private static bool ValidIP(string ip, out bool isPrivate)
{
IPAddress ipAddr;
isPrivate = false;
if (0 == ip.Length ||
false == IPAddress.TryParse(ip, out ipAddr) ||
(ipAddr.AddressFamily != AddressFamily.InterNetwork &&
ipAddr.AddressFamily != AddressFamily.InterNetworkV6))
{
return(false);
}
var addr = IpRange.AddrToUInt64(ipAddr);
foreach (var range in privateRanges)
{
if (range.Encompasses(addr))
{
isPrivate = true;
}
}
return(true);
}
public void TestIpRange()
{
IpRange range = new IpRange("148.81.0.0/16");
Assert.That(range.GetFrom().ToString(), Is.EqualTo("148.81.0.0"));
Assert.That(range.GetTo().ToString(), Is.EqualTo("148.81.255.255"));
}
public static byte[] GetBinaryGeoBase()
{
var ipRanges = new IpRange[] {
new IpRange(8, 1000, 0),
new IpRange(1001, 9999, 1)
};
var cities = new City[] {
new City("con_1", "reg_1", "pos_1", "cit_1", "org_1", 0.1f, 0.1f),
new City("con_2", "reg_2", "pos_2", "cit_2", "org_2", 0.2f, 0.2f)
};
var locations = new Location[] {
new Location(0),
new Location(1)
};
var offsetLocations = Constants.HeaderSize + (uint)(Constants.IpRangeSize * ipRanges.Length);
var offsetCities = offsetLocations + (uint)(Constants.CitySize * cities.Length);
var header = new Header(1, DbName, (ulong)DateTime.Now.AddDays(-1).Ticks, 2, Constants.HeaderSize, offsetCities, offsetLocations);
var binary = SerializeToByte(header, ipRanges, cities, locations);
return(binary);
}
static GeoIpLookup()
{
var rangesList = new List <IpRange>();
var assembly = Assembly.GetExecutingAssembly();
using (var stream = assembly.GetManifestResourceStream("Scorm.Core.IpLookup.GeoIPCountryWhois.csv"))
{
using (var parser = new TextFieldParser(stream))
{
parser.HasFieldsEnclosedInQuotes = true;
parser.SetDelimiters(",");
while (!parser.EndOfData)
{
var fields = parser.ReadFields();
var rangeStart = long.Parse(fields[0]);
var rangeEnd = long.Parse(fields[1]);
var country = fields[2];
var range = new IpRange(rangeStart, rangeEnd, country);
rangesList.Add(range);
}
}
}
ranges = rangesList.ToArray();
Array.Sort(ranges, (x, y) => x.RangeStart.CompareTo(y.RangeStart));
}
private static bool ValidIP(string ip, bool skipPrivate)
{
IPAddress ipAddr;
ip = ip == null ? String.Empty : ip.Trim();
if (0 == ip.Length ||
false == IPAddress.TryParse(ip, out ipAddr) ||
(ipAddr.AddressFamily != AddressFamily.InterNetwork &&
ipAddr.AddressFamily != AddressFamily.InterNetworkV6))
{
return(false);
}
if (skipPrivate && ipAddr.AddressFamily == AddressFamily.InterNetwork)
{
var addr = IpRange.AddrToUInt64(ipAddr);
foreach (var range in s_PrivateRanges)
{
if (range.Encompasses(addr))
{
return(false);
}
}
}
return(true);
}
private void SetIps(Faker faker, Func <bool> r)
{
var low = faker.Internet.Ip();
var high = faker.Internet.Ip();
var lowBytes = IPAddress.Parse(low).GetAddressBytes();
var highBytes = IPAddress.Parse(high).GetAddressBytes();
for (int i = 0; i < lowBytes.Length; i++)
{
var comparison = lowBytes[i].CompareTo(highBytes[i]);
if (comparison == 0)
{
continue;
}
if (comparison > 0)
{
var s = low;
low = high;
high = s;
}
break;
}
var d = new IpRange();
SwapAssign(r(), low, v => d.GreaterThan = v, v => d.GreaterThanOrEqualTo = v);
SwapAssign(r(), high, v => d.LessThan = v, v => d.LessThanOrEqualTo = v);
this.Ips = d;
}
public long ValidIps()
{
long count = 0;
var firstRange = _mergedOrderedIpRanges.First();
if (firstRange.From > 0)
{
count += firstRange.From;
}
IpRange previous = firstRange;
for (int i = 1; i < _mergedOrderedIpRanges.Count; i++)
