mirror of https://github.com/MISP/MISP
chg: [validation] Remove CIDR from /32 IPv4 and /128 IPv6 to normalize values
parent
71e78e6eb3
commit
bf51c9ebde
|
@ -41,7 +41,7 @@ class AttributeValidationTool
|
|||
switch ($type) {
|
||||
case 'ip-src':
|
||||
case 'ip-dst':
|
||||
return self::compressIpv6($value);
|
||||
return self::normalizeIp($value);
|
||||
case 'md5':
|
||||
case 'sha1':
|
||||
case 'sha224':
|
||||
|
@ -98,7 +98,7 @@ class AttributeValidationTool
|
|||
$parts[0] = $punyCode;
|
||||
}
|
||||
}
|
||||
$parts[1] = self::compressIpv6($parts[1]);
|
||||
$parts[1] = self::normalizeIp($parts[1]);
|
||||
return "$parts[0]|$parts[1]";
|
||||
case 'filename|md5':
|
||||
case 'filename|sha1':
|
||||
|
@ -175,7 +175,7 @@ class AttributeValidationTool
|
|||
} else {
|
||||
return $value;
|
||||
}
|
||||
return self::compressIpv6($parts[0]) . '|' . $parts[1];
|
||||
return self::normalizeIp($parts[0]) . '|' . $parts[1];
|
||||
case 'mac-address':
|
||||
case 'mac-eui-64':
|
||||
$value = str_replace(array('.', ':', '-', ' '), '', strtolower($value));
|
||||
|
@ -700,11 +700,30 @@ class AttributeValidationTool
|
|||
* @param string $value
|
||||
* @return string
|
||||
*/
|
||||
private static function compressIpv6($value)
|
||||
private static function normalizeIp($value)
|
||||
{
|
||||
// If IP is a CIDR
|
||||
if (strpos($value, '/')) {
|
||||
list($ip, $range) = explode('/', $value, 2);
|
||||
|
||||
// Compress IPv6
|
||||
if (strpos($ip, ':') && $converted = inet_pton($ip)) {
|
||||
$ip = inet_ntop($converted);
|
||||
}
|
||||
|
||||
// If IP is in CIDR format, but the network is 32 for IPv4 or 128 for IPv6, normalize to non CIDR type
|
||||
if (($range === '32' && strpos($value, '.')) || ($range === '128' && strpos($value, ':'))) {
|
||||
return $ip;
|
||||
}
|
||||
|
||||
return "$ip/$range";
|
||||
}
|
||||
|
||||
// Compress IPv6
|
||||
if (strpos($value, ':') && $converted = inet_pton($value)) {
|
||||
return inet_ntop($converted);
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
|
|
|
@ -124,6 +124,16 @@ class AttributeValidationToolTest extends TestCase
|
|||
]);
|
||||
}
|
||||
|
||||
public function testRemoveCidrFromIp(): void
|
||||
{
|
||||
$this->assertEquals('127.0.0.1', AttributeValidationTool::modifyBeforeValidation('ip-src', '127.0.0.1/32'));
|
||||
$this->assertEquals('127.0.0.1/31', AttributeValidationTool::modifyBeforeValidation('ip-src', '127.0.0.1/31'));
|
||||
$this->assertEquals('example.com|1234:fd2:5621:1:89::4500', AttributeValidationTool::modifyBeforeValidation('domain|ip', 'example.com|1234:0fd2:5621:0001:0089:0000:0000:4500/128'));
|
||||
$this->assertEquals('1234:fd2:5621:1:89::4500|80', AttributeValidationTool::modifyBeforeValidation('ip-src|port', '1234:0fd2:5621:0001:0089:0000:0000:4500/128|80'));
|
||||
$this->assertEquals('1234:fd2:5621:1:89::4500/127|80', AttributeValidationTool::modifyBeforeValidation('ip-src|port', '1234:0fd2:5621:0001:0089:0000:0000:4500/127|80'));
|
||||
$this->assertEquals('127.0.0.1', AttributeValidationTool::modifyBeforeValidation('ip-src', '127.0.0.1'));
|
||||
}
|
||||
|
||||
public function testCompressIpv6(): void
|
||||
{
|
||||
$this->assertEquals('1234:fd2:5621:1:89::4500', AttributeValidationTool::modifyBeforeValidation('ip-src', '1234:0fd2:5621:0001:0089:0000:0000:4500'));
|
||||
|
|
Loading…
Reference in New Issue