def isWhitelisted(self, conn, indicatorType, indicator):
"""Return whether or not the indicator of type indicatorType is whitelisted by this whitelist.
If the indicator is a single address, it is whitelisted if it is included in any CIDR.
If the indicator is a network spec, it is whitelisted if all of the addresses it represents are included in any CIDR
"""
sn = IPNetwork(indicator)
minip = sn.first
maxip = sn.last
c = conn.cursor()
c.execute(
"select cidr,minip,maxip from ipv4sn where ? between minip and maxip or ? between minip and maxip order by minip",
(minip, maxip))
ipset = None
rec = c.fetchone()
# create a set of all ips contained network specs that contain the min and max ip specified by the indicator
while (rec != None):
if (ipset == None):
ipset = IPSet(IPNetwork(rec[0]))
else:
ipset = ipset | IPSet(IPNetwork(rec[0]))
rec = c.fetchone()
# if the resulting set is empty, the indicator is not whitelisted
if (ipset == None):
return False
# if the set of IPs represented by the indicator is a subset of the IPs set created above, then it is whitelisted
ips = IPSet(sn)
if (ips.issubset(ipset)):
rv = True
else:
rv = False
c.close()
return rv
def isWhitelisted(self,conn,indicatorType,indicator):
"""Return whether or not the indicator of type indicatorType is whitelisted by this whitelist.
If the indicator is a single address, it is whitelisted if it is included in any CIDR.
If the indicator is a network spec, it is whitelisted if all of the addresses it represents are included in any CIDR
"""
sn=IPNetwork(indicator)
minip=sn.first
maxip=sn.last
c=conn.cursor()
c.execute("select cidr,minip,maxip from ipv4sn where ? between minip and maxip or ? between minip and maxip order by minip",(minip,maxip))
ipset=None
rec=c.fetchone()
# create a set of all ips contained network specs that contain the min and max ip specified by the indicator
while (rec != None):
if(ipset==None):
ipset = IPSet(IPNetwork(rec[0]))
else:
ipset = ipset | IPSet(IPNetwork(rec[0]))
rec=c.fetchone()
# if the resulting set is empty, the indicator is not whitelisted
if(ipset == None):
return False
# if the set of IPs represented by the indicator is a subset of the IPs set created above, then it is whitelisted
ips=IPSet(sn)
if(ips.issubset(ipset)):
rv=True
else:
rv=False
c.close()
return rv
def test_ipset_supersets_and_subsets():
s1 = IPSet(['192.0.2.0/24', '192.0.4.0/24'])
s2 = IPSet(['192.0.2.0', '192.0.4.0'])
assert s1.issuperset(s2)
assert s2.issubset(s1)
assert not s2.issuperset(s1)
assert not s1.issubset(s2)
ipv4_addr_space = IPSet(['0.0.0.0/0'])
private = IPSet([
'10.0.0.0/8', '172.16.0.0/12', '192.0.2.0/24', '192.168.0.0/16',
'239.192.0.0/14'
])
reserved = IPSet([
'225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6', '234.0.0.0/7',
'236.0.0.0/7', '238.0.0.0/8', '240.0.0.0/4'
])
unavailable = reserved | private
available = ipv4_addr_space ^ unavailable
assert [
tuple(map(str, (cidr, cidr[0], cidr[-1])))
for cidr in available.iter_cidrs()
] == [
('0.0.0.0/5', '0.0.0.0', '7.255.255.255'),
('8.0.0.0/7', '8.0.0.0', '9.255.255.255'),
('11.0.0.0/8', '11.0.0.0', '11.255.255.255'),
