in aristotle/aristotle.py [0:0]
def reduce_ipval(self, ipval):
""" Take an "IP" value (raw IP, list, ipvar) and reduce it to one of the following:
- any
- $HOME_NET
- $EXTERNAL_NET
- UNDETERMINED
Assumptions:
- ipval doesn't contain any nested lists
- (could recurse on nested lists but once we start reducing, we loose accuraccy pretty fast.)
- (most 3rd party rulesets should rarely, if ever, need to include rules that require nested IPs/ranges.)
:param ipval: IP part of a rule, e.g. $HOME_NET, 10.0.0.0/8, [192.168.1.0/24,192.168.2.0/24], etc.
:type ipval: string, required
:returns: 'any', '$HOME_NET', '$EXTERNAL_NET', or 'UNDETERMINED'
:rtype: string
"""
global ipval_cache
unknown = "UNDETERMINED"
return_values = ["any", "$HOME_NET", "$EXTERNAL_NET", "UNDETERMINED"]
if ipval in return_values:
return ipval
if len(ipval) < 2:
print_error("Bad IPVAR found: {}".format(ipval))
return unknown
# check cache. Testing shows using a cache doesn't speed things up....
cached_val = ipval_cache.get(ipval)
if cached_val:
return ipval_cache[ipval]
original_val = ipval
negated = False
if ipval[0] == '!':
negated = True
ipval = ipval[1:]
if ipval[0] == '[':
ipval = ipval[1:-1]
brackets = [c for c in ipval if c == '[']
if len(brackets) > 0:
print_error("Double nested ipval found: {}. Cannot reduce".format(original_val))
return unknown
ipval_list = [v.strip() for v in ipval.split(',')]
reduced_ipval = self._reduce_ipval_helper(ipval_list, global_negate=negated)
# print_debug(" Original: {}\nProcessed: {}\n Reduced: {}\n".format(original_val, ipval, reduced_ipval))
ipval_cache[original_val] = reduced_ipval
return reduced_ipval