Exemple #1
0
 def __do_convert_url_pattern(self, result: Result, s: str,
                              is_allow: bool) -> None:
     t = s
     is_domain_suffix = True
     if t.startswith("||"):
         t = t[2:]
         is_domain_suffix = True
     if t.startswith("|"):
         t = t[1:]
         is_domain_suffix = False
     if t.startswith("."):
         t = t[1:]
         is_domain_suffix = True
     t = re.sub(r"^https?://", "", t)
     t = t.lstrip("*.").rstrip("^/*")
     ur = urllib.parse.urlparse("http://" + t)
     if ur.fragment:
         return
     if ur.path and not self.ignore_path:
         return
     t = ur.netloc
     t = re.sub(r":\d{2,5}$", "", t)
     if validators.ipv4(t) or validators.ipv4_cidr(t):
         result.add(result.ipv4_cidr, t, remove=is_allow)
     elif validators.ipv6(t) or validators.ipv6_cidr(t):
         result.add(result.ipv6_cidr, t, remove=is_allow)
     else:
         if validators.domain(t) and tld.get_fld(
                 t, fail_silently=True, fix_protocol=True):
             if is_domain_suffix:
                 result.add(result.domain_suffix, t, remove=is_allow)
             else:
                 result.add(result.domain, t, remove=is_allow)
Exemple #2
0
 def write_privoxy(self, forward: str, proxy: str, file=sys.stdout):
     out = file
     if not file: out = sys.stdout
     print("{+forward-override{forward-%s %s .}}" % (forward, proxy), file=out)
     for ip in self.ipv4_cidr:
         if not validators.ipv4_cidr(ip):
             print("%s" % ip, file=out)
     for ip in self.ipv6_cidr:
         if not validators.ipv6_cidr(ip):
             print("%s" % ip, file=out)
     x = SortedSet().union(self.domain).union(self.domain_suffix)
     for d in x:
         print(".%s" % d, file=out)
Exemple #3
0
def validate_url(value: str) -> bool:
  if (validatorslib.url(value) or 
    validatorslib.domain(value) or 
    validatorslib.ipv4(value) or 
    validatorslib.ipv6(value) or
    validatorslib.ipv4_cidr(value) or
    validatorslib.ipv6_cidr(value) or
    validatorslib.slug(value)):
    return True
  
  if DOMAIN_PORT_REGEX.match(value):
    return True

  return False
Exemple #4
0
 def write_surge(self, file=sys.stdout):
     out = file
     if not file: out = sys.stdout
     for dom in self.domain:
         print("DOMAIN,%s" % dom, file=out)
     for dom in self.domain_suffix:
         print("DOMAIN-SUFFIX,%s" % dom, file=out)
     for ip in self.ipv4_cidr:
         if validators.ipv4_cidr(ip):
             print("IP-CIDR,%s,no-resolve" % ip, file=out)
         else:
             print("IP-CIDR,%s/32,no-resolve" % ip, file=out)
     for ip in self.ipv6_cidr:
         if validators.ipv6_cidr(ip):
             print("IP-CIDR6,%s,no-resolve" % ip, file=out)
         else:
             print("IP-CIDR6,%s/128,no-resolve" % ip, file=out)
     for url_regex in self.url_regex:
         print("url-regex: %s" % url_regex)
def update():
    myip = request.query.myip
    myipv6 = request.query.myipv6
    myipv6prefix = request.query.myipv6prefix
    userid, password = request.auth
    if myip:
        res = validators.ipv4(myip)
        if not res:
            return "Invalid IPv4 address myip={}".format(myip)
        update_ipv4(userid, myip)
    if myipv6:
        res = validators.ipv6(myipv6)
        if not res:
            return "Invalid IPv6 address myipv6={}".format(myipv6)
        update_ipv6(userid, myipv6)
    if myipv6prefix:
        res = validators.ipv6_cidr(myipv6prefix)
        if not res:
            return "Invalid IPv6 prefix myipv6prefix={}".format(myipv6prefix)
        update_ipv6prefix(userid, myipv6prefix)
    return "nothing"
Exemple #6
0
def test_returns_true_on_valid_ipv4_cidr(cidr):
    assert ipv4_cidr(cidr)
    assert not ipv6_cidr(cidr)
Exemple #7
0
    def run(self, params={}):
        name = params.get(Input.NAME)
        value = params.get(Input.ADDRESS)

        if validators.ipv4_cidr(value) or validators.ipv6_cidr(value):
            value_type = "CIDR"
        else:
            value_type = "RANGE"

        url = requests.compat.urljoin(self.connection.okta_url,
                                      '/api/v1/zones')

        response = self.connection.session.get(url)
        zones = response.json()
        zone = None
        for search_zone in zones:
            if search_zone.get("name") == name:
                zone = search_zone
                break

        if not zone:
            raise PluginException(
                cause=f"Name {name} does not exist in Okta zones.",
                assistance="Please enter valid zone name and try again.")

