Fixed SNAT private ranges IP validation bug (#18857)

* Fixed SNAT private ranges IP validation bug

* Updated Changelog

* updated session records

Co-authored-by: Gizachew Eshetie <[email protected]>

Author: Gizachew-Eshetie

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1

@@ -1492,7 +1492,7 @@ function Test-AzureFirewallPolicyPrivateRangeCRUD {
     $location = "westus2"
     $vnetName = Get-ResourceName
     $privateRange2 = @("IANAPrivateRanges", "0.0.0.0/0", "66.92.0.0/16")
-    $privateRange1 = @("3.3.0.0/24", "98.0.0.0/8")
+    $privateRange1 = @("3.3.0.0/24", "98.0.0.0/8","10.227.16.0/20")
     $privateRange2Translated = @("0.0.0.0/0", "66.92.0.0/16", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16", "100.64.0.0/10")
 
     try {

src/Network/Network.Test/ScenarioTests/AzureFirewallTests.ps1

@@ -1350,7 +1350,7 @@ function Test-AzureFirewallPrivateRangeCRUD {
     $publicIpName = Get-ResourceName
 
     $privateRange1 = @("IANAPrivateRanges", "0.0.0.0/0", "66.92.0.0/16")
-    $privateRange2 = @("3.3.0.0/24", "98.0.0.0/8")
+    $privateRange2 = @("3.3.0.0/24", "98.0.0.0/8","10.227.16.0/20","10.226.0.0/16")
 
     try {
         # Create the resource group

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallPolicyTests/TestAzureFirewallPolicyPrivateRangeCRUD.json

@@ -19,6 +19,7 @@
 --->
 
 ## Upcoming Release
+* Fixed bug that causes an overflow due to incorrect SNAT private ranges IP validation.
 * Added new cmdlets to create/manage L4(TCP/TLS) objects for ApplicationGateway:
 	- `Get-AzApplicationGatewayListener`	
 	- `New-AzApplicationGatewayListener`	

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallTests/TestAzureFirewallPrivateRangeCRUD.json

@@ -452,8 +452,8 @@ private void ValidateMaskedIpAddress(string ipAddress)
 
             // validated that unmasked bits are 0
             var splittedIp = split[0].Split('.');
-            var ip = Int32.Parse(splittedIp[0]) << 24;
-            ip = ip + Int32.Parse(splittedIp[1]) << 16 + Int32.Parse(splittedIp[2]) << 8 + Int32.Parse(splittedIp[3]);
+            var ip = Int32.Parse(splittedIp[0]) << 24;            
+            ip += (Int32.Parse(splittedIp[1]) << 16) + (Int32.Parse(splittedIp[2]) << 8) + Int32.Parse(splittedIp[3]);
             if (ip << bit != 0)
                 throw new PSArgumentException(String.Format("\'{0}\' is not a valid private range ip address, bits not covered by subnet mask should be all 0", ipAddress));
         }

src/Network/Network/ChangeLog.md

@@ -117,7 +117,7 @@ private void ValidateMaskedIpAddress(string ipAddress)
             // validated that unmasked bits are 0
             var splittedIp = split[0].Split('.');
             var ip = Int32.Parse(splittedIp[0]) << 24;
-            ip = ip + Int32.Parse(splittedIp[1]) << 16 + Int32.Parse(splittedIp[2]) << 8 + Int32.Parse(splittedIp[3]);
+            ip += (Int32.Parse(splittedIp[1]) << 16) + (Int32.Parse(splittedIp[2]) << 8) + Int32.Parse(splittedIp[3]);
             if (ip << bit != 0)
                 throw new AzPSArgumentException(String.Format(Resources.InvalidPrivateIPRangeUnmaskedBits, ipAddress), nameof(ipAddress), ErrorKind.UserError);
         }