{
var current = _mergedOrderedIpRanges[i];
count += current.From - previous.To - 1;
previous = current;
}
var lastRange = _mergedOrderedIpRanges.Last();
if (lastRange.To < MaxValue)
{
count += MaxValue - lastRange.To;
}
return(count);
}
private static List <IpRange> MergeOverlaps(List <IpRange> ipRangeBlacklist)
{
List <IpRange> mergedRanges = new List <IpRange>();
IpRange currentMerged = ipRangeBlacklist.First();
for (int i = 1; i < ipRangeBlacklist.Count; i++)
{
IpRange current = ipRangeBlacklist[i];
if (current.Overlaps(currentMerged))
{
currentMerged = currentMerged.Merge(current);
}
else
{
mergedRanges.Add(currentMerged);
currentMerged = current;
}
}
if (currentMerged.To != mergedRanges.Last().To)
{
mergedRanges.Add(currentMerged);
}
return(mergedRanges);
}
public void AddGlobalResult(SearchResult result)
{
foreach (Peer peer in result.PeerCollection)
{
System.Threading.Thread.Sleep(0);
if (peer.Files.Count < searchTransaction_.MinFileFromPeerFilter && peerFileCountFilterEnable_)
{
continue;
}
// Country filter
if (searchTransaction_.IpAcceptRangeCollection != null)
{
IpRange iprang = searchTransaction_.IpAcceptRangeCollection.Accept(IpRange.addrToNum(System.Net.IPAddress.Parse(peer.Ip)));
if (iprang == null && !peer.Ip.StartsWith("192.168"))
{
continue;
}
if (iprang != null)
{
peer.Country = iprang.CountryCode.ToLower();
}
}
Peer pe = result_.PeerCollection.Find(peer);
if (pe == null)
{
result_.PeerCollection.Add(peer);
}
else
{
foreach (File f in peer.Files)
{
pe.Files.Add(f);
}
}
}
foreach (File file in result.FileCollection)
{
System.Threading.Thread.Sleep(0);
result_.FileCollection.Add(file);
}
waitResultTermined_--;
result = null;
if (waitResultTermined_ <= 0)
{
if (CompletResult != null)
{
CompletResult(result_);
}
}
}
public void Parse_And_Contains_Tests(string s, string testIp, bool expected)
{
// Act
var range = IpRange.ParseOrDefault(s);
var result = range.Contains(testIp);
// Assert
Assert.Equal(expected, result);
}
public bool AllowedIpAddress(string ipAddress)
{
if (AllowIpAddresses?.Any() != true)
{
return(true);
}
return(AllowIpAddresses
.Select(addr => IpRange.FromCidr(addr))
.Any(range => range.InRange(ipAddress)));
}
private string ParseAndToString(string ipRange)
{
IpRange result;
if (IpRange.TryParse(ipRange, out result))
{
return(result.ToString());
}
return("");
}
public ByteBlock this[ushort lid]
{
get { return(new IpRange(this.StartAddressColumn[lid], this.EndAddressColumn[lid]).ToString()); }
set
{
IpRange result;
IpRange.TryParse(value.ToString(), out result);
this.StartAddressColumn[lid] = result.StartInclusive;
this.EndAddressColumn[lid] = result.EndInclusive;
}
}
public IEnumerable <string> GetIPRange(IpRange range)
{
uint sIP = IpToUint(range.GetFrom().GetAddressBytes());
uint eIP = IpToUint(range.GetTo().GetAddressBytes());
while (sIP <= eIP)
{
yield return(new IPAddress(ReverseBytesArray(sIP)).ToString());
sIP++;
}
}
public IpRange Merge(IpRange other)
{
if (!Overlaps(other))
{
throw new ArgumentOutOfRangeException(nameof(other), $"Cannot merge non overlapping ranges: {this} | {other}");
}
return(new IpRange
{
From = other.From <From?other.From : From,
To = other.To> To ? other.To : To
});
}
private IpRange[] ConvertToIpRanges(byte[] file, int offset, int count)
{
var ipRanges = new IpRange[count];
for (int i = 0; i < count; i++)
{
var ipRange = ConvertToIpRange(file, offset);
ipRanges[i] = ipRange;
offset += 12;
}
return(ipRanges);
}