('12.0.0.0/6', '12.0.0.0', '15.255.255.255'),
('16.0.0.0/4', '16.0.0.0', '31.255.255.255'),
('32.0.0.0/3', '32.0.0.0', '63.255.255.255'),
('64.0.0.0/2', '64.0.0.0', '127.255.255.255'),
('128.0.0.0/3', '128.0.0.0', '159.255.255.255'),
('160.0.0.0/5', '160.0.0.0', '167.255.255.255'),
('168.0.0.0/6', '168.0.0.0', '171.255.255.255'),
('172.0.0.0/12', '172.0.0.0', '172.15.255.255'),
('172.32.0.0/11', '172.32.0.0', '172.63.255.255'),
('172.64.0.0/10', '172.64.0.0', '172.127.255.255'),
('172.128.0.0/9', '172.128.0.0', '172.255.255.255'),
('173.0.0.0/8', '173.0.0.0', '173.255.255.255'),
('174.0.0.0/7', '174.0.0.0', '175.255.255.255'),
('176.0.0.0/4', '176.0.0.0', '191.255.255.255'),
('192.0.0.0/23', '192.0.0.0', '192.0.1.255'),
('192.0.3.0/24', '192.0.3.0', '192.0.3.255'),
('192.0.4.0/22', '192.0.4.0', '192.0.7.255'),
('192.0.8.0/21', '192.0.8.0', '192.0.15.255'),
('192.0.16.0/20', '192.0.16.0', '192.0.31.255'),
('192.0.32.0/19', '192.0.32.0', '192.0.63.255'),
('192.0.64.0/18', '192.0.64.0', '192.0.127.255'),
('192.0.128.0/17', '192.0.128.0', '192.0.255.255'),
('192.1.0.0/16', '192.1.0.0', '192.1.255.255'),
('192.2.0.0/15', '192.2.0.0', '192.3.255.255'),
('192.4.0.0/14', '192.4.0.0', '192.7.255.255'),
('192.8.0.0/13', '192.8.0.0', '192.15.255.255'),
('192.16.0.0/12', '192.16.0.0', '192.31.255.255'),
('192.32.0.0/11', '192.32.0.0', '192.63.255.255'),
('192.64.0.0/10', '192.64.0.0', '192.127.255.255'),
('192.128.0.0/11', '192.128.0.0', '192.159.255.255'),
('192.160.0.0/13', '192.160.0.0', '192.167.255.255'),
('192.169.0.0/16', '192.169.0.0', '192.169.255.255'),
('192.170.0.0/15', '192.170.0.0', '192.171.255.255'),
('192.172.0.0/14', '192.172.0.0', '192.175.255.255'),
('192.176.0.0/12', '192.176.0.0', '192.191.255.255'),
('192.192.0.0/10', '192.192.0.0', '192.255.255.255'),
('193.0.0.0/8', '193.0.0.0', '193.255.255.255'),
('194.0.0.0/7', '194.0.0.0', '195.255.255.255'),
('196.0.0.0/6', '196.0.0.0', '199.255.255.255'),
('200.0.0.0/5', '200.0.0.0', '207.255.255.255'),
('208.0.0.0/4', '208.0.0.0', '223.255.255.255'),
('224.0.0.0/8', '224.0.0.0', '224.255.255.255'),
('232.0.0.0/7', '232.0.0.0', '233.255.255.255'),
('239.0.0.0/9', '239.0.0.0', '239.127.255.255'),
('239.128.0.0/10', '239.128.0.0', '239.191.255.255'),
('239.196.0.0/14', '239.196.0.0', '239.199.255.255'),
('239.200.0.0/13', '239.200.0.0', '239.207.255.255'),
('239.208.0.0/12', '239.208.0.0', '239.223.255.255'),
('239.224.0.0/11', '239.224.0.0', '239.255.255.255'),
]
assert ipv4_addr_space ^ available == IPSet([
'10.0.0.0/8',
'172.16.0.0/12',
'192.0.2.0/24',
'192.168.0.0/16',
'225.0.0.0/8',
'226.0.0.0/7',
'228.0.0.0/6',
'234.0.0.0/7',
'236.0.0.0/7',
'238.0.0.0/8',
'239.192.0.0/14',
'240.0.0.0/4',
])
def test_ipset_supersets_and_subsets():
s1 = IPSet(['192.0.2.0/24', '192.0.4.0/24'])
s2 = IPSet(['192.0.2.0', '192.0.4.0'])
assert s1.issuperset(s2)
assert s2.issubset(s1)
assert not s2.issuperset(s1)
assert not s1.issubset(s2)
ipv4_addr_space = IPSet(['0.0.0.0/0'])
private = IPSet(['10.0.0.0/8', '172.16.0.0/12', '192.0.2.0/24',
'192.168.0.0/16', '239.192.0.0/14'])
