/** * Parse attachments * * @return array Returns array with failed or success data * (See collector-common/src/Collector.php) for more info. */ public function parse() { if (empty($this->key) || strlen($this->key) < 10) { return $this->failed("Invalid SNDS key: {$this->key}"); } if (!filter_var($this->url, FILTER_VALIDATE_URL) === true) { return $this->failed("Invalid URL configured: {$this->url}"); } if (!$this->createWorkingDir()) { return $this->failed("Unable to create working directory"); } $tempFile = "{$this->tempPath}/snds.csv"; $client = new GuzzleHttp\Client(); $res = $client->request('GET', "{$this->url}?key={$this->key}", ['http_errors' => false, 'save_to' => $tempFile]); if ($res->getStatusCode() !== 200) { return $this->failed("URL collection from {$this->url} resulted in a {$res->getStatusCode()}"); } $csvReports = new Reader\CsvReader(new SplFileObject($tempFile)); $csvReports->setColumnHeaders(['first_ip', 'last_ip', 'blocked', 'feed']); foreach ($csvReports as $report) { $this->feedName = 'unknown'; // If report type is an alias, get the real type foreach (config("{$this->configBase}.collector.aliasses") as $alias => $real) { if ($report['feed'] == $alias) { $this->feedName = $real; } } if ($this->isKnownFeed() && $this->isEnabledFeed()) { $firstIP = inetPtoi($report['first_ip']); $lastIP = inetPtoi($report['last_ip']); if (!empty($firstIP) && !empty($lastIP) && $firstIP <= $lastIP) { for ($x = $firstIP; $x <= $lastIP; $x++) { $report['ip'] = inetItop($x); if ($this->hasRequiredFields($report) === true) { $report = $this->applyFilters($report); $incident = new Incident(); $incident->source = config("{$this->configBase}.collector.name"); $incident->source_id = false; $incident->ip = $report['ip']; $incident->domain = false; $incident->class = config("{$this->configBase}.feeds.{$this->feedName}.class"); $incident->type = config("{$this->configBase}.feeds.{$this->feedName}.type"); /* * This prevents multiple incidents on the same day. So info * blob has a scan time and this a report time */ $incident->timestamp = strtotime('0:00'); $incident->information = json_encode($report); $this->incidents[] = $incident; } } } } } return $this->success(); }
public function run() { DB::table('netblocks')->delete(); $netblocks = [['id' => 1, 'first_ip' => '172.16.10.13', 'last_ip' => '172.16.10.13', 'first_ip_int' => inetPtoi('172.16.10.13'), 'last_ip_int' => inetPtoi('172.16.10.13'), 'description' => "Dedicated IP address for John's server", 'contact_id' => 1, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 2, 'first_ip' => '10.0.2.0', 'last_ip' => '10.0.2.255', 'first_ip_int' => inetPtoi('10.0.2.0'), 'last_ip_int' => inetPtoi('10.0.2.255'), 'description' => 'Netblock for customer 1', 'contact_id' => 2, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 3, 'first_ip' => '192.168.1.0', 'last_ip' => '192.168.3.255', 'first_ip_int' => inetPtoi('10.0.3.0'), 'last_ip_int' => inetPtoi('192.168.3.255'), 'description' => 'Netblock for ISP1', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 4, 'first_ip' => 'fdf1:cb9d:f59e:19b0:0:0:0:0', 'last_ip' => 'fdf1:cb9d:f59e:19b0:ffff:ffff:ffff:ffff', 'first_ip_int' => inetPtoi('fdf1:cb9d:f59e:19b0:0:0:0:0'), 'last_ip_int' => inetPtoi('fdf1:cb9d:f59e:19b0:ffff:ffff:ffff:ffff'), 'description' => 'IPv6 Netblock for ISP1', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 5, 'first_ip' => '10.17.18.0', 'last_ip' => '10.17.18.255', 'first_ip_int' => inetPtoi('10.17.18.0'), 'last_ip_int' => inetPtoi('10.17.18.255'), 'description' => 'Netblock for ISP1', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()], ['id' => 6, 'first_ip' => '0.0.0.0', 'last_ip' => '255.255.255.255', 'first_ip_int' => inetPtoi('0.0.0.0'), 'last_ip_int' => inetPtoi('255.255.255.255'), 'description' => 'Fallback netblock for demo purposes', 'contact_id' => 3, 'enabled' => 1, 'created_at' => new DateTime(), 'updated_at' => new DateTime()]]; DB::table('netblocks')->insert($netblocks); }
/** * Return contact by Netblock. * * @param string $ip IP address * * @return object */ public static function byIP($ip) { // If local lookups are not preferred, then do the remote lookup first if (config('main.external.prefer_local') === false) { $findContact = self::getExternalContact('ip', $ip); if (!empty($findContact)) { return $findContact; } } // Do a local lookup $result = Netblock::where('first_ip_int', '<=', inetPtoi($ip))->where('last_ip_int', '>=', inetPtoi($ip))->where('enabled', '=', true)->orderBy('first_ip_int', 'desc')->orderBy('last_ip_int', 'asc')->take(1)->get(); if (isset($result[0])) { return $result[0]->contact; } // Do a remote lookup, if local lookups are preferred. Else skip this as this was already done. if (config('main.external.prefer_local') === true) { $findContact = self::getExternalContact('ip', $ip); if (!empty($findContact)) { return $findContact; } } return self::undefined(); }
/** * Updates the last IP attribute before giving it. * * @param string $value */ public function setLastIpAttribute($value) { $this->attributes['last_ip'] = $value; $this->attributes['last_ip_int'] = inetPtoi($value); }