private IpRange[] ReadIpRanges(int records)
{
var ranges = new IpRange[records];
for (var i = 0; i < records; i++)
{
ranges[i] = new IpRange(
_binaryReader.ReadUInt32(),
_binaryReader.ReadUInt32(),
_binaryReader.ReadUInt32());
}
return(ranges);
}
private IpRange ConvertToIpRange(byte[] file, int offset)
{
var ipFrom = BitConverter.ToUInt32(file, offset);
offset += 4;
var ipTo = BitConverter.ToUInt32(file, offset);
offset += 4;
var locationIndex = BitConverter.ToUInt32(file, offset);
var ipRange = new IpRange(ipFrom, ipTo, locationIndex);
return(ipRange);
}
// this: |----| |----| |----| |--|
// other: |----| |----| |--| |----|
public bool Overlaps(IpRange other)
{
// this: |----|
// other: |----|
var otherToWithin = other.To >= From && other.To <= To;
// this: |----|
// other: |----|
var otherFromWithin = other.From >= From && other.From <= To;
// this: |----|
// other: |--|
var otherCovered = other.From >= From && other.To <= To;
// this: |--|
// other: |----|
var thisCovered = From >= other.From && To <= other.To;
return(otherToWithin | otherFromWithin | otherCovered | thisCovered);
}
public String GetCountryByIp(String ip)
{
String result = "";
var longIp = ConvertIpStringToLong(ip);
if (longIp > 0)
{
var rangeToSearch = new IpRange(longIp, longIp, "");
var index = Array.BinarySearch(ranges, rangeToSearch, rangeStartComparer);
if (index < 0)
{
index = ~index - 1;
}
if (longIp >= ranges[index].RangeStart && longIp <= ranges[index].RangeEnd)
{
result = ranges[index].Country;
}
}
return(result);
}
private void _backgroundWorkerBuild_DoWork(object sender, DoWorkEventArgs e)
{
Invoke(new MethodInvoker(() =>
{
btnFile.Enabled = false;
btnRun.Enabled = false;
button1.Enabled = false;
btnFilter.Enabled = false;
progressBar1.Maximum = 255;
progressBar1.Value = 0;
lblStatus.Text = $"{progressBar1.Value}/{progressBar1.Maximum}";
}));
var countries = new List <Country> {
new Country("", "--All--")
};
_sshCountries = null;
_ipRangeResults = new List <IpRange>();
var stringBuilder = new StringBuilder();
for (var i = 1; i < 255; i++)
{
var number = i;
Invoke(new MethodInvoker(() =>
{
progressBar1.Value = number;
lblStatus.Text = $"{progressBar1.Value}/{progressBar1.Maximum}";
}));
var ips = _ipFormats.Where(x => x.Number1 == number).OrderBy(x => x.Number);
if (!ips.Any())
{
continue;
}
var min = ips.First();
var max = ips.Last();
var iplocal =
_geoIpCountryList.FirstOrDefault(
x => (x.IpBegin.Number <= min.Number && x.IpEnd.Number >= min.Number) ||
(x.IpBegin.Number <= max.Number && x.IpEnd.Number >= max.Number));
var country = "Unknown";
var isocode = "Unknown";
if (iplocal != null)
{
country = iplocal.Country.CountryName;
isocode = iplocal.Country.ISOCode;
if (countries.All(x => x.ISOCode != isocode))
{
countries.Add(new Country(isocode, country));
}
}
var iprange = new IpRange
{
IpEnd = max.GetIpEnd(),
IpBegin = min.GetIpBegin(),
Country = new Country(isocode, country)
};
_ipRangeResults.Add(iprange);
stringBuilder.AppendLine(iprange.ToString());
}
countries = countries.OrderBy(x => x.CountryName).ToList();
countries.Add(new Country("Unknown", "Unknown"));
Invoke(new MethodInvoker(() =>
{
txtIP.Text = stringBuilder.ToString();
cboCountry.ValueMember = "ISOCode";
cboCountry.DisplayMember = "CountryName";
cboCountry.DataSource = countries;
progressBar1.Value = 255;
lblStatus.Text = $"{progressBar1.Value}/{progressBar1.Maximum}";
}));
}
/// <summary>
/// Checks whether the <see cref="IpRange"/> contains specified <see cref="IPAddress"/>.
