⭐ ip.inRange (#5271)

After: #5265

This adds a new function to the IP type to check if it is in range of a subnet or two IP addresses. 

This is how to use it with IPv4 subnets:

```coffee
> ip('192.2.3.4').inRange('192.2.3.0/24')
true

# We can also auto-detect the subnet if you don't specify it. For example, this is a class C address, so:
> ip('192.2.3.4').inRange('192.2.3.0')
true

> ip('192.2.3.4').inRange('192.1.1.0/24')
false
```

Here is how you use it with 2 IP addresses:

```coffee
> ip('192.2.3.4').inRange('192.2.3.1', '192.2.3.5')
true

> ip('192.2.3.4').inRange('192.2.3.5', '192.2.3.255')
false

> ip('2001:db8:3c4d:15::1a2f:1a2b').inRange('2001:db8:3c4d::', '2001:db8:3c4e::')
true
```

This PR also improves the auto-detection of netmasks. In IPv4 we can now auto-detect class A, B, and C networks and is able to print the subnet mask via the `subnet` field:

```coffee
> ip('1.2.3.4').subnet
"255.0.0.0"

> ip('172.0.0.1').subnet
"255.255.0.0"

> ip('192.168.0.1').subnet
"255.255.255.0"
```

For IPv6 the `subnet` works differently. From my current understanding it is the subnet-ID that most people care about. The concept of subnet masks doesn't exist here [[1](https://en.wikipedia.org/wiki/IP_address#Subnetworks)]. The subnet is the part of the 64-bit network prefix that is not used by the routing prefix. For example:

```coffee
# 64-bit, default IPv6 prefix:
> ip("2001:db8:3c4d:15::1a2f:1a2b").prefixLength
64
> ip("2001:db8:3c4d:15::1a2f:1a2b").prefix
"2001:db8:3c4d:15::"
> ip("2001:db8:3c4d:15::1a2f:1a2b").subnet
""

# 48-bit prefix:
> ip("2001:db8:3c4d:15::1a2f:1a2b/48").prefixLength
48
> ip("2001:db8:3c4d:15::1a2f:1a2b/48").prefix
"2001:db8:3c4d::"
> ip("2001:db8:3c4d:15::1a2f:1a2b/48").subnet
"15"
```

As you can see, the `prefix` remains in full IPv6 notation, even if the lower bits are appreviated with `"::"`. The subnet, however, is only the identifier since it is not commonly represented as a full IPv6 address, unlike the prefix and host.

Other small fixes:
- compare IP, string and dict types (e.g. `ip("1.2.3.4") == "1.2.3.4"`)
- support the subnet mask of `"/0"` (it was trying to detect the default subnet before, even if users specified that they explicitly wanted this subnet)

Author: arlimus

llx/builtin.go

@@ -269,6 +269,8 @@ func init() {
 			string("!=" + types.Dict):                {f: stringNotDictV2, Label: "!="},
 			string("==" + types.Version):             {f: versionCmpVersion, Label: "=="},
 			string("!=" + types.Version):             {f: versionNotVersion, Label: "!="},
+			string("==" + types.IP):                  {f: ipCmpIP, Label: "=="},
+			string("!=" + types.IP):                  {f: ipNotIP, Label: "!="},
 			string("==" + types.ArrayLike):           {f: chunkEqFalseV2, Label: "=="},
 			string("!=" + types.ArrayLike):           {f: chunkNeqTrueV2, Label: "!="},
 			string("==" + types.Array(types.String)): {f: stringCmpStringarrayV2, Label: "=="},
@@ -463,6 +465,8 @@ func init() {
 			string("!=" + types.Regex):               {f: dictNotRegexV2, Label: "!="},
 			string("==" + types.Version):             {f: versionCmpVersion, Label: "=="},
 			string("!=" + types.Version):             {f: versionNotVersion, Label: "!="},
+			string("==" + types.IP):                  {f: ipCmpIP, Label: "=="},
+			string("!=" + types.IP):                  {f: ipNotIP, Label: "!="},
 			string("==" + types.ArrayLike):           {f: dictCmpArrayV2, Label: "=="},
 			string("!=" + types.ArrayLike):           {f: dictNotArrayV2, Label: "!="},
 			string("==" + types.Array(types.String)): {f: dictCmpStringarrayV2, Label: "=="},
@@ -591,12 +595,14 @@ func init() {
 			string("==" + types.Empty): {f: stringCmpEmptyV2, Label: "=="},
 			string("!=" + types.Empty): {f: stringNotEmptyV2, Label: "!="},
 			string("==" + types.IP):    {f: ipCmpIP, Label: "=="},
+			string("!=" + types.IP):    {f: ipNotIP, Label: "!="},
 			"version":                  {f: ipVersion},
 			"subnet":                   {f: ipSubnet},
 			"prefix":                   {f: ipPrefix},
 			"prefixLength":             {f: ipPrefixLength},
 			"suffix":                   {f: ipSuffix},
 			"isUnspecified":            {f: ipUnspecified},
+			"inRange":                  {f: ipInRange, Label: "inRange"},
 		},
 		types.ArrayLike: {
 			"[]":                       {f: arrayGetIndexV2},

