Exemplo n.º 1
0
        public void OnNext(RawWhoisSection section)
        {
            if (section.Records != null)
            {
                StringBuilder rawNetwork;

                this.outFile.Write(section);
                this.outFile.WriteLine();
                this.outFile.Flush();

                if (section.Records.TryGetValue("IP-Network", out rawNetwork))
                {
                    IPAddressRange parsedRange;

                    if (IPAddressRange.TryParse(rawNetwork.ToString(), out parsedRange))
                    {
                        logger.Debug(string.Format(CultureInfo.InvariantCulture, "Received records for: {0}", parsedRange));
                    }
                    else
                    {
                        logger.Debug(string.Format(CultureInfo.InvariantCulture, "Received records for: {0} (error parsing range!)", rawNetwork));
                    }
                }
                else
                {
                    logger.Debug(string.Format(CultureInfo.InvariantCulture, "Received non IP range section type: {0}", section.Type));
                }
            }
            else
            {
                logger.Error("Received an item without records");
            }
        }
Exemplo n.º 2
0
        public IEnumerable <IPAddressRange> EnumerateIPAddresses(string ruleNamePrefix = null)
        {
            string prefix = RulePrefix + (ruleNamePrefix ?? string.Empty);

            foreach (INetFwRule rule in EnumerateRulesMatchingPrefix(prefix))
            {
                int    commaPos = 0;
                string ipList   = rule.RemoteAddresses;
                if (!string.IsNullOrWhiteSpace(ipList) && ipList != "*")
                {
                    for (int i = 0; i < ipList.Length;)
                    {
                        commaPos = ipList.IndexOf(',', commaPos);
                        if (commaPos >= 0)
                        {
                            if (IPAddressRange.TryParse(ipList.Substring(i, commaPos - i), out IPAddressRange range))
                            {
                                yield return(range);
                            }
                            i = ++commaPos;
                        }
                        else
                        {
                            if (IPAddressRange.TryParse(ipList.Substring(i), out IPAddressRange range))
                            {
                                yield return(range);
                            }
                            break;
                        }
                    }
                }
            }
        }
Exemplo n.º 3
0
    /// <summary>
    ///     Add cloudflare forward header options
    /// </summary>
    /// <param name="builder">Application builder</param>
    public static void UseCloudflareForwardHeaderOptions(this IApplicationBuilder builder)
    {
        ForwardedHeadersOptions options = new()
        {
            ForwardedForHeaderName = CloudflareConnectingIpHeaderName,
            ForwardedHeaders       = ForwardedHeaders.All
        };

        try
        {
            var urls = builder.ServerFeatures.Get <IServerAddressesFeature>()?.Addresses;
            if (urls != null && urls.Count != 0)
            {
                foreach (var line in GetCloudflareIp())
                {
                    if (IPAddressRange.TryParse(line, out var range))
                    {
                        options.KnownNetworks.Add(new IPNetwork(range.Begin, range.GetPrefixLength()));
                    }
                }
            }
        }
        catch
        {
            //oh no something went wrong
        }

        builder.UseForwardedHeaders(options);
    }
}
        public void TryParse_CIDR_OutOfRange()
        {
            var ipadr = default(IPAddressRange);

            IPAddressRange.TryParse("192.168.0.10/48", out ipadr).Is(false);
            ipadr.IsNull();
        }
    private bool IpIsAllowed(IPAddress ip)
    {
        if (!_parsedProxyIpsInitialized)
        {
            var safeProxyIps = _settings.Web?.SafeProxyIps?.Split(",", StringSplitOptions.TrimEntries) ??
                               Array.Empty <string>();
            foreach (var proxyIp in safeProxyIps)
            {
                if (proxyIp.Contains("/"))
                {
                    // Input is probably a CIDR, so parse it to a range.
                    if (IPAddressRange.TryParse(proxyIp, out var range))
                    {
                        _parsedProxyIps.AddRange(range);
                    }
                }
                else if (IPAddress.TryParse(proxyIp, out var parsedIp))
                {
                    _parsedProxyIps.Add(parsedIp);
                }
                else
                {
                    _logger.LogWarning($"Could not parse IP '{proxyIp}'.");
                }
            }

