def _get_item_ip_hostname_url(item):
""" Get item infos
"""
ip_addr = hostname = url = None
try:
validate = URLValidator(schemes=("http", "https", "ftp", "ftps",
"rtsp", "rtmp"))
validate(item["rawItem"])
item["itemType"] = "URL"
url = item["rawItem"]
except ValidationError:
try:
validate_ipv46_address(item["rawItem"])
item["itemType"] = "IP"
except ValidationError:
item["itemType"] = "FQDN"
if item["itemType"] == "URL":
hostname = networking.get_url_hostname(item["rawItem"])
ips = networking.get_ips_from_url(item["rawItem"])
if ips:
ip_addr = ips[0]
elif item["itemType"] == "IP":
item["itemType"] = "IP"
ip_addr = item["rawItem"]
elif item["itemType"] == "FQDN":
hostname = item["rawItem"]
ips = networking.get_ips_from_fqdn(item["rawItem"])
if ips:
ip_addr = ips[0]
return ip_addr, hostname, url
def clean(self):
if self.identifiertype == 'EMAIL':
try:
validate_email(self.identifier)
except ValidationError as e:
raise ValidationError(
'Identifier declared as EMAIL but does not contain a valid email address'
)
if self.identifiertype == 'IPADD':
try:
validate_ipv46_address(self.identifier)
except ValidationError as e:
raise ValidationError(
'Identifier declared as IP ADDRESS but does not contain a valid ip4/ip6 address'
)
if self.identifiertype == 'UNAME' or self.identifiertype == 'SKYPE':
try:
validate_slug(self.identifier)
except ValidationError as e:
raise ValidationError(
'Identifier declared as USERNAME/SKYPE but does not contain a username or skype identifier'
)
if self.identifiertype == 'TWITTER':
try:
validate_slug(self.identifier)
except ValidationError as e:
raise ValidationError(
'Identifier declared as Twitter ID but does not contain a valid twitter id'
)
def viewtrack(ct, pk, ip_address):
'''IP address and caching are for situations where you want
to not count a page refresh from the same location as another view.
You can expire it to your specification, 300 (5 minutes) is pretty good though
'''
ct = ContentType.objects.get(pk=ct)
try:
instance = ct.model_class().objects.get(pk=pk)
except ct.model_class().DoesNotExist:
return # Its gone, deal with it
EXPIRE_TIME = getattr(settings, 'POPULARITY_VIEW_DELAY', 300)
if EXPIRE_TIME is not False: # They expicitly don't want any delay
if "," in ip_address:
ip_address = ip_address.split(",")[-1].strip()
validate_ipv46_address(ip_address)
EXPIRE_KEY = u'popularity-view-%s-%s-%s' % (ct.pk, instance.pk, ip_address)
log.info(u"%s / %s / %s/ %s" % (EXPIRE_KEY, ct.pk, instance.pk, ip_address))
if cache.get(EXPIRE_KEY):
log.info("Foregoing view, recent key found")
return # Don't add a view, they're revisiting too soon
cache.set(EXPIRE_KEY, 1, EXPIRE_TIME) # 1 == just needs some value
ViewTracker.add_view_for(instance)
def validate_domain_or_ip(self, data):
try:
validate_hostname(data)
return data
except ValidationError:
validate_ipv46_address(data)
return data
def _check_query(self, query, country=False, city=False, city_or_country=False):
"Check the query and database availability."
# Making sure a string was passed in for the query.
if not isinstance(query, str):
raise TypeError(
"GeoIP query must be a string, not type %s" % type(query).__name__
)
# Extra checks for the existence of country and city databases.
if city_or_country and not (self._country or self._city):
raise GeoIP2Exception("Invalid GeoIP country and city data files.")
elif country and not self._country:
raise GeoIP2Exception(
"Invalid GeoIP country data file: %s" % self._country_file
)
elif city and not self._city:
raise GeoIP2Exception("Invalid GeoIP city data file: %s" % self._city_file)
# Return the query string back to the caller. GeoIP2 only takes IP addresses.
try:
validate_ipv46_address(query)
except ValidationError:
query = socket.gethostbyname(query)
return query
def handle(self, *args, **options):
group_name = options.get('group_name')
ips = options.get('ip')
try:
ip_group = models.IPGroup.objects.get(name__iexact=group_name,
type=models.TYPE_RANGE)
except models.IPGroup.DoesNotExist:
try:
models.IPGroup.objects.get(name__iexact=group_name)
except models.IPGroup.DoesNotExist:
raise CommandError("IPGroup '%s' doesn't exist." % group_name)
else:
raise CommandError(
"Can add IP address only to a Range based IP Group.")
for ip in ips:
try:
validate_ipv46_address(ip)
except ValidationError:
raise CommandError("'%s' not a valid IPv4 or IPv6 address." %
ip)
for ip in ips:
models.IPRange.objects.get_or_create(ip_group=ip_group,
first_ip=ip)
def _match(self):
# Fetch client IP address.
client_ip = self._request.META.get('REMOTE_ADDR')
if 'HTTP_X_FORWARDED_FOR' in self._request.META:
# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
# Take just the first valid one (proxies like squid may introduce
# invalid values like 'unknown' under certain configurations, so
# a validations is always required).
for ip in self._request.META['HTTP_X_FORWARDED_FOR'].split(','):
ip = ip.strip()
try:
validate_ipv46_address(ip)
client_ip = ip
break
except ValidationError:
pass
# Fetch HTTP headers.
# See: https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.META
http_headers = {}
for name, value in self._request.META.iteritems():
if name in (
'CONTENT_LENGTH',
'CONTENT_TYPE',
):
http_headers[self._normalized_header_name(name)] = value
elif name.startswith('HTTP_'):
http_headers[self._normalized_header_name(name[5:])] = value
# Match.
return mobile_detector.match(http_headers)
def repository_validator(path):
"""Validate an SSH repository path."""