/// </summary>
/// <param name="ipRange">The <see cref="IpRange"/> object.</param>
/// <param name="ipAddress">The IP address to be checked.</param>
/// <returns>True if contains; otherwise false.</returns>
public static bool Contains(this IpRange ipRange, string ipAddress)
{
var address = IPAddress.Parse(ipAddress);
return(ipRange.Contains(address));
}
public Authentication()
{
AllowSaveUserInformationInCookie = true;
WinLogonUrl = "";
WinLogonIpRanges = new IpRange[] {};
}
private void create_security_group_rule(string key, string secret, Amazon.RegionEndpoint region, string security_group, string serverports, string ipEnpoint = "")
{
HttpStatusCode ret = HttpStatusCode.OK;
string ip = "0.0.0.0";
MailAddress fromMailer = null;
MailAddress toMailer = null;
string mailhost = "";
int mailport = 0;
bool mailssl = false;
string mailuser = "";
string mailpass = "";
bool loadConfig = true;
string partialmsg = "";
if (ipEnpoint != string.Empty)
{
ip = get_external_ip(ipEnpoint);
}
if (loadConfig)
{
try
{
fromMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-FROM"].ToString());
toMailer = new MailAddress(ConfigurationManager.AppSettings["MAIL-TO"].ToString());
mailhost = ConfigurationManager.AppSettings["MAIL-HOST"].ToString();
mailport = int.Parse(ConfigurationManager.AppSettings["MAIL-PORT"].ToString());
mailssl = bool.Parse(ConfigurationManager.AppSettings["MAIL-SSL"].ToString());
mailuser = ConfigurationManager.AppSettings["MAIL-USER"].ToString();
mailpass = ConfigurationManager.AppSettings["MAIL-PASS"].ToString();
ipEnpoint = ConfigurationManager.AppSettings["IP-ENDPOINT"].ToString();
ip = get_external_ip(ipEnpoint);
}
catch { loadConfig = false; }
}
if (ip != "")
{
try
{
AmazonEC2Client ec2Client = null;
AWSCredentials credentials = new Amazon.Runtime.BasicAWSCredentials(key, secret);
ec2Client = new AmazonEC2Client(credentials, region);
IpRange ipRange = new IpRange
{
CidrIp = ip + "/32",
Description = "Rule created by aws-security-group-access-rule at " + DateTime.Now.ToString()
};
var ingressRequest = new AuthorizeSecurityGroupIngressRequest
{
GroupId = security_group
};
var listaPortas = serverports.Split(',');
foreach (var item in listaPortas)
{
var ipPermission = new IpPermission
{
IpProtocol = "tcp",
FromPort = Int16.Parse(item),
ToPort = Int16.Parse(item)
};
ipPermission.Ipv4Ranges.Add(ipRange);
ingressRequest.IpPermissions.Add(ipPermission);
}
var ingressResponse = ec2Client.AuthorizeSecurityGroupIngress(ingressRequest);
partialmsg += "[AWS Response :: " + ingressResponse.HttpStatusCode.ToString() + "]";
ret = ingressResponse.HttpStatusCode;
#region Debug Section
/*
* switch (ingressResponse.HttpStatusCode)
* {
* case HttpStatusCode.Continue: partialmsg += ""; break;
* case HttpStatusCode.SwitchingProtocols: partialmsg += ""; break;
* case HttpStatusCode.OK: partialmsg += ""; break;
* case HttpStatusCode.Created: partialmsg += ""; break;
* case HttpStatusCode.Accepted: partialmsg += ""; break;
* case HttpStatusCode.NonAuthoritativeInformation: partialmsg += ""; break;
* case HttpStatusCode.NoContent: partialmsg += ""; break;
* case HttpStatusCode.ResetContent: partialmsg += ""; break;
* case HttpStatusCode.PartialContent: partialmsg += ""; break;
* case HttpStatusCode.MultipleChoices: partialmsg += ""; break;