            _parsedProxyIpsInitialized = true;
        }

        return(IPAddress.IsLoopback(ip) || ip.Equals(NginxProxyIp) || _parsedProxyIps.Contains(ip));
    }
Exemplo n.º 6
0
        public IEnumerable <IPAddressRange> EnumerateIPAddresses(string ruleNamePrefix = null)
        {
            string prefix = RulePrefix + (ruleNamePrefix ?? string.Empty);

            string[] pieces;

            foreach (string setFile in Directory.GetFiles(AppDomain.CurrentDomain.BaseDirectory, "*.set"))
            {
                if (Path.GetFileName(setFile).StartsWith(prefix))
                {
                    foreach (string line in File.ReadLines(setFile).Skip(1).Where(l => l.StartsWith("add ")))
                    {
                        // example line: add setname ipaddress -exist
                        pieces = line.Split(' ');
                        if (IPAddressRange.TryParse(pieces[2], out IPAddressRange range))
                        {
                            yield return(range);
                        }
                    }
                }
            }

            foreach (IPAddressRange range in firewall6.EnumerateIPAddresses(ruleNamePrefix))
            {
                yield return(range);
            }
        }
Exemplo n.º 7
0
        public string ToDebugString()
        {
            var ret = new StringBuilder();

            if (this.Records != null && this.Records.Count > 0)
            {
                foreach (var entry in this.Records)
                {
                    if (entry.Key == "IP-Network" && entry.Value != null)
                    {
                        IPAddressRange range;

                        if (IPAddressRange.TryParse(entry.Value.ToString(), out range))
                        {
                            ret.AppendFormat("{0}: {1} ({2} - {3})\r\n", entry.Key, entry.Value.ToString(), range.Begin, range.End);
                        }
                        else
                        {
                            ret.AppendFormat("{0}: {1} (could not parse range!)\r\n", entry.Key, entry.Value.ToString());
                        }
                    }
                    else
                    {
                        ret.AppendFormat("{0}: {1}\r\n", entry.Key, entry.Value.ToString());
                    }
                }
            }

            return(ret.ToString());
        }
        public void TryParse_IPV4_Cipdr_Max()
        {
            IPAddressRange temp;
            var            result = IPAddressRange.TryParse("219.165.64.73/32", out temp);

            result.Is(true);
            temp.IsNotNull();
        }
        public void TryParse_Empty_String()
        {
            IPAddressRange temp;
            var            result = IPAddressRange.TryParse("", out temp);

            result.Is(false);
            temp.IsNull();
        }
        public void TryParse_InValid_String()
        {
            IPAddressRange temp;
            var            result = IPAddressRange.TryParse("fdfv", out temp);

            result.Is(false);
            temp.IsNull();
        }
        public void TryParse_IPV6()
        {
            IPAddressRange temp;
            var            result = IPAddressRange.TryParse("fe80::d503:4ee:3882:c586", out temp);

            result.Is(true);
            temp.IsNotNull();
        }
        public void TryParse_IPV4()
        {
            IPAddressRange temp;
            var            result = IPAddressRange.TryParse("192.168.60.13", out temp);

            result.Is(true);
            temp.IsNotNull();
        }
        public void TryParse_IPV4_Cipdr_BitMask()
        {
            IPAddressRange temp;
            var            result = IPAddressRange.TryParse("192.168.1.0/255.255.255.0", out temp);

            result.Is(true);
            temp.IsNotNull();
        }
Exemplo n.º 14
0
        private async void BtnStart_Click(object sender, EventArgs e)
        {
            try
            {
                logger.Info("Scan starting");

                var beginIpAddress = TxtIPRangeBegin.Text.Replace(",", ".").Replace(" ", "");
                var endIpAddress   = TxtIPRangeEnd.Text.Replace(",", ".").Replace(" ", "");

                if (!IPAddressRange.TryParse(string.Format("{0}-{1}", beginIpAddress, endIpAddress), out IPAddressRange ipAddressRange))
                {
                    MessageBox.Show("IP Range not valid!", "Input Validation Error", MessageBoxButtons.OK, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly);

                    logger.Info("IP Range validation failed. Scan aborted");

                    return;
                }

                BtnStart.Enabled = false;

                logger.Info("Scan initializing");
                LblStatusText.Text = "Scan Initializing";

                ScanResultItems           = new List <ScanResultItem>();
                DgwScanResults.DataSource = typeof(ScanResultItem);
                DgwScanResults.DataSource = ScanResultItems;

