def get_cidr_name(cidr, ip_ranges_files, ip_ranges_name_key):
"""Read display name for CIDRs from ip-ranges files."""
for filename in ip_ranges_files:
ip_ranges = read_ip_ranges(filename, local_file=True)
for ip_range in ip_ranges:
ip_prefix = netaddr.IPNetwork(ip_range['ip_prefix'])
cidr = netaddr.IPNetwork(cidr)
if cidr in ip_prefix:
return ip_range[ip_ranges_name_key].strip()
for ip_range in aws_ip_ranges:
ip_prefix = netaddr.IPNetwork(ip_range['ip_prefix'])
cidr = netaddr.IPNetwork(cidr)
if cidr in ip_prefix:
return 'Unknown CIDR in %s %s' % (ip_range['service'], ip_range['region'])
return 'Unknown CIDR'
def set_definition(self,
rule_definitions,
attributes=None,
ip_ranges=None,
params=None):
"""
Update every attribute of the rule by setting the argument values as necessary
:param rule_definitions: TODO
:param attributes: TODO
:param ip_ranges: TODO
:param params: TODO
:return:
"""
attributes = [] if attributes is None else attributes
ip_ranges = [] if ip_ranges is None else ip_ranges
params = {} if params is None else params
try:
string_definition = rule_definitions[
self.filename].string_definition
# Load condition dependencies
definition = json.loads(string_definition)
definition['conditions'] += self.conditions
loaded_conditions = []
for condition in definition['conditions']:
if condition[0].startswith('_INCLUDE_('):
include = re.findall(r'_INCLUDE_\((.*?)\)',
condition[0])[0]
# new_conditions = load_data(include, key_name = 'conditions')
rules_path = f'{self.data_path}/{include}'
with open(rules_path) as f:
new_conditions = f.read()
for (i, value) in enumerate(condition[1]):
new_conditions = re.sub(condition[1][i],
condition[2][i],
new_conditions)
new_conditions = json.loads(
new_conditions)['conditions']
loaded_conditions.append(new_conditions)
else:
loaded_conditions.append(condition)
definition['conditions'] = loaded_conditions
string_definition = json.dumps(definition)
# Set parameters
parameters = re.findall(r'(_ARG_([a-zA-Z0-9]+)_)',
string_definition)
for param in parameters:
index = int(param[1])
if len(self.args) <= index:
string_definition = string_definition.replace(param[0], '')
elif type(self.args[index]) == list:
value = '[ %s ]' % ', '.join('"%s"' % v
for v in self.args[index])
string_definition = string_definition.replace(
'"%s"' % param[0], value)
else:
string_definition = string_definition.replace(
param[0], self.args[index])
# Strip dots if necessary
stripdots = re_strip_dots.findall(string_definition)
for value in stripdots:
string_definition = string_definition.replace(
value[0], value[1].replace('.', ''))
definition = json.loads(string_definition)
# Set special values (IP ranges, AWS account ID, ...)
for condition in definition['conditions']:
if type(condition) != list \
or len(condition) == 1 \
or type(condition[2]) == list \
or type(condition[2]) == dict:
continue
for testcase in testcases:
result = testcase['regex'].match(condition[2])
if result and (testcase['name'] == 'ip_ranges_from_file'
or testcase['name']
== 'ip_ranges_from_local_file'):
filename = result.groups()[0]
conditions = result.groups()[1] if len(
result.groups()) > 1 else []
# TODO :: handle comma here...
if filename == ip_ranges_from_args:
prefixes = []
for filename in ip_ranges:
prefixes += read_ip_ranges(
filename,
local_file=True,
ip_only=True,
conditions=conditions)
condition[2] = prefixes
break
else:
local_file = True if testcase[
'name'] == 'ip_ranges_from_local_file' else False
condition[2] = read_ip_ranges(
filename,
local_file=local_file,
ip_only=True,
conditions=conditions)
break
elif result:
condition[2] = params[testcase['name']]
break
if len(attributes) == 0:
attributes = [attr for attr in definition]
for attr in attributes:
if attr in definition:
setattr(self, attr, definition[attr])
if hasattr(self, 'path'):
self.service = format_service_name(self.path.split('.')[0])
if not hasattr(self, 'key'):
setattr(self, 'key', self.filename)
setattr(self, 'key', self.key.replace('.json', ''))
if self.key_suffix:
setattr(self, 'key', f'{self.key}-{self.key_suffix}')
except Exception as e:
print_exception(f'Failed to set definition {self.filename}: {e}')