* case HttpStatusCode.MovedPermanently: partialmsg += ""; break;
* case HttpStatusCode.Found: partialmsg += ""; break;
* case HttpStatusCode.SeeOther: partialmsg += ""; break;
* case HttpStatusCode.NotModified: partialmsg += ""; break;
* case HttpStatusCode.UseProxy: partialmsg += ""; break;
* case HttpStatusCode.Unused: partialmsg += ""; break;
* case HttpStatusCode.TemporaryRedirect: partialmsg += ""; break;
* case HttpStatusCode.BadRequest: partialmsg += ""; break;
* case HttpStatusCode.Unauthorized: partialmsg += ""; break;
* case HttpStatusCode.PaymentRequired: partialmsg += ""; break;
* case HttpStatusCode.Forbidden: partialmsg += ""; break;
* case HttpStatusCode.NotFound: partialmsg += ""; break;
* case HttpStatusCode.MethodNotAllowed: partialmsg += ""; break;
* case HttpStatusCode.NotAcceptable: partialmsg += ""; break;
* case HttpStatusCode.ProxyAuthenticationRequired: partialmsg += ""; break;
* case HttpStatusCode.RequestTimeout: partialmsg += ""; break;
* case HttpStatusCode.Conflict: partialmsg += ""; break;
* case HttpStatusCode.Gone: partialmsg += ""; break;
* case HttpStatusCode.LengthRequired: partialmsg += ""; break;
* case HttpStatusCode.PreconditionFailed: partialmsg += ""; break;
* case HttpStatusCode.RequestEntityTooLarge: partialmsg += ""; break;
* case HttpStatusCode.RequestUriTooLong: partialmsg += ""; break;
* case HttpStatusCode.UnsupportedMediaType: partialmsg += ""; break;
* case HttpStatusCode.RequestedRangeNotSatisfiable: partialmsg += ""; break;
* case HttpStatusCode.ExpectationFailed: partialmsg += ""; break;
* case HttpStatusCode.UpgradeRequired: partialmsg += ""; break;
* case HttpStatusCode.InternalServerError: partialmsg += ""; break;
* case HttpStatusCode.NotImplemented: partialmsg += ""; break;
* case HttpStatusCode.BadGateway: partialmsg += ""; break;
* case HttpStatusCode.ServiceUnavailable: partialmsg += ""; break;
* case HttpStatusCode.GatewayTimeout: partialmsg += ""; break;
* case HttpStatusCode.HttpVersionNotSupported: partialmsg += ""; break;
* }
*/
#endregion
}
catch (AmazonEC2Exception ex)
{
ret = ex.StatusCode;
partialmsg += "[ERROR-CODE " + ex.ErrorCode + "] " + ex.Message + "<BR>";
}
finally
{
if (loadConfig)
{
sendEmail(mailhost, mailport, mailssl, mailuser, mailpass, fromMailer, toMailer,
"[aws-security-group-access-rule]" + ret.ToString(),
string.Format("Access granted to ports {1} by IP {0}",
ip, serverports)
);
}
}
}
void sendEmail(string hostname, int port, bool ssl, string user, string pass, MailAddress fromMail, MailAddress toMail, string subject, string message, bool ishtml = false)
{
MailMessage msg = new MailMessage
{
Subject = subject,
Body = message,
IsBodyHtml = ishtml,
Priority = MailPriority.High,
From = fromMail
};
msg.To.Add(toMail);
SmtpClient mailClient = new SmtpClient
{
Host = hostname,
Port = port,
UseDefaultCredentials = false,
Credentials = new NetworkCredential(user, pass),
EnableSsl = ssl
};
mailClient.Send(msg);
}
}
public async Task <IActionResult> Post(IpModel model)
{
if (model == null)
{
return(BadRequest(new { Success = false, Message = "Invalid model." }));
}
if (!Request.Headers.ContainsKey("Api-Secret"))
{
return(BadRequest(new { success = false, message = "Missing Secret header" }));
}
var values = Request.Headers["Api-Secret"];
var apiSecret = Environment.GetEnvironmentVariable("AWSHELPER_API_SECRET");
