Class: Wmap::CidrTracker

Inherits:

Object

• Object
• Wmap::CidrTracker

Includes:

Utils

Defined in:

lib/wmap/cidr_tracker.rb

Overview

Class to track host/IP to the known (trusted) network CIDR blocks

Constant Summary

Constants included from Utils::UrlMagic

Utils::UrlMagic::Max_http_timeout, Utils::UrlMagic::User_agent

Constants included from Utils::DomainRoot

Utils::DomainRoot::File_ccsld, Utils::DomainRoot::File_cctld, Utils::DomainRoot::File_gtld, Utils::DomainRoot::File_tld

Instance Attribute Summary

• #cidr_seeds ⇒ Object

  Returns the value of attribute cidr_seeds.

• #data_dir ⇒ Object

  Returns the value of attribute data_dir.

• #known_cidr_blks ⇒ Object

  Returns the value of attribute known_cidr_blks.

• #verbose ⇒ Object

  Returns the value of attribute verbose.

Instance Method Summary

• #add(cidr, ref = nil, netname = nil) ⇒ Object

  ‘setter’ to add an entry to CIDR store @known_cidr_blks.

• #cidr_known?(cidr) ⇒ Boolean (also: #is_known?)

  Determine if a CIDR entry is already known.

• #cidr_lookup(ip) ⇒ Object (also: #lookup, #query)

  Return the matching CIDR block for a ip.

• #cidr_trusted?(cidr) ⇒ Boolean (also: #is_trusted?)

  Determine if a cidr is within the range of our known network CIDR blocks.

• #cidr_worker(host) ⇒ Object (also: #track)

  Main worker method to retrieve known network information for a host / ip.

• #count ⇒ Object

  Count numbers of CIDR object entries in the CIDR cache table.

• #counts ⇒ Object

  Count numbers of IPs within the trusted CIDR objects.

• #delete(cidr, ref = nil, netname = nil) ⇒ Object (also: #del)

  ‘setter’ to remove an entry to CIDR store @known_cidr_blks.

• #get_cidr_netname(cidr) ⇒ Object

  Retrieve the CIDR netname field for tracking purpose, if it’s a known CIDR entry.

• #get_cidr_ref(cidr) ⇒ Object

  Retrieve the CIDR reference text for tracking purpose, if it’s a known CIDR entry.

• #initialize(params = {}) ⇒ CidrTracker constructor

  Set class default variables.

• #ip_trusted?(ip) ⇒ Boolean

  Check if the specific IP within the range of a list of known CIDR blocks.

• #load_cidr_blks_from_file(file_cidrs = @cidr_seeds) ⇒ Object

  ‘setter’ to load the known CIDR blocks into an instance variable @known_cidr_blks.

• #print_known_cidr_blks ⇒ Object (also: #inspect)

  Print summary report of a list of known CIDR blocks.

• #print_known_cidr_blks_asce ⇒ Object (also: #print)

  Print summary report of a list of known CIDR blocks in the ascendant order.

• #print_known_cidr_blks_desc ⇒ Object

  Print summary report of a list of known CIDR blocks in the descendant order.

• #save_cidrs_to_file!(file_cidrs = @cidr_seeds) ⇒ Object (also: #save!)

  Save the current cidr hash table into a file.

• #size(cidr) ⇒ Object

  NetAddr wrapper to determine number of IPs within the CIDR object.

Methods included from Utils

#cidr_2_ips, #file_2_hash, #file_2_list, #get_nameserver, #get_nameservers, #host_2_ip, #host_2_ips, #is_cidr?, #is_fqdn?, #is_ip?, #list_2_file, #reverse_dns_lookup, #sort_ips, #valid_dns_record?, #zone_transferable?

