def __do_convert_url_pattern(self, result: Result, s: str, is_allow: bool) -> None: t = s is_domain_suffix = True if t.startswith("||"): t = t[2:] is_domain_suffix = True if t.startswith("|"): t = t[1:] is_domain_suffix = False if t.startswith("."): t = t[1:] is_domain_suffix = True t = re.sub(r"^https?://", "", t) t = t.lstrip("*.").rstrip("^/*") ur = urllib.parse.urlparse("http://" + t) if ur.fragment: return if ur.path and not self.ignore_path: return t = ur.netloc t = re.sub(r":\d{2,5}$", "", t) if validators.ipv4(t) or validators.ipv4_cidr(t): result.add(result.ipv4_cidr, t, remove=is_allow) elif validators.ipv6(t) or validators.ipv6_cidr(t): result.add(result.ipv6_cidr, t, remove=is_allow) else: if validators.domain(t) and tld.get_fld( t, fail_silently=True, fix_protocol=True): if is_domain_suffix: result.add(result.domain_suffix, t, remove=is_allow) else: result.add(result.domain, t, remove=is_allow)
def write_privoxy(self, forward: str, proxy: str, file=sys.stdout): out = file if not file: out = sys.stdout print("{+forward-override{forward-%s %s .}}" % (forward, proxy), file=out) for ip in self.ipv4_cidr: if not validators.ipv4_cidr(ip): print("%s" % ip, file=out) for ip in self.ipv6_cidr: if not validators.ipv6_cidr(ip): print("%s" % ip, file=out) x = SortedSet().union(self.domain).union(self.domain_suffix) for d in x: print(".%s" % d, file=out)
def validate_url(value: str) -> bool: if (validatorslib.url(value) or validatorslib.domain(value) or validatorslib.ipv4(value) or validatorslib.ipv6(value) or validatorslib.ipv4_cidr(value) or validatorslib.ipv6_cidr(value) or validatorslib.slug(value)): return True if DOMAIN_PORT_REGEX.match(value): return True return False
def write_surge(self, file=sys.stdout): out = file if not file: out = sys.stdout for dom in self.domain: print("DOMAIN,%s" % dom, file=out) for dom in self.domain_suffix: print("DOMAIN-SUFFIX,%s" % dom, file=out) for ip in self.ipv4_cidr: if validators.ipv4_cidr(ip): print("IP-CIDR,%s,no-resolve" % ip, file=out) else: print("IP-CIDR,%s/32,no-resolve" % ip, file=out) for ip in self.ipv6_cidr: if validators.ipv6_cidr(ip): print("IP-CIDR6,%s,no-resolve" % ip, file=out) else: print("IP-CIDR6,%s/128,no-resolve" % ip, file=out) for url_regex in self.url_regex: print("url-regex: %s" % url_regex)
def update(): myip = request.query.myip myipv6 = request.query.myipv6 myipv6prefix = request.query.myipv6prefix userid, password = request.auth if myip: res = validators.ipv4(myip) if not res: return "Invalid IPv4 address myip={}".format(myip) update_ipv4(userid, myip) if myipv6: res = validators.ipv6(myipv6) if not res: return "Invalid IPv6 address myipv6={}".format(myipv6) update_ipv6(userid, myipv6) if myipv6prefix: res = validators.ipv6_cidr(myipv6prefix) if not res: return "Invalid IPv6 prefix myipv6prefix={}".format(myipv6prefix) update_ipv6prefix(userid, myipv6prefix) return "nothing"
def test_returns_true_on_valid_ipv4_cidr(cidr): assert ipv4_cidr(cidr) assert not ipv6_cidr(cidr)
def run(self, params={}): name = params.get(Input.NAME) value = params.get(Input.ADDRESS) if validators.ipv4_cidr(value) or validators.ipv6_cidr(value): value_type = "CIDR" else: value_type = "RANGE" url = requests.compat.urljoin(self.connection.okta_url, '/api/v1/zones') response = self.connection.session.get(url) zones = response.json() zone = None for search_zone in zones: if search_zone.get("name") == name: zone = search_zone break if not zone: raise PluginException( cause=f"Name {name} does not exist in Okta zones.", assistance="Please enter valid zone name and try again.") zone_id = zone.get("id") gateways = zone.get("gateways", []) if params.get(Input.BLACKLIST_STATE): for gateway in gateways: if self.check_value(gateway, value): raise PluginException( cause= f"The address {value} already exist in provided Okta zone {name}.", assistance= "Please enter an address that is not in the blacklist zone." ) gateways.append({"type": value_type, "value": value}) zone["gateways"] = gateways update_url = requests.compat.urljoin(self.connection.okta_url, f'/api/v1/zones/{zone_id}') else: new_gateways = [] for gateway in gateways: if self.check_value(gateway, value): continue new_gateways.append(gateway) if len(new_gateways) == len(gateways): raise PluginException( cause= f"The address {value} does not exist in provided Okta zone {name}.", assistance= "Please enter an address that is blacklisted and try again." ) else: update_url = requests.compat.urljoin( self.connection.okta_url, f'/api/v1/zones/{zone_id}') zone["gateways"] = new_gateways response = self.connection.session.put(update_url, json=zone) if response.status_code < 200 or response.status_code >= 400: raise PluginException(preset=PluginException.Preset.SERVER_ERROR, data=response.text) return {Output.ZONE_LIST: komand.helper.clean(response.json())}
def test_returns_failed_validation_on_invalid_ipv6_cidr(cidr): assert isinstance(ipv6_cidr(cidr), ValidationFailure)
def run(self, params={}): group_name = params.get(Input.GROUP) device_name = params.get(Input.DEVICE_NAME) virtual_system = params.get(Input.VIRTUAL_SYSTEM) response = self.connection.request.get_address_group( device_name=device_name, virtual_system=virtual_system, group_name=group_name) try: address_objects = response.get("response").get("result").get( "entry").get("static").get("member") except AttributeError: raise PluginException( cause="PAN OS returned an unexpected response.", assistance= f"Could not find group '{group_name}', or group was empty. Check the name, virtual system " f"name, and device name.\nDevice name: {device_name}\nVirtual system: {virtual_system}\n", data=response, ) fqdn_addresses = [] ipv4_addresses = [] ipv6_addresses = [] all_addresses = [] for name in address_objects: object_name = self.get_name(name) response = self.connection.request.get_address_object( device_name=device_name, virtual_system=virtual_system, object_name=object_name) try: address_object = response.get("response").get("result").get( "entry") except AttributeError: raise PluginException( cause="PAN OS returned an unexpected response.", assistance= f"Could not find address object '{name}'. Check the name, virtual system name, and " f"device name.\nDevice name: {device_name}\nVirtual system: {virtual_system}\n", data=response, ) address = "" if address_object.get("fqdn"): address = self.get_name(address_object.get("fqdn")) if address in fqdn_addresses: continue else: fqdn_addresses.append(address) elif address_object.get("ip-netmask"): address = self.get_name(address_object.get("ip-netmask")) if validators.ipv4(address) or validators.ipv4_cidr(address): if address in ipv4_addresses: continue else: ipv4_addresses.append(address) if validators.ipv6(address) or validators.ipv6_cidr(address): if address in ipv6_addresses: continue else: ipv6_addresses.append(address) if address in all_addresses: continue else: all_addresses.append(address) return { Output.SUCCESS: True, Output.FQDN_ADDRESSES: fqdn_addresses, Output.IPV4_ADDRESSES: ipv4_addresses, Output.IPV6_ADDRESSES: ipv6_addresses, Output.ALL_ADDRESSES: all_addresses, }