reserved = IPSet(['225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6', '234.0.0.0/7',
'236.0.0.0/7', '238.0.0.0/8', '240.0.0.0/4'])
unavailable = reserved | private
available = ipv4_addr_space ^ unavailable
assert [tuple(map(str, (cidr, cidr[0], cidr[-1]))) for cidr in available.iter_cidrs()] == [
('0.0.0.0/5', '0.0.0.0', '7.255.255.255'),
('8.0.0.0/7', '8.0.0.0', '9.255.255.255'),
('11.0.0.0/8', '11.0.0.0', '11.255.255.255'),
('12.0.0.0/6', '12.0.0.0', '15.255.255.255'),
('16.0.0.0/4', '16.0.0.0', '31.255.255.255'),
('32.0.0.0/3', '32.0.0.0', '63.255.255.255'),
('64.0.0.0/2', '64.0.0.0', '127.255.255.255'),
('128.0.0.0/3', '128.0.0.0', '159.255.255.255'),
('160.0.0.0/5', '160.0.0.0', '167.255.255.255'),
('168.0.0.0/6', '168.0.0.0', '171.255.255.255'),
('172.0.0.0/12', '172.0.0.0', '172.15.255.255'),
('172.32.0.0/11', '172.32.0.0', '172.63.255.255'),
('172.64.0.0/10', '172.64.0.0', '172.127.255.255'),
('172.128.0.0/9', '172.128.0.0', '172.255.255.255'),
('173.0.0.0/8', '173.0.0.0', '173.255.255.255'),
('174.0.0.0/7', '174.0.0.0', '175.255.255.255'),
('176.0.0.0/4', '176.0.0.0', '191.255.255.255'),
('192.0.0.0/23', '192.0.0.0', '192.0.1.255'),
('192.0.3.0/24', '192.0.3.0', '192.0.3.255'),
('192.0.4.0/22', '192.0.4.0', '192.0.7.255'),
('192.0.8.0/21', '192.0.8.0', '192.0.15.255'),
('192.0.16.0/20', '192.0.16.0', '192.0.31.255'),
('192.0.32.0/19', '192.0.32.0', '192.0.63.255'),
('192.0.64.0/18', '192.0.64.0', '192.0.127.255'),
('192.0.128.0/17', '192.0.128.0', '192.0.255.255'),
('192.1.0.0/16', '192.1.0.0', '192.1.255.255'),
('192.2.0.0/15', '192.2.0.0', '192.3.255.255'),
('192.4.0.0/14', '192.4.0.0', '192.7.255.255'),
('192.8.0.0/13', '192.8.0.0', '192.15.255.255'),
('192.16.0.0/12', '192.16.0.0', '192.31.255.255'),
('192.32.0.0/11', '192.32.0.0', '192.63.255.255'),
('192.64.0.0/10', '192.64.0.0', '192.127.255.255'),
('192.128.0.0/11', '192.128.0.0', '192.159.255.255'),
('192.160.0.0/13', '192.160.0.0', '192.167.255.255'),
('192.169.0.0/16', '192.169.0.0', '192.169.255.255'),
('192.170.0.0/15', '192.170.0.0', '192.171.255.255'),
('192.172.0.0/14', '192.172.0.0', '192.175.255.255'),
('192.176.0.0/12', '192.176.0.0', '192.191.255.255'),
('192.192.0.0/10', '192.192.0.0', '192.255.255.255'),
('193.0.0.0/8', '193.0.0.0', '193.255.255.255'),
('194.0.0.0/7', '194.0.0.0', '195.255.255.255'),
('196.0.0.0/6', '196.0.0.0', '199.255.255.255'),
('200.0.0.0/5', '200.0.0.0', '207.255.255.255'),
('208.0.0.0/4', '208.0.0.0', '223.255.255.255'),
('224.0.0.0/8', '224.0.0.0', '224.255.255.255'),
('232.0.0.0/7', '232.0.0.0', '233.255.255.255'),
('239.0.0.0/9', '239.0.0.0', '239.127.255.255'),
('239.128.0.0/10', '239.128.0.0', '239.191.255.255'),
('239.196.0.0/14', '239.196.0.0', '239.199.255.255'),
('239.200.0.0/13', '239.200.0.0', '239.207.255.255'),
('239.208.0.0/12', '239.208.0.0', '239.223.255.255'),
('239.224.0.0/11', '239.224.0.0', '239.255.255.255'),
]
assert ipv4_addr_space ^ available == IPSet([
'10.0.0.0/8', '172.16.0.0/12', '192.0.2.0/24', '192.168.0.0/16',
'225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6', '234.0.0.0/7',
'236.0.0.0/7', '238.0.0.0/8', '239.192.0.0/14', '240.0.0.0/4',
])