Methods included from Utils::Logger

#wlog

Methods included from Utils::UrlMagic

#create_absolute_url_from_base, #create_absolute_url_from_context, #host_2_url, #is_site?, #is_ssl?, #is_url?, #landing_location, #make_absolute, #normalize_url, #open_page, #redirect_location, #response_code, #response_headers, #url_2_host, #url_2_path, #url_2_port, #url_2_site, #urls_on_same_domain?

Methods included from Utils::DomainRoot

#get_domain_root, #get_domain_root_by_ccsld, #get_domain_root_by_cctld, #get_domain_root_by_tlds, #get_sub_domain, #is_domain_root?, #print_ccsld, #print_cctld, #print_gtld

Constructor Details

#initialize(params = {}) ⇒ CidrTracker

Set class default variables

# File 'lib/wmap/cidr_tracker.rb', line 17

def initialize (params = {})
	@verbose=params.fetch(:verbose, false)
	@data_dir=params.fetch(:data_dir, File.dirname(__FILE__)+'/../../data/')
	Dir.mkdir(@data_dir) unless Dir.exist?(@data_dir)
	@cidr_seeds=params.fetch(:cidr_seeds, @data_dir + '/' + 'cidrs')
	File.new(@cidr_seeds, "w") unless File.exist?(@cidr_seeds)
	load_cidr_blks_from_file(@cidr_seeds)
end

Instance Attribute Details

#cidr_seeds ⇒ Object

Returns the value of attribute cidr_seeds.

# File 'lib/wmap/cidr_tracker.rb', line 14

def cidr_seeds
  @cidr_seeds
end

#data_dir ⇒ Object

Returns the value of attribute data_dir.

# File 'lib/wmap/cidr_tracker.rb', line 14

def data_dir
  @data_dir
end

#known_cidr_blks ⇒ Object

Returns the value of attribute known_cidr_blks.

# File 'lib/wmap/cidr_tracker.rb', line 14

def known_cidr_blks
  @known_cidr_blks
end

#verbose ⇒ Object

Returns the value of attribute verbose.

# File 'lib/wmap/cidr_tracker.rb', line 14

def verbose
  @verbose
end

Instance Method Details

#add(cidr, ref = nil, netname = nil) ⇒ Object

‘setter’ to add an entry to CIDR store @known_cidr_blks

# File 'lib/wmap/cidr_tracker.rb', line 75

def add (cidr,ref=nil,netname=nil)
	puts "Load the entry into the CIDR store: #{cidr}"
	raise "Unknown CIDR format: #{cidr}" unless is_cidr?(cidr)
	# Obtain the 'ref' and 'netname' value automatically in case not passed as method parameters
	if ref.nil? or netname.nil?
		whois = Wmap::Whois.new
		# Note 11/1/2014: Use IP instead of the CIDR to perform the query, as the current ruby-whois query does not support CIDR as query input
		ip=cidr.split("/")[0]
		ref=whois.get_net_desc(ip)
		netname=whois.get_netname(ip)
		whois=nil
	end
	@known_cidr_blks = Hash.new unless @known_cidr_blks
	if @known_cidr_blks.key?(cidr)
		puts "Skip! Entry is already exist: #{cidr}"
		return nil
	else
		@known_cidr_blks[cidr] = Hash.new
		@known_cidr_blks[cidr]['ref']=ref
		@known_cidr_blks[cidr]['netname']=netname
		puts "Entry loaded!"
	end
	# Re-sort the blocks in order for better performance
	#@known_cidr_blks_desc_index=NetAddr.sort(@known_cidr_blks.keys, :Desc=>true)
	#@known_cidr_blks_asce_index=NetAddr.sort(@known_cidr_blks.keys, :Desc=>false)
	@known_cidr_blks_asce_index=@known_cidr_blks.keys.sort
	@known_cidr_blks_desc_index=@known_cidr_blks_asce_index.reverse
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" # if @verbose
end

#cidr_known?(cidr) ⇒ Boolean Also known as: is_known?

