in aristotle/aristotle.py [0:0]
def _reduce_ipval_helper(self, vals, global_negate=False):
""" Take in list of IPVAR values and reduce to 'any', '$HOME_NET",
'$EXTERNAL_NET", or 'UNKNOWN'.
Assumption: no overlap in HOME_NET and EXTERNAL_NET vars.
:param vals: list of IPVAR values
:type vals: list, required
:param global_negate: invert response
:type global_negate: bool, optional
"""
home_net_vars = ["$HOME_NET", "$DNS_SERVERS", "$HTTP_SERVERS", "$SMTP_SERVERS", "$SQL_SERVERS",
"$TELNET_SERVERS", "$FTP_SERVERS", "$DNP3_CLIENT", "$DNP3_SERVER", "$ICCP_CLIENT",
"$ICCP_SERVER", "$ENIP_CLIENT", "$ENIP_SERVER", "$MODBUS_CLIENT", "$MODBUS_SERVER"]
external_net_vars = ["$EXTERNAL_NET", "$RFC1918", "$GOTOMYPC", "$AIM_SERVERS"]
# add CG-NAT (100.64.0.0/10)?
known_localnet_ips = ["10.0.0.0/8", "192.168.0.0/24", "172.16.0.0/12", "127.0.0.0/8", "255.255.255.255"]
unknown = "UNDETERMINED"
rfc1918_found = False
if 'any' in vals:
return 'any'
for v in vals:
negated = global_negate
if v[0] == '!':
negated = not global_negate
v = v[1:]
# Assume variable ending in "_SERVERS" is HOME_NET unless already listed as in EXTERNAL_NET
if v not in external_net_vars and v not in home_net_vars and v.endswith("_NET"):
home_net_vars.append(v)
if not negated:
if v in home_net_vars:
return "$HOME_NET"
if v in external_net_vars:
return "$EXTERNAL_NET"
else:
if v in home_net_vars:
return "$EXTERNAL_NET"
if v in external_net_vars:
return "$HOME_NET"
if v.startswith('$'):
print_error("Unclassified variable found in _reduce_ipval_helper(): '{}'".format(v))
return unknown
# this *should* be an IP or CIDR block
if v in known_localnet_ips and not negated:
rfc1918_found = True
# at this point we *should* be left with a list of IPs. Assume these are EXTERNAL_NET,
# even if negated, unless explicit RFC1918 has been seen.
if rfc1918_found:
return "$HOME_NET"
else:
return "$EXTERNAL_NET"
# never reached
return unknown