<3414ddlZddlZddlmZmZddlmZmZddlm Z m Z ddl m Z m Z ddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddl m!Z!m"Z"ddl#m$Z$m%Z&ddl'm(Z(m)Z)m*Z*ddl+m,Z,dZ-dZ.GddeZ/Gdde/Z0Gdde0Z1GddeZ2Gdde/Z3Gd d!e/Z4Gd"d#e/Z5d$Z6Gd%d&Z7dS)'N)ABCMetaabstractclassmethod)partialwraps) IPv4Network IPv6Network)ListUnion)g)instance)run_in_executor) Protector)BlockUnblockList) MessageType)geo) IPSetCountry)IPSet)IPSetIgnoredByPort IPSetPort) CountryListCountry) BlockedPort IgnoredByPortIPList)pack_ip_networkcfd}|S)NcjK|g|Ri|d{V\}}|||d{VSN)_postprocess_records)selfargskwargsaffected not_affctedfuncs B/opt/imunify360/venv/lib/python3.11/site-packages/im360/api/ips.pywrapperz$postprocess_records..wrapperse&*d4&A$&A&A&A&&A&A A A A A A A+..xEEEEEEEEE)r%r's` r&postprocess_recordsr*s(FFFFF Nr(c<tfd}|S)NcKtj4d{V|i|d{Vcdddd{VS#1d{VswxYwYdSr)rRULE_EDIT_LOCK)r!r"coros r&r'z$with_rule_edit_lock..wrapper s+ / / / / / / / /t.v........ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /s7 AA)r)r.r's` r&with_rule_edit_lockr/s3 4[[////[/ Nr(cXeZdZdZeedZeedZeedZee dZ ee dZ edZ ee dZee d Zee d ZdS) APINcdSrr))clsr!kwawrgss r&_create_recordzAPI._create_record+  r(cdSrr)r3r!r"s r&_delete_recordzAPI._delete_record0r6r(c KdSrr)r8s r&_editz API._edit5s  r(cKttjfdd{V\}}|r)js Jdjjid{V|S)NcjiSr)r5r!r3r"sr&zAPI._add..?&C&777r(&IPSet instance is missing for this API)r asyncioget_event_loopipsetblock)r3r!r"_createds``` r&_addzAPI._add:s+  " $ $ 7 7 7 7 7 7        7  39 F FF F F9!#)/42622 2 2 2 2 2 2 2r(cKttjfdd{V}|r)js Jdjjid{V|dkS)NcjiSrr9r>sr&r?zAPI._delete..Lr@r(rArr rBrCrDunblock)r3r!r" num_deleteds``` r&_deletez API._deleteGs,  " $ $ 7 7 7 7 7 7         59 F FF F F9##)#T4V44 4 4 4 4 4 4 4ar(cK||fS)z1Add some fields in to result list, e.g 'listname'r))r3r# not_affecteds r&rzAPI._postprocess_recordsTs%%r(c>Kt|j|g|Ri|d{VSr) split_resultrHr3itemsr!r"s r&rEz API.blockYs<"#(ECDCCCFCCCCCCCCCr(c>Kt|j|g|Ri|d{VSr)rSrOrTs r&rMz API.unblock^s<"#+uFtFFFvFFFFFFFFFr(c>Kt|j|g|Ri|d{VSr)rSr;rTs r&editzAPI.editc<"#)UDTDDDVDDDDDDDDDr()__name__ __module__ __qualname__rD classmethodrr5r9r;r/rHrOrr*rErMrXr)r(r&r1r1(sm E  [   [   [   [    [  &&[&DD[DGG[GEE[EEEr(r1) metaclasscveZdZeZe ddZedZee dZ ee dZ ede fd Z ee dd Zee dd Ze d ddZedZeedZdS)IPApiNFrc |tjtjtjfvsJtj5tj5}tj || dretjtjfD]L} tj ||} | ddfccdddcdddS#tj $rYIwxYw| dd} g} tj |tjtjtjg|d| rdndD]J\} }} | |kr ||kr| |ks2| | |ft | |K||}gtjd |||||||d|t)ji| RcdddcdddS#1swxYwYddddS#1swxYwYdS) N)ipmanualrblistnameFkeep_manual_expired_subnetsT)re expired_byinclude_itselfrc)rbre imported_fromcommentcountry full_access expiration blocklist unblocklistr))rBLACKWHITEGRAYr db transactionrreaderdelete_expiredget DoesNotExistpopfind_net_membersGRAY_SPLASHSCREENappendr`r9get_id create_or_getrr)rbrerirjrlrmr" geo_readerlist_obj keep_manualrpsubnetsubnet_expirationrks r&r5zIPApi._create_recordls;FL&, DDDDD [ $ $ & &7 7  7   !R ( ( ( (zz(## 0%lFL900E0$jB??? #E4///7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 ".!