feat: support IPv6 network assets (#456)

* feat: ipv6 support * add rfc4193 addr range * use host addr
defenxor · Jan 30, 2023 · 5d83e2a · 5d83e2a
1 parent f74adbe
commit 5d83e2a
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 9 deletions.
diff --git a/internal/pkg/dsiem/asset/asset.go b/internal/pkg/dsiem/asset/asset.go
@@ -131,7 +131,7 @@ func Init(confDir string) error {
 	}
 
 	// total := len(assets.NetworkAssets)
-	_, allIPs, _ := net.ParseCIDR("0.0.0.0/0")
+	_, allIPs, _ := net.ParseCIDR("::/0")
 	r, _ := ranger.CoveredNetworks(*allIPs)
 	ttlAssets := len(r)
 	r, _ = whitelist.CoveredNetworks(*allIPs)
@@ -162,11 +162,11 @@ func GetName(ip string) string {
 	if err != nil || len(containingNetworks) == 0 {
 		return val
 	}
-	// return the one with /32
+	// return the one with /32 or /128
 	for i := range containingNetworks {
 		r := containingNetworks[i].(*assetEntry)
 		m := r.ipNet.Mask.String()
-		if m == "ffffffff" {
+		if m == "ffffffff" || m == "ffffffffffffffffffffffffffffffff" {
 			val = r.name
 			break
 		}
@@ -204,7 +204,7 @@ func GetAssetNetworks(ip string) []string {
 	for i := range containingNetworks {
 		r := containingNetworks[i].(*assetEntry)
 		m := r.ipNet.Mask.String()
-		if m != "ffffffff" {
+		if m != "ffffffff" && m != "ffffffffffffffffffffffffffffffff" {
 			s := r.ipNet.String()
 			val = str.AppendUniq(val, s)
 		}

diff --git a/internal/pkg/dsiem/asset/asset_test.go b/internal/pkg/dsiem/asset/asset_test.go
@@ -77,7 +77,7 @@ func TestAsset(t *testing.T) {
 		t.Error(err)
 	}
 	if GetName(privNet) == privNetName {
-		t.Errorf("Cannot find name for %s", privIP)
+		t.Errorf("Cannot find name for %s", privNet)
 	}
 	if GetName(privIP) != "firewall" {
 		t.Errorf("Cannot find name for %s", privIP)
@@ -98,4 +98,26 @@ func TestAsset(t *testing.T) {
 	if !reflect.DeepEqual(net, expected) {
 		t.Errorf("expected %v, obtained %v", expected, net)
 	}
+
+	privIP2 := "2002:c0a8:0001:0:0:0:0:1"
+	privNet2 := "2002:c0a8:1::/64"
+	privNetName2 := "2002:c0a8:1::/64-Net"
+	if ok, err := IsInHomeNet(privIP2); !ok {
+		t.Error(err)
+	}
+	if GetName(privNet2) == privNetName2 {
+		t.Errorf("Cannot find name for %s", privNet2)
+	}
+	if GetName(privIP2) != "firewall-ipv6" {
+		t.Errorf("Cannot find name for %s", privIP2)
+	}
+	if GetValue(privIP2) != 5 {
+		t.Errorf("Cannot get correct asset value for %s", privIP2)
+	}
+	net2 := GetAssetNetworks(privIP2)
+	expected2 := []string{"2002:c0a8:1::/64"}
+	if !reflect.DeepEqual(net2, expected2) {
+		t.Errorf("expected %v, obtained %v", expected2, net2)
+	}
+
 }
diff --git a/internal/pkg/dsiem/asset/fixtures/asset1/assets_testing.json b/internal/pkg/dsiem/asset/fixtures/asset1/assets_testing.json
@@ -30,6 +30,16 @@
       "name": "server",
       "cidr": "192.168.0.3/32",
       "value": 5
+    },
+    {
+      "name": "firewall-ipv6",
+      "cidr": "2002:c0a8:0001:0:0:0:0:1/128",
+      "value": 5
+    },
+    {
+      "name": "2002:c0a8:1::/64-Net",
+      "cidr": "2002:c0a8:1::/64",
+      "value": 2
     }
-  ]  
-}
+  ]
+}
diff --git a/internal/pkg/shared/ip/ip.go b/internal/pkg/shared/ip/ip.go
@@ -25,10 +25,12 @@ var privateIPBlocks []*net.IPNet
 
 func init() {
 	for _, cidr := range []string{
-		"127.0.0.0/8",    // IPv4 loopback
 		"10.0.0.0/8",     // RFC1918
 		"172.16.0.0/12",  // RFC1918
 		"192.168.0.0/16", // RFC1918
+		"fc00::/7",       // RFC4193
+		"127.0.0.0/8",    // IPv4 loopback
+		"169.254.0.0/16", // IPv4 link-local
 		"::1/128",        // IPv6 loopback
 		"fe80::/10",      // IPv6 link-local
 	} {
@@ -41,7 +43,7 @@ func init() {
 func IsPrivateIP(ip string) (bool, error) {
 	ipn := net.ParseIP(ip)
 	if ipn == nil {
-		return false, errors.New("Not a valid IP")
+		return false, errors.New("not a valid IP")
 	}
 	for _, block := range privateIPBlocks {
 		if block.Contains(ipn) {

diff --git a/internal/pkg/shared/ip/ip_test.go b/internal/pkg/shared/ip/ip_test.go
@@ -33,6 +33,8 @@ func TestIP(t *testing.T) {
 		{"172.16.0.1", true, false},
 		{"8.8.8.8", false, false},
 		{"not-an-ip", false, true},
+		{"fd12:3456:789a:1::1", true, false},
+		{"fb00:3456:789a:1::1", false, false},
 	}
 
 	for _, tt := range tbl {