import PIL.ImageFilter
import PIL.ImageOps
import io
+import ipaddress
+import location
import logging
+import pycares
import random
import re
+import socket
import string
import unicodedata
+from .decorators import *
+from .misc import Object
+
+# These lists are used to block access to the webapp
+BLOCKLISTS = (
+ "sbl.spamhaus.org",
+ "xbl.spamhaus.org",
+)
+
+BLACKLISTS = (
+ "b.barracudacentral.org",
+ "bl.spamcop.net",
+ "bl.blocklist.de",
+ "cbl.abuseat.org",
+ "dnsbl-1.uceprotect.net",
+ "dnsbl-2.uceprotect.net",
+ "dnsbl-3.uceprotect.net",
+ "dnsbl.abuse.ch",
+ "ix.dnsbl.manitu.net",
+ "pbl.spamhaus.org",
+ "sbl.spamhaus.org",
+ "xbl.spamhaus.org",
+ "zen.spamhaus.org",
+)
+
+# Open location database
+db = location.Database("/var/lib/location/database.db")
+
+class Address(Object):
+ def init(self, address):
+ self.address = ipaddress.ip_address(address)
+
+ def __str__(self):
+ return "%s" % self.address
+
+ @property
+ def family(self):
+ if isinstance(self.address, ipaddress.IPv6Address):
+ return socket.AF_INET6
+ elif isinstance(self.address, ipaddress.IPv4Address):
+ return socket.AF_INET
+
+ @lazy_property
+ def network(self):
+ return db.lookup("%s" % self.address)
+
+ @property
+ def country_code(self):
+ if self.network:
+ return self.network.country_code
+
+ @lazy_property
+ def asn(self):
+ if self.network:
+ return self.network.asn
+
+ # Blacklist
+
+ def _make_blacklist_rr(self, blacklist):
+ if self.family == socket.AF_INET6:
+ octets = list(self.address.exploded.replace(":", ""))
+ elif self.family == socket.AF_INET:
+ octets = str(self.address).split(".")
+ else:
+ raise NotImplementedError("Unknown IP protocol")
+
+ # Reverse the list
+ octets.reverse()
+
+ # Append suffix
+ octets.append(blacklist)
+
+ return ".".join(octets)
+
+ async def _resolve_blacklist(self, blacklist):
+ return_code = None
+
+ # Get resource record name
+ rr = self._make_blacklist_rr(blacklist)
+
+ # Get query type from IP protocol version
+ if self.family == socket.AF_INET6:
+ type = pycares.QUERY_TYPE_AAAA
+ elif self.family == socket.AF_INET:
+ type = pycares.QUERY_TYPE_A
+ else:
+ raise NotImplementedError("Unknown IP protocol")
+
+ # Run query
+ try:
+ res = await self.backend.resolver.query(rr, type=type)
+ except IOError as e:
+ logging.warning(e)
+
+ return return_code, "%s" % e
+
+ # Not found
+ if not res:
+ logging.debug("%s is not blacklisted on %s" % (self, blacklist))
+ return return_code, None
+
+ # Extract return code from DNS response
+ for row in res:
+ return_code = row.host
+ break
+
+ # If the IP address is on a blacklist, we will try to fetch the TXT record
+ reason = await self.backend.resolver.query(rr, type=pycares.QUERY_TYPE_TXT)
+
+ # Log result
+ logging.debug("%s is blacklisted on %s: %s" % (self, blacklist, reason or "N/A"))
+
+ # Take the first reason
+ if reason:
+ for i in reason:
+ return return_code, i.text
+
+ # Blocked, but no reason
+ return return_code, None
+
+ async def get_blacklists(self):
+ blacklists = { bl : await self._resolve_blacklist(bl) for bl in BLACKLISTS }
+
+ return blacklists
+
+ async def is_blacklisted(self):
+ logging.debug("Checking if %s is blacklisted..." % self)
+
+ # Perform checks
+ blacklists = { bl : self._resolve_blacklist(bl) for bl in BLOCKLISTS }
+
+ # If we are blacklisted on one list, this one is screwed
+ for bl in blacklists:
+ code, message = await blacklists[bl]
+
+ logging.debug("Response from %s is: %s (%s)" % (bl, code, message))
+
+ # Exclude matches on SBLCSS
+ if bl == "sbl.spamhaus.org" and code == "127.0.0.3":
+ continue
+
+ # Consider the host blocked for any non-zero return code
+ if code:
+ return True
+
+def format_asn(asn):
+ network = db.get_as(asn)
+
+ if network:
+ return "%s" % network
+
+ return "AS%s" % asn
+
def format_size(s, max_unit=None):
units = ("B", "kB", "MB", "GB", "TB")
projects / ipfire.org.git / blobdiff