com.mozilla.secops

Class CidrUtil

java.lang.Object

com.mozilla.secops.CidrUtil

public class CidrUtil
extends Object

CIDR matching utilities

Field Summary

Fields

Modifier and Type	Field and Description
static int	CIDRUTIL_CLOUDPROVIDERS Load exclusion list with allowed cloud providers
static int	CIDRUTIL_FILE Load exclusion list from path resource
static int	CIDRUTIL_INTERNAL Load exclusion list for internal/RFC1918 subnets

Constructor Summary

Constructors

Constructor and Description
CidrUtil() Constructor for CidrUtil, initialize empty
CidrUtil(String path) Constructor for CidrUtil to load subnet list from resource

Method Summary

Modifier and Type	Method and Description
void	add(String cidr) Add subnet to subnet list
static boolean	addressInCidr(String addr, String cidr) Return true if address is within the cidr
Boolean	contains(String addr) Return true if any loaded subnet contains the specified address
static org.apache.beam.sdk.transforms.DoFn<Event,Event>	excludeNormalizedSourceAddresses(int flags, String path) Returns a DoFn that filters any events that have a normalized source address field that matches the specified criteria.
static boolean	isInet4(String addr) Determine if an address is an IPv4 address
void	loadAwsSubnets() Load known AWS subnets into instance of CidrUtil
void	loadGcpSubnets() Load known GCP subnets into instance of CidrUtil
void	loadInternalSubnets() Populate CidrUtil instance with internal/RFC1918 subnets
static Boolean	resolvedCanonicalHostMatches(String ip, String pattern) Reverse DNS query of provided IP and comparison of result against pattern
static String	stripMaskFromCidr(String cidr) Strip the mask component from a CIDR subnet.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CIDRUTIL_FILE

public static final int CIDRUTIL_FILE

Load exclusion list from path resource

See Also:

Constant Field Values

CIDRUTIL_CLOUDPROVIDERS

public static final int CIDRUTIL_CLOUDPROVIDERS

Load exclusion list with allowed cloud providers

See Also:

Constant Field Values

CIDRUTIL_INTERNAL

public static final int CIDRUTIL_INTERNAL

Load exclusion list for internal/RFC1918 subnets

See Also:

Constant Field Values

Constructor Detail

CidrUtil

public CidrUtil()

Constructor for CidrUtil, initialize empty

CidrUtil

public CidrUtil(String path)
         throws IOException

Constructor for CidrUtil to load subnet list from resource

Parameters:

path - Resource path or GCS URL to load CIDR subnet list from

Throws:

IOException - IOException

Method Detail

resolvedCanonicalHostMatches

public static Boolean resolvedCanonicalHostMatches(String ip,
                                                   String pattern)

Reverse DNS query of provided IP and comparison of result against pattern

A reverse DNS query for the supplied IP address is performed and the resulting hostname is compared against the regular expression in pattern. If it matches, the function returns true otherwise false.

This function attempts to also perform a forward DNS query on the hostname returned by the reverse DNS query and ensures the IP address matches what was supplied as a function argument.

Parameters:

ip - IP address

pattern - Regular expression to match against

Returns:

True if hostname matches pattern, false otherwise

excludeNormalizedSourceAddresses

public static org.apache.beam.sdk.transforms.DoFn<Event,Event> excludeNormalizedSourceAddresses(int flags,
                                                                                                String path)

Returns a DoFn that filters any events that have a normalized source address field that matches the specified criteria.

The flags parameter is a bitmask used to control the input criteria used in the filtering operation.

1 can be specified in the flags mask to indicate subnets should be loaded from the specified path and any matching addresses should be filtered. If this bit is included path must be non-null.

2 can be specified to load known cloud provider public address ranges into the filter for exclusion.

4 can be specified to load internal (e.g., RFC1918) subnets into the filter.

Parameters:

flags - Option bitmask

path - Resource path or GCS URL to load subnets from for 1

Returns:

DoFn

addressInCidr

public static boolean addressInCidr(String addr,
                                    String cidr)

Return true if address is within the cidr

Parameters:

addr - IP address to check against cidr

cidr - cidr to check if it contains the IP address

Returns:

True if addr is within the cidr.

isInet4

public static boolean isInet4(String addr)

Determine if an address is an IPv4 address

Parameters:

addr - Address

Returns:

boolean

stripMaskFromCidr

public static String stripMaskFromCidr(String cidr)

Strip the mask component from a CIDR subnet.

For example, given 192.168.0.0/24 return 192.168.0.0.

Parameters:

cidr - CIDR subnet

Returns:

String

contains

public Boolean contains(String addr)

Return true if any loaded subnet contains the specified address

Parameters:

addr - IP address to check against subnets

Returns:

True if any loaded subnet contains the address

loadGcpSubnets

public void loadGcpSubnets()
                    throws IOException

Load known GCP subnets into instance of CidrUtil

This is done using https://www.gstatic.com/ipranges/cloud.json as recommended by https://cloud.google.com/compute/docs/faq#find_ip_range

Throws:

IOException - IOException

loadInternalSubnets

public void loadInternalSubnets()

Populate CidrUtil instance with internal/RFC1918 subnets

loadAwsSubnets

public void loadAwsSubnets()
                    throws IOException

Load known AWS subnets into instance of CidrUtil

Utilizes information at https://ip-ranges.amazonaws.com/ip-ranges.json

Throws:

IOException - IOException

add

public void add(String cidr)

Add subnet to subnet list

Parameters:

cidr - Subnet to add