Fix: IPv6 address parsing bypass in validate_command_network_egress

[poojaarabati]

fixes #725

Description

Added IPv6Address check before port stripping logic to prevent bare IPv6 addresses from bypassing network policy validation

Related Issues

fixes #725

Type of Change

• [ x ] Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

How Has This Been Tested?

Manually reviewed the fix logic against the issue description and suggested fix provided in the issue

Checklist

• [ x ] My code follows the code style of this project.
• [ x ] I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have made corresponding changes to the documentation.
• My changes generate no new warnings.

[poojaarabati]

Hi, I've submitted this fix for issue #725. The backend-lint and frontend-checks are failing — I noticed these seem to fail consistently. Please review my code changes when possible. I'm a GSSoC'26 beginner contributor!

[utksh1]

Thanks for the security fix. This cannot merge in its current state.

The patch introduces a syntax error in validation.py: the changed line reads resolved f = socket.getaddrinfo(...), and the new IPv6 parsing block is mis-indented outside the validate_command_network_egress loop/function structure. That matches the failing backend-lint check. Fresh-clone smoke and frontend-checks are also failing.

Please fix the syntax/indentation, add focused tests for bracketed and unbracketed IPv6 host:port cases, and get required CI green.