Sha256: 5ad7a1873afcb8c18aabba041e9c57e794fe7e6148fac2df052cbb4cddd531d6
Contents?: true
Size: 1.68 KB
Versions: 32
Compression:
Stored size: 1.68 KB
Contents
# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.io/terms.html
require 'sqreen/trie'
require 'sqreen/rule_callback'
module Sqreen
module Rules
# Looks for a blacklisted ip and block
class BlacklistIPsCB < RuleCB
def initialize(klass, method, rule_hash)
super(klass, method, rule_hash)
@trie_v4 = Sqreen::Trie.new
@trie_v6 = Sqreen::Trie.new(nil, nil, Socket::AF_INET6)
insert_values(@data['values'])
end
def pre(_inst, _args, _budget = nil, &_block)
return unless framework
ip = framework.client_ip
return unless ip
found = find_blacklisted_ip(ip)
return unless found
Sqreen.log.debug { "Found blacklisted IP #{ip} - found: #{found}" }
record_observation('blacklisted', found, 1)
advise_action(:raise, :skip_rem_cbs => true)
end
private
def insert_values(ranges)
Sqreen.log.info 'no ips given for IP blacklisting' if ranges.empty?
ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix|
trie_for(prefix).insert prefix
end
end
def trie_for(prefix)
prefix.family == Socket::AF_INET6 ? @trie_v6 : @trie_v4
end
# Is this a blacklisted ip?
# return the ip blacklisted range that match ip
def find_blacklisted_ip(rip)
begin
ipa = IPAddr.new(rip)
rescue
Sqreen.log.info "invalid IP address given by framework: #{rip}"
return nil
end
range = trie_for(ipa).search_best(ipa.to_i, ipa.family)
return nil unless range
range.data
end
end
end
end
Version data entries
32 entries across 32 versions & 1 rubygems