def test_in_network(): """Utils - In Network""" cidrs = { '10.0.16.0/24', '10.0.17.0/24' } ip_in_cidr = '10.0.16.24' assert_equal(utils.in_network(ip_in_cidr, cidrs), True) ip_not_in_cidr = '10.0.15.24' assert_equal(utils.in_network(ip_not_in_cidr, cidrs), False)
def is_excluded_ioc(self, ioc_type, ioc_value): """ check if we should bypass IOC lookup for specified IOC Args: ioc_type (string): the type of IOC to evaluate (md5, ip, domain) value (string): the value of IOC to evaluate Returns: True if IOC lookup should be bypassed for this value False if IOC should be looked up """ if ioc_type == 'ip': excluded_networks = self.excluded_iocs.get('ip', set()) # filter out *.amazonaws.com "IP"s return not valid_ip(ioc_value) or in_network( ioc_value, excluded_networks) return ioc_value in self.excluded_iocs.get(ioc_type, set())
def _is_excluded_ioc(self, ioc_type, ioc_value): """Determine if we should bypass IOC lookup for specified IOC Args: ioc_type (string): Type of IOC to evaluate (md5, ip, domain, etc) value (string): Value of IOC to evaluate Returns: bool: True if IOC lookup should be bypassed for this value, False otherwise """ if not (self._excluded_iocs and ioc_type in self._excluded_iocs): return False exclusions = self._excluded_iocs[ioc_type] if ioc_type == 'ip': # filter out *.amazonaws.com "IP"s return not valid_ip(ioc_value) or in_network(ioc_value, exclusions) return ioc_value in exclusions
def test_in_network_invalid_cidr(): """Utils - In Network - Invalid CIDR""" assert_false(utils.in_network('127.0.0.1', {'not a cidr'}))
def test_in_network_invalid_ip(): """Utils - In Network - Invalid IP""" assert_false(utils.in_network('a string that is not an ip', {'10.0.100.0/24'}))