From 7c3a145d944a57f4be3147c72fd78e89ac52b3ac Mon Sep 17 00:00:00 2001
From: Oliver Geiselhardt-Herms <ogeiselhardt-herms@cloudflare.com>
Date: Tue, 18 Apr 2023 16:29:00 +0200
Subject: [PATCH] NETDEV-5569: Fix filtering of invalid prefixes

---
 cmd/octorpki/filter.go      | 11 +++---
 cmd/octorpki/filter_test.go | 71 +++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+), 4 deletions(-)
 create mode 100644 cmd/octorpki/filter_test.go

diff --git a/cmd/octorpki/filter.go b/cmd/octorpki/filter.go
index 102bc02..4800b53 100644
--- a/cmd/octorpki/filter.go
+++ b/cmd/octorpki/filter.go
@@ -6,13 +6,16 @@ func FilterInvalidPrefixLen(roalist []prefixfile.ROAJson) []prefixfile.ROAJson {
 	validROAs := make([]prefixfile.ROAJson, 0)
 	for _, roa := range roalist {
 		prefix := roa.GetPrefix()
-		ones, _ := prefix.Mask.Size()
-		if prefix.IP.To4() != nil && ones <= 24 {
-			validROAs = append(validROAs, roa)
+		prefixLen, _ := prefix.Mask.Size()
+		if prefix.IP.To4() != nil {
+			if prefixLen <= 24 {
+				validROAs = append(validROAs, roa)
+			}
+
 			continue
 		}
 
-		if prefix.IP.To16() != nil && ones <= 48 {
+		if prefixLen <= 48 {
 			validROAs = append(validROAs, roa)
 		}
 	}
diff --git a/cmd/octorpki/filter_test.go b/cmd/octorpki/filter_test.go
new file mode 100644
index 0000000..b3da275
--- /dev/null
+++ b/cmd/octorpki/filter_test.go
@@ -0,0 +1,71 @@
+package main
+
+import (
+	"testing"
+
+	"github.com/cloudflare/gortr/prefixfile"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFilter(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    []prefixfile.ROAJson
+		expected []prefixfile.ROAJson
+	}{
+		{
+			name: "Invalid IPv4 prefix",
+			input: []prefixfile.ROAJson{
+				{
+					Prefix: "1.1.1.0/25",
+					ASN:    13335,
+					Length: 32,
+				},
+			},
+			expected: []prefixfile.ROAJson{},
+		},
+		{
+			name: "Invalid IPv6 prefix",
+			input: []prefixfile.ROAJson{
+				{
+					Prefix: "2001:db8::/64",
+					ASN:    13335,
+					Length: 128,
+				},
+			},
+			expected: []prefixfile.ROAJson{},
+		},
+		{
+			name: "All valid",
+			input: []prefixfile.ROAJson{
+				{
+					Prefix: "2001:db8::/48",
+					ASN:    13335,
+					Length: 48,
+				},
+				{
+					Prefix: "1.1.1.0/24",
+					ASN:    13335,
+					Length: 32,
+				},
+			},
+			expected: []prefixfile.ROAJson{
+				{
+					Prefix: "2001:db8::/48",
+					ASN:    13335,
+					Length: 48,
+				},
+				{
+					Prefix: "1.1.1.0/24",
+					ASN:    13335,
+					Length: 32,
+				},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		res := FilterInvalidPrefixLen(test.input)
+		assert.Equal(t, test.expected, res, test.name)
+	}
+}