def test_ipset_with_iprange():
s1 = IPSet(['10.0.0.0/25', '10.0.0.128/25'])
assert s1.iprange() == IPRange('10.0.0.0', '10.0.0.255')
assert s1.iscontiguous()
s1.remove('10.0.0.16')
assert s1 == IPSet([
'10.0.0.0/28', '10.0.0.17/32', '10.0.0.18/31',
'10.0.0.20/30', '10.0.0.24/29', '10.0.0.32/27',
'10.0.0.64/26', '10.0.0.128/25',
])
assert not s1.iscontiguous()
with pytest.raises(ValueError):
s1.iprange()
assert list(s1.iter_ipranges()) == [
IPRange('10.0.0.0', '10.0.0.15'),
IPRange('10.0.0.17', '10.0.0.255'),
]
s2 = IPSet(['0.0.0.0/0'])
assert s2.iscontiguous()
assert s2.iprange() == IPRange('0.0.0.0', '255.255.255.255')
#
s3 = IPSet()
assert s3.iscontiguous()
assert s3.iprange() is None
s4 = IPSet(IPRange('10.0.0.0', '10.0.0.8'))
assert s4.iscontiguous()
def create_event():
"""
Updating event descriptions for an app_sha256. Assuming all IPs are good
untl at least a range of IPs reaches 14 (/28 network block). Once a range
of IPs reaches a total of 14, all other IPs are considered bad. If
multiple ranges of IPs reach 14, this simple processing will not be able to
determine while /28 block is the valid one.
"""
if 'application/octet-stream' in request.headers['Content-Type']:
# Protobuf decoding
event = IpEvent()
event.ParseFromString(request.data)
sha_id = str(event.app_sha256)
ip = str(IPAddress(event.ip))
# Update event description of an existing app_sha256
if sha_id in app_shas:
app_shas[sha_id]['count'] = app_shas[sha_id]['count'] + 1
# Only add if IP is not already in the list
if str(ip) not in app_shas[sha_id]['good_ips']:
app_shas[sha_id]['good_ips'].append(str(ip))
# Create an event description instance for a new app_sha256
else:
app_shas[sha_id] = {'count': 1, 'good_ips': [], 'bad_ips': []}
# Only add if IP is not already in the list
if str(ip) not in app_shas[sha_id]['good_ips']:
app_shas[sha_id]['good_ips'].append(str(ip))
# Combined list of all IPs good and bad
ips = app_shas[sha_id]['good_ips'] + app_shas[sha_id]['bad_ips']
# Convert to a set
ip_set = IPSet(ips)
# Get the minimal number of IP ranges
for ip_range in ip_set.iter_ipranges():
# Does one of te ranges have 14 IP address in it?
if ip_range.size == 14:
# Thas is now our good /28 block of IP addresses
good_range = ip_range
app_shas[sha_id]['good_ips'] = []
for ip in ip_set:
# Populate good_ips with the range of 14 'good' IP addresses
if ip in good_range:
if str(ip) not in app_shas[sha_id]['good_ips']:
app_shas[sha_id]['good_ips'].append(str(ip))
# Put the rest of IP addresses in bad_ips
else:
if str(ip) not in app_shas[sha_id]['bad_ips']:
app_shas[sha_id]['bad_ips'].append(str(ip))
return 'Received event...'
else:
abort(400)
def test_ipset_with_iprange():
s1 = IPSet(['10.0.0.0/25', '10.0.0.128/25'])
assert s1.iprange() == IPRange('10.0.0.0', '10.0.0.255')
assert s1.iscontiguous()
s1.remove('10.0.0.16')
assert s1 == IPSet([
'10.0.0.0/28',
'10.0.0.17/32',
'10.0.0.18/31',
'10.0.0.20/30',
'10.0.0.24/29',
'10.0.0.32/27',
'10.0.0.64/26',
'10.0.0.128/25',
])
assert not s1.iscontiguous()
with pytest.raises(ValueError):
s1.iprange()
assert list(s1.iter_ipranges()) == [
IPRange('10.0.0.0', '10.0.0.15'),
IPRange('10.0.0.17', '10.0.0.255'),
]
s2 = IPSet(['0.0.0.0/0'])
assert s2.iscontiguous()
assert s2.iprange() == IPRange('0.0.0.0', '255.255.255.255')
#
s3 = IPSet()
assert s3.iscontiguous()
assert s3.iprange() is None
s4 = IPSet(IPRange('10.0.0.0', '10.0.0.8'))
assert s4.iscontiguous()