**%BDIIKK4:4K,KL &# +5uu 5 5 5 8 800bLL E)))Z77&&777((777!''++G% %"/## +)    , kS7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 sbHAG* C6G*< HC' $G*&C' 'C*G* H*G. .H1G. 2HH Hc^t|tr|g}tj||S)Nrd) isinstancestrrdelete_from_listrds r&r9zIPApi._delete_records1 h $ $ " zH&"x@@@@r(cKttjfdd{V}|r2js Jdjd{V|dkS)Nc0SrrK)r3rbresr&r?zIPApi._delete..sc.@.@X.N.Nr(rArrL)r3rbrerNs``` r&rOz IPApi._deletes,  " $ $&N&N&N&N&N&N          29 F FF F F9)##B11 1 1 1 1 1 1 1ar(cKttjfdd{V\}}}|r |jrJ|rt |dd}t |t s/tdt||r5t |j tj z } | dkrdS| d<|j j gRid{V||d{V|S)Nc0tjgRiSr)r`r5)r!rbr"resr&r?zIPApi._add..s$E(XGGGGGGr(rmr"expiration must be integer, got {}timeout)r rBrCrogetattrrint TypeErrorformattypermtimerDrE _unblock_ips) r3rbrer!r"rrG unblock_ipsrmrs ```` r&rHz IPApi._addsr+:  " $ $ G G G G G G G+ + % % % % % % !Wk :K$9:::  A lA66Jj#.. 8??Z((  ,cnty{{:;;a<<F$+y!!#)/"h@@@@@@ @ @ @ @ @ @ @{+++++++++r(ipscK|r5|jr0|jD]*\}}|j||d{V'dSdSdS)z#Unblock *ips* from ipset/webshield.N)rprDrM)r3rrbres r&rzIPApi._unblock_ipssy  63? 6 # 6 6 Hi''H5555555555 6 6 6 6 6 6r(c ZK|d|d}}||vrdSttjttj||||d{V}|rI|D]#}|j||d{V$|j|||d{V|dkS)a) https://gerrit.cloudlinux.com/#/c/61260/22/src/handbook/message_processing/client_move.py * shouldn't move to GRAY* lists * do not move if already in list * remove lists which exactly same and leave only one record with IPList.NEVER expiration rb listnamesr)rbdestsrcrlNrl) r rBrCrrmoverDrMrE)r3rowrerlrbr num_updated src_listnames r&_movez IPApi._movesd)S-C s??1+  " $ $  '               I # : : i''L9999999999)//"hK/HH H H H H H H Har(c Kd} t} ||s|| d<||| d<||| d<||| d<| s| Sd| d<d | d <tdt|j||| | d{V\} } } | r | jrJ| r||t| } d| vr | d| d<|yt |t s/td t||r,t |tj z }|dkrdSnd}|| d<|j || j d{V|j j||fi| d{V|| d{V| S)z+Implement manual "[ip]list ip edit" commandrNrjrlrmscopeTrcFcaptcha_passed)rbrefields allow_moverrr)dictr r _edit_recordrorrrrrrrDrMrerEr)r3rbrerjrlrmrrcomment_autogeneratedrrrchanged_recordr"rs r&r;z IPApi._editsB   '<  'F9   "$/F= !  !#-F<  #F7O  x#( 9H   !%     : : 4 4 4 4 4 4 0 [. :K$9:::  :K3z7Mk222Fv%%'-l';|$%!*c22#<CC ,,  !*ty{{":;;G!|| q$ G$+y!)##B(?@@ @ @ @ @ @ @ @!#)/"h99&99 9 9 9 9 9 9 9{+++++++++r(return%Tuple[int,Optional[BlockUnblockList]]c |tjtjtjfvsJtj5g} |rMt|\}}}ttj tj |ktj |ktj |ktjtjtjtjg}t#|dkrH|D]E} | j|kr8tj|| jg||| jfFt#|dkr |d} n)tjtj||} |dd} | | rytj|tj| j| dD]I\} } }| |kr | j| ks2|| | ft2| | J|r|| jkr||d<tjd i| tj | j ktj | j kztj | j kztj| jkz}|t9ji| | fcd d d S#tj$rYd d d d SwxYw#1swxYwYd S) z>'{black,white}list ip edit' rpc command db part implemenation.rdrrmT)rergrhrernN)rNNr))rrqrrrsr rtrurlistselectwherenetwork_addressnetmaskversionrein_executelenrr}ryrx lives_lessr{#lists_with_less_or_equal_prioritiesr`r9updaterr)rbrerrrpnetmaskrrecordsrecrecordnew_expirationrrrFrs r&rzIPApi._edit_recordKs FL&, DDDDD [ $ $ & &J J KH B)8)<)<&Cw" "2c9"Nd2"Ng5"O//!'v|V[ I !  