        zone_id = zone.get("id")
        gateways = zone.get("gateways", [])
        if params.get(Input.BLACKLIST_STATE):
            for gateway in gateways:
                if self.check_value(gateway, value):
                    raise PluginException(
                        cause=
                        f"The address {value} already exist in provided Okta zone {name}.",
                        assistance=
                        "Please enter an address that is not in the blacklist zone."
                    )

            gateways.append({"type": value_type, "value": value})
            zone["gateways"] = gateways

            update_url = requests.compat.urljoin(self.connection.okta_url,
                                                 f'/api/v1/zones/{zone_id}')
        else:
            new_gateways = []
            for gateway in gateways:
                if self.check_value(gateway, value):
                    continue

                new_gateways.append(gateway)

            if len(new_gateways) == len(gateways):
                raise PluginException(
                    cause=
                    f"The address {value} does not exist in provided Okta zone {name}.",
                    assistance=
                    "Please enter an address that is blacklisted and try again."
                )
            else:
                update_url = requests.compat.urljoin(
                    self.connection.okta_url, f'/api/v1/zones/{zone_id}')
                zone["gateways"] = new_gateways

        response = self.connection.session.put(update_url, json=zone)
        if response.status_code < 200 or response.status_code >= 400:
            raise PluginException(preset=PluginException.Preset.SERVER_ERROR,
                                  data=response.text)

        return {Output.ZONE_LIST: komand.helper.clean(response.json())}
Exemple #8
0
def test_returns_failed_validation_on_invalid_ipv6_cidr(cidr):
    assert isinstance(ipv6_cidr(cidr), ValidationFailure)
Exemple #9
0
    def run(self, params={}):
        group_name = params.get(Input.GROUP)
        device_name = params.get(Input.DEVICE_NAME)
        virtual_system = params.get(Input.VIRTUAL_SYSTEM)

        response = self.connection.request.get_address_group(
            device_name=device_name,
            virtual_system=virtual_system,
            group_name=group_name)

        try:
            address_objects = response.get("response").get("result").get(
                "entry").get("static").get("member")
        except AttributeError:
            raise PluginException(
                cause="PAN OS returned an unexpected response.",
                assistance=
                f"Could not find group '{group_name}', or group was empty. Check the name, virtual system "
                f"name, and device name.\nDevice name: {device_name}\nVirtual system: {virtual_system}\n",
                data=response,
            )

        fqdn_addresses = []
        ipv4_addresses = []
        ipv6_addresses = []
        all_addresses = []

        for name in address_objects:
            object_name = self.get_name(name)
            response = self.connection.request.get_address_object(
                device_name=device_name,
                virtual_system=virtual_system,
                object_name=object_name)
            try:
                address_object = response.get("response").get("result").get(
                    "entry")
            except AttributeError:
                raise PluginException(
                    cause="PAN OS returned an unexpected response.",
                    assistance=
                    f"Could not find address object '{name}'. Check the name, virtual system name, and "
                    f"device name.\nDevice name: {device_name}\nVirtual system: {virtual_system}\n",
                    data=response,
                )
            address = ""
            if address_object.get("fqdn"):
                address = self.get_name(address_object.get("fqdn"))
                if address in fqdn_addresses:
                    continue
                else:
                    fqdn_addresses.append(address)
            elif address_object.get("ip-netmask"):
                address = self.get_name(address_object.get("ip-netmask"))
                if validators.ipv4(address) or validators.ipv4_cidr(address):
                    if address in ipv4_addresses:
                        continue
                    else:
                        ipv4_addresses.append(address)
                if validators.ipv6(address) or validators.ipv6_cidr(address):
                    if address in ipv6_addresses:
                        continue
                    else:
                        ipv6_addresses.append(address)
            if address in all_addresses:
                continue
            else:
                all_addresses.append(address)

        return {
            Output.SUCCESS: True,
            Output.FQDN_ADDRESSES: fqdn_addresses,
            Output.IPV4_ADDRESSES: ipv4_addresses,
            Output.IPV6_ADDRESSES: ipv6_addresses,
            Output.ALL_ADDRESSES: all_addresses,
        }