                Scanner = new Scanner(TbParallelTaskCount.Value);

                Scanner.OnStarted            += Scanner_OnStarted;
                Scanner.OnCanceling          += Scanner_OnCanceling;
                Scanner.OnCanceled           += Scanner_OnCanceled;
                Scanner.OnFinished           += Scanner_OnFinished;
                Scanner.OnPortCheckCompleted += Scanner_OnPortCheckCompleted;

                logger.Info("Scan queue populating");

                await Scanner.AddQueueAsync(ipAddressRange.AsEnumerable());

                logger.Info("Scan start requesting");

                await Scanner.StartAsync();
            }
            catch (AggregateException)
            {
                BtnStart.Enabled = true;
                BtnStop.Enabled  = false;
            }
            catch (OperationCanceledException)
            {
                BtnStart.Enabled = true;
                BtnStop.Enabled  = false;
            }
            catch (Exception ex)
            {
                logger.Error(ex);
            }
        }
Exemplo n.º 15
0
        private IPAddressRange GetIpAddressRange(string ipAddress)
        {
            if (ipAddress.Equals(IPAddress.IPv6Loopback.ToString()))
            {
                return(new IPAddressRange(IPAddress.Loopback));
            }

            return(IPAddressRange.TryParse(ipAddress, out IPAddressRange range)
                ? range
                : null);
        }
Exemplo n.º 16
0
        public override Task <bool> AllowIPAddresses(string ruleNamePrefix, IEnumerable <IPAddressRange> ipAddresses, IEnumerable <PortRange> allowedPorts = null, CancellationToken cancelToken = default)
        {
            IEnumerable <IPAddressRange> ipv4 = ipAddresses.Where(i => IPAddressRange.TryParse(i, out IPAddressRange obj) && obj.Begin.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork);
            IEnumerable <IPAddressRange> ipv6 = ipAddresses.Where(i => IPAddressRange.TryParse(i, out IPAddressRange obj) && obj.Begin.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6);
            bool result = base.AllowIPAddresses(ruleNamePrefix, ipv4, allowedPorts, cancelToken).Sync();

            if (result)
            {
                result = firewall6.AllowIPAddresses(ruleNamePrefix, ipv6, allowedPorts, cancelToken).Sync();
            }
            return(Task.FromResult(result));
        }
Exemplo n.º 17
0
        private void PopulateList(HashSet <string> set, List <IPAddressRange> ranges, ref Regex regex, string setValue, string regexValue)
        {
            setValue   = (setValue ?? string.Empty).Trim();
            regexValue = (regexValue ?? string.Empty).Replace("*", @"[0-9A-Fa-f:]+?").Trim();
            set.Clear();
            regex = null;

            if (!string.IsNullOrWhiteSpace(setValue))
            {
                foreach (string v in setValue.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
                {
                    string ipOrDns = v.Trim();
                    if (ipOrDns != "0.0.0.0" && ipOrDns != "::0" && ipOrDns != "127.0.0.1" && ipOrDns != "::1")
                    {
                        try
                        {
                            if (IPAddressRange.TryParse(ipOrDns, out IPAddressRange range))
                            {
                                if (range.Begin.Equals(range.End))
                                {
                                    set.Add(ipOrDns);
                                }
                                else if (!ranges.Contains(range))
                                {
                                    ranges.Add(range);
                                }
                            }
                            else if (dns != null)
                            {
                                IPAddress[] addresses = dns.GetHostEntryAsync(ipOrDns).Sync().AddressList;
                                if (addresses != null)
                                {
                                    foreach (IPAddress adr in addresses)
                                    {
                                        set.Add(adr.ToString());
                                    }
                                }
                            }
                        }
                        catch (System.Net.Sockets.SocketException)
                        {
                            // ignore, dns lookup fails
                        }
                    }
                }
            }

            if (!string.IsNullOrWhiteSpace(regexValue))
            {
                regex = ParseRegex(regexValue);
            }
        }
Exemplo n.º 18
0
        public void TryParse_Fail()
        {
            //arrange
            string         addresses = "127.168.0.1-127.168.3.5.46";
            IPAddressRange actualRange;

            //action
            bool actula = IPAddressRange.TryParse(addresses, out actualRange);

