$M/DddlmZddlmZmZmZmZmZmZddl m Z ddl m Z dZ GddeZGddeZGd d eeZGd d eZGd deeZGddeeZGddeeZGddeeeZGddeZGddeZGddeeZGddeeZGddeZGdd eeZGd!d"eeZGd#d$eeZGd%d&eeZGd'd(eZGd)d*eZ Gd+d,eeZ!Gd-d.eeZ"Gd/d0eeZ#Gd1d2eZ$Gd3d4eZ%Gd5d6eZ&Gd7d8eZ'd9S):)utils) AccumulatableMessage MessageListReceived ReportableShortenReprListMixin) WebShieldData)IPceZdZdZdZeZdS)StrategyChangez8The message is generated when an IDS change is detected.STRATEGY_CHANGEN__name__ __module__ __qualname____doc__DEFAULT_METHODHIGHEST_PRIORITYPRIORITYM/opt/imunify360/venv/lib/python3.11/site-packages/im360/contracts/messages.pyr r sBB&NHHHrr ceZdZdZdZdS)SensorIncidentz+Single incident, e.g. user auth failed onceINCIDENTNrrrrrrrrrrs55NNNrrceZdZdZdZdS)SensorIncidentListzAggregated incident list INCIDENT_LISTNrrrrrrs""$NNNrrceZdZdZdZdS)UnreportableLocalIncidentListz=Aggregate local incident list that are not reported to serverLOCALINCIDENT_LISTNrrrrr"r"#sGG)NNNrr"ceZdZdZdZdS)LocalIncidentListz4Aggregate local incident list - where no ip providedr Nrrrrr%r%)s>>$NNNrr%c0eZdZdZdZdZedZdS) SensorAlertz9Alert incident, e.g. user auth failures reached thresholdALERTcN|}|j|d<|di|S)z/When generate ALERT from INCIDENT change methodmethodr)copyr)clsmessage new_messages r from_incidentzSensorAlert.from_incident5s4llnn # 2 Hs!![!!!rN)rrrrrr classmethodr0rrrr'r'/s=CCNH""["""rr'ceZdZdZeZdS) ClientUnblockUNBLOCKN)rrrrrrrrrr3r3=sNHHHrr3ceZdZdZdS)CaptchaEventList CAPTCHA_LISTNrrrrrrrr6r6Bs#NNNrr6c8eZdZdZdZdZdZeZe dZ dS) CaptchaEventCAPTCHAFAILEDPASSED REQUESTEDc|jjtjkrdS||j|jtj|jj|jjdS)Ncaptcha) timestamp attackers_ipeventuser_id plugin_id) webshr@r NArAipCaptchaNamerD)r-parcels r from_parcelzCaptchaEvent.from_parcelOsb < =#3 3 34s&',,V\-ABBL(     rN) rrrrr<r=r>r6 LIST_CLASSr1rLrrrr:r:FsFN F FI!J   [    rr:ceZdZdZdZdS)CaptchaDosAlertCAPTCHA_DOS_ALERTr)N)rrrrrrrrrOrO\s(NHHHrrOceZdZdZdZejdfdZe de de fdZ xZ S) SynclistResponseSYNCLISTz/SynclistResponse{str->IP.adopt_to_ipvX_network})actionctj|i|dD])}d||D||<*dS)z Do str -> Union[IPv4Network, IPv6Network] conversion only once per SynclistResponse message processing :raise ValueError: if str keys to IPv4Network, IPv6Network conversion fails ) blocklist unblocklistc>i|]\}}tj||Sr)r adopt_to_ipvX_network).0ip_strdict_s r z-SynclistResponse.__init__..ss9!FE(00%rN)super__init__items)selfargskwargsfield __class__s rr`zSynclistResponse.__init__esn $)&)))1  E%)%[%6%6%8%8DKK  rips action_typecLfd|r|ngDS)zGiven [un]blocklist *ips* with their properties return ips matching given *action_type*. ip without an action type set matches any action type. c3FK|]\}}|rd|vs |dk|VdS)rhNr)r[rHprhs r z4SynclistResponse.filter_blocklist..sZ  A A%%;.. /...   r)ra)rgrhs `rfilter_blocklistz!SynclistResponse.filter_blocklistxs?    ),4#))+++"    r)rrrrrrsynctimefunr` staticmethoddictstrrm __classcell__)rfs@rrRrRasNH Z@   d  C    \      rrRceZdZdZdS)SynclistRequestrSNr8rrrrurusNNNrruceZdZdZdZeZdS)BlockUnblockLista/Used internally for block/unblock ip from lists { "blocklist": {(IPNetwork, "listname"): {"expiration": int}}, "unblocklist": [(IPNetwork,"listname")] , } If ip is present in both lists: first unblock then block it (upsert semantics if applicable). BLOCK_UNBLOCKNrrrrrwrws$  %NHHHrrwceZdZdZdS)ProactiveQueueListPROACTIVE_QUEUE_LISTNr8rrrrzrzs+NNNrrzceZdZdZdZdS) RuleDisabledz# Rule disabled by customer RULE_DISABLEDNrrrrr}r}s%NNNrr}ceZdZdZdZdS) RuleEnabledz Rule enabled back RULE_ENABLEDNrrrrrrs$NNNrrceZdZdZdgZdS) ConfigSetzUpdates to the agent's config. CONFIG_SETN)rrrrRECEIVED_ACTIONSrrrrrs(($~rrceZdZdZdZdS)UpdateCustomListsz^ Send message for class RealProtector for updating custom ip white and black list UPDATE_CUSTOM_LISTSNrrrrrrs +NNNrrceZdZdZdZdS) IPListsUpdatezI Send message for iplists plugin for updating IPs purposed lists IP_LISTS_UPDATENrrrrrrs'NNNrrceZdZdZdS) GroupIPSync GROUP_SYNCNr8rrrrr!NNNrrceZdZdZdS)GroupIPSyncPushrNr8rrrrrrrrceZdZdZdS)EnduserPasswordResetENDUSER_PASSWORD_RESETNr8rrrrrs-NNNrrceZdZdZdZdS)WhitelistCacheUpdatezQReceiveing this message indicates that resident part should clear whitelist cacheWHITELIST_CACHE_UPDATENrrrrrrs[[-NNNrrceZdZdZdZdS) IpsetUpdatezTReceiveing this message indicates that resident part should check ipsets consistency IPSET_UPDATENrrrrrrs^^#NNNrrceZdZdZdZdS)BlockedPortUpdatezNReceiveing this message indicates that resident part should update blockedportBLOCKED_PORT_UPDATENrrrrrrsXX*NNNrrceZdZdZdZdS)BlockedPortIPUpdatezPReceiveing this message indicates that resident part should update blockedportipBLOCKED_PORT_IP_UPDATENrrrrrrsZZ-NNNrrN)(defence360agentr"defence360agent.contracts.messagesrrrrrr im360.contracts.message_pb2r defence360agent.utils.validater rr rrr"r%r'r3r6r:rOrRrurwrzr}rrrrrrrrrrrrrrrs!!!!!!655555------     W        W   %%%%%j%%% *****K*** %%%%% Z%%% " " " " "': " " "     GZ   $$$$$+Wj$$$     =   ,g % % % % % w% % % P     gz         w    ,,,,,j,,,%%%%%7J%%%$$$$$':$$$&&&&&&&& ++++++++'''''G'''"""""':""""""""gx""".....7H........7... $$$$$'$$$ ++++++++ .....'.....r