llx/builtin_ip.go

@@ -4,6 +4,7 @@
 package llx
 
 import (
+	"errors"
 	"net"
 	"strconv"
 	"strings"
@@ -20,14 +21,14 @@ type IP struct {
 func NewIP(s string) IP {
 	prefix := s
 	suffix := ""
-	mask := 0
 	if idx := strings.IndexByte(s, '/'); idx != -1 {
 		prefix = s[0:idx]
 		if len(s) > idx+1 {
 			suffix = s[idx+1:]
 		}
 	}
 
+	mask := -1
 	if suffix != "" {
 		mask64, _ := strconv.ParseInt(suffix, 10, 0)
 		mask = int(mask64)
@@ -38,9 +39,13 @@ func NewIP(s string) IP {
 	version := 0
 	if ip.To4() != nil {
 		version = 4
+		if mask == -1 {
+			m := ip.DefaultMask()
+			mask = countMaskBits(m)
+		}
 	} else if ip.To16() != nil {
 		version = 6
-		if mask == 0 {
+		if mask == -1 {
 			mask = 64
 		}
 	}
@@ -54,6 +59,27 @@ func NewIP(s string) IP {
 
 var bitmasks = []byte{0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe, 0xff}
 
+func countMaskBits(b []byte) int {
+	var res int
+	for _, cur := range b {
+		// optimization for speed
+		if cur == 0xff {
+			res += 8
+			continue
+		}
+		if cur == 0 {
+			break
+		}
+		// and the remaining bits
+		for cur&0x80 != 0 {
+			res++
+			cur = cur << 1
+		}
+		break
+	}
+	return res
+}
+
 func makeBits(bits int, on bool) []byte {
 	var res []byte
 	var one byte
@@ -117,7 +143,7 @@ func mask2string(b []byte) string {
 	return res.String()
 }
 
-func (i IP) subnet() string {
+func (i IP) Subnet() string {
 	if i.Version == 4 {
 		b := createMask(i.Mask, 0, 4)
 		return mask2string(b)
@@ -150,19 +176,22 @@ func (i IP) subnet() string {
 	return res
 }
 
-func (i IP) prefix() string {
+func (i IP) prefix() net.IP {
 	var b []byte
 	if i.Version == 4 {
 		b = createMask(i.Mask, 0, 4)
 	} else if i.Version == 6 {
 		b = createMask(i.Mask, 0, 16)
 	}
 	if len(b) == 0 {
-		return ""
+		return []byte{}
 	}
 	mask := net.IPMask(b)
-	prefix := i.IP.Mask(mask)
-	return prefix.String()
+	return i.IP.Mask(mask)
+}
+
+func (i IP) Prefix() string {
+	return i.prefix().String()
 }
 
 func flipMask(b []byte) []byte {
@@ -172,7 +201,7 @@ func flipMask(b []byte) []byte {
 	return b
 }
 