if not ('@' in path and ':' in path):
raise ValidationError(_('Repository path format incorrect.'))
username, hostname, dir_path = split_path(path)
hostname = hostname.split('%')[0]
# Validate username using Unix username regex
if not re.match(r'[a-z0-9_][a-z0-9_-]*$', username):
raise ValidationError(_(f'Invalid username: {username}'))
# The hostname should either be a valid IP address or hostname
# Follows RFC1123 (hostnames can start with digits) instead of RFC952
hostname_re = (r'^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*'
r'([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$')
try:
validate_ipv46_address(hostname)
except ValidationError:
if not re.match(hostname_re, hostname):
raise ValidationError(_(f'Invalid hostname: {hostname}'))
# Validate directory path
if not re.match(r'[^\0]*', dir_path):
raise ValidationError(_(f'Invalid directory path: {dir_path}'))
def clean(self):
from django.core.validators import URLValidator, validate_ipv46_address
port_re = "(:[0-9]{1,5}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])"
cleaned_data = super(AddEndpointForm, self).clean()
if 'endpoint' in cleaned_data and 'product' in cleaned_data:
endpoint = cleaned_data['endpoint']
product = cleaned_data['product']
if isinstance(product, Product):
self.product = product
else:
self.product = Product.objects.get(id=int(product))
else:
raise forms.ValidationError('Please enter a valid URL or IP address.',
code='invalid')
endpoints = endpoint.split()
count = 0
error = False
for endpoint in endpoints:
try:
url_validator = URLValidator()
url_validator(endpoint)
protocol, host, path, query, fragment = urlsplit(endpoint)
self.endpoints_to_process.append([protocol, host, path, query, fragment])
except forms.ValidationError:
try:
# do we have a port number?
host = endpoint
regex = re.compile(port_re)
if regex.findall(endpoint):
for g in regex.findall(endpoint):
host = re.sub(port_re, '', host)
validate_ipv46_address(host)
protocol, host, path, query, fragment = ("", endpoint, "", "", "")
self.endpoints_to_process.append([protocol, host, path, query, fragment])
except forms.ValidationError:
try:
regex = re.compile(
r'^(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}(?<!-)\.?)|' # domain...
r'localhost|' # localhost...
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4
r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6
r'(?::\d+)?' # optional port
r'(?:/?|[/?]\S+)$', re.IGNORECASE)
validate_hostname = RegexValidator(regex=regex)
validate_hostname(host)
protocol, host, path, query, fragment = (None, host, None, None, None)
if "/" in host or "?" in host or "#" in host:
# add a fake protocol just to join, wont use in update to database
host_with_protocol = "http://" + host
p, host, path, query, fragment = urlsplit(host_with_protocol)
self.endpoints_to_process.append([protocol, host, path, query, fragment])
except forms.ValidationError:
raise forms.ValidationError(
'Please check items entered, one or more do not appear to be a valid URL or IP address.',
code='invalid')
return cleaned_data
def nanolog(log_type, details, note=None, user=None, ip=None, log_object=None, request=None):
"""
Write into Nanolog the received data.
<log_type> - string
<details> - string
<note> - string
<user> - user instance or None
<ip> - string
<log_object>- string
<request> - request object
"""
if not log_type or not details:
return
if not user and request:
user = request.user
values = dict(
user=user,
log_type=log_type,
details=details,
note=note,
)
print(ip)
if not ip and request:
ip = get_client_ip(request)
print(ip)
try:
validate_ipv46_address(ip)
values['ip'] = ip
except (ValidationError, TypeError):
values['ip'] = None
if log_object and hasattr(log_object, 'pk'):
values['content_object'] = log_object
Nanolog.objects.create(**values)
def clean(self):
from django.core.validators import URLValidator, validate_ipv46_address
port_re = "(:[0-9]{1,5}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])"
cleaned_data = super(AddEndpointForm, self).clean()
if 'endpoint' in cleaned_data and 'product' in cleaned_data:
endpoint = cleaned_data['endpoint']
product = cleaned_data['product']
if isinstance(product, Product):
self.product = product
else:
self.product = Product.objects.get(id=int(product))
else:
raise forms.ValidationError('Please enter a valid URL or IP address.',
code='invalid')
endpoints = endpoint.split()
count = 0
error = False
for endpoint in endpoints:
try:
url_validator = URLValidator()
url_validator(endpoint)
protocol, host, path, query, fragment = urlsplit(endpoint)
self.endpoints_to_process.append([protocol, host, path, query, fragment])
except forms.ValidationError:
try:
# do we have a port number?
host = endpoint
regex = re.compile(port_re)
if regex.findall(endpoint):
for g in regex.findall(endpoint):
host = re.sub(port_re, '', host)
validate_ipv46_address(host)
protocol, host, path, query, fragment = ("", endpoint, "", "", "")
self.endpoints_to_process.append([protocol, host, path, query, fragment])
except forms.ValidationError:
try:
regex = re.compile(
r'^(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}(?<!-)\.?)|' # domain...
r'localhost|' # localhost...
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4
r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6
r'(?::\d+)?' # optional port
r'(?:/?|[/?]\S+)$', re.IGNORECASE)
validate_hostname = RegexValidator(regex=regex)
validate_hostname(host)
protocol, host, path, query, fragment = (None, host, None, None, None)
if "/" in host or "?" in host or "#" in host:
# add a fake protocol just to join, wont use in update to database
host_with_protocol = "http://" + host
p, host, path, query, fragment = urlsplit(host_with_protocol)
self.endpoints_to_process.append([protocol, host, path, query, fragment])
except forms.ValidationError:
raise forms.ValidationError(
'Please check items entered, one or more do not appear to be a valid URL or IP address.',
code='invalid')
return cleaned_data
def process(request):
"""Process email webhook callback data."""