Determine if a CIDR entry is already known

Returns:

• (Boolean)

# File 'lib/wmap/cidr_tracker.rb', line 198

def cidr_known? (cidr)
	puts "Determine if the CIDR is known: #{cidr}" if @verbose
	known=false
	cidr=cidr.strip unless cidr.nil?
	cidr=cidr+"/32" if is_ip?(cidr)
	raise "Invalid CIDR format: #{cidr}" unless is_cidr?(cidr)
	return false if @known_cidr_blks==nil
	return true if @known_cidr_blks.key?(cidr)
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" if @verbose
	return false
end

#cidr_lookup(ip) ⇒ Object Also known as: lookup, query

Return the matching CIDR block for a ip

# File 'lib/wmap/cidr_tracker.rb', line 178

def cidr_lookup (ip)
	puts "Lookup the CIDR name from the known CIDR list for the IP: #{ip}" if @verbose
	return nil if @known_cidr_blks==nil
	puts "CIDR Lookup: #{ip} ..." if @verbose
	@known_cidr_blks_desc_index.each do |line|
		first_octet_ip = ip.split('.').first.to_i
		first_octet_blk = line.split('.').first.to_i
		next if first_octet_blk > first_octet_ip
		cidr4 = NetAddr::CIDR.create(line)
		known = cidr4.contains?(ip+'/32')
		return line if known
	end
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" if @verbose
	return nil
end

#cidr_trusted?(cidr) ⇒ Boolean Also known as: is_trusted?

Determine if a cidr is within the range of our known network CIDR blocks

Returns:

• (Boolean)

# File 'lib/wmap/cidr_tracker.rb', line 213

def cidr_trusted? (cidr)
	puts "Determine if the CIDR within our ranges: #{cidr}" if @verbose
	trusted=false
	cidr=cidr.strip unless cidr.nil?
	cidr=cidr+"/32" if is_ip?(cidr)
	raise "Invalid CIDR format: #{cidr}" unless is_cidr?(cidr)
	return false if @known_cidr_blks==nil
	return true if @known_cidr_blks.key?(cidr)
	@known_cidr_blks_asce_index.each do |line|
		cidr4 = NetAddr::CIDR.create(line)
		return true if cidr4.contains?(cidr)
	end
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" if @verbose
	return false
end

#cidr_worker(host) ⇒ Object Also known as: track

Main worker method to retrieve known network information for a host / ip

# File 'lib/wmap/cidr_tracker.rb', line 27

def cidr_worker (host)
	puts "Starting tracking of known CIDR information for host: #{host}" if @verbose
	host=host.strip.downcase
	ip=host_2_ip(host)
	cidr=cidr_lookup(ip)
	ref=get_cidr_ref(cidr)
	netname=get_cidr_netname(cidr)
	# save the data
	tracker=Hash.new
	tracker['host']=host
	tracker['ip']=ip
	tracker['cidr']=cidr
	tracker['ref']=ref
	tracker['netname']=netname
	return tracker
rescue => ee
	puts "Exception on method #{__method__} for host #{host}: #{ee}" # if @verbose
	return nil
end

#count ⇒ Object

Count numbers of CIDR object entries in the CIDR cache table

# File 'lib/wmap/cidr_tracker.rb', line 129

def count
	puts "Counting number of entries in the CIDR cache table ..." if @verbose
	cnt=0
	@known_cidr_blks.keys.map do |key|
		if is_cidr?(key)
			cnt=cnt+1
		end
	end
	puts "Current number of CIDR object entries: #{cnt}" if @verbose
	return cnt
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" if @verbose
end

#counts ⇒ Object

Count numbers of IPs within the trusted CIDR objects

# File 'lib/wmap/cidr_tracker.rb', line 144

def counts
	puts "Counting number of IPs within the CIDR store:" if @verbose
	cnt=0
	@known_cidr_blks.keys.map do |key|
		cnt=cnt+size(key)
	end
	puts "Total number of trusted IPs: #{cnt}" if @verbose
	return cnt
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" if @verbose
end