if (values.FirstOrDefault(x => x == apiSecret) == null)
{
return(Unauthorized(new { success = false, message = "Invalid secret header" }));
}
if (string.IsNullOrEmpty(model.Name) || string.IsNullOrWhiteSpace(model.Name))
{
return(BadRequest(new { Success = false, Message = "Invalid name" }));
}
var namePrefix = Environment.GetEnvironmentVariable("AWSHELPER_NAME_PREFIX");
var groupId = Environment.GetEnvironmentVariable("AWSHELPER_GROUP_ID");
var accessId = Environment.GetEnvironmentVariable("AWSHELPER_ACCESS_ID");
var accessSecret = Environment.GetEnvironmentVariable("AWSHELPER_ACCESS_SECRET");
var endpoint = RegionEndpoint.GetBySystemName(Environment.GetEnvironmentVariable("AWSHELPER_REGION"));
var client = new AmazonEC2Client(accessId, accessSecret, endpoint);
var req = new DescribeSecurityGroupsRequest();
req.GroupIds.Add(groupId);
var request = new UpdateSecurityGroupRuleDescriptionsIngressRequest
{
GroupId = groupId
};
try
{
var secGroupRequest = new DescribeSecurityGroupsRequest();
secGroupRequest.GroupIds.Add(groupId);
var get = await client.DescribeSecurityGroupsAsync(secGroupRequest);
var securityGroup = get.SecurityGroups.FirstOrDefault();
if (securityGroup == null)
{
return(BadRequest(new { Success = false, Message = "Security group not found." }));
}
var description = $"{namePrefix}{model.Name}";
var ipRangeListRemoved = new List <IpRange>();
var ipRangeListAdded = new List <IpRange>();
foreach (var permission in securityGroup.IpPermissions)
{
foreach (var ipRange in permission.Ipv4Ranges)
{
if (description.Equals(ipRange.Description) && permission.ToPort == model.Port)
{
ipRangeListRemoved.Add(ipRange);
}
}
permission.Ipv4Ranges.RemoveAll(x => ipRangeListRemoved.Contains(x));
}
if (ipRangeListRemoved.Any())
{
var revokeRequest = new RevokeSecurityGroupIngressRequest();
revokeRequest.GroupId = groupId;
revokeRequest.IpPermissions.Add(new IpPermission
{
FromPort = model.Port,
IpProtocol = model.Protocol,
ToPort = model.Port,
Ipv4Ranges = new List <IpRange>(ipRangeListRemoved)
});
await client.RevokeSecurityGroupIngressAsync(revokeRequest);
}
var authorizeRequest = new AuthorizeSecurityGroupIngressRequest();
authorizeRequest.GroupId = groupId;
var authorizeIpRange = new IpRange
{
CidrIp = $"{model.Ip}/32",
Description = description
};
authorizeRequest.IpPermissions.Add(new IpPermission
{
FromPort = model.Port,
IpProtocol = model.Protocol,
ToPort = model.Port,
Ipv4Ranges = new List <IpRange> {
authorizeIpRange
}
});
var authorizeResult = await client.AuthorizeSecurityGroupIngressAsync(authorizeRequest);
return(Ok(new
{
Success = true,
Message = "Action completed."
}));
}
catch (Exception ex)
{
return(BadRequest(new { Success = false, Message = ex.Message }));
}
}
public IpRangeTreeItemViewModel(CollectionPointTreeItemViewModel parent, IpRange dataModel)
{
Parent = parent;
DataModel = dataModel;
}
public void TryWhere(Operator op, ByteBlock value, ShortSet result, ExecutionDetails details)
{
// Convert the value to an IP Range. Error if not.
IpRange valueRange;
if (!IpRange.TryParse(value.ToString(), out valueRange))
{
details.AddError(ExecutionDetails.UnableToConvertType, value, this.Name, "IP Range");
return;
}
if (op == Operator.Matches)
{
// Matches finds rows which overlap the passed range.