events = []
response = json.loads(request.body)
for event in response:
try:
ip = event.get('ip')
validate_ipv46_address(ip)
ip_address = ip
except Exception:
ip_address = None
try:
created_on = datetime.utcfromtimestamp(event['timestamp']).replace(tzinfo=pytz.utc)
email_event = EmailEvent(
email=event['email'],
event=event['event'],
category=event.get('category', ''),
created_on=created_on,
ip_address=ip_address,
)
events.append(email_event)
except Exception:
pass
EmailEvent.objects.bulk_create(events)
return HttpResponse('Thanks!')
def get_ip(req):
"""
取得 IP - 包含驗證與不合法備註的處理
"""
ip = ""
x_forward = req.META.get('HTTP_X_FORWARDED_FOR', '')
if x_forward:
ip = x_forward.split(',')[0]
else:
ip = req.META.get('REMOTE_ADDR', '')
if ip:
try:
validate_ipv46_address(ip)
except ValidationError as ve:
logger.error('Error Code 008 - Invalid IP Detected. IP: ' + ip)
logger.error(str(ve))
ip = "[Invalid IP][IP Save Into Log]"
except Exception as e:
logger.error('Error Code 008 - Error When Detect IP. IP: ' + ip)
logger.error(str(e))
ip = "[Valid IP Exception Occur][IP Save Into Log]"
else:
ip = "[Empty IP]"
return ip
def edit(request, pk):
device = get_object_or_404(Device, pk=pk)
# If the request is POST, is the submit of th edit
if request.method == 'POST':
try:
new_name = request.POST['name']
validate_ipv46_address(request.POST['ip'])
new_ip = request.POST['ip']
token = request.POST['token']
device.name = new_name
device.ip = new_ip
device.token = token
device.save()
return redirect(reverse('dashboard:detail', args=(pk, )))
except ValidationError as e:
messages.error(request, e.message, extra_tags='danger')
except:
messages.error(request,
'Please check the values',
extra_tags='danger')
return render(request, 'dashboard/edit.html', {'device': device})
def handle(self, *args, **options):
"""
Run script
"""
valid_environments = ['local', 'postgres_local']
if ENVIRONMENT not in valid_environments:
raise RuntimeError(
f'DJANGO_APPLICATION_ENVIRONMENT must be in {valid_environments}'
)
ip = options['ip']
validate_ipv46_address(ip)
self.install_fixture_data()
self_configuration = get_self_configuration(
exception_class=RuntimeError)
SelfConfiguration.objects.filter(pk=self_configuration.id).update(
ip_address=ip)
rebuild_cache(
head_block_hash=self_configuration.root_account_file_hash)
self.stdout.write(
self.style.SUCCESS('Validator initialization complete'))
def _match(self):
# Fetch client IP address.
client_ip = self._request.META.get('REMOTE_ADDR')
if 'HTTP_X_FORWARDED_FOR' in self._request.META:
# HTTP_X_FORWARDED_FOR can be a comma-separated list of IPs.
# Take just the first valid one (proxies like squid may introduce
# invalid values like 'unknown' under certain configurations, so
# a validations is always required).
for ip in self._request.META['HTTP_X_FORWARDED_FOR'].split(','):
ip = ip.strip()
try:
validate_ipv46_address(ip)
client_ip = ip
break
except ValidationError:
pass
# Fetch HTTP headers.
# See: https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.META
http_headers = {}
for name, value in self._request.META.iteritems():
if name in ('CONTENT_LENGTH', 'CONTENT_TYPE',):
http_headers[self._normalized_header_name(name)] = value
elif name.startswith('HTTP_'):
http_headers[self._normalized_header_name(name[5:])] = value
# Match.
return mobile_detector.match(http_headers)
def get_ip_report_count(**kwargs):
""" Count nb of reports for an ip
"""
filters = {}
if 'filters' in kwargs:
try:
filters = json.loads(unquote(unquote(kwargs['filters'])))
except (ValueError, SyntaxError, TypeError):
return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Bad Request'}
try:
start = datetime.fromtimestamp(filters['start'])
end = datetime.fromtimestamp(filters['end'])
except (KeyError, TypeError, ValueError):
start = datetime.now() - timedelta(weeks=1)
end = datetime.now() + timedelta(weeks=1)
ip_addr = kwargs['ip']
try:
validate_ipv46_address(ip_addr)
count = ReportItem.objects.filter(
itemType='IP',
rawItem=ip_addr,
report__receivedDate__gte=start,
report__receivedDate__lte=end,
).values_list('report__id').distinct().count()
return 200, {'reports': count}
except ValidationError:
return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Not a valid IPV4'}
def post_mass_contact(body, user):
"""
Create a worker task for mass contact
"""
try:
ips = list(set(body['ips']))
for ip_address in ips:
validate_ipv46_address(ip_address)
except (TypeError, ValidationError):
return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Invalid value(s) in fields ips'}
try:
category = Category.objects.get(name=body['category'].title())
except (AttributeError, ObjectDoesNotExist, TypeError):
return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Invalid category'}
# Generates unified campaignName
campaign_name = body['campaignName']
campaign_name = re.sub(r'(\s+){2,}', ' ', campaign_name).replace(' ', '_').lower()
campaign_name = re.sub('[^A-Za-z0-9_]+', '', campaign_name)
campaign_name = u'mass_contact_' + campaign_name + u'_' + datetime.now().strftime('%D')
# Check mustache (required for worker)
for key, val in body['email'].iteritems():
if not all([mustache in val for mustache in MASS_CONTACT_REQUIRED]):
message = '%s templating elements required in %s' % (str(MASS_CONTACT_REQUIRED), key)
return 400, {'status': 'Bad Request', 'code': 400, 'message': message}
__create_jobs(campaign_name, ips, category, body, user)
return 200, {'status': 'OK', 'code': 200, 'message': 'Campaign successfully created'}
def add_camera(request):
if "ip" in request.POST:
ip = request.POST["ip"]
name = request.POST["name"] if "name" in request.POST else None
try:
validate_ipv46_address(ip)
try:
cam = Camera.objects.get(ip=ip)
# todo message to user?
if name is not None:
cam.name = name
cam.save()
except Camera.DoesNotExist:
cam = Camera(ip=ip, name=name)
cam.save()
if cam:
return redirect('pyspy.views.index')
except ValidationError:
pass # todo message to user
return HttpResponseBadRequest(content=b"Bad request!")
