesome but I found it was missing support for IPv4-mapped IPv6 addresses. https://whatismyipaddress.com/work-arounds

Would be nice to have a method to convert IP range to CIDR.

Something like

const cidr = IPCIDR.fromRange('255.255.255.0', '255.255.255.255')
cidr instanceof IPCIDR // true
cidr.cidr // 255.255.255.128/24

Hi @ortexx ,

First of all thank you for this handy tool! Unfortunately I run into an issue:

The isValid() function allows an IP address notation without CIDR to pass as valid CIDR. I know the underlying lib is ip-address and you use that for validation, but just an IP is not considered valid CIDR notation. Please check this RFC at IETF:

"In CIDR notation, a prefix is shown as a 4-octet quantity, just like a traditional IPv4 address or network number, followed by the "/" (slash) character, followed by a decimal value between 0 and 32 that describes the number of significant bits."

Am I using the validation function wrong maybe? I'm relatively new to programming so I'm not ruling that out :)

const cidr = new IPCIDR('192.168.4.1');
return cidr.isValid();

The above returns true in my situation. Can you advise on this please? I'm on version 2.0.13. Thank you!

Missing method/property count of the IPs of the CIDR without generating the array.

Expecting something like

const cidr = new IPCIDR('255.255.255.128/24')
cidr.size // 256 (without generating the array cidr.toArray().length)
// or
cide.length // 256

'192.168.0.100/22' is an invalid cidrv4, but its returning true.

None of these properties exist on the typings. Only the class-level methods.

index.js -> toArray() method is getting failed in for loop for set of inputs.
e.g. -
I/P -> options = {from: 1500, limit: 600 } O/P -> array length = 600
I/P -> options = {from: 600, limit: 1200 } O/P -> array length = 0

On debugging, I noticed the following code snippet is getting failed due to incorrect comparison of jsbn BigInteger object with in for loop statements.

for (let i = info.from; i < info.from.add(info.to.compareTo(info.from)); i++) {
let num = start.add(new BigInteger(i + ''));
let ip = this.formatIP(this.ipAddressType.fromBigInteger(num), options);
list.push(ip);
}

e.g. ->

a = new BigInteger('600');
b = new BigInteger('1200');
console.log(a < b)); // returns false

Hi,
I'm trying to integrate the library with Angular 4 project. Can you guide as to how can I do that? When I'm running Uglify.js, its showing me error, IPCIDR not found

Add an ES6 module version of ip-cidr to prevent messages like:

WARNING in component.ts depends on 'ip-cidr'. CommonJS or AMD dependencies can
cause optimization bailouts.
For more info see: https://angular.io/guide/build#configuring-commonjs-dependencies

Maybe create an additional .js file containing lines similar to:

import { ipAddress } from 'ip-address';
import { BigInteger } from 'jsbn';
...
export { IPCIDR };

I need to get all the IPV6 inside the IPV6 start and IPV6 end range, using cidr.arrayAction(fn, options) but I get that error.

Can you explain how to use options with your functions?

I am not able to install package Ip-cidr

Node version: v8.10.0
Npm version: 3.5.2

Error message
`loadDep:ip-address → 304 ▐ ╢███████████████████████░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░╟
npm ERR! Linux 4.15.0-91-generic
npm ERR! argv "/usr/bin/node" "/usr/bin/npm" "i" "ip-cidr"
npm ERR! node v8.10.0
npm ERR! npm v3.5.2
npm ERR! code EMISSINGARG

