~sircmpwn/abused-devel

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH abused] rules: add Google Cloud IP addresses

Moritz Poldrack <moritz@poldrack.dev>
Details
Message ID
<20240218150620.1678088-1-moritz@poldrack.dev>
DKIM signature
pass
Download raw message
1 year, 1 month ago
Patch: +40 -5 
From: Moritz Poldrack <git@moritz.sh>

Google not only provides IPs to internet users, it also provides
customers with IP access through their Google Cloud Products. This adds
the IPs for the latter to be part of the blocklist.

Link: https://support.google.com/a/answer/10026322?hl=en
Signed-off-by: Moritz Poldrack <git@moritz.sh>
---

This adds 500+ additional IP ranges to the blocklist.

 rules/commercial-isp.go | 47 +++++++++++++++++++++++++++++++++++------
 1 file changed, 41 insertions(+), 6 deletions(-)

diff --git a/rules/commercial-isp.go b/rules/commercial-isp.go
index b4a141a..8a1e347 100644
--- a/rules/commercial-isp.go
+++ b/rules/commercial-isp.go
@@ -20,9 +20,10 @@ import (

// These providers offer dumps of their prefixes
const (
	AWS_URL   string = "https://ip-ranges.amazonaws.com/ip-ranges.json"
	GCP_URL   string = "https://www.gstatic.com/ipranges/goog.json"
	VULTR_URL string = "https://geofeed.constant.com/?json"
	AWS_URL    string = "https://ip-ranges.amazonaws.com/ip-ranges.json"
	GOOGLE_URL string = "https://www.gstatic.com/ipranges/goog.json"
	GCP_URL    string = "https://www.gstatic.com/ipranges/cloud.json"
	VULTR_URL  string = "https://geofeed.constant.com/?json"
)

type AWSPayload struct {
@@ -149,7 +150,7 @@ func (rule *CommercialISPRule) UpdateAWS(ctx context.Context) error {
func (rule *CommercialISPRule) UpdateGCP(ctx context.Context) error {
	rule.log.Println("Updating list of GCP networks")

	resp, err := http.Get(GCP_URL)
	resp, err := http.Get(GOOGLE_URL)
	if err != nil {
		return err
	}
@@ -181,7 +182,41 @@ func (rule *CommercialISPRule) UpdateGCP(ctx context.Context) error {
			rule.trie.Insert(cidranger.NewBasicRangerEntry(*subnet))
		}
	}
	rule.log.Printf("Found %d GCP subnets", len(dump.Prefixes))
	rule.log.Printf("Found %d Google subnets", len(dump.Prefixes))
	googleHits := len(dump.Prefixes)

	resp, err = http.Get(GCP_URL)
	if err != nil {
		return err
	}
	defer resp.Body.Close()
	body, err = io.ReadAll(resp.Body)
	if err != nil {
		return err
	}

	err = json.Unmarshal(body, &dump)
	if err != nil {
		return err
	}

	for _, prefix := range dump.Prefixes {
		if prefix.IPv4Prefix != nil {
			_, subnet, err := net.ParseCIDR(*prefix.IPv4Prefix)
			if err != nil {
				return err
			}
			rule.trie.Insert(cidranger.NewBasicRangerEntry(*subnet))
		}
		if prefix.IPv6Prefix != nil {
			_, subnet, err := net.ParseCIDR(*prefix.IPv6Prefix)
			if err != nil {
				return err
			}
			rule.trie.Insert(cidranger.NewBasicRangerEntry(*subnet))
		}
	}
	rule.log.Printf("Found %d GCP subnets", len(dump.Prefixes)-googleHits)

	task := work.NewTask(rule.UpdateGCP).
		NotBefore(time.Now().Add(48 * time.Hour))
-- 
2.43.2
Drew DeVault <sir@cmpwn.com>
Details
Message ID
<CZ8AZ4EVQQZN.MFO1GYHVMG7E@cmpwn.com>
In-Reply-To
<20240218150620.1678088-1-moritz@poldrack.dev> (view parent)
DKIM signature
pass
Download raw message
1 year, 1 month ago 
Thanks!

To git@git.sr.ht:~sircmpwn/abused
   0907ebd..3d47779  master -> master
Reply to thread Export thread (mbox)