            //assert
            Assert.IsFalse(actula);
            Assert.IsNull(actualRange);
        }
Exemplo n.º 19
0
        public void TryParse_Success()
        {
            //arrange
            string         addresses = "127.168.0.1-127.168.3.5";
            IPAddressRange actualRange;

            //action
            bool actula = IPAddressRange.TryParse(addresses, out actualRange);

            //assert
            Assert.IsTrue(actula);
            Assert.IsNotNull(actualRange);
        }
Exemplo n.º 20
0
        public void TryParse(string input, bool expectedReturn)
        {
            Console.WriteLine("TestCase: \"{0}\", Expected: {1}", input, expectedReturn);
            var result = IPAddressRange.TryParse(input, out IPAddressRange temp);

            result.Is(expectedReturn);
            if (expectedReturn)
            {
                temp.IsNot(null);
            }
            else
            {
                temp.Is(null);
            }
        }
Exemplo n.º 21
0
 /// <summary>
 /// Get a firewall ip address, clean and normalize
 /// </summary>
 /// <param name="ipAddress">IP Address</param>
 /// <param name="normalizedIP">The normalized ip ready to go in the firewall or null if invalid ip address</param>
 /// <returns>True if ip address can go in the firewall, false otherwise</returns>
 public static bool TryGetFirewallIPAddress(this string ipAddress, out string normalizedIP)
 {
     normalizedIP = ipAddress?.Trim();
     if (string.IsNullOrWhiteSpace(normalizedIP) ||
         normalizedIP == "0.0.0.0" ||
         normalizedIP == "127.0.0.1" ||
         normalizedIP == "::0" ||
         normalizedIP == "::1" ||
         !IPAddressRange.TryParse(normalizedIP, out _))
     {
         normalizedIP = null;
         return(false);
     }
     return(true);
 }
        public void TryParse_IPV4_Cipdr_Begin_To_End()
        {
            IPAddressRange temp;
            var            result = IPAddressRange.TryParse("192.168.60.26-192.168.60.37", out temp);

            result.Is(true);
            temp.IsNotNull();

            IPAddressRange temp2;
            var            result2 = IPAddressRange.TryParse("192.168.60.26–192.168.60.37", out temp2);

            result2.Is(true);
            temp2.IsNotNull();
            temp2.Begin.ToString().Is("192.168.60.26");
            temp2.End.ToString().Is("192.168.60.37");
        }
Exemplo n.º 23
0
        private IPAddressRange ExtractRangeFromRecord(RawWhoisSection section, string fieldName)
        {
            StringBuilder rawSectionRange;

            if (section.Records != null && section.Records.TryGetValue(fieldName, out rawSectionRange))
            {
                IPAddressRange sectionIPRange;

                if (IPAddressRange.TryParse(rawSectionRange.ToString(), out sectionIPRange))
                {
                    return(sectionIPRange);
                }
            }

            return(null);
        }
        /// <summary>
        /// Helper method to check, if address is explicitly white listed or
        /// not implicitly black listed.
        /// </summary>
        /// <param name="remoteAddress">The remote address.</param>
        /// <returns></returns>
        protected virtual bool IsAcceptableAddress(string remoteAddress)
        {
            IPAddressRange address;

            if (!IPAddressRange.TryParse(remoteAddress, out address))
            {
                return(false);
            }

            var isAcceptable = WhiteListed?.Contains(address);

            if (!(isAcceptable ?? false))
            {
                isAcceptable = !BlackListed?.Contains(address);
            }

            return(isAcceptable ?? true);
        }
 public void TryParse()
 {
     TestContext.Run((string input, bool expectedReturn) =>
     {
         Console.WriteLine("TestCase: \"{0}\", Expected: {1}", input, expectedReturn);
         IPAddressRange temp;
         var result = IPAddressRange.TryParse(input, out temp);
         result.Is(expectedReturn);
         if (expectedReturn)
         {
             temp.IsNotNull();
         }
         else
         {
             temp.IsNull();
         }
     });
 }
Exemplo n.º 26
0
        public IEnumerable <IPAddressRange> EnumerateIPAddresses(string ruleNamePrefix = null)
        {
            string prefix = (string.IsNullOrWhiteSpace(ruleNamePrefix) ? RulePrefix : RulePrefix + ruleNamePrefix);

