id6ddlZddlZddlmZGddeZy)N)SoSMapc\eZdZdZgdZiZdZgdZdZdZ dZ dZ d Z d Z d Zd Zd Zy)SoSIPMapaA mapping store for IP addresses Each IP address added to this map is chcked for subnet membership. If that subnet already exists in the map, then IP addresses are deterministically generated sequentially within that subnet. For example, if a given IP is matched to subnet 192.168.1.0/24 then 192.168.1 may be obfuscated to 100.11.12.0/24. Each IP address in the original 192.168.1.0/24 subnet will then be assigned an address in 100.11.12.0/24 sequentially, such as 100.11.12.1, 100.11.12.2, etc... Internally, the ipaddress library is used to manipulate the address objects however, when retrieved by SoSCleaner any values will be strings. )z127.*z::1z0\.(.*)?z1\.(.*)?z8.8.8.8z8.8.4.4z 169.254.*z255.*d)127169172192Fc|jjD]6}t|jdd|jddk(s6yy)aThere are multiple ways in which an ip address could be handed to us in a way where we're matching against a previously obfuscated address. Here, match the ip address to any of the obfuscated addresses we've already created /rTF)datasetvaluesstrsplit)selfipaddr_ips =/usr/lib/python3/dist-packages/sos/cleaner/mappings/ip_map.py ip_in_datasetzSoSIPMap.ip_in_dataset1sQ<<&&( C6{  %a(CIIcN1,== cd}|j|r |jdj|}||jj vr|j|S|j |s|j |r|Sd|vrS|jj D]6}|j|s|j|jddcS|j|S)zEnsure that when requesting an obfuscated address, we return a str object instead of an IPv(4|6)Address object )r =])r r) startswithlstripjoinr keys ignore_itemrradd)rr filt_startkeys rgetz SoSIPMap.get=s*   Z (]]277:#67F T\\&&( (<<' '   F #t'9'9&'AM f ||((* ;>>&)<<,2237:: ; xxrcg}|jD]D}|j|jk(r ||_y|j|vs4|j |F|r|j dd|d|_yy)a/Determine if a given address is in a subnet of an already obfuscated network and if it is, then set the address' network to the network object we're tracking. This allows us to match ip addresses with or without a CIDR notation and maintain proper network relationships. Nc|jS)N) prefixlen)ns rz;SoSIPMap.set_ip_cidr_from_existing_subnet..hs AKKrT)r#reverser) _networksipbroadcast_addressnetworkappendsort)raddrnetsnets r set_ip_cidr_from_existing_subnetz)SoSIPMap.set_ip_cidr_from_existing_subnetVsu >> !Cww#///" ww#~ C  !  II/I >7DL rc0 tj|}|j }t |jdk(r|j|n|j||j|S#t$r|jj |wxYw)ziGiven an IP address, sanitize it to an obfuscated network or host address as appropriate z255.255.255.255) ipaddress ip_interface ValueErrorignore_matchesr/r.rnetmaskr4sanitize_networksanitize_ipaddr)ritemr1r.s r sanitize_itemzSoSIPMap.sanitize_itemks  ))$/D ,, w #4 4  1 1$ 7  ! !' *##D))!     & &t ,  s A//&BcD||jvr|j|yy)zObfuscate the network address provided, and if there are host bits in the address then obfuscate those as well N)r+_new_obfuscated_network)rr.s rr;zSoSIPMap.sanitize_networks# $.. (  ( ( 1 )rcx|j|jvr|j|j}|j|jjk(rt |jS|j D]/}|j |rt |d|jcS|jS)zEObfuscate the IP address within the known obfuscated network r ) r.r+r,r-rhostsrr'_new_obfuscated_single_address)rr1 _obf_networkrs rr<zSoSIPMap.sanitize_ipaddrs <<4>> )>>$,,7L ww$,,888<99::$))+ H))#.'*#h 0F0FGG  H2244rcrd}|}||jjvr|jS|S)Ncg}tddD]'}|jtjdd)dt |zS)Nr cz %s.%s.%s.%s)ranger/randomrandinttuple)_octetsis r _gen_addressz=SoSIPMap._new_obfuscated_single_address.._gen_addresssBG1a[ 7v~~b"56 7 5>1 1r)r rrC)rrP_addrs rrCz'SoSIPMap._new_obfuscated_single_addresss9 2  DLL'') )668 8 rcd}t|tjr|j|jvr|xjdz c_d|jz}|j j dd}tj|d|}|xjdz c_t|tjr |r1||j|<t||jt|<yy)a Generate an obfuscated network address for the network address given which will allow us to maintain network relationships without divulging actual network details Positional arguments: :param network: An ipaddress.IPv{4|6)Network object Nz%s.0.0.0r ) isinstancer6 IPv4Networknetwork_first_octetskip_network_octets with_netmaskr IPv6Networkr+rr )rr.rD _obf_address _obf_masks rr@z SoSIPMap._new_obfuscated_networks gy44 5''4+C+CC((A-(%(@(@@L,,2237:I$00'3L  $ $ ) $ gy44 5  &2DNN7 #),\):DLLW & rN)__name__ __module__ __qualname____doc__r9r+rVrWcompile_regexesrr$r4r>r;r<rCr@rrrrsN  NI6O  2#**2250 ;rr)r6rKsos.cleaner.mappingsrrrarrrcs 'z;vz;r