Private IPs Get Added With New Stakeholder Imports!

[climber-girl]

🐛 Summary

While adding some new stakeholders (if one overlooks that the request has IPs in the text template which gets changed to JSON and imported to the DB), we found that private IPs are allowed to be added. It doesn't even require the --force option to complete, but it does causes a float error when initiating/syncing.

Error when attempting to initialize scope that contains private/reserved IPs: float() argument must be a string or a number (None, None)

Error when attempting to sync scope that contains private/reserved IPs:

Traceback (most recent call last):
  File "/usr/local/bin/cyhy-tool", line 271, in <module>
    main()
  File "/usr/local/bin/cyhy-tool", line 234, in main
    status(db, args["OWNER"], args["--sync"])
  File "/usr/local/bin/cyhy-tool", line 147, in status
    sync_tallies(db, owner)
  File "/usr/local/bin/cyhy-tool", line 117, in sync_tallies
    if SCAN_TYPE.CYHY not in db.RequestDoc.get_by_owner(owner_id)["scan_types"]:
TypeError: 'NoneType' object has no attribute '__getitem__'

We've found that in order to resolve this improper add, you can remove all IPs from their scope and add back only the public IPs, both with the $ cyhy-ip command (removing just the private ranges probably would also be sufficient though) and finish setting them up after. Feel free to reference my solution walkthrough in CYHYOPS-7760 if needed!

To reproduce

You can see this as early as CYHYOPS-4884 and as recently as CYHYOPS-7760. CYHYOPS-6190 is a good show of the error output.

Expected behavior

When private or reserved IPs are included in a JSON that is getting imported to the DB, it should error out similarly to when IPs are already assigned to existing stakeholders.

Any helpful log output or screenshots

See comments in above listed Jira tickets or output in above "Summary" section.

[KeithBonesJr]

@jeffkause have a look at this