class Sqreen::Rules::BlacklistIPsCB

Looks for a blacklisted ip and block

Public Class Methods

new(klass, method, rule_hash) click to toggle source
Calls superclass method
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 15
def initialize(klass, method, rule_hash)
  super(klass, method, rule_hash)
  @trie_v4 = Sqreen::Trie.new
  @trie_v6 = Sqreen::Trie.new(nil, nil, Socket::AF_INET6)
  insert_values(@data['values'])
end

Public Instance Methods

pre(_inst, _args, _budget = nil, &_block) click to toggle source
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 22
def pre(_inst, _args, _budget = nil, &_block)
  return unless framework
  ip = framework.client_ip
  return unless ip
  found = find_blacklisted_ip(ip)
  return unless found
  Sqreen.log.debug { "Found blacklisted IP #{ip} - found: #{found}" }
  record_observation('blacklisted', found, 1)
  advise_action(:raise, :skip_rem_cbs => true)
end

Private Instance Methods

find_blacklisted_ip(rip) click to toggle source

Is this a blacklisted ip? return the ip blacklisted range that match ip

# File lib/sqreen/rules/blacklist_ips_cb.rb, line 49
def find_blacklisted_ip(rip)
  begin
    ipa = IPAddr.new(rip)
  rescue StandardError
    Sqreen.log.debug "invalid IP address given by framework: #{rip}"
    return nil
  end

  range = trie_for(ipa).search_best(ipa.to_i, ipa.family)
  return nil unless range
  range.data
end
insert_values(ranges) click to toggle source
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 35
def insert_values(ranges)
  Sqreen.log.debug 'no ips given for IP blacklisting' if ranges.empty?

  ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix|
    trie_for(prefix).insert prefix
  end
end
trie_for(prefix) click to toggle source
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 43
def trie_for(prefix)
  prefix.family == Socket::AF_INET6 ? @trie_v6 : @trie_v4
end