Update dependencies (#5518)

vendor/github.com/open-policy-agent/opa/topdown/cidr.go

@@ -61,44 +61,44 @@ func getLastIP(cidr *net.IPNet) (net.IP, error) {
 	return lastIP, nil
 }
 
-func builtinNetCIDRIntersects(a, b ast.Value) (ast.Value, error) {
-	cidrnetA, err := getNetFromOperand(a)
+func builtinNetCIDRIntersects(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+	cidrnetA, err := getNetFromOperand(operands[0].Value)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
-	cidrnetB, err := getNetFromOperand(b)
+	cidrnetB, err := getNetFromOperand(operands[1].Value)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	// If either net contains the others starting IP they are overlapping
 	cidrsOverlap := cidrnetA.Contains(cidrnetB.IP) || cidrnetB.Contains(cidrnetA.IP)
 
-	return ast.Boolean(cidrsOverlap), nil
+	return iter(ast.BooleanTerm(cidrsOverlap))
 }
 
-func builtinNetCIDRContains(a, b ast.Value) (ast.Value, error) {
-	cidrnetA, err := getNetFromOperand(a)
+func builtinNetCIDRContains(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+	cidrnetA, err := getNetFromOperand(operands[0].Value)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	// b could be either an IP addressor CIDR string, try to parse it as an IP first, fall back to CIDR
-	bStr, err := builtins.StringOperand(b, 1)
+	bStr, err := builtins.StringOperand(operands[1].Value, 1)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	ip := net.ParseIP(string(bStr))
 	if ip != nil {
-		return ast.Boolean(cidrnetA.Contains(ip)), nil
+		return iter(ast.BooleanTerm(cidrnetA.Contains(ip)))
 	}
 
 	// It wasn't an IP, try and parse it as a CIDR
-	cidrnetB, err := getNetFromOperand(b)
+	cidrnetB, err := getNetFromOperand(operands[1].Value)
 	if err != nil {
-		return nil, fmt.Errorf("not a valid textual representation of an IP address or CIDR: %s", string(bStr))
+		return fmt.Errorf("not a valid textual representation of an IP address or CIDR: %s", string(bStr))
 	}
 
 	// We can determine if cidr A contains cidr B if and only if A contains
@@ -108,12 +108,12 @@ func builtinNetCIDRContains(a, b ast.Value) (ast.Value, error) {
 		// Only spend time calculating the last IP if the starting IP is already verified to be in cidr A
 		lastIP, err := getLastIP(cidrnetB)
 		if err != nil {
-			return nil, err
+			return err
 		}
 		cidrContained = cidrnetA.Contains(lastIP)
 	}
 
-	return ast.Boolean(cidrContained), nil
+	return iter(ast.BooleanTerm(cidrContained))
 }
 
 var errNetCIDRContainsMatchElementType = errors.New("element must be string or non-empty array")
@@ -167,13 +167,13 @@ func evalNetCIDRContainsMatchesOperand(operand int, a *ast.Term, iter func(cidr,
 	return nil
 }
 
-func builtinNetCIDRContainsMatches(bctx BuiltinContext, args []*ast.Term, iter func(*ast.Term) error) error {
+func builtinNetCIDRContainsMatches(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
 	result := ast.NewSet()
-	err := evalNetCIDRContainsMatchesOperand(1, args[0], func(cidr1 *ast.Term, index1 *ast.Term) error {
-		return evalNetCIDRContainsMatchesOperand(2, args[1], func(cidr2 *ast.Term, index2 *ast.Term) error {
-			if v, err := builtinNetCIDRContains(cidr1.Value, cidr2.Value); err != nil {
+	err := evalNetCIDRContainsMatchesOperand(1, operands[0], func(cidr1 *ast.Term, index1 *ast.Term) error {
+		return evalNetCIDRContainsMatchesOperand(2, operands[1], func(cidr2 *ast.Term, index2 *ast.Term) error {
+			if v, err := getResult(builtinNetCIDRContains, cidr1, cidr2); err != nil {
 				return err
-			} else if vb, ok := v.(ast.Boolean); ok && bool(vb) {
+			} else if vb, ok := v.Value.(ast.Boolean); ok && bool(vb) {
 				result.Add(ast.ArrayTerm(index1, index2))
 			}
 			return nil
@@ -216,6 +216,18 @@ func builtinNetCIDRExpand(bctx BuiltinContext, operands []*ast.Term, iter func(*
 	return iter(ast.NewTerm(result))
 }
 
+func builtinNetCIDRIsValid(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+	cidr, err := builtins.StringOperand(operands[0].Value, 1)
+	if err != nil {
+		return iter(ast.BooleanTerm(false))
+	}
+
+	if _, _, err := net.ParseCIDR(string(cidr)); err != nil {
+		return iter(ast.BooleanTerm(false))
+	}
+	return iter(ast.BooleanTerm(true))
+}
+
 type cidrBlockRange struct {
 	First   *net.IP
 	Last    *net.IP
@@ -257,7 +269,7 @@ func (c cidrBlockRanges) Less(i, j int) bool {
 // builtinNetCIDRMerge merges the provided list of IP addresses and subnets into the smallest possible list of CIDRs.
 // It merges adjacent subnets where possible, those contained within others and also removes any duplicates.
 // Original Algorithm: https://github.com/netaddr/netaddr.
-func builtinNetCIDRMerge(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
+func builtinNetCIDRMerge(_ BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
 	networks := []*net.IPNet{}
 
 	switch v := operands[0].Value.(type) {
@@ -396,10 +408,11 @@ func incIP(ip net.IP) {
 }
 
 func init() {
-	RegisterFunctionalBuiltin2(ast.NetCIDROverlap.Name, builtinNetCIDRContains)
-	RegisterFunctionalBuiltin2(ast.NetCIDRIntersects.Name, builtinNetCIDRIntersects)
-	RegisterFunctionalBuiltin2(ast.NetCIDRContains.Name, builtinNetCIDRContains)
+	RegisterBuiltinFunc(ast.NetCIDROverlap.Name, builtinNetCIDRContains)
+	RegisterBuiltinFunc(ast.NetCIDRIntersects.Name, builtinNetCIDRIntersects)
+	RegisterBuiltinFunc(ast.NetCIDRContains.Name, builtinNetCIDRContains)
 	RegisterBuiltinFunc(ast.NetCIDRContainsMatches.Name, builtinNetCIDRContainsMatches)
 	RegisterBuiltinFunc(ast.NetCIDRExpand.Name, builtinNetCIDRExpand)
 	RegisterBuiltinFunc(ast.NetCIDRMerge.Name, builtinNetCIDRMerge)
+	RegisterBuiltinFunc(ast.NetCIDRIsValid.Name, builtinNetCIDRIsValid)
 }