G7||q(($+GGC"|x77 & 7')S\N!"!"!"!"!, 2 2B 3E F F F7||q((!(%1333#Z2AAAF "(L!!V^;=!>V^;="?fo=? WYY 0"$+ IJ J J J J J J J D& % % %$GJ J J J J J J J D %EJ J J J J J J J J J s8L7 E&L0EL7L4%L73L44L77L;>L;c BKg}|D]}ttjtjt |dt tfr|dn |ddd{V}||| |||fS)z Adds listname to every IP :param list of dicts affected: :param list of dicts not_affected: :return list of dicts, list of dicts rrbNre) r rBrCreffective_listrrrrr})r3r#rQnot_affected_processeditemres r&rzIPApi._postprocess_recordss"$ 0 0D,&((%"$u+ [/IJJ+DKKeT* H KKK * * * " ) )$ / / / ////r(c>Kt|j|g|Ri|d{VSr)rSrrTs r&rz IPApi.moverYr()NNFr)F)NNNNFF)rr)rZr[r\rrD staticmethodr5r9r]r/rOrHrrrr;rrr*rr)r(r&r`r`is EGGE AAA\AFAA\A   [ [26%5666[6     [  D #???[?B).O 0OOO\Ob00[0.EE[EEEr(r`c2eZdZdZefdZxZS)IPApiWithIdempotentAddz another class to work with iplists, `_add` method will do same things in one place that parent class _add/_edit/_move do. c~K|dd}tj||g|Ri|d{V}|r|S|d|tjkrd|d<|dd|ddtj||g|Rd|d|d{VS)NrFrlrcrfT)rr)rzsuperrHrxrrrr;)r3rbrer!r"rrG __class__s r&rHzIPApiWithIdempotentAdd._adds & +BE J J$ RCDCCCFCCCCCCCC  N ::m $ $ ,V\1I1I$)F= ! 8T""" 0$777"UWW]      "7             r()rZr[r\__doc__r]rH __classcell__)rs@r&rrsN     [     r(rceZdZdZdS)MockedCountryIpsetc KdSrr))r rF__s r&rMzMockedCountryIpset.unblocks  r(N)rZr[r\rMr)r(r&rrs#     r(rc|eZdZeZedZeddZedZ edZ dS) CountryAPIcVtj|}tj||S)Ncode) CountryModelrxrdelete_country)rkre country_objs r&r9zCountryAPI._delete_records("&G444 )+x@@@r(Nc dtj|}tj|j||S)Nr)rkrerj)rrxrrid)rkrerjr"rs r&r5zCountryAPI._create_records8"&G444 (NXw    r(c`Kttjfdd{VS)Nctjtjt jjkS)Nrjr)rrrrkrrxrr)rjrksr&r?z"CountryAPI._edit..sGK&w777 U;&,*:*H*H*H*KK L L WYYr(r rBrC)r3rkrjs ``r&r;zCountryAPI._edits]$  " $ $              r(cKg}|D]Wttjfdd{V}||X||fS)z Adds listname to every Country :param list of dicts affected: :param list of dicts not_affected: :return list of dicts, list of dicts c8tjdS)Nr)r get_listname)rsr&r?z1CountryAPI._postprocess_records..s 0e==r(Nr)r rBrCrr})r3r#rQrrers @r&rzCountryAPI._postprocess_recordss"$  0 0D,&((====H KKK * * * " ) )$ / / / ////r(r) rZr[r\rrDrr9r5r]r;rr)r(r&rrs   EAA\A    \   [ 00[000r(rcheZdZeZedZeddZeddZ dS)PortAPIc|\}}tjtj|ktj|kzSr)rdeleterportprotor)rrrs r&r9zPortAPI._delete_record sG e   UK$,1Be1KL M M WYY r(Nc:|\}}tj|||S)N)rrrj)rr)rrjrrs r&r5zPortAPI._create_records, e(UG    r(cnK|\ttjfdd{VS)NctjtjktjkzSNr)rrrrrr)rjrrsr&r?zPortAPI._edit..