def isWhitelisted(self, conn, indicatorType, indicator): """Return whether or not the indicator of type indicatorType is whitelisted by this whitelist. If the indicator is a single address, it is whitelisted if it is included in any CIDR. If the indicator is a network spec, it is whitelisted if all of the addresses it represents are included in any CIDR """ sn = IPNetwork(indicator) minip = sn.first maxip = sn.last c = conn.cursor() c.execute( "select cidr,minip,maxip from ipv4sn where ? between minip and maxip or ? between minip and maxip order by minip", (minip, maxip)) ipset = None rec = c.fetchone() # create a set of all ips contained network specs that contain the min and max ip specified by the indicator while (rec != None): if (ipset == None): ipset = IPSet(IPNetwork(rec[0])) else: ipset = ipset | IPSet(IPNetwork(rec[0])) rec = c.fetchone() # if the resulting set is empty, the indicator is not whitelisted if (ipset == None): return False # if the set of IPs represented by the indicator is a subset of the IPs set created above, then it is whitelisted ips = IPSet(sn) if (ips.issubset(ipset)): rv = True else: rv = False c.close() return rv
def isWhitelisted(self,conn,indicatorType,indicator): """Return whether or not the indicator of type indicatorType is whitelisted by this whitelist. If the indicator is a single address, it is whitelisted if it is included in any CIDR. If the indicator is a network spec, it is whitelisted if all of the addresses it represents are included in any CIDR """ sn=IPNetwork(indicator) minip=sn.first maxip=sn.last c=conn.cursor() c.execute("select cidr,minip,maxip from ipv4sn where ? between minip and maxip or ? between minip and maxip order by minip",(minip,maxip)) ipset=None rec=c.fetchone() # create a set of all ips contained network specs that contain the min and max ip specified by the indicator while (rec != None): if(ipset==None): ipset = IPSet(IPNetwork(rec[0])) else: ipset = ipset | IPSet(IPNetwork(rec[0])) rec=c.fetchone() # if the resulting set is empty, the indicator is not whitelisted if(ipset == None): return False # if the set of IPs represented by the indicator is a subset of the IPs set created above, then it is whitelisted ips=IPSet(sn) if(ips.issubset(ipset)): rv=True else: rv=False c.close() return rv
def test_ipset_supersets_and_subsets(): s1 = IPSet(['192.0.2.0/24', '192.0.4.0/24']) s2 = IPSet(['192.0.2.0', '192.0.4.0']) assert s1.issuperset(s2) assert s2.issubset(s1) assert not s2.issuperset(s1) assert not s1.issubset(s2) ipv4_addr_space = IPSet(['0.0.0.0/0']) private = IPSet([ '10.0.0.0/8', '172.16.0.0/12', '192.0.2.0/24', '192.168.0.0/16', '239.192.0.0/14' ]) reserved = IPSet([ '225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6', '234.0.0.0/7', '236.0.0.0/7', '238.0.0.0/8', '240.0.0.0/4' ]) unavailable = reserved | private available = ipv4_addr_space ^ unavailable assert [ tuple(map(str, (cidr, cidr[0], cidr[-1]))) for cidr in available.iter_cidrs() ] == [ ('0.0.0.0/5', '0.0.0.0', '7.255.255.255'), ('8.0.0.0/7', '8.0.0.0', '9.255.255.255'), ('11.0.0.0/8', '11.0.0.0', '11.255.255.255'), ('12.0.0.0/6', '12.0.0.0', '15.255.255.255'), ('16.0.0.0/4', '16.0.0.0', '31.255.255.255'), ('32.0.0.0/3', '32.0.0.0', '63.255.255.255'), ('64.0.0.0/2', '64.0.0.0', '127.255.255.255'), ('128.0.0.0/3', '128.0.0.0', '159.255.255.255'), ('160.0.0.0/5', '160.0.0.0', '167.255.255.255'), ('168.0.0.0/6', '168.0.0.0', '171.255.255.255'), ('172.0.0.0/12', '172.0.0.0', '172.15.255.255'), ('172.32.0.0/11', '172.32.0.0', '172.63.255.255'), ('172.64.0.0/10', '172.64.0.0', '172.127.255.255'), ('172.128.0.0/9', '172.128.0.0', '172.255.255.255'), ('173.0.0.0/8', '173.0.0.0', '173.255.255.255'), ('174.0.0.0/7', '174.0.0.0', '175.255.255.255'), ('176.0.0.0/4', '176.0.0.0', '191.255.255.255'), ('192.0.0.0/23', '192.0.0.0', '192.0.1.255'), ('192.0.3.0/24', '192.0.3.0', '192.0.3.255'), ('192.0.4.0/22', '192.0.4.0', '192.0.7.255'), ('192.0.8.0/21', '192.0.8.0', '192.0.15.255'), ('192.0.16.0/20', '192.0.16.0', '192.0.31.255'), ('192.0.32.0/19', '192.0.32.0', '192.0.63.255'), ('192.0.64.0/18', '192.0.64.0', '192.0.127.255'), ('192.0.128.0/17', '192.0.128.0', '192.0.255.255'), ('192.1.0.0/16', '192.1.0.0', '192.1.255.255'), ('192.2.0.0/15', '192.2.0.0', '192.3.255.255'), ('192.4.0.0/14', '192.4.0.0', '192.7.255.255'), ('192.8.0.0/13', '192.8.0.0', '192.15.255.255'), ('192.16.0.0/12', '192.16.0.0', '192.31.255.255'), ('192.32.0.0/11', '192.32.0.0', '192.63.255.255'), ('192.64.0.0/10', '192.64.0.0', '192.127.255.255'), ('192.128.0.0/11', '192.128.0.0', '192.159.255.255'), ('192.160.0.0/13', '192.160.0.0', '192.167.255.255'), ('192.169.0.0/16', '192.169.0.0', '192.169.255.255'), ('192.170.0.0/15', '192.170.0.0', '192.171.255.255'), ('192.172.0.0/14', '192.172.0.0', '192.175.255.255'), ('192.176.0.0/12', '192.176.0.0', '192.191.255.255'), ('192.192.0.0/10', '192.192.0.0', '192.255.255.255'), ('193.0.0.0/8', '193.0.0.0', '193.255.255.255'), ('194.0.0.0/7', '194.0.0.0', '195.255.255.255'), ('196.0.0.0/6', '196.0.0.0', '199.255.255.255'), ('200.0.0.0/5', '200.0.0.0', '207.255.255.255'), ('208.0.0.0/4', '208.0.0.0', '223.255.255.255'), ('224.0.0.0/8', '224.0.0.0', '224.255.255.255'), ('232.0.0.0/7', '232.0.0.0', '233.255.255.255'), ('239.0.0.0/9', '239.0.0.0', '239.127.255.255'), ('239.128.0.0/10', '239.128.0.0', '239.191.255.255'), ('239.196.0.0/14', '239.196.0.0', '239.199.255.255'), ('239.200.0.0/13', '239.200.0.0', '239.207.255.255'), ('239.208.0.0/12', '239.208.0.0', '239.223.255.255'), ('239.224.0.0/11', '239.224.0.0', '239.255.255.255'), ] assert ipv4_addr_space ^ available == IPSet([ '10.0.0.0/8', '172.16.0.0/12', '192.0.2.0/24', '192.168.0.0/16', '225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6', '234.0.0.0/7', '236.0.0.0/7', '238.0.0.0/8', '239.192.0.0/14', '240.0.0.0/4', ])
