Merge pull request #16 from projectdiscovery/expose-provider

Expose provider name in check cidr function

Author: ehsandeep

cdn-server/main.go

@@ -0,0 +1,87 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"flag"
+	"log"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/projectdiscovery/cdncheck"
+)
+
+var (
+	cdncheckData      []byte
+	cdncehckDataMutex = &sync.RWMutex{}
+
+	addr = flag.String("addr", "127.0.0.1:80", "Address to listen cdncheck server on")
+)
+
+func main() {
+	flag.Parse()
+
+	var cancel context.CancelFunc
+	go func() {
+		cancel = cdncheckWorker()
+	}()
+	cdncheckRefreshDataFunc()
+
+	http.HandleFunc("/", cdncheckHandler)
+	if err := http.ListenAndServe(*addr, http.DefaultServeMux); err != nil {
+		cancel()
+		panic(err)
+	}
+}
+
+func cdncheckWorker() context.CancelFunc {
+	ctx, cancel := context.WithCancel(context.Background())
+
+	ticker := time.NewTicker(24 * time.Hour)
+	go func() {
+		for {
+			select {
+			case <-ticker.C:
+				cdncheckRefreshDataFunc()
+			case <-ctx.Done():
+				ticker.Stop()
+				return
+			default:
+				continue
+			}
+		}
+	}()
+	return cancel
+}
+
+func cdncheckRefreshDataFunc() {
+	log.Printf("[%s] Refreshing cdncheck data from providers\n", time.Now().String())
+
+	client, err := cdncheck.New()
+	if err != nil {
+		log.Printf("[err] could not create cdncheck client: %s\n", err)
+		return
+	}
+	data := client.Ranges()
+
+	var buf bytes.Buffer
+	if err := json.NewEncoder(&buf).Encode(data); err != nil {
+		log.Printf("[err] could not json encode cdn data: %s\n", err)
+		return
+	}
+
+	cdncehckDataMutex.Lock()
+	cdncheckData = buf.Bytes()
+	cdncehckDataMutex.Unlock()
+}
+
+func cdncheckHandler(w http.ResponseWriter, r *http.Request) {
+	cdncehckDataMutex.RLock()
+	data := cdncheckData
+	cdncehckDataMutex.RUnlock()
+
+	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
+	_, _ = w.Write(data)
+}

cdncheck.go

@@ -12,20 +12,17 @@ import (
 // Client checks for CDN based IPs which should be excluded
 // during scans since they belong to third party firewalls.
 type Client struct {
-	Options Options
-	Data    map[string]struct{}
-	ranger  cidranger.Ranger
+	Options *Options
+	ranges  map[string][]string
+	rangers map[string]cidranger.Ranger
 }
 
 var defaultScrapers = map[string]scraperFunc{
-	// "akamai":     scrapeAkamai,
 	"azure":      scrapeAzure,
 	"cloudflare": scrapeCloudflare,
 	"cloudfront": scrapeCloudFront,
 	"fastly":     scrapeFastly,
 	"incapsula":  scrapeIncapsula,
-	// "sucuri":     scrapeSucuri,
-	// "leaseweb":   scrapeLeaseweb,
 }
 
 var defaultScrapersWithOptions = map[string]scraperWithOptionsFunc{
@@ -34,10 +31,6 @@ var defaultScrapersWithOptions = map[string]scraperWithOptionsFunc{
 	"leaseweb": scrapeLeaseweb,
 }
 
-var cachedScrapers = map[string]scraperFunc{
-	"projectdiscovery": scrapeProjectDiscovery,
-}
-
 // New creates a new firewall IP checking client.
 func New() (*Client, error) {
 	return new(&Options{})
@@ -65,60 +58,95 @@ func new(options *Options) (*Client, error) {
 		},
 		Timeout: time.Duration(30) * time.Second,
 	}
-	client := &Client{}
+	client := &Client{Options: options}
 
+	var err error
 	if options.Cache {
-		for _, scraper := range cachedScrapers {
-			cidrs, err := scraper(httpClient)
-			if err != nil {
-				return nil, err
-			}
-			client.parseCidrs(cidrs)
-		}
+		err = client.getCDNDataFromCache(httpClient)
 	} else {
-		for _, scraper := range defaultScrapers {
-			cidrs, err := scraper(httpClient)
-			if err != nil {
-				return nil, err
-			}
-			client.parseCidrs(cidrs)
-		}
+		err = client.getCDNData(httpClient)
 	}
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+func (c *Client) getCDNData(httpClient *http.Client) error {
+	c.ranges = make(map[string][]string)
+	c.rangers = make(map[string]cidranger.Ranger)
+
+	for provider, scraper := range defaultScrapers {
+		cidrs, err := scraper(httpClient)
+		if err != nil {
+			return err
+		}
 
-	if options.HasAuthInfo() {
-		for _, scraper := range defaultScrapersWithOptions {
-			cidrs, err := scraper(httpClient, options)
+		c.ranges[provider] = cidrs
+		ranger := cidranger.NewPCTrieRanger()
+		for _, cidr := range cidrs {
+			_, network, err := net.ParseCIDR(cidr)
 			if err != nil {
-				return nil, err
+				continue
 			}
-			client.parseCidrs(cidrs)
+			_ = ranger.Insert(cidranger.NewBasicRangerEntry(*network))
 		}
 	}
+	if c.Options.HasAuthInfo() {
+		for provider, scraper := range defaultScrapersWithOptions {
+			cidrs, err := scraper(httpClient, c.Options)
+			if err != nil {
+				return err
+			}
 
-	ranger := cidranger.NewPCTrieRanger()
-	for cidr := range client.Data {
-		_, network, err := net.ParseCIDR(cidr)
-		if err != nil {
-			continue
+			c.ranges[provider] = cidrs
+			ranger := cidranger.NewPCTrieRanger()
