Skip to content

Commit

Permalink
Handle IP address lookup in networks
Browse files Browse the repository at this point in the history
  • Loading branch information
@srilumpa
srilumpa committed Feb 22, 2018
1 parent ef96c74 commit 91fa28d
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
25 changes: 21 additions & 4 deletions analyzers/MISPWarningLists/mispwarninglists.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
import io
import json
import requests
import ipaddress

from cortexutils.analyzer import Analyzer
from cortexutils.extractor import Extractor
Expand Down Expand Up @@ -63,14 +64,30 @@ def lastremotecommit():

def run(self):
results = []
data = self.data
if self.data_type == 'ip':
try:
data = ipaddress.ip_address(self.data)
except ValueError:
return self.error("{} is said to be an IP address but it isn't".format(self.data))
for list in self.warninglists:
if self.data_type not in list.get('dataTypes'):
continue

if self.data in list.get('values', []):
results.append({
"name": list.get('name')
})
if self.data_type == 'ip':
for net in list.get('values', []):
try:
if data in ipaddress.ip_network(net):
results.append({"name": list.get('name')})
break
except ValueError:
# Ignoring if net is not a valid IP network since we want to compare ip addresses
pass
else:
if data in list.get('values', []):
results.append({
"name": list.get('name')
})

self.report({
"results": results,
Expand Down
1 change: 1 addition & 0 deletions analyzers/MISPWarningLists/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
cortexutils
requests
ipaddress

0 comments on commit 91fa28d

Please sign in to comment.