def test_in_network():
"""Utils - In Network"""
cidrs = {
'10.0.16.0/24',
'10.0.17.0/24'
}
ip_in_cidr = '10.0.16.24'
assert_equal(utils.in_network(ip_in_cidr, cidrs), True)
ip_not_in_cidr = '10.0.15.24'
assert_equal(utils.in_network(ip_not_in_cidr, cidrs), False)
def is_excluded_ioc(self, ioc_type, ioc_value):
"""
check if we should bypass IOC lookup for specified IOC
Args:
ioc_type (string): the type of IOC to evaluate (md5, ip, domain)
value (string): the value of IOC to evaluate
Returns:
True if IOC lookup should be bypassed for this value
False if IOC should be looked up
"""
if ioc_type == 'ip':
excluded_networks = self.excluded_iocs.get('ip', set())
# filter out *.amazonaws.com "IP"s
return not valid_ip(ioc_value) or in_network(
ioc_value, excluded_networks)
return ioc_value in self.excluded_iocs.get(ioc_type, set())
def _is_excluded_ioc(self, ioc_type, ioc_value):
"""Determine if we should bypass IOC lookup for specified IOC
Args:
ioc_type (string): Type of IOC to evaluate (md5, ip, domain, etc)
value (string): Value of IOC to evaluate
Returns:
bool: True if IOC lookup should be bypassed for this value, False otherwise
"""
if not (self._excluded_iocs and ioc_type in self._excluded_iocs):
return False
exclusions = self._excluded_iocs[ioc_type]
if ioc_type == 'ip':
# filter out *.amazonaws.com "IP"s
return not valid_ip(ioc_value) or in_network(ioc_value, exclusions)
return ioc_value in exclusions
def test_in_network_invalid_cidr():
"""Utils - In Network - Invalid CIDR"""
assert_false(utils.in_network('127.0.0.1', {'not a cidr'}))
def test_in_network_invalid_ip():
"""Utils - In Network - Invalid IP"""
assert_false(utils.in_network('a string that is not an ip', {'10.0.100.0/24'}))