/**
* Parse attachments
*
* @return array Returns array with failed or success data
* (See collector-common/src/Collector.php) for more info.
*/
public function parse()
{
if (empty($this->key) || strlen($this->key) < 10) {
return $this->failed("Invalid SNDS key: {$this->key}");
}
if (!filter_var($this->url, FILTER_VALIDATE_URL) === true) {
return $this->failed("Invalid URL configured: {$this->url}");
}
if (!$this->createWorkingDir()) {
return $this->failed("Unable to create working directory");
}
$tempFile = "{$this->tempPath}/snds.csv";
$client = new GuzzleHttp\Client();
$res = $client->request('GET', "{$this->url}?key={$this->key}", ['http_errors' => false, 'save_to' => $tempFile]);
if ($res->getStatusCode() !== 200) {
return $this->failed("URL collection from {$this->url} resulted in a {$res->getStatusCode()}");
}
$csvReports = new Reader\CsvReader(new SplFileObject($tempFile));
$csvReports->setColumnHeaders(['first_ip', 'last_ip', 'blocked', 'feed']);
foreach ($csvReports as $report) {
$this->feedName = 'unknown';
// If report type is an alias, get the real type
foreach (config("{$this->configBase}.collector.aliasses") as $alias => $real) {
if ($report['feed'] == $alias) {
$this->feedName = $real;
}
}
if ($this->isKnownFeed() && $this->isEnabledFeed()) {
$firstIP = inetPtoi($report['first_ip']);
$lastIP = inetPtoi($report['last_ip']);
if (!empty($firstIP) && !empty($lastIP) && $firstIP <= $lastIP) {
for ($x = $firstIP; $x <= $lastIP; $x++) {
$report['ip'] = inetItop($x);
if ($this->hasRequiredFields($report) === true) {
$report = $this->applyFilters($report);
$incident = new Incident();
$incident->source = config("{$this->configBase}.collector.name");
$incident->source_id = false;
$incident->ip = $report['ip'];
$incident->domain = false;
$incident->class = config("{$this->configBase}.feeds.{$this->feedName}.class");
$incident->type = config("{$this->configBase}.feeds.{$this->feedName}.type");
/*
* This prevents multiple incidents on the same day. So info
* blob has a scan time and this a report time
*/
$incident->timestamp = strtotime('0:00');
$incident->information = json_encode($report);
$this->incidents[] = $incident;
}
}
}
}
}
return $this->success();
}
public function run()
{
DB::table('netblocks')->delete();
$netblocks = [['id' => 1, 'first_ip' => '172.16.10.13', 'last_ip' => '172.16.10.13', 'first_ip_int' => inetPtoi('172.16.10.13'), 'last_ip_int' => inetPtoi('172.16.10.13'), 'description' => "Dedicated IP address for John's server", 'contact_id' => 1, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 2, 'first_ip' => '10.0.2.0', 'last_ip' => '10.0.2.255', 'first_ip_int' => inetPtoi('10.0.2.0'), 'last_ip_int' => inetPtoi('10.0.2.255'), 'description' => 'Netblock for customer 1', 'contact_id' => 2, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 3, 'first_ip' => '192.168.1.0', 'last_ip' => '192.168.3.255', 'first_ip_int' => inetPtoi('10.0.3.0'), 'last_ip_int' => inetPtoi('192.168.3.255'), 'description' => 'Netblock for ISP1', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 4, 'first_ip' => 'fdf1:cb9d:f59e:19b0:0:0:0:0', 'last_ip' => 'fdf1:cb9d:f59e:19b0:ffff:ffff:ffff:ffff', 'first_ip_int' => inetPtoi('fdf1:cb9d:f59e:19b0:0:0:0:0'), 'last_ip_int' => inetPtoi('fdf1:cb9d:f59e:19b0:ffff:ffff:ffff:ffff'), 'description' => 'IPv6 Netblock for ISP1', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 5, 'first_ip' => '10.17.18.0', 'last_ip' => '10.17.18.255', 'first_ip_int' => inetPtoi('10.17.18.0'), 'last_ip_int' => inetPtoi('10.17.18.255'), 'description' => 'Netblock for ISP1', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 6, 'first_ip' => '0.0.0.0', 'last_ip' => '255.255.255.255', 'first_ip_int' => inetPtoi('0.0.0.0'), 'last_ip_int' => inetPtoi('255.255.255.255'), 'description' => 'Fallback netblock for demo purposes', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()]];
DB::table('netblocks')->insert($netblocks);
}
/**
* Return contact by Netblock.
*
* @param string $ip IP address
*
* @return object
*/
public static function byIP($ip)
{
// If local lookups are not preferred, then do the remote lookup first
if (config('main.external.prefer_local') === false) {
$findContact = self::getExternalContact('ip', $ip);
if (!empty($findContact)) {
return $findContact;
}
}
// Do a local lookup
$result = Netblock::where('first_ip_int', '<=', inetPtoi($ip))->where('last_ip_int', '>=', inetPtoi($ip))->where('enabled', '=', true)->orderBy('first_ip_int', 'desc')->orderBy('last_ip_int', 'asc')->take(1)->get();
if (isset($result[0])) {
return $result[0]->contact;
}
// Do a remote lookup, if local lookups are preferred. Else skip this as this was already done.
if (config('main.external.prefer_local') === true) {
$findContact = self::getExternalContact('ip', $ip);
if (!empty($findContact)) {
return $findContact;
}
}
return self::undefined();
}
/**
* Updates the last IP attribute before giving it.
*
* @param string $value
*/
public function setLastIpAttribute($value)
{
$this->attributes['last_ip'] = $value;
$this->attributes['last_ip_int'] = inetPtoi($value);
}