// Get rows which *don't overlap* because the start address is after the range being searched for
this.StartAddressColumn.TryWhere(Operator.GreaterThan, valueRange.EndInclusive, result, details);
// Add rows which *don't overlap* because the end address is before the range being searched for
this.EndAddressColumn.TryWhere(Operator.LessThan, valueRange.StartInclusive, result, details);
// Negate to find the set which *do* overlap
result.Not();
}
else if (op == Operator.Equals || op == Operator.MatchesExact || op == Operator.NotEquals)
{
// Equals and MatchExact find rows which exactly equal the range being searched for
// Find rows with the wrong start
this.StartAddressColumn.TryWhere(Operator.NotEquals, valueRange.StartInclusive, result, details);
// Add rows the wrong end
this.EndAddressColumn.TryWhere(Operator.NotEquals, valueRange.EndInclusive, result, details);
// Negate to find the set which are equal (both start and end match)
if (op != Operator.NotEquals)
{
result.Not();
}
}
else if (op == Operator.LessThan)
{
// Find rows which end before the start of the search range
this.EndAddressColumn.TryWhere(Operator.LessThan, valueRange.StartInclusive, result, details);
}
else if (op == Operator.GreaterThan)
{
// Find rows start after the end of the search range
this.StartAddressColumn.TryWhere(Operator.GreaterThan, valueRange.EndInclusive, result, details);
}
else if (op == Operator.LessThanOrEqual)
{
// Find rows which end before the end of the search range
this.EndAddressColumn.TryWhere(Operator.LessThanOrEqual, valueRange.EndInclusive, result, details);
}
else if (op == Operator.GreaterThanOrEqual)
{
// Find rows which start after the start of the search range
this.StartAddressColumn.TryWhere(Operator.GreaterThanOrEqual, valueRange.StartInclusive, result, details);
}
else
{
details.AddError(ExecutionDetails.ColumnDoesNotSupportOperator, op, this.Name);
}
}
static void Main(string[] args)
{
Amazon.EC2.AmazonEC2Client ec2 = new Amazon.EC2.AmazonEC2Client(RegionEndpoint.APSoutheast2);
var securityGroups = ec2.DescribeSecurityGroupsAsync().Result.SecurityGroups;
foreach (var securityGroup in securityGroups)
{
var dict = securityGroup.IpPermissions.ToList();
var newDict = dict.ToList();
foreach (var rule in dict)
{
if (rule.Ipv4Ranges != null)
{
foreach (var ipv4rule in rule.Ipv4Ranges.ToList())
{
var rulesRegex = new Regex(@"\[(?:\[[^\[\]]*\]|[^\[\]])*\]", RegexOptions.None);
if (ipv4rule.Description == null)
{
continue;
}
var m = rulesRegex.Matches(ipv4rule.Description).ToList();
if (m == null)
{
continue;
}
foreach (Group g in m)
{
var extension = g.Value.Split(new[] { '[', ']' }, StringSplitOptions.RemoveEmptyEntries).ToDictionary(s => s.Split('=')[0], s => s.Split('=')[1]).FirstOrDefault();
if (extension.Key == "fqdn")
{
//get ip from DNS
var newIP = Dns.GetHostEntry(extension.Value).AddressList.FirstOrDefault().ToString() + "/32";
if (ipv4rule.CidrIp == newIP)
{
Console.WriteLine("Didn't update security group. Cidr Still matches");
}
else
{
IpPermission oldPermission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
oldPermission.Ipv4Ranges.Add(ipv4rule);
var oldlistofpermissions = new List <IpPermission>();
oldlistofpermissions.Add(oldPermission);
//revoke that one rule.
ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = oldlistofpermissions
}).Wait();
//add the new one.
IpPermission newPermission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
var newiprange = new IpRange();
newiprange.CidrIp = newIP;
newiprange.Description = ipv4rule.Description;
newPermission.Ipv4Ranges.Add(newiprange);
var newlistofpermissions = new List <IpPermission>();
newlistofpermissions.Add(newPermission);
//ipv4rule.CidrIp = Dns.GetHostEntry(extension.Value).AddressList.FirstOrDefault().ToString() + "/32";
ec2.AuthorizeSecurityGroupIngressAsync(new Amazon.EC2.Model.AuthorizeSecurityGroupIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = newlistofpermissions
}).Wait();
}
}
if (extension.Key == "expiry")
{
var isDate = DateTime.TryParse(extension.Value, out DateTime expiry);
if (!isDate)
{
var chronic = new Chronic.Parser();
expiry = chronic.Parse(extension.Value, new Chronic.Options {
EndianPrecedence = Chronic.EndianPrecedence.Little
}).ToTime();
