Version: Next

IP helpers

IP Helpers

`IpInRange(IPStr, RangeStr) bool`

Returns true if the IP IPStr is contained in the IP range RangeStr (uses net.ParseCIDR)

IpInRange("1.2.3.4", "1.2.3.0/24")

`IpToRange(IPStr, MaskStr) IpStr`

Returns the subnet of the IP with the request cidr size. It is intended for scenarios taking actions against the range of an IP, not the IP itself :

type: leaky
...
scope:
 type: Range
 expression: IpToRange(evt.Meta.source_ip, "/16")

IpToRange("192.168.0.1", "24") returns 192.168.0.0/24

IpToRange("192.168.42.1", "16") returns 192.168.0.0/16

`IsIPV6(ip string) bool`

Returns true if it's a valid IPv6.

IsIPV6("2001:0db8:85a3:0000:0000:8a2e:0370:7334")

IsIPV6(Alert.GetValue())

`LookupHost(host string) []string`

warning

Only use this function within postoverflows as it is can be very slow
Note if you whitelist a domain behind a CDN provider, all domains using the same CDN provider will also be whitelisted
Do not use variables within the function as this can be untrusted user input

Returns []string ip addresses that resolvable to the hostname EG: LookupHost('mydomain.tld') => ['1.2.3.4', '5.6.7.8']

name: me/my_cool_whitelist
description: lets whitelist our own IP
whitelist:
  reason: dont ban my IP
  expression:
    - evt.Overflow.Alert.Source.IP in LookupHost('mydomain.tld')
# This can be useful when you have a dynamic ip and use dynamic DNS providers

IP Helpers​

IpInRange(IPStr, RangeStr) bool​

IpToRange(IPStr, MaskStr) IpStr​

IsIPV6(ip string) bool​

LookupHost(host string) []string​

IP Helpers

`IpInRange(IPStr, RangeStr) bool`

`IpToRange(IPStr, MaskStr) IpStr`

`IsIPV6(ip string) bool`

`LookupHost(host string) []string`