def clean(self):
if self.identifier_type is 'EMAIL':
try:
validate_email(self.identifier)
except ValidationError:
raise ValidationError(
'Identifier is not a valid email address')
if self.identifier_type is 'IPADD':
try:
validate_ipv46_address(self.identifier)
except ValidationError:
raise ValidationError(
'Identifier is not a valid IPv4/IPv6 address')
if self.identifier_type is 'UNAME' or self.identifier_type is 'NAME':
try:
validate_slug(self.identifier)
except ValidationError:
raise ValidationError(
'Identifier is not a valid username or name')
if self.identifier_type is 'SKYPE':
try:
validate_skype(self.identifier)
except ValidationError:
raise ValidationError(
'Identifier is not a valid Skype user name')
if self.identifier_type is 'TWITTER':
try:
validate_twitter(self.identifier)
except ValidationError:
raise ValidationError(
'Identifier is not a valid Twitter user name')
def clean(self):
if self.identifier_type is 'EMAIL':
try:
validate_email(self.identifier)
except ValidationError:
raise ValidationError('Identifier is not a valid email address')
if self.identifier_type is 'IPADD':
try:
validate_ipv46_address(self.identifier)
except ValidationError:
raise ValidationError('Identifier is not a valid IPv4/IPv6 address')
if self.identifier_type is 'UNAME' or self.identifier_type is 'NAME':
try:
validate_slug(self.identifier)
except ValidationError:
raise ValidationError('Identifier is not a valid username or name')
if self.identifier_type is 'SKYPE':
try:
validate_skype(self.identifier)
except ValidationError:
raise ValidationError('Identifier is not a valid Skype user name')
if self.identifier_type is 'TWITTER':
try:
validate_twitter(self.identifier)
except ValidationError:
raise ValidationError('Identifier is not a valid Twitter user name')
def clean(self):
cleaned_data = super(IpSearchForm, self).clean()
term = cleaned_data.get('term')
ip_valid = True
if term == None:
term = '1'
try:
validate_ipv46_address(term)
except ValidationError:
self.errors['term'] = self.error_class(['Not an IP address'])
del cleaned_data['term']
ip_valid = False
except AddrFormatError:
self.errors['term'] = self.error_class(['Not an IP address'])
del cleaned_data['term']
ip_valid = False
ranges = Range.objects.all()
found = False
if ip_valid:
for range in ranges:
r = IPNetwork(range.cidr)
addrs = list(r)
if IPAddress(term) in addrs:
found = True
break
if not found and ip_valid:
self.errors['term'] = self.error_class(['IP is not within a known range'])
del cleaned_data['term']
ip_valid = False
return cleaned_data
def validate_ip46_fqdn_address(value):
try:
validate_fqdn(value)
except ValidationError:
try:
validate_ipv46_address(value)
except ValidationError:
raise ValidationError('Introdusca un FQDN o Direccion IP valido')
def user_agent_and_ip_address_from_request(request):
user_agent = request.META.get('HTTP_USER_AGENT', "")
ip_address = request.META.get('HTTP_X_REAL_IP', "")
try:
validate_ipv46_address(ip_address)
except ValidationError:
ip_address = request.META.get('REMOTE_ADDR', None)
return user_agent, ip_address
def get_reverses_for_item(item, nature="IP", replace_exception=False):
"""
Try to get reverses infos for given item
:param str item: Can be an IP address, a URL or a FQDN
:param str nature: The nature of the item
:param bool replace_exception: Replace by NXDOMAIN or TIMEOUT
:rtype: dict
:return: a dict containing reverse infos
"""
hostname = None
reverses = {}
if nature == "IP":
reverses["ip"] = item
try:
validate_ipv46_address(item)
reverses["ipReverse"] = socket.gethostbyaddr(item)[0]
reverses["ipReverseResolved"] = socket.gethostbyname(
reverses["ipReverse"])
except (
IndexError,
socket.error,
socket.gaierror,
socket.herror,
socket.timeout,
TypeError,
ValidationError,
):
pass
elif nature == "URL":
reverses["url"] = item
parsed = urlparse(item)
if parsed.hostname:
hostname = parsed.hostname
else:
reverses["fqdn"] = item
hostname = item
if hostname:
try:
reverses["fqdn"] = hostname
reverses["fqdnResolved"] = socket.gethostbyname(hostname)
reverses["fqdnResolvedReverse"] = socket.gethostbyaddr(
reverses["fqdnResolved"])[0]
except socket.gaierror as ex:
if replace_exception:
try:
reverses["fqdnResolved"] = DNS_ERROR[str(ex.args[0])]
except KeyError:
reverses["fqdnResolved"] = "NXDOMAIN"
except socket.timeout:
if replace_exception:
reverses["fqdnResolved"] = "TIMEOUT"
except (IndexError, TypeError, socket.error, socket.herror):
pass
return reverses
def clean_url(self):
url = URLObject(self.cleaned_data["url"])
# URLObject doesn't handle ipv6 very well yet. In the meantime, ...
if url.netloc.count(":") > 3:
raise forms.ValidationError(_("Enter a valid URL."))
