Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FR] Add IPv6 Support to CidrMatch using ipaddress lib #80

Merged
merged 41 commits into from
Oct 31, 2023

Conversation

eric-forte-elastic
Copy link
Collaborator

@eric-forte-elastic eric-forte-elastic commented Oct 27, 2023

Summary

Relates https://github.com/elastic/ia-trade-team/issues/196

Alternative to #77 where the ipaddres library is used instead.

Testing

The majority of the testing can be performed via the new ipv6 labeled unit tests in test_python_engine.py and test_cidrmatch in test_functions.py. However, additional testing can be performed by calling the functions directly from a python script.

Example Python Script

from eql.functions import CidrMatch

# create a list of CIDR blocks to match against
cidr_blocks = ["192.168.0.0/24", "2001:db8::/32"]

# create an instance of the CidrMatch class
cidr_matcher = CidrMatch()


# call the run method with an IP address and the list of CIDR blocks
ip_address = "192.168.0.1"
result = cidr_matcher.run(ip_address, *cidr_blocks)

# print the result
print(result)  # True


# create a list of CIDR blocks to match against
cidr_blocks = ["2001:0db8:0000:0000:0000:0000:0000:0000/32", "fe80::/10"]

# create an instance of the CidrMatch class
cidr_matcher = CidrMatch()

# call the run method with an IPv6 address and the list of CIDR blocks
ipv6_address = "2001:0db8:0000:0000:0000:0000:0000:0001"
ipv6_address = "2001:db8::1"
ipv6_address = "fe80::1"
print(ipv6_address)
result = cidr_matcher.run(ipv6_address, *cidr_blocks)
print(result)

ipv6_address = CidrMatch.expand_ipv6_address(ipv6_address)
print(ipv6_address)
result = cidr_matcher.run(ipv6_address, *cidr_blocks)

# print the result
print(result)  # True

🔴 Important 🔴

The testing MUST be performed on both Python 3.7 and Python 2.7 as eql needs to be able to support both. Some editors such VSCode do not support debugging in Python 2.7 so one will have to run the unit tests via another method.

To install eql in a Python2 test environment you can follow the following steps (there are other ways to test too, but this can help get started)

  1. Build virtualenv: virtualenv --python=python2.7 test_two_venv
  2. Activate virtualenv: source /test_two_venv/bin/activate
  3. Install setuptools (as Makefile does as well) pip install setuptools -U
  4. [Optional] if you have a py3 pypirc, you may need to move it temporarily e.g. mv /home/forteea1/.pypirc ~/pypirc
  5. Install new eql version (check that it says 0.9.19) python setup.py install
  6. Run your test script (example above) python test.py

@eric-forte-elastic eric-forte-elastic self-assigned this Oct 27, 2023
@eric-forte-elastic eric-forte-elastic marked this pull request as ready for review October 30, 2023 14:38
@eric-forte-elastic eric-forte-elastic linked an issue Oct 30, 2023 that may be closed by this pull request
eql/utils.py Outdated Show resolved Hide resolved
eql/functions.py Outdated Show resolved Hide resolved
eql/functions.py Outdated Show resolved Hide resolved
Copy link
Contributor

@Mikaayenson Mikaayenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few small nits, but LGTM.

eql/utils.py Outdated Show resolved Hide resolved
eql/utils.py Outdated Show resolved Hide resolved
eql/functions.py Outdated Show resolved Hide resolved
Copy link
Contributor

@brokensound77 brokensound77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments otherwise, LGTM 👍

@eric-forte-elastic eric-forte-elastic merged commit 9b4f682 into master Oct 31, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[FR] Add IPv6 Support to CidrMatch
4 participants