            foreach (INetFwRule rule in EnumerateRulesMatchingPrefix(prefix))
            {
                string ipList = rule.RemoteAddresses;
                if (!string.IsNullOrWhiteSpace(ipList) && ipList != "*")
                {
                    string[] ips = ipList.Split(',');
                    foreach (string ip in ips)
                    {
                        if (IPAddressRange.TryParse(ip, out IPAddressRange range))
                        {
                            yield return(range);
                        }
                        // else // should never happen
                    }
                }
            }
        }
Exemplo n.º 27
0
        /// <summary>
        /// States whether a specific ip address is valid within the rules of client access control
        /// </summary>
        /// <param name="rule"></param>
        /// <param name="ipAddress"></param>
        /// <returns></returns>
        public bool IsValid(IpAccessControl rule, string ipAddress)
        {
            IPAddressRange clientRange;

            if (ipAddress.Equals(IPAddress.IPv6Loopback.ToString()))
            {
                clientRange = new IPAddressRange(IPAddress.Loopback);
            }
            else if (!IPAddressRange.TryParse(ipAddress, out clientRange))
            {
                return(false);
            }

            var ip6 = clientRange.Begin.MapToIPv6();

            if (rule.Exceptions.Where(x => x.Range != null).Any(exception => exception.Range.Contains(ip6)))
            {
                return(rule.AccessType != IpAccessControl.AccessTypes.AllowAll);
            }
            return(rule.AccessType == IpAccessControl.AccessTypes.AllowAll);
        }
Exemplo n.º 28
0
        /// <summary>
        /// Return a list of ranges that contain invalid ranges
        /// </summary>
        /// <returns>List of errored ranges</returns>
        public IEnumerable <string> InitIpAccessControl(IpAccessControl rule)
        {
            var errors = new List <string>();

            foreach (var exception in rule.Exceptions)
            {
                var ipAddressRange = exception.IpAddressType == IpAccessControl.IpAddressType.Single
                    ? exception.FromIpAddress
                    : $"{exception.FromIpAddress}-{exception.ToIpAddress}";


                if (!IPAddressRange.TryParse(ipAddressRange, out var range))
                {
                    errors.Add(ipAddressRange);
                }
                range.Begin     = range.Begin.MapToIPv6();
                range.End       = range.End.MapToIPv6();
                exception.Range = range;
            }
            return(errors);
        }
Exemplo n.º 29
0
        public static NormalizedNetwork TryParseFromSection(RawWhoisSection section)
        {
            if (networkTypes.Contains(section.Type))
            {
                var network = new NormalizedNetwork()
                {
                    Location = NormalizedLocation.TryParseFromSection(section),
                    AuthArea = NormalizationUtils.FindFirstMatchingFieldValueInRecords(section, authAreaFields),
                    OriginAS = NormalizationUtils.FindFirstMatchingFieldValueInRecords(section, originASFields),
                    Status   = NormalizationUtils.FindFirstMatchingFieldValueInRecords(section, statusFields)
                };

                var candidateRanges = NormalizationUtils.FindAllMatchingFieldValuesInRecords(section, ipRangeFields);

                if (candidateRanges != null)
                {
                    IPAddressRange range = null;

                    foreach (var candidateRange in candidateRanges)
                    {
                        if (IPAddressRange.TryParse(candidateRange, out range))
                        {
                            break;
                        }
                    }

                    network.IPRange = range;
                }
                else
                {
                    // TODO: Some networks do not have an explicit IP range but maybe we can get it from the Auth Area or from the ID?
                }

                NormalizationUtils.ExtractCommonRecordMetadata(section, section.Id, nameFields, network);

                return(network);
            }

            return(null);
        }
        private bool Bypassed()
        {
            var ip = GetIPAddress();

            if (ip == null)
            {
                return(false);
            }

            string ipRangeBypassSetting = ConfigurationManager.AppSettings["BasicAuthentication.IpRangeBypassList"];

            if (string.IsNullOrEmpty(ipRangeBypassSetting))
            {
                return(false);
            }

            IEnumerable <IPAddressRange> ipRanges = ipRangeBypassSetting.Split('|', ';')
                                                    .Select(n => IPAddressRange.TryParse(n, out var ipRange) ? ipRange : null)
                                                    .Where(n => n != null);

            return(ipRanges.Any(n => n.Contains(ip)));
        }