URLValidator()(url.without_auth())
if url.scheme not in ["http", "https"]:
raise forms.ValidationError(
_("Invalid URL scheme: '%s'. Only HTTP and HTTPS are " "supported.") % url.scheme
)
if url.netloc.hostname in ["localhost", "127.0.0.1", "::1"]:
raise forms.ValidationError(_("Enter a valid URL."))
try:
validate_ipv46_address(url.netloc.hostname)
except forms.ValidationError:
pass
else:
raise forms.ValidationError(_("Enter a valid URL."))
existing = self.user.feeds.filter(url=url)
if self.instance is not None:
existing = existing.exclude(pk=self.instance.pk)
if existing.exists():
raise forms.ValidationError(_("It seems you're already subscribed to this feed."))
auth = None
if url.auth != (None, None):
auth = url.auth
# Check this is actually a feed
with user_lock("feed_check", self.user.pk, timeout=30):
headers = {"User-Agent": USER_AGENT % "checking feed", "Accept": feedparser.ACCEPT_HEADER}
try:
response = requests.get(six.text_type(url.without_auth()), headers=headers, timeout=10, auth=auth)
except Exception:
if "SENTRY_DSN" in os.environ:
client = Client()
client.captureException()
raise forms.ValidationError(_("Error fetching the feed."))
if response.status_code != 200:
raise forms.ValidationError(_("Invalid response code from URL: " "HTTP %s.") % response.status_code)
try:
parsed = feedparser.parse(response.content)
except Exception:
raise forms.ValidationError(_("Error parsing the feed."))
if not is_feed(parsed):
raise forms.ValidationError(_("This URL doesn't seem to be a valid feed."))
self.cleaned_data["title"] = parsed.feed.title
# Cache this in case update_favicon needs it and it's not in the
# scheduler data yet.
if hasattr(parsed.feed, "link"):
cache.set(u"feed_link:{0}".format(url), parsed.feed.link, 600)
return url
def clean(self):
cleaned_data = super(FormAddForwardRecord, self).clean()
record_type = cleaned_data.get("record_type")
record_data = cleaned_data.get("record_data")
if record_type in ("A", "AAAA"):
try:
validators.validate_ipv46_address(record_data)
except:
raise ValidationError("Invalid IP Address.")
def clean(self):
cleaned_data = super(FormAddForwardRecord, self).clean()
record_type = cleaned_data.get("record_type")
record_data = cleaned_data.get("record_data")
if record_type in ("A", "AAAA"):
try:
validators.validate_ipv46_address(record_data)
except:
raise ValidationError("Invalid IP Address.")
def _validated_ip(self, ip):
from django.core.exceptions import ValidationError
from django.core.validators import validate_ipv46_address
ip = ip.strip()
try:
validate_ipv46_address(ip)
except ValidationError:
return None
return ip
def validate_ip_address(value):
"""
Make sure value is a valid IPv4 or IPv6 address.
"""
try:
validate_ipv46_address(value)
return value
except DjangoValidationError as e:
raise ValidationError(str(e))
def clean_entries(self):
validate_unicode(self.cleaned_data['key'], max_length=100)
validate_unicode(self.cleaned_data['key_id'], max_length=100)
validate_unicode(self.cleaned_data['subkey_id'], max_length=100)
data = json.loads(self.cleaned_data['entries']) # [{a,b,c}]
for ip in data:
validate_ipv46_address(ip)
return data
def clean_value(self, value, operator_slug, request):
if value is None:
return value
elif operator_slug not in {OPERATORS.CONTAINS, OPERATORS.EXACT, OPERATORS.STARTSWITH, OPERATORS.ENDSWITH}:
try:
validate_ipv46_address(value)
except ValidationError:
raise FilterValueError(ugettext('Value must be in format IPv4 or IPv6.'))
return value
def get_ip_address(request):
for header in headers:
if request.META.get(header, None):
ip = request.META[header].split(',')[0]
try:
validate_ipv46_address(ip)
return ip
except ValidationError:
pass
def get_ip_address(request):
for header in headers:
if request.META.get(header, None):
ip = request.META[header].split(',')[0]
try:
validate_ipv46_address(ip)
return ip
except ValidationError:
pass
def validate_fqdn_or_ipv46_address(value):
try:
validate_ipv46_address(value)
return True
except ValidationError:
try:
validate_domain_name(value)
return True
except ValidationError:
return False
def is_valid_ip(ip_address):
""" Check Validity of an IP address """
if not ip_address:
return False
ip_address = ip_address.strip()
try:
validate_ipv46_address(ip_address)
return True
except ValidationError:
return False
def is_valid_ip(ip_address):
""" Check Validity of an IP address """
if not ip_address:
return False
ip_address = ip_address.strip()
try:
validate_ipv46_address(ip_address)
return True
except ValidationError:
return False
def is_ip_allowed(self, ip):
if not self.use_ip_auth:
return True
try:
validators.validate_ipv46_address(ip)
except ValidationError:
return False
if ipv6.is_valid_ipv6_address(ip):
ip = ipv6.clean_ipv6_address(ip)
return self._allowed_cleaned_ip(ip)
def validate(self, attrs):
if self.instance:
return attrs
fixed_ips = attrs.get('fixed_ips')
network: models.Network = self.context['view'].get_object()
if fixed_ips:
for fixed_ip in fixed_ips:
if 'ip_address' not in fixed_ip and 'subnet_id' not in fixed_ip:
raise serializers.ValidationError(
_('Either ip_address or subnet_id field must be specified')
)
wrong_fields = set(fixed_ip.keys()) - {'ip_address', 'subnet_id'}
if wrong_fields != set():
raise serializers.ValidationError(
_(
'Only ip_address and subnet_id fields can be specified. Got: %(fields)s'
)
% {'fields': wrong_fields}
)
if fixed_ip.get('ip_address') == '':
raise serializers.ValidationError(
_('ip_address field must not be blank. Got %(fixed_ip)s.')
% {'fixed_ip': fixed_ip}
)
if fixed_ip.get('subnet_id') == '':
raise serializers.ValidationError(
_('subnet_id field must not be blank. Got %(fixed_ip)s.')
