Fix #526 - Add aut-num objects to scopefilter checks (#528)

irrd/scopefilter/tests/test_scopefilter.py

@@ -6,7 +6,7 @@
 from irrd.rpsl.rpsl_objects import rpsl_object_from_text
 from irrd.storage.database_handler import DatabaseHandler
 from irrd.storage.queries import RPSLDatabaseQuery
-from irrd.utils.rpsl_samples import SAMPLE_ROUTE, SAMPLE_INETNUM
+from irrd.utils.rpsl_samples import SAMPLE_AUT_NUM, SAMPLE_ROUTE, SAMPLE_INETNUM
 from irrd.utils.test_utils import flatten_mock_calls
 from ..status import ScopeFilterStatus
 from ..validators import ScopeFilterValidator
@@ -58,16 +58,20 @@ def test_invalid_input(self):
 
     def test_validate_rpsl_object(self, config_override):
         validator = ScopeFilterValidator()
-        obj = rpsl_object_from_text(SAMPLE_ROUTE)
-        assert validator.validate_rpsl_object(obj) == (ScopeFilterStatus.in_scope, '')
+        route_obj = rpsl_object_from_text(SAMPLE_ROUTE)
+        assert validator.validate_rpsl_object(route_obj) == (ScopeFilterStatus.in_scope, '')
+        autnum_obj = rpsl_object_from_text(SAMPLE_AUT_NUM)
+        assert validator.validate_rpsl_object(autnum_obj) == (ScopeFilterStatus.in_scope, '')
 
         config_override({
             'scopefilter': {
                 'asns': ['65537'],
             },
         })
         validator.load_filters()
-        result = validator.validate_rpsl_object(obj)
+        result = validator.validate_rpsl_object(route_obj)
+        assert result == (ScopeFilterStatus.out_scope_as, 'ASN 65537 is out of scope')
+        result = validator.validate_rpsl_object(autnum_obj)
         assert result == (ScopeFilterStatus.out_scope_as, 'ASN 65537 is out of scope')
 
         config_override({
@@ -76,7 +80,7 @@ def test_validate_rpsl_object(self, config_override):
             },
         })
         validator.load_filters()
-        result = validator.validate_rpsl_object(obj)
+        result = validator.validate_rpsl_object(route_obj)
         assert result == (ScopeFilterStatus.out_scope_prefix, 'prefix 192.0.2.0/24 is out of scope')
 
         config_override({
@@ -85,6 +89,7 @@ def test_validate_rpsl_object(self, config_override):
             },
         })
         validator.load_filters()
+
         # Ignored object class
         result = validator.validate_rpsl_object(rpsl_object_from_text(SAMPLE_INETNUM))
         assert result == (ScopeFilterStatus.in_scope, '')
@@ -140,6 +145,15 @@ def test_validate_all_rpsl_objects(self, config_override, monkeypatch):
                 'object_text': 'text',
                 'scopefilter_status': ScopeFilterStatus.out_scope_prefix,
             },
+            {
+                # Should become out_scope_as
+                'rpsl_pk': 'AS65547',
+                'asn_first': 23456,
+                'source': 'TEST',
+                'object_class': 'aut-num',
+                'object_text': 'text',
+                'scopefilter_status': ScopeFilterStatus.in_scope,
+            },
             {
                 # Should not change
                 'rpsl_pk': '192.0.2.128/25,AS65548',
@@ -159,18 +173,20 @@ def test_validate_all_rpsl_objects(self, config_override, monkeypatch):
         now_in_scope, now_out_scope_as, now_out_scope_prefix = result
 
         assert len(now_in_scope) == 1
-        assert len(now_out_scope_as) == 1
+        assert len(now_out_scope_as) == 2
         assert len(now_out_scope_prefix) == 1
 
         assert now_in_scope[0]['rpsl_pk'] == '192.0.2.128/25,AS65547'
         assert now_in_scope[0]['old_status'] == ScopeFilterStatus.out_scope_prefix
 
         assert now_out_scope_as[0]['rpsl_pk'] == '192.0.2.128/25,AS65547'
         assert now_out_scope_as[0]['old_status'] == ScopeFilterStatus.out_scope_prefix
+        assert now_out_scope_as[1]['rpsl_pk'] == 'AS65547'
+        assert now_out_scope_as[1]['old_status'] == ScopeFilterStatus.in_scope
 
         assert now_out_scope_prefix[0]['rpsl_pk'] == '192.0.2.0/25,AS65547'
         assert now_out_scope_prefix[0]['old_status'] == ScopeFilterStatus.in_scope
 
         assert flatten_mock_calls(mock_dq) == [
-            ['object_classes', (['route', 'route6'],), {}],
+            ['object_classes', (['route', 'route6', 'aut-num'],), {}],
         ]

irrd/scopefilter/validators.py

@@ -15,6 +15,7 @@ class ScopeFilterValidator:
     The scope filter validator validates whether prefixes, ASNs or RPSL
     objects fall within the configured scope filter.
     """
+
     def __init__(self):
         self.load_filters()
 
@@ -65,11 +66,10 @@ def _validate_rpsl_data(self, source: str, object_class: str, prefix: Optional[I
                             asn_first: Optional[int]) -> Tuple[ScopeFilterStatus, str]:
         """
         Validate whether a particular set of RPSL data is in scope.
-        Depending on object_class, members and mp_members are also validated.
         Returns a ScopeFilterStatus.
         """
         out_of_scope = [ScopeFilterStatus.out_scope_prefix, ScopeFilterStatus.out_scope_as]
-        if object_class not in ['route', 'route6']:
+        if object_class not in ['route', 'route6', 'aut-num']:
             return ScopeFilterStatus.in_scope, ''
 
         if prefix:
@@ -118,14 +118,14 @@ def validate_all_rpsl_objects(self, database_handler: DatabaseHandler) -> \
         objs_changed: Dict[ScopeFilterStatus, List[Dict[str, str]]] = defaultdict(list)
 
         q = RPSLDatabaseQuery(column_names=columns, enable_ordering=False)
-        q = q.object_classes(['route', 'route6'])
+        q = q.object_classes(['route', 'route6', 'aut-num'])
         results = database_handler.execute_query(q)
 
         for result in results:
             current_status = result['scopefilter_status']
             result['old_status'] = current_status
             prefix = None
-            if result['ip_first']:
+            if result.get('ip_first'):
                 prefix = IP(result['ip_first'] + '/' + str(result['prefix_length']))
             new_status, _ = self._validate_rpsl_data(
                 result['source'],