-func (i IP) suffix() string {
+func (i IP) Suffix() string {
 	var b []byte
 	if i.Version == 4 {
 		b = createMask(i.Mask, 0, 4)
@@ -191,9 +220,46 @@ func (i IP) suffix() string {
 	return suffix.String()
 }
 
+func (i IP) inRange(other IP) bool {
+	prefix := i.prefix()
+	otherPrefix := other.prefix()
+	return prefix.Equal(otherPrefix)
+}
+
+func (i IP) Cmp(other IP) int {
+	for idx, b := range i.IP {
+		if len(other.IP) <= idx {
+			return 1
+		}
+		o := other.IP[idx]
+		if b == o {
+			continue
+		}
+		if b < o {
+			return -1
+		} else {
+			return 1
+		}
+	}
+	if len(other.IP) > len(i.IP) {
+		return -1
+	}
+	return 0
+}
+
 func ipCmpIP(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawData, uint64, error) {
 	return nonNilDataOpV2(e, bind, chunk, ref, types.Bool, func(left, right interface{}) *RawData {
-		return BoolData(left.(string) == right.(string))
+		lip := NewIP(left.(string))
+		rip := NewIP(right.(string))
+		return BoolData(lip.Equal(rip.IP) && lip.Mask == rip.Mask)
+	})
+}
+
+func ipNotIP(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawData, uint64, error) {
+	return nonNilDataOpV2(e, bind, chunk, ref, types.Bool, func(left, right interface{}) *RawData {
+		lip := NewIP(left.(string))
+		rip := NewIP(right.(string))
+		return BoolData(!lip.Equal(rip.IP) || lip.Mask != rip.Mask)
 	})
 }
 
@@ -212,7 +278,7 @@ func ipSubnet(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawDa
 	}
 
 	v := NewIP(bind.Value.(string))
-	return StringData(v.subnet()), 0, nil
+	return StringData(v.Subnet()), 0, nil
 }
 
 func ipPrefix(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawData, uint64, error) {
@@ -221,7 +287,7 @@ func ipPrefix(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawDa
 	}
 
 	v := NewIP(bind.Value.(string))
-	return StringData(v.prefix()), 0, nil
+	return StringData(v.Prefix()), 0, nil
 }
 
 func ipPrefixLength(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawData, uint64, error) {
@@ -239,7 +305,7 @@ func ipSuffix(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawDa
 	}
 
 	v := NewIP(bind.Value.(string))
-	return StringData(v.suffix()), 0, nil
+	return StringData(v.Suffix()), 0, nil
 }
 
 func ipUnspecified(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawData, uint64, error) {
@@ -250,3 +316,45 @@ func ipUnspecified(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*
 	v := NewIP(bind.Value.(string))
 	return BoolData(v.IP.IsUnspecified()), 0, nil
 }
+
+func ipInRange(e *blockExecutor, bind *RawData, chunk *Chunk, ref uint64) (*RawData, uint64, error) {
+	if bind.Value == nil {
+		return &RawData{Type: types.Int, Error: bind.Error}, 0, nil
+	}
+
+	conditions := []string{}
+	for i := range chunk.Function.Args {
+		argRef := chunk.Function.Args[i]
+
+		arg, rref, err := e.resolveValue(argRef, ref)
+		if err != nil || rref > 0 {
+			return nil, rref, err
+		}
+
+		s, ok := arg.Value.(string)
+		if !ok {
+			return nil, 0, errors.New("incorrect type for argument in `inRange` call (expected string)")
+		}
+		conditions = append(conditions, s)
+	}
+
+	v := NewIP(bind.Value.(string))
+	if len(conditions) == 1 {
+		i := NewIP(conditions[0])
+		return BoolData(v.inRange(i)), 0, nil
+	}
+
+	min := NewIP(conditions[0])
+	max := NewIP(conditions[1])
+
+	mincmp := min.Cmp(v)
+	if mincmp == 1 {
+		return BoolFalse, 0, nil
+	}
+	maxcmp := v.Cmp(max)
+	if maxcmp == 1 {
+		return BoolFalse, 0, nil
+	}
+
+	return BoolTrue, 0, nil
+}