% {'fixed_ip': fixed_ip}
)
if 'ip_address' in fixed_ip:
validate_ipv46_address(fixed_ip['ip_address'])
subnet_backend_id = fixed_ip.get('subnet_id')
if subnet_backend_id:
if not models.SubNet.objects.filter(
backend_id=subnet_backend_id, network=network
).exists():
raise serializers.ValidationError(
{
'subnet': _(
'There is no subnet with backend_id [%(backend_id)s] in the network [%(network)s]'
)
% {'backend_id': subnet_backend_id, 'network': network,}
}
)
attrs['service_settings'] = network.service_settings
attrs['project'] = network.project
attrs['network'] = network
attrs['tenant'] = network.tenant
return super(PortSerializer, self).validate(attrs)
def add_addrs(self, addrs):
message = ''; error = 0; ip_in_route = {}; route_id = self.kwargs['pk']
for ip_addr in addrs:
try:
validate_ipv46_address(ip_addr)
except ValidationError, e:
error += 1; message += str(e)
continue
try:
ip = Ip.objects.get(addr=ip_addr, route_id=route_id)
error += 1
message += 'Ip address: {0} present in this: {1} route; '.format(ip_addr, ip.route.name)
dmt_log.info('Ip address: {0} present in this: {1} route.'.format(ip_addr, ip.route.name))
continue
except Ip.DoesNotExist:
ip_in_other_route = Ip.objects.filter(addr=ip_addr, route_id__isnull=False)
if len(ip_in_other_route) == 0:
try:
ip = Ip.objects.get(addr=ip_addr, route_id__isnull=True)
except Ip.DoesNotExist:
ip = Ip(addr=ip_addr, created=datetime.now())
else:
if self.request.GET.get('confirm', False) == 'true':
ip = Ip(addr=ip_addr, created=datetime.now())
dmt_log.info('Add Ip address: {0} to route: {1} present in route: {2} by user: {3}'.format(
ip_addr, route_id, ip_in_other_route[0].route_id, self.request.user.email))
else:
ip_in_route.update({ip_in_other_route[0].route_id: {'addr': ip_in_other_route[0].addr,
'route': ip_in_other_route[0].route.name}})
continue
ip.route_id = route_id
ip.reverse = ip.resolve()
ip.last_reverse_check = datetime.now()
if not ip.reverse:
error += 1
message += 'Reverse resolve absent from ip address: {0}; '.format(ip_addr)
dmt_log.info('Reverse resolve absent from ip address: {0};'.format(ip_addr))
continue
ip.save()
route = Route.objects.get(pk=ip.route_id)
dmt_log.info('ip: {0} has been added to route: {1}, route_id: {2} by user: {3}'.format(
ip.addr, route.name, route.pk, self.request.user.email))
def get_client_ip(request):
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
if x_forwarded_for:
ip = x_forwarded_for.split(',')[-1].strip()
else:
ip = request.META.get('REMOTE_ADDR')
try:
validate_ipv46_address(ip)
except ValidationError:
ip = None
return ip
def get_client_ip(request):
x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
if x_forwarded_for:
ip = x_forwarded_for.split(',')[-1].strip()
else:
ip = request.META.get('REMOTE_ADDR')
try:
validate_ipv46_address(ip)
except ValidationError:
ip = None
return ip
def isValidIP(ip: str):
"""
* Validate IP address\n
* @param string ip\n
* @return boolean
"""
try:
validate_ipv46_address(ip)
except ValidationError:
return False
else:
return True
def InvalidIpList(value):
"""
验证ip,ip是否合法
"""
ips = value.split(",")
try:
for ip in ips:
validate_ipv46_address(ip)
except ValidationError:
raise ValidationError(u"请输入 iplist 如格式: ip1,ip2,ip3")
def clean_entries(self):
validate_unicode(self.cleaned_data['key'], max_length=100)
validate_unicode(self.cleaned_data['key_id'], max_length=100)
validate_unicode(self.cleaned_data['subkey_id'], max_length=100)
data = json.loads(self.cleaned_data['entries'])[0] # [{json=a..}]
if validate_impact((data['impact'])):
data['impact'] = int(data['impact']) # Unicode str number, decimals, etc
validate_ipv46_address(data['ip'])
validate_unicode(data['comment'], max_length=255)
validate_unicode(data['source'], max_length=45)
return data
def validate_hostname(hostname,
reject_ip=True,
supports_cidr_notation=False,
supports_wildcard=False):
"""Validates that ``hostname`` does not contain illegal characters.
In case ``hostname`` is not validated a ``ValidationError`` is raised.
PowerDNS expects to find FQDN hostnames, so if the hostname ends with a dot,
it is rejected.
By default, the valid hostname characters are:
A-Za-z0-9._-
The pattern above allows the hostname to be an IP address (IPv4). By default,
if hostname validates as an IP address, it is rejected. To allow IP addresses
as hostnames, set ``reject_ip`` to False when calling this validator.
If ``supports_cidr_notation`` is True, then ``/`` is allowed too.
If ``supports_wildcard`` is True, then ``*`` is allowed too, unless
the ``PDNS_ALLOW_WILDCARD_NAMES`` has been set to False (default is True).
"""
if not hostname:
return
if hostname.endswith('.'):
raise ValidationError(
'PowerDNS expects to find FQDN hostnames without trailing dot')
if reject_ip:
# Check if hostname is an IP and reject it if it is.
try:
validate_ipv46_address(hostname)
except ValidationError:
pass
else:
raise ValidationError('IP addresses cannot be used as hostnames')
valid_sequence = 'A-Za-z0-9._\-' # dash needs to be escaped
if supports_cidr_notation:
valid_sequence = '%s/' % valid_sequence
if supports_wildcard:
if settings.PDNS_ALLOW_WILDCARD_NAMES:
valid_sequence = '%s*' % valid_sequence
if not re.match('^[%s]+$' % valid_sequence, hostname):
raise ValidationError('The hostname contains illegal characters')
def mass_contact(ip_address=None, category=None, campaign_name=None, email_subject=None, email_body=None, user_id=None):
"""
Try to identify customer based on `ip_address`, creates Cerberus ticket
then send email to customer and finally close ticket.
