Sha256: 8286cf5a6b14e405a797549629e8bf0a154154a237c58bc33c7a780758d689c2
Contents?: true
Size: 1.74 KB
Versions: 21
Compression:
Stored size: 1.74 KB
Contents
# typed: ignore
# Copyright (c) 2015 Sqreen. All Rights Reserved.
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
require 'sqreen/trie'
require 'sqreen/prefix'
require 'sqreen/rules/rule_cb'
module Sqreen
module Rules
# Looks for a blacklisted ip and block
class BlacklistIPsCB < RuleCB
def initialize(klass, method, rule_hash)
super(klass, method, rule_hash)
@trie_v4 = Sqreen::Trie.new
@trie_v6 = Sqreen::Trie.new(nil, nil, Socket::AF_INET6)
insert_values(@data['values'])
end
def pre(_inst, _args, _budget = nil, &_block)
return unless framework
ip = framework.client_ip
return unless ip
found = find_blacklisted_ip(ip)
return unless found
Sqreen.log.debug { "Found blacklisted IP #{ip} - found: #{found}" }
record_observation('blacklisted', found, 1)
advise_action(:raise, :skip_rem_cbs => true)
end
private
def insert_values(ranges)
Sqreen.log.debug 'no ips given for IP blacklisting' if ranges.empty?
ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix|
trie_for(prefix).insert prefix
end
end
def trie_for(prefix)
prefix.family == Socket::AF_INET6 ? @trie_v6 : @trie_v4
end
# Is this a blacklisted ip?
# return the ip blacklisted range that match ip
def find_blacklisted_ip(rip)
begin
ipa = IPAddr.new(rip)
rescue StandardError
Sqreen.log.debug "invalid IP address given by framework: #{rip}"
return nil
end
range = trie_for(ipa).search_best(ipa.to_i, ipa.family)
return nil unless range
range.data
end
end
end
end
Version data entries
21 entries across 21 versions & 1 rubygems