llx/builtin_ip_test.go

@@ -0,0 +1,41 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package llx
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreateMask(t *testing.T) {
+	tests := []struct {
+		mask     int
+		offset   int
+		maxBytes int
+		res      []byte
+	}{
+		{0, 0, 1, []byte{0x00}},
+		{1, 0, 1, []byte{0x80}},
+		{5, 0, 1, []byte{0xf8}},
+		{8, 0, 1, []byte{0xff}},
+		{9, 0, 1, []byte{0xff}},
+		{9, 0, 2, []byte{0xff, 0x80}},
+		{4, 4, 1, []byte{0x0f}},
+		{7, 1, 1, []byte{0x7f}},
+		{5, 3, 1, []byte{0x1f}},
+		{6, 3, 2, []byte{0x1f, 0x80}},
+		{6, 3, 1, []byte{0x1f}},
+		{16, 48, 16, []byte{0, 0, 0, 0, 0, 0, 0xff, 0xff, 0, 0, 0, 0, 0, 0, 0, 0}},
+	}
+
+	for i := range tests {
+		cur := tests[i]
+		t.Run(fmt.Sprintf("bits=%d off=%d max=%d", cur.mask, cur.offset, cur.maxBytes), func(t *testing.T) {
+			res := createMask(cur.mask, cur.offset, cur.maxBytes)
+			assert.Equal(t, cur.res, res)
+		})
+	}
+}

mqlc/builtin.go

@@ -107,6 +107,7 @@ func init() {
 			"prefixLength":  {typ: intType, signature: FunctionSignature{}},
 			"suffix":        {typ: stringType, signature: FunctionSignature{}},
 			"isUnspecified": {typ: boolType, signature: FunctionSignature{}},
+			"inRange":       {typ: intType, compile: compileIpInRange},
 		},
 		types.ArrayLike: {
 			"[]":           {typ: childType, signature: FunctionSignature{Required: 1, Args: []types.Type{types.Int}}},

mqlc/builtin_simple.go

@@ -245,11 +245,11 @@ func compileVersionInRange(c *compiler, _ types.Type, ref uint64, id string, cal
 		return types.Nil, errors.New("function " + id + " needs two arguments")
 	}
 
-	min, err := callArgTypeIs(c, call, id, "min", 0, types.String)
+	min, err := callArgTypeIs(c, call, id, "min", 0, types.String, types.Dict)
 	if err != nil {
 		return types.Nil, err
 	}
-	max, err := callArgTypeIs(c, call, id, "max", 1, types.String)
+	max, err := callArgTypeIs(c, call, id, "max", 1, types.String, types.Dict)
 	if err != nil {
 		return types.Nil, err
 	}
@@ -265,3 +265,34 @@ func compileVersionInRange(c *compiler, _ types.Type, ref uint64, id string, cal
 	})
 	return types.Bool, nil
 }
+
+func compileIpInRange(c *compiler, _ types.Type, ref uint64, id string, call *parser.Call) (types.Type, error) {
+	if call == nil || (len(call.Function) != 1 && len(call.Function) != 2) {
+		return types.Nil, errors.New("function " + id + " needs one or two arguments")
+	}
+
+	min, err := callArgTypeIs(c, call, id, "min", 0, types.String, types.IP, types.Dict)
+	if err != nil {
+		return types.Nil, err
+	}
+	args := []*llx.Primitive{min}
+
+	if len(call.Function) == 2 {
+		max, err := callArgTypeIs(c, call, id, "max", 1, types.String, types.IP, types.Dict)
+		if err != nil {
+			return types.Nil, err
+		}
+		args = append(args, max)
+	}
+
+	c.addChunk(&llx.Chunk{
+		Call: llx.Chunk_FUNCTION,
+		Id:   "inRange",
+		Function: &llx.Function{
+			Type:    string(types.Bool),
+			Binding: ref,
+			Args:    args,
+		},
+	})
+	return types.Bool, nil
+}