def test_ipset_supersets_and_subsets(): s1 = IPSet(['192.0.2.0/24', '192.0.4.0/24']) s2 = IPSet(['192.0.2.0', '192.0.4.0']) assert s1.issuperset(s2) assert s2.issubset(s1) assert not s2.issuperset(s1) assert not s1.issubset(s2) ipv4_addr_space = IPSet(['0.0.0.0/0']) private = IPSet(['10.0.0.0/8', '172.16.0.0/12', '192.0.2.0/24', '192.168.0.0/16', '239.192.0.0/14']) reserved = IPSet(['225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6', '234.0.0.0/7', '236.0.0.0/7', '238.0.0.0/8', '240.0.0.0/4']) unavailable = reserved | private available = ipv4_addr_space ^ unavailable assert [tuple(map(str, (cidr, cidr[0], cidr[-1]))) for cidr in available.iter_cidrs()] == [ ('0.0.0.0/5', '0.0.0.0', '7.255.255.255'), ('8.0.0.0/7', '8.0.0.0', '9.255.255.255'), ('11.0.0.0/8', '11.0.0.0', '11.255.255.255'), ('12.0.0.0/6', '12.0.0.0', '15.255.255.255'), ('16.0.0.0/4', '16.0.0.0', '31.255.255.255'), ('32.0.0.0/3', '32.0.0.0', '63.255.255.255'), ('64.0.0.0/2', '64.0.0.0', '127.255.255.255'), ('128.0.0.0/3', '128.0.0.0', '159.255.255.255'), ('160.0.0.0/5', '160.0.0.0', '167.255.255.255'), ('168.0.0.0/6', '168.0.0.0', '171.255.255.255'), ('172.0.0.0/12', '172.0.0.0', '172.15.255.255'), ('172.32.0.0/11', '172.32.0.0', '172.63.255.255'), ('172.64.0.0/10', '172.64.0.0', '172.127.255.255'), ('172.128.0.0/9', '172.128.0.0', '172.255.255.255'), ('173.0.0.0/8', '173.0.0.0', '173.255.255.255'), ('174.0.0.0/7', '174.0.0.0', '175.255.255.255'), ('176.0.0.0/4', '176.0.0.0', '191.255.255.255'), ('192.0.0.0/23', '192.0.0.0', '192.0.1.255'), ('192.0.3.0/24', '192.0.3.0', '192.0.3.255'), ('192.0.4.0/22', '192.0.4.0', '192.0.7.255'), ('192.0.8.0/21', '192.0.8.0', '192.0.15.255'), ('192.0.16.0/20', '192.0.16.0', '192.0.31.255'), ('192.0.32.0/19', '192.0.32.0', '192.0.63.255'), ('192.0.64.0/18', '192.0.64.0', '192.0.127.255'), ('192.0.128.0/17', '192.0.128.0', '192.0.255.255'), ('192.1.0.0/16', '192.1.0.0', '192.1.255.255'), ('192.2.0.0/15', '192.2.0.0', '192.3.255.255'), ('192.4.0.0/14', '192.4.0.0', '192.7.255.255'), ('192.8.0.0/13', '192.8.0.0', '192.15.255.255'), ('192.16.0.0/12', '192.16.0.0', '192.31.255.255'), ('192.32.0.0/11', '192.32.0.0', '192.63.255.255'), ('192.64.0.0/10', '192.64.0.0', '192.127.255.255'), ('192.128.0.0/11', '192.128.0.0', '192.159.255.255'), ('192.160.0.0/13', '192.160.0.0', '192.167.255.255'), ('192.169.0.0/16', '192.169.0.0', '192.169.255.255'), ('192.170.0.0/15', '192.170.0.0', '192.171.255.255'), ('192.172.0.0/14', '192.172.0.0', '192.175.255.255'), ('192.176.0.0/12', '192.176.0.0', '192.191.255.255'), ('192.192.0.0/10', '192.192.0.0', '192.255.255.255'), ('193.0.0.0/8', '193.0.0.0', '193.255.255.255'), ('194.0.0.0/7', '194.0.0.0', '195.255.255.255'), ('196.0.0.0/6', '196.0.0.0', '199.255.255.255'), ('200.0.0.0/5', '200.0.0.0', '207.255.255.255'), ('208.0.0.0/4', '208.0.0.0', '223.255.255.255'), ('224.0.0.0/8', '224.0.0.0', '224.255.255.255'), ('232.0.0.0/7', '232.0.0.0', '233.255.255.255'), ('239.0.0.0/9', '239.0.0.0', '239.127.255.255'), ('239.128.0.0/10', '239.128.0.0', '239.191.255.255'), ('239.196.0.0/14', '239.196.0.0', '239.199.255.255'), ('239.200.0.0/13', '239.200.0.0', '239.207.255.255'), ('239.208.0.0/12', '239.208.0.0', '239.223.255.255'), ('239.224.0.0/11', '239.224.0.0', '239.255.255.255'), ] assert ipv4_addr_space ^ available == IPSet([ '10.0.0.0/8', '172.16.0.0/12', '192.0.2.0/24', '192.168.0.0/16', '225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6', '234.0.0.0/7', '236.0.0.0/7', '238.0.0.0/8', '239.192.0.0/14', '240.0.0.0/4', ])