npm ERR! typeerror Error: Missing required argument #1
npm ERR! typeerror at andLogAndFinish (/usr/share/npm/lib/fetch-package-metadata.js:31:3)
npm ERR! typeerror at fetchPackageMetadata (/usr/share/npm/lib/fetch-package-metadata.js:51:22)
npm ERR! typeerror at resolveWithNewModule (/usr/share/npm/lib/install/deps.js:456:12)
npm ERR! typeerror at /usr/share/npm/lib/install/deps.js:457:7
npm ERR! typeerror at /usr/share/npm/node_modules/iferr/index.js:13:50
npm ERR! typeerror at /usr/share/npm/lib/fetch-package-metadata.js:37:12
npm ERR! typeerror at addRequestedAndFinish (/usr/share/npm/lib/fetch-package-metadata.js:82:5)
npm ERR! typeerror at returnAndAddMetadata (/usr/share/npm/lib/fetch-package-metadata.js:117:7)
npm ERR! typeerror at pickVersionFromRegistryDocument (/usr/share/npm/lib/fetch-package-metadata.js:134:20)
npm ERR! typeerror at /usr/share/npm/node_modules/iferr/index.js:13:50
npm ERR! typeerror This is an error with npm itself. Please report this error at:
npm ERR! typeerror http://github.com/npm/npm/issues

npm ERR! Please include the following file with any support request:
npm ERR! /home/omkar/Documents/Sprints/cb-azure-catalog-int/npm-debug.log`

npm-debug.log

Hello,

I am using ip-cidr for a Node.js package. While negative testing my package, I initialized an ip-cidr object with a dotted-quad-decimal IP address '10.10.10.0' instead of a CIDR '10.10.10.0/24'. I was expecting my object's isValid() method to return false, but it returns true.

I see that ip-cidr is relying on the ip-address npm package to determine if a valid address is present. Since a CIDR could be considered a subset of valid IP addresses, is this the intended behavior? If a subnet mask isn't passed, does ip-cidr infer a default mask?

Thanks,
Andrew Austin

Is it possible to update the ip-address dependency from 5.9.4 to pull in the latest major version? In particular there's a commit included in ip-address 6.2 that would be nice to get in here to reduce bundle size: beaugunderson/ip-address#92

Not sure if this is expected but IPCIDR.isValidAddress is not enough to ensure new IPCIDR will pass always.

IPCIDR.isValidAddress('50.165.190.0') // true
new IPCIDR('50.165.190.0')
// Thrown:
// Error: Invalid CIDR address.
//    at new IPCIDR (/private/tmp/node_modules/ip-cidr/index.js:9:13)

If isValidAddress is meant only for IP the address without the mask, then would be nice to have isValidCIDRAddress as well.

This package seems pretty simple, I'd be glad to contribute some TypeScript definitions to add the project!

After upgrading the library to version 4.0.1 there is an issue on our jest execution.

• in case nothing is done or apply on our side

    SyntaxError: Cannot use import statement outside a module

    > 3 | import IPCIDR from 'ip-cidr';

• in case library is added to transformIgnorePatterns, like transformIgnorePatterns: ['<rootDir>/node_modules/(?!(ip-cidr)/)',], the Address4 is not found due to import ipAddress from 'ip-address'; is a problem

    TypeError: Cannot read properties of undefined (reading 'Address4')

      833 |   const erroredSubnets: ErroredSubnet[] = [];
      834 |
    > 835 |   const startingIP = (cidr: string) => new IPCIDR(cidr).start().toString();
          |                                        ^
      836 |
      837 |   const compareCidrs = (shouldInclude: boolean) => {
      838 |     if (shouldInclude) {

      at Function.Address4 [as createAddress] (node_modules/ip-cidr/index.js:179:71)
      at new createAddress (node_modules/ip-cidr/index.js:11:38)

• in case dist file is used from moduleNameMapper like '^ip-cidr$': '<rootDir>/node_modules/ip-cidr/dist/ip-cidr.js',

    TypeError: ip_cidr_1.default is not a constructor

      833 |   const erroredSubnets: ErroredSubnet[] = [];
      834 |
    > 835 |   const startingIP = (cidr: string) => new IPCIDR(cidr).start().toString();

to mock the library was the only solution I found for being able to upgrade, like

class IPCIDR {
  address: string;

  constructor(address: string) {
    this.address = address;
  }

  start = () => this.address.split('/')[0];
}

export default IPCIDR;

and then '^ip-cidr$': '<rootDir>/__mocks__/ip-cidr-mock.ts', added to moduleNameMapper but this is not the right solution and could be very problematic in the future.

I guess library should be adapted to properly import ip-address library, right?

0da3e2d added a dependency on husky, I assume it should be in devDependencies?