ipv4rule.Description = ipv4rule.Description.Replace(g.Value, $"[expiry={expiry.ToString("yyyy-MM-dd HH:mm")}]");
IpPermission newPermission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
var newiprange = new IpRange();
newiprange.Description = ipv4rule.Description;
newiprange.CidrIp = ipv4rule.CidrIp;
newPermission.Ipv4Ranges.Add(newiprange);
var newlistofpermissions = new List <IpPermission>();
newlistofpermissions.Add(newPermission);
ec2.UpdateSecurityGroupRuleDescriptionsIngressAsync(new Amazon.EC2.Model.UpdateSecurityGroupRuleDescriptionsIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = newlistofpermissions
}).Wait();
//ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest { GroupId = securityGroup.GroupId, IpPermissions = listofpermissions }).Wait();
}
else
{
if (expiry < DateTime.Now)
{
IpPermission permission = new IpPermission
{
FromPort = rule.FromPort,
IpProtocol = rule.IpProtocol,
ToPort = rule.ToPort
};
permission.Ipv4Ranges.Add(ipv4rule);
var listofpermissions = new List <IpPermission>();
listofpermissions.Add(permission);
ec2.RevokeSecurityGroupIngressAsync(new Amazon.EC2.Model.RevokeSecurityGroupIngressRequest {
GroupId = securityGroup.GroupId, IpPermissions = listofpermissions
}).Wait();
//newDict.Where(x => x == rule).Where(y => y.Ipv4Ranges == rule.Ipv4Ranges).First().Ipv4Ranges.Add()
}
}
}
}
}
}
}
}
}
public async Task <ActionResult <Location> > Location(string ip)
{
IpRange ipRange = await _rangeRepository.GetAsync(ip);
return(Ok(await _locationRepository.GetAsync((int)ipRange.LocationIndex)));
}
// private static SSLTestArgs _testArgs = new SSLTestArgs(new List<string>());
static void Process(string[] args)
{
FullTest ft = new FullTest();
SSLTestArgs _testArgs = new SSLTestArgs(new List <string>());
for (int i = 0; i < args.Length; i++)
{
string a = args[i];
switch (a.ToLowerInvariant())
{
case "-h":
case "-help":
case "--help":
Usage();
break;
case "-v":
case "--verbose":
ft.Verbose = true;
break;
case "-sni":
case "--sni":
if (++i >= args.Length)
{
Usage();
}
ft.ExplicitSNI = args[i];
break;
case "-all":
case "--all-suites":
ft.AllSuites = true;
break;
case "-min":
case "--min-version":
if (++i >= args.Length)
{
Usage();
}
ft.MinVersion = ParseVersion(args[i]);
if (ft.MinVersion < M.SSLv20 ||
ft.MinVersion > M.TLSv12)
{
Usage();
}
break;
case "-max":
case "--max-version":
if (++i >= args.Length)
{
Usage();
}
ft.MaxVersion = ParseVersion(args[i]);
if (ft.MaxVersion < M.SSLv20 ||
ft.MaxVersion > M.TLSv12)
{
Usage();
}
break;
case "-certs":
case "--with-certificates":
_testArgs.WithCerts = true;
break;
case "-prox":
case "--proxy":
if (++i >= args.Length)
{
Usage();
}
_testArgs.ProxString = args[i];
break;
case "-proxssl":
case "--proxy-ssl":
ft.ProxSSL = true;
break;
case "-ec":
case "--with-ec-ext":
ft.AddECExt = true;
break;
case "-text":
case "--text-output":
if (++i >= args.Length)
{
Usage();
}
_testArgs.TextOut = args[i];
break;
case "-json":
case "--json-output":
if (++i >= args.Length)
{
Usage();
}
_testArgs.JsonOut = args[i];
break;
case "-ar":
case "--address-range":
_testArgs.MultiAddr = true;
break;
case "-ap":
case "--all-ports":
_testArgs.IterateOverAllSslPorts = true;
break;
default:
if (a.Length > 0 && a[0] == '-')
{
Usage();
}
_testArgs.R.Add(a);
break;
}
}
args = _testArgs.R.ToArray();
if (args.Length == 0 || args.Length > 2)
{
Usage();
}
string serverName = args[0];
int port = -1;
if (args.Length == 2)
{
try
{
port = Int32.Parse(args[1]);
}
catch (Exception)
{
Usage();
}
}
ReportAggregator aggregator = new ReportAggregator();
aggregator.SetSubnet(serverName);
if (!_testArgs.MultiAddr)
{
Report.UpdateReportAggregator(aggregator, Run(ft, serverName, port, _testArgs));
}
else
{
IpRange range = new IpRange(serverName);
IpRangeEnumerator enumerator = new IpRangeEnumerator();
SslPortEnumerator portEnumerator = new SslPortEnumerator();
Console.WriteLine("Starting test...");
Directory.CreateDirectory("raw_results");
foreach (var address in enumerator.GetIPRange(range))
{
RunTask(ft, address, 443, aggregator, _testArgs);
}
ZipFile.CreateFromDirectory("raw_results", "raw_results_" + serverName.Replace("/", "_") + ".zip");
Directory.Delete("raw_results", true);
}
aggregator.SaveCsv();
aggregator.SaveCerts();
}
