From 29132cda312eb663fda461cd3c7bca1ad4617f23 Mon Sep 17 00:00:00 2001
From: cschantz <admin@server.local>
Date: Tue, 2 Dec 2025 16:44:15 -0500
Subject: [PATCH] FIX: Add missing is_valid_ip function for IP blocking
 validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CRITICAL BUG FIX:
Added is_valid_ip() function that was being called by blocking functions but didn't exist, causing all IP blocks to fail with "command not found" error.

THE PROBLEM:
live-attack-monitor.sh line 813 calls is_valid_ip() to validate IP format before blocking, but the function was never implemented, causing:
```
is_valid_ip: command not found
✗ Error: Invalid IP format: 172.245.177.148
```

THE FIX:
Implemented is_valid_ip() in lib/attack-patterns.sh with:
- IPv4 validation with octet range checking (0-255)
- IPv6 validation (basic format checking)
- Returns 0 for valid IPs, 1 for invalid
- Exported for use across all scripts

VALIDATION:
- IPv4: 172.245.177.148 ✓ Valid
- IPv4 invalid: 999.999.999.999 ✓ Rejected
- IPv6: 2001:db8::1 ✓ Valid

IMPACT:
- IP blocking now works correctly
- Blocks from live-attack-monitor menu functional
- Prevents invalid IP formats from being passed to CSF/iptables

FILES CHANGED:
- lib/attack-patterns.sh: Added is_valid_ip() function + export
---
 lib/attack-patterns.sh | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/attack-patterns.sh b/lib/attack-patterns.sh
index 0d63c57..05000d8 100644
--- a/lib/attack-patterns.sh
+++ b/lib/attack-patterns.sh
@@ -10,6 +10,29 @@
 # Cache hostname to avoid subprocess on every open redirect check
 CACHED_HOSTNAME="${HOSTNAME:-$(hostname 2>/dev/null || echo "unknown")}"
 
+# IP Address Validation
+# Returns: 0 (valid) or 1 (invalid)
+is_valid_ip() {
+    local ip="$1"
+
+    # IPv4 validation
+    if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
+        local IFS='.'
+        local -a octets=($ip)
+        for octet in "${octets[@]}"; do
+            [ "$octet" -gt 255 ] && return 1
+        done
+        return 0
+    fi
+
+    # IPv6 validation (basic)
+    if [[ "$ip" =~ ^([0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}$ ]]; then
+        return 0
+    fi
+
+    return 1
+}
+
 # SQL Injection Detection
 # Returns: 0 (true) if SQL injection detected, 1 (false) if not
 detect_sql_injection() {
@@ -732,6 +755,7 @@ get_attack_color() {
     esac
 }
 
+export -f is_valid_ip
 export -f detect_sql_injection
 export -f detect_xss
 export -f detect_path_traversal