#delete(cidr, ref = nil, netname = nil) ⇒ Object Also known as: del

‘setter’ to remove an entry to CIDR store @known_cidr_blks

# File 'lib/wmap/cidr_tracker.rb', line 107

def delete (cidr,ref=nil,netname=nil)
	puts "Remove the entry from the CIDR store: #{cidr}"
	#cidr.strip!
	raise "Unknown CIDR format: #{cidr}" unless is_cidr?(cidr)
	if @known_cidr_blks.key?(cidr)
		puts "Deleting ..."
		@known_cidr_blks.delete(cidr)
		puts "Entry cleared!"
	else
		raise "Unknown CIDR entry: #{cidr}"
	end
	# Re-sort the blocks in order for better performance
	#@known_cidr_blks_desc_index=NetAddr.sort(@known_cidr_blks.keys, :Desc=>true)
	#@known_cidr_blks_asce_index=NetAddr.sort(@known_cidr_blks.keys, :Desc=>false)
	@known_cidr_blks_asce_index=@known_cidr_blks.keys.sort
	@known_cidr_blks_desc_index=@known_cidr_blks_asce_index.reverse
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" # if @verbose
end

#get_cidr_netname(cidr) ⇒ Object

Retrieve the CIDR netname field for tracking purpose, if it’s a known CIDR entry

# File 'lib/wmap/cidr_tracker.rb', line 251

def get_cidr_netname (cidr)
	puts "Lookup CIDR block #{cidr} netname ..." if @verbose
	cidr=cidr.strip unless cidr.nil?
	return nil unless @known_cidr_blks.key?(cidr)
	return @known_cidr_blks[cidr]['netname']
end

#get_cidr_ref(cidr) ⇒ Object

Retrieve the CIDR reference text for tracking purpose, if it’s a known CIDR entry

# File 'lib/wmap/cidr_tracker.rb', line 243

def get_cidr_ref (cidr)
	puts "Lookup CIDR block #{cidr} reference text ..." if @verbose
	cidr=cidr.strip unless cidr.nil?
	return nil unless @known_cidr_blks.key?(cidr)
	return @known_cidr_blks[cidr]['ref']
end

#ip_trusted?(ip) ⇒ Boolean

Check if the specific IP within the range of a list of known CIDR blocks

Returns:

• (Boolean)

# File 'lib/wmap/cidr_tracker.rb', line 157

def ip_trusted? (ip)
	puts "Check if the IP within the range of the known CIDR blocks: #{ip}" if @verbose
	known = false
	return false if @known_cidr_blks==nil
	first_octet_ip = ip.split('.').first.to_i
	@known_cidr_blks_desc_index.each do |line|
		first_octet_blk = line.split('.').first.to_i
		next if first_octet_blk > first_octet_ip
		puts "line: #{line}" if @verbose
		cidr4 = NetAddr::CIDR.create(line)
		known = cidr4.contains?(ip+'/32')
		break if known
	end
	return known
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" if @verbose
	return false
end

#load_cidr_blks_from_file(file_cidrs = @cidr_seeds) ⇒ Object

‘setter’ to load the known CIDR blocks into an instance variable @known_cidr_blks