$sCK&w777 UK$,1Be1KL M M WYYr(r)r3rrjrrs `@@r&r;z PortAPI._editsl e$  " $ $               r(r) rZr[r\rrDrr9r5r]r;r)r(r&rr sx IKKE  \    \    [   r(rcheZdZeZedZeddZeddZ dS)IgnoredByPortAPIcFtj||}t|\}}}tjtj|ktj|kztj|kztj |kz S)Nrr) rrxrrrr port_protorrrr)rbrrrrrs r&r9zIgnoredByPortAPI._delete_record-sD666,R00T7  " " U)T1 0C79 (D02!(G35 WYY r(Nctj||}tj5}||}t j||||cdddS#1swxYwYdS)Nr)rrbrjrk)rrxrrvr~rr)rbrrrjrrrks r&r5zIgnoredByPortAPI._create_record=s _$e<<< Z\\ Z ''++G .%"gw                  s-A$$A(+A(cKtj||t|\tt jfdd{VS)NrctjtjktjkztjkztjkzSr)rrrrrrrr)rjrrrrsr&r?z(IgnoredByPortAPI._edit..MsoM(999 U.#5 (D02 (G35!+z9; WYYr()rrxrr rBrC) r3rbrrrjrrrrs `@@@@r&r;zIgnoredByPortAPI._editFs _$e<<< ,R00T7$  " $ $                 r(r) rZr[r\rrDrr9r5r]r;r)r(r&rr*s{   E   \  \   [   r(rcKt|ttfsJd|gg}}|D]C}||g|Ri|d{V}|r||,|d|iD||fS)z Split result to affected/not affected records :param f: executable object :param list of str records: original iterate object :return list of str affected, list of dicts not_affected: z-items should be list or tuple, instead - "{}"Nr)rrtuplerr})frr!r"r#rQr is_affecteds r&rSrSXs $  GG6==gFFGG  lH..Ac3D333F33333333  . OOC    - - - - \ !!r(cjeZdZdZdZdeeeeffdZ deeeeffdZ dS)GroupIPSyncSendercd|_dSr_to_be_sent_to_correlation)r s r&__init__zGroupIPSyncSender.__init__ps*.'''r(cK|jrj|dkrd|jD}n|dkrd|jD}tjt j||id{VdSdS)Naddc hg|]/}t|j|j|j|j|j0S))rbrmrrlrj)rrbrmrerlrj.0ip_models r& z*GroupIPSyncSender.send..vsV   !#;#+#6%.$,$8 ( 0    r(delcDg|]}t|j|jS))rbr)rrbrers r&r z*GroupIPSyncSender.send..sD ! #;%.r()rr sinkprocess_messager GroupIPSync)r actiondatas r&sendzGroupIPSyncSender.sendss  *   %)$C   5 %)$C &(('         )  r(rUcjKttjfdd{V|_|S)Nc,tjSr)rfetch_for_group_sync)rUsr&r?z+GroupIPSyncSender.collect..sF/66r()r rBrCrr rUs `r&collectzGroupIPSyncSender.collectsV0?  " $ $ 6 6 6 61 1 + + + + + + ' r(c8fd|jD|_|S)Nc&g|] }|jv |Sr)) ip_network)rrrUs r&r z,GroupIPSyncSender.filter..s0+ + + %'' '''r(rrs `r&filterzGroupIPSyncSender.filters8+ + + + 7+ + + '  r(N) rZr[r\rrr r rrrrr)r(r&rros///:4k;.F(G#HD{K'?!@Ar(r)8rBrabcrr functoolsrr ipaddressrrtypingr r &defence360agent.internals.global_scoper defence360agent.modelr $defence360agent.model.simplificationr im360.contracts.configrim360.contracts.messagesr"defence360agent.contracts.messagesrim360.internalsr"im360.internals.core.ipset.countryrim360.internals.core.ipset.iprim360.internals.core.ipset.portrrim360.model.countryrrrim360.model.firewallrrrim360.utils.netrr*r/r1r`rrrrrrSrr)r(r&r,s! ,,,,,,,,$$$$$$$$........444444******@@@@@@,,,,,,555555::::::;;;;;;//////IIIIIIIIDDDDDDDDCCCCCCCCCC++++++>E>E>E>E>EG>E>E>E>EBOEOEOEOEOECOEOEOEd      U   :        *0*0*0*0*0*0*0*0Z     c   @+ + + + + s+ + + \"""...........r(