The use case is: a trusted provider sent you a list of vulnerable DNS servers (DrDOS amp) for example.
To prevent abuse on your network, you notify customer of this vulnerability.
:param str ip_address: The IP address
:param str category: The category of the abuse
:param str campaign_name: The name if the "mass-conctact" campaign
:param str email_subject: The subject of the email to send to defendant
:param str email_body: The body of the email to send to defendant
:param int user_id: The id of the Cerberus `abuse.models.User` who created the campaign
"""
# Check params
_, _, _, values = inspect.getargvalues(inspect.currentframe())
if not all(values.values()):
Logger.error(unicode('invalid parameters submitted %s' % str(values)))
return
try:
validate_ipv46_address(ip_address)
except (TypeError, ValidationError):
Logger.error(unicode('invalid ip addresses submitted'))
return
# Get Django model objects
try:
category = Category.objects.get(name=category)
user = User.objects.get(id=user_id)
except (AttributeError, ObjectDoesNotExist, TypeError):
Logger.error(unicode('invalid user or category'))
return
# Identify service for ip_address
try:
services = ImplementationFactory.instance.get_singleton_of('CustomerDaoBase').get_services_from_items(ips=[ip_address])
schema.valid_adapter_response('CustomerDaoBase', 'get_services_from_items', services)
except CustomerDaoException as ex:
Logger.error(unicode('Exception while identifying defendants for ip %s -> %s ' % (ip_address, str(ex))))
raise CustomerDaoException(ex)
# Create report/ticket
if services:
Logger.debug(unicode('creating report/ticket for ip address %s' % (ip_address)))
with pglocks.advisory_lock('cerberus_lock'):
__create_contact_tickets(services, campaign_name, ip_address, category, email_subject, email_body, user)
return True
else:
Logger.debug(unicode('no service found for ip address %s' % (ip_address)))
return False
def viewtrack(request, instance):
if viewtrack_task is None:
raise Exception("You must install celery to use this templatetag")
''' Like above, except it fires off a task which upticks the views
(for those that need it super-fast). Also takes into consideration IP address
to eliminate refresh-duplications
'''
ct = ContentType.objects.get_for_model(instance)
ip = request.META.get('HTTP_X_FORWARDED_FOR') or request.META.get('REMOTE_ADDR')
if len(ip.split(",")) > 1:
ip = ip.split(",")[-1].strip()
validate_ipv46_address(ip)
viewtrack_task.apply_async(args=[ct.pk, instance.pk, ip])
def lookup_country_code_from_ip(cls, ip):
try:
# Early check to avoid initializing GeoIP2 on invalid addresses
if not ip:
raise forms.ValidationError('No IP')
validate_ipv46_address(ip)
geoip = GeoIP2()
value = geoip.country_code(ip)
# Annoyingly, we have to catch both django's GeoIP2Exception (setup
# issue) and geoip2's GeoIP2Error (lookup issue)
except (forms.ValidationError, GeoIP2Exception, GeoIP2Error):
value = ''
return value
def lookup_country_code_from_ip(cls, ip):
try:
# Early check to avoid initializing GeoIP2 on invalid addresses
if not ip:
raise forms.ValidationError('No IP')
validate_ipv46_address(ip)
geoip = GeoIP2()
value = geoip.country_code(ip)
# Annoyingly, we have to catch both django's GeoIP2Exception (setup
# issue) and geoip2's GeoIP2Error (lookup issue)
except (forms.ValidationError, GeoIP2Exception, GeoIP2Error):
value = ''
return value
def is_valid_ipaddr(ip_addr):
"""
Check if the `ip_addr` is a valid ipv4
:param str ip_str: The IP address
:rtype: bool
:returns: If the ip_addr is valid
"""
try:
validate_ipv46_address(ip_addr)
return True
except ValidationError:
return False
def validate_hostname(hostname,
reject_ip=True, supports_cidr_notation=False, supports_wildcard=False):
"""Validates that ``hostname`` does not contain illegal characters.
In case ``hostname`` is not validated a ``ValidationError`` is raised.
PowerDNS expects to find FQDN hostnames, so if the hostname ends with a dot,
it is rejected.
By default, the valid hostname characters are:
A-Za-z0-9._-
The pattern above allows the hostname to be an IP address (IPv4). By default,
if hostname validates as an IP address, it is rejected. To allow IP addresses
as hostnames, set ``reject_ip`` to False when calling this validator.
If ``supports_cidr_notation`` is True, then ``/`` is allowed too.
If ``supports_wildcard`` is True, then ``*`` is allowed too, unless
the ``PDNS_ALLOW_WILDCARD_NAMES`` has been set to False (default is True).
"""
if not hostname:
return
if hostname.endswith('.'):
raise ValidationError('PowerDNS expects to find FQDN hostnames without trailing dot')
if reject_ip:
