From e641c590b29b53918fd77bedcbf501fec2bd91d9 Mon Sep 17 00:00:00 2001
From: Dave Horton <daveh@beachdognet.com>
Date: Wed, 31 May 2023 09:11:53 -0400
Subject: [PATCH] Fix/cidr error handling (#102)

* fix docker build

* catch error from CIDR which can happen with invalid sip gateway data
---
 .github/workflows/docker-publish.yml |  4 +++-
 lib/db-utils.js                      | 22 ++++++++++++++++------
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 7024235..713d0b5 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -2,6 +2,8 @@ name: Docker
 
 on:
   push:
+    branches:
+      - main
     tags:
       - '*'
 
@@ -18,7 +20,7 @@ jobs:
       - name: prepare tag 
         id: prepare_tag
         run: |
-            IMAGE_ID=$GITHUB_REPOSITORY
+            IMAGE_ID=jambonz/sbc-inbound
 
             # Strip git ref prefix from version
             VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
diff --git a/lib/db-utils.js b/lib/db-utils.js
index 0385b3b..3bd0f2a 100644
--- a/lib/db-utils.js
+++ b/lib/db-utils.js
@@ -11,6 +11,8 @@ vc.application_sid, sg.inbound, sg.outbound, sg.is_active, sg.ipv4, sg.netmask
 FROM sip_gateways sg, voip_carriers vc, accounts acc 
 WHERE acc.sip_realm = ? 
 AND vc.account_sid = acc.account_sid 
+AND vc.is_active = 1 
+AND sg.inbound = 1 
 AND sg.voip_carrier_sid = vc.voip_carrier_sid`;
 
 const sqlSelectAllCarriersForSPByRealm =
@@ -20,6 +22,8 @@ FROM sip_gateways sg, voip_carriers vc, accounts acc
 WHERE acc.sip_realm = ? 
 AND vc.service_provider_sid = acc.service_provider_sid  
 AND vc.account_sid IS NULL 
+AND vc.is_active = 1 
+AND sg.inbound = 1 
 AND sg.voip_carrier_sid = vc.voip_carrier_sid`;
 
 const sqlSelectAllGatewaysForSP =
@@ -37,6 +41,8 @@ vc.application_sid, sg.inbound, sg.outbound, sg.is_active, sg.ipv4, sg.netmask
 FROM sip_gateways sg, voip_carriers vc, accounts acc 
 WHERE acc.account_sid = ? 
 AND vc.account_sid = acc.account_sid 
+AND vc.is_active = 1 
+AND sg.inbound = 1 
 AND sg.voip_carrier_sid = vc.voip_carrier_sid`;
 
 const sqlAccountByRealm = 'SELECT * from accounts WHERE sip_realm = ?';
@@ -68,11 +74,15 @@ AND vc.is_active = 1
 AND vc.register_sip_realm = ? 
 AND vc.register_username = ?`;
 
-const gatewayMatchesSourceAddress = (source_address, gw) => {
+const gatewayMatchesSourceAddress = (logger, source_address, gw) => {
   if (32 === gw.netmask && gw.ipv4 === source_address) return true;
   if (gw.netmask < 32) {
-    const matcher = new CIDRMatcher([`${gw.ipv4}/${gw.netmask}`]);
-    return matcher.contains(source_address);
+    try {
+      const matcher = new CIDRMatcher([`${gw.ipv4}/${gw.netmask}`]);
+      return matcher.contains(source_address);
+    } catch (err) {
+      logger.info({err, gw}, 'gatewayMatchesSourceAddress: Error parsing netmask');
+    }
   }
   return false;
 };
@@ -140,7 +150,7 @@ module.exports = (srf, logger) => {
       const [gwAcc] = await pp.query(sqlSelectAllCarriersForAccountByRealm, [uri.host]);
       const [gwSP] = gwAcc.length ? [[]] : await pp.query(sqlSelectAllCarriersForSPByRealm, uri.host);
       const gw = gwAcc.concat(gwSP);
-      const selected = gw.find(gatewayMatchesSourceAddress.bind(null, req.source_address));
+      const selected = gw.find(gatewayMatchesSourceAddress.bind(null, logger, req.source_address));
       if (selected) {
         const [a] = await pp.query(sqlAccountByRealm, [uri.host]);
         if (0 === a.length) return failure;
@@ -161,7 +171,7 @@ module.exports = (srf, logger) => {
           user: uri.user
         }, 'sip realm is not associated with an account, checking carriers');
         const [gw] = await pp.query(sqlSelectCarrierRequiringRegistration, [uri.host, uri.user]);
-        const matches = gw.filter(gatewayMatchesSourceAddress.bind(null, req.source_address));
+        const matches = gw.filter(gatewayMatchesSourceAddress.bind(null, logger, req.source_address));
         if (1 === matches.length) {
           // bingo
           //TODO: this assumes the carrier is associate to an account, not an SP
@@ -212,7 +222,7 @@ module.exports = (srf, logger) => {
       /* find all carrier entries that have an inbound gateway matching the source IP */
       const [gw] = await pp.query(sqlSelectAllGatewaysForSP);
       let matches = gw
-        .filter(gatewayMatchesSourceAddress.bind(null, req.source_address))
+        .filter(gatewayMatchesSourceAddress.bind(null, logger, req.source_address))
         .map((gw) => {
           return {
             voip_carrier_sid: gw.voip_carrier_sid,