Just noticed that wireguard allows you to use invalid ip's on interface address, peer endpoints and allowed-ips.
Steps to reproduce
set interfaces wireguard wg100 address 1.1.1/24 set interfaces wireguard wg100 peer bug pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ= set interfaces wireguard wg100 peer bug allowed-ips 1.1.2/32 set interfaces wireguard wg100 peer bug endpoint 1.1.1:5555 commit
returns
Unable to parse IP address: `1.1.2'
If you then show the interface for wireguard you get this output.
vyos@R1# show interfaces wireguard wg100 address 1.1.1/24 peer bug { allowed-ips 1.1.2/32 endpoint 1.1.1:5555 pubkey kynrunLh++rE6yUjqL448GOH01ocrtkZpoEjOJwLOkQ= }