class Sqreen::Rules::BlacklistIPsCB
Looks for a blacklisted ip and block
Public Class Methods
new(klass, method, rule_hash)
click to toggle source
Calls superclass method
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 15 def initialize(klass, method, rule_hash) super(klass, method, rule_hash) @trie_v4 = Sqreen::Trie.new @trie_v6 = Sqreen::Trie.new(nil, nil, Socket::AF_INET6) insert_values(@data['values']) end
Public Instance Methods
pre(_inst, _args, _budget = nil, &_block)
click to toggle source
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 22 def pre(_inst, _args, _budget = nil, &_block) return unless framework ip = framework.client_ip return unless ip found = find_blacklisted_ip(ip) return unless found Sqreen.log.debug { "Found blacklisted IP #{ip} - found: #{found}" } record_observation('blacklisted', found, 1) advise_action(:raise, :skip_rem_cbs => true) end
Private Instance Methods
find_blacklisted_ip(rip)
click to toggle source
Is this a blacklisted ip? return the ip blacklisted range that match ip
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 49 def find_blacklisted_ip(rip) begin ipa = IPAddr.new(rip) rescue StandardError Sqreen.log.debug "invalid IP address given by framework: #{rip}" return nil end range = trie_for(ipa).search_best(ipa.to_i, ipa.family) return nil unless range range.data end
insert_values(ranges)
click to toggle source
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 35 def insert_values(ranges) Sqreen.log.debug 'no ips given for IP blacklisting' if ranges.empty? ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix| trie_for(prefix).insert prefix end end
trie_for(prefix)
click to toggle source
# File lib/sqreen/rules/blacklist_ips_cb.rb, line 43 def trie_for(prefix) prefix.family == Socket::AF_INET6 ? @trie_v6 : @trie_v4 end