def test_valid_ip():
"""Utils - Valid IP"""
test_ip_valid = '127.0.0.1'
assert_equal(utils.valid_ip(test_ip_valid), True)
test_ip_invalid = 'test [1234]'
assert_equal(utils.valid_ip(test_ip_invalid), False)
def is_excluded_ioc(self, ioc_type, ioc_value):
"""
check if we should bypass IOC lookup for specified IOC
Args:
ioc_type (string): the type of IOC to evaluate (md5, ip, domain)
value (string): the value of IOC to evaluate
Returns:
True if IOC lookup should be bypassed for this value
False if IOC should be looked up
"""
if ioc_type == 'ip':
excluded_networks = self.excluded_iocs.get('ip', set())
# filter out *.amazonaws.com "IP"s
return not valid_ip(ioc_value) or in_network(
ioc_value, excluded_networks)
return ioc_value in self.excluded_iocs.get(ioc_type, set())
def _is_excluded_ioc(self, ioc_type, ioc_value):
"""Determine if we should bypass IOC lookup for specified IOC
Args:
ioc_type (string): Type of IOC to evaluate (md5, ip, domain, etc)
value (string): Value of IOC to evaluate
Returns:
bool: True if IOC lookup should be bypassed for this value, False otherwise
"""
if not (self._excluded_iocs and ioc_type in self._excluded_iocs):
return False
exclusions = self._excluded_iocs[ioc_type]
if ioc_type == 'ip':
# filter out *.amazonaws.com "IP"s
return not valid_ip(ioc_value) or in_network(ioc_value, exclusions)
return ioc_value in exclusions