# Check if hostname is an IP and reject it if it is.
try:
validate_ipv46_address(hostname)
except ValidationError:
pass
else:
raise ValidationError('IP addresses cannot be used as hostnames')
valid_sequence = 'A-Za-z0-9._\-' # dash needs to be escaped
if supports_cidr_notation:
valid_sequence = '%s/' % valid_sequence
if supports_wildcard:
if settings.PDNS_ALLOW_WILDCARD_NAMES:
valid_sequence = '%s*' % valid_sequence
if not re.match('^[%s]+$' % valid_sequence, hostname):
raise ValidationError('The hostname contains illegal characters')
def get_reverses_for_item(item, nature='IP', replace_exception=False):
"""
Try to get reverses infos for given item
:param str item: Can be an IP address, a URL or a FQDN
:param str nature: The nature of the item
:param bool replace_exception: Replace socket error by NXDOMAIN or TIMEOUT
:rtype: dict
:returns: a dict containing reverse infos
"""
hostname = None
reverses = {}
if nature == 'IP':
reverses['ip'] = item
try:
validate_ipv46_address(item)
reverses['ipReverse'] = socket.gethostbyaddr(item)[0]
reverses['ipReverseResolved'] = socket.gethostbyname(reverses['ipReverse'])
except (IndexError, socket.error, socket.gaierror, socket.herror, socket.timeout, TypeError, ValidationError):
pass
elif nature == 'URL':
reverses['url'] = item
parsed = urlparse(item)
if parsed.hostname:
hostname = parsed.hostname
else:
reverses['fqdn'] = item
hostname = item
if hostname:
try:
reverses['fqdn'] = hostname
reverses['fqdnResolved'] = socket.gethostbyname(hostname)
reverses['fqdnResolvedReverse'] = socket.gethostbyaddr(reverses['fqdnResolved'])[0]
except socket.gaierror as ex:
if replace_exception:
try:
reverses['fqdnResolved'] = DNS_ERROR[str(ex.args[0])]
except KeyError:
reverses['fqdnResolved'] = 'NXDOMAIN'
except (socket.error, socket.timeout, socket.herror):
if replace_exception:
reverses['fqdnResolved'] = 'TIMEOUT'
except (IndexError, TypeError):
pass
return reverses
def get_ip_from_request(request):
headers = (
'HTTP_X_REAL_IP',
'REMOTE_ADDR',
)
for header in headers:
ip = request.META.get(header)
if ip:
try:
validate_ipv46_address(ip)
return ip
except ValidationError:
pass
return None
def clean_ip_address(self):
ip_address = self.cleaned_data.get('ip_address', '')
network_or_ip = self.cleaned_data.get('network_or_ip', '')
address_type = self.cleaned_data.get('address_type', '')
current_addresses = list(self.instance.ip_addresses)
# If this is a dynamic address type, then bypass
if address_type and address_type.pk not in self.address_types_with_ranges_or_default:
return ip_address
elif ip_address in current_addresses:
return ip_address
if network_or_ip and network_or_ip == '1':
if not ip_address:
raise ValidationError('This field is required.')
elif ip_address:
# Make sure this is valid.
validate_ipv46_address(ip_address)
user_pools = get_objects_for_user(
self.user,
['network.add_records_to_pool', 'network.change_pool'],
any_perm=True
)
user_nets = get_objects_for_user(
self.user,
['network.add_records_to_network', 'network.is_owner_network', 'network.change_network'],
any_perm=True
)
# Check address that are assigned and free to use
addresses = [str(address) for address in Address.objects.filter(
Q(pool__in=user_pools) | Q(pool__isnull=True) | Q(network__in=user_nets),
Q(leases__isnull=True) | Q(leases__abandoned=True) | Q(leases__ends__lte=timezone.now()) | Q(leases__host=self.instance),
Q(host__isnull=True) | Q(host=self.instance),
address=ip_address,
reserved=False
)]
if ip_address not in addresses:
raise ValidationError("The IP Address '%s' is reserved, in use, or not allowed." % ip_address)
else:
# Clear values
ip_address = ''
return ip_address
def is_valid_ip(ip_address):
"""Returns whether IP address is both valid AND, per RFC 1918, not reserved as
private"""
try:
validate_ipv46_address(ip_address)
except ValidationError:
return False
PRIVATE_IPS_PREFIX = (
'10.',
'172.16.', '172.17.', '172.18.', '172.19.', '172.20.', '172.21.',
'172.22.', '172.23.', '172.24.', '172.25.', '172.26.', '172.27.',
'172.28.', '172.29.', '172.30.', '172.31.',
'192.168.',
'127.',
)
return not ip_address.startswith(PRIVATE_IPS_PREFIX)
def validateForm(self, user_id, pwd, ip, destination):
'''
This will validate the submitted form for a initial check before calling web service,
so initially if any error found, it will stop the process.
@param user_id: User Id of the user it may be email/ mobile number.
@param pwd: Password entered by the user.
@param ip: IP address of the user.
@param destination: Destination URL, which might be wrong while calling
'''
# step 1- URL validator
key, msg, sug = '','','';
try:
url_validate = URLValidator();
url_validate(destination);
except ValidationError:
log.error('Destination URL %s , user trying to access is not valid', destination);
msg += 'You have modified original End point URL.\n';
sug += 'We are working fine, Thanks for your Time to test.\n'
# Step 2- Validate password
if not pwd:
log.info('User Entered Password is not correct');
key += 'pwd, ';
msg += 'Password is not valid. \n';
sug += 'Please Enter a valid password. \n'
# Step 3- Validate User_id
if not self.isValideUserId(user_id):
log.info('User Entered User Id is not correct');
key += 'user_id, ';
msg += 'User Id is not valid. \n';
sug += 'Please Enter a valid User Id. \n'
# Step 4- Validate IP
try:
validate_ipv46_address(ip);
except ValidationError:
log.error('IP Address %s of the user is not valid', ip);
msg += 'OOps Something went wrong. \n';
sug += 'Currently we are not able to determine your system details, please try after some time. \n'
key = key.rstrip(', ') if key else None
msg = key.rstrip('\n') if msg else None
sug = key.rstrip('\n') if sug else None
return LoginHelper().buildValidationDic(key, msg, sug);
def test_filling_IPAddressField(self):
try:
from test.generic.models import DummyGenericIPAddressFieldModel as IPModel
except ImportError:
from test.generic.models import DummyIPAddressFieldModel as IPModel
obj = mommy.make(IPModel)
field = IPModel._meta.get_field('ipv4_field')
self.assertIsInstance(field, GenericIPAddressField)
self.assertIsInstance(obj.ipv4_field, string_types)
validate_ipv4_address(obj.ipv4_field)
if hasattr(obj, 'ipv6_field'):
self.assertIsInstance(obj.ipv6_field, string_types)
self.assertIsInstance(obj.ipv46_field, string_types)
validate_ipv6_address(obj.ipv6_field)
validate_ipv46_address(obj.ipv46_field)