# File 'lib/wmap/cidr_tracker.rb', line 49

def load_cidr_blks_from_file(file_cidrs=@cidr_seeds)
	puts "Load the known CIDR seed file: #{file_cidrs}" if @verbose
	f=File.open(file_cidrs, 'r', :encoding => 'UTF-8')
	f.each do |line|
		entry=line.chomp.split(',')
		next unless is_cidr?(entry[0])
		puts "Loading: #{entry[0]}" if @verbose
		key=entry[0].strip
		@known_cidr_blks = Hash.new unless @known_cidr_blks
		@known_cidr_blks[key] = Hash.new if not @known_cidr_blks.key?(key)
		@known_cidr_blks[key]['ref']=entry[1].nil? ? nil : entry[1].strip
		@known_cidr_blks[key]['netname']=entry[2].nil? ? nil : entry[2].strip
	end
	f.close
	# Sort the blocks in order once for better performance. Update 10/29/2018 to support Netaddr 2.x syntax
	#@known_cidr_blks_desc_index=NetAddr.sort(@known_cidr_blks.keys, :Desc=>true)
	#@known_cidr_blks_asce_index=NetAddr.sort(@known_cidr_blks.keys, :Desc=>false)
	if @known_cidr_blks
		@known_cidr_blks_asce_index=@known_cidr_blks.keys.sort
		@known_cidr_blks_desc_index=@known_cidr_blks_asce_index.reverse
	end
#rescue => ee
#	puts "Exception on method #{__method__}: #{ee}" # if @verbose
end

#print_known_cidr_blks ⇒ Object Also known as: inspect

Print summary report of a list of known CIDR blocks

# File 'lib/wmap/cidr_tracker.rb', line 278

def print_known_cidr_blks
	puts "Print the known CIDR Netblocks in ascendant order" if @verbose
	puts "Network CIDR, RIPE Reference Text, NETNAME"
	@known_cidr_blks_asce_index.map do |key|
		ref=@known_cidr_blks[key]['ref']
		netname=@known_cidr_blks[key]['netname']
		puts "#{key}, #{ref}, #{netname}"
	end
	puts "End of the summary"
end

#print_known_cidr_blks_asce ⇒ Object Also known as: print

Print summary report of a list of known CIDR blocks in the ascendant order

# File 'lib/wmap/cidr_tracker.rb', line 298

def print_known_cidr_blks_asce
	puts "\nIndex of known CIDR Net blocks in Ascending  Order:"
	puts @known_cidr_blks_asce_index
	puts "End of the Index"
end

#print_known_cidr_blks_desc ⇒ Object

Print summary report of a list of known CIDR blocks in the descendant order

# File 'lib/wmap/cidr_tracker.rb', line 291

def print_known_cidr_blks_desc
	puts "\nIndex of known CIDR Net blocks in Descendant Order:"
	puts @known_cidr_blks_desc_index
	puts "End of the Index"
end

#save_cidrs_to_file!(file_cidrs = @cidr_seeds) ⇒ Object Also known as: save!

Save the current cidr hash table into a file

# File 'lib/wmap/cidr_tracker.rb', line 259

def save_cidrs_to_file!(file_cidrs=@cidr_seeds)
	puts "Saving the current cidrs cache table from memory to file: #{file_cidrs} ..." if @verbose
	timestamp=Time.now
	f=File.open(file_cidrs, 'w')
	f.write "# Local cidrs file created by Wmap::CidrTracker.save method at: #{timestamp}\n"
	f.write "Network CIDR, CIDR RIPE Reference Text, CIDR NETNAME\n"
	@known_cidr_blks_asce_index.map do |key|
		ref=get_cidr_ref(key)
		netname=get_cidr_netname(key)
		f.write "#{key},#{ref},#{netname}\n"
	end
	f.close
	puts "CIDR cache table is successfully saved: #{file_cidrs}"
#rescue => ee
#	puts "Exception on method #{__method__}: #{ee}" if @verbose
end

#size(cidr) ⇒ Object

NetAddr wrapper to determine number of IPs within the CIDR object.

# File 'lib/wmap/cidr_tracker.rb', line 232

def size (cidr)
	puts "Determine the size of CIDR object: #{cidr}" if @verbose
	raise "Invalid CIDR format: #{cidr}" unless is_cidr?(cidr)
	obj = NetAddr::CIDR.create(cidr)
	return obj.size.to_i
rescue => ee
	puts "Exception on method #{__method__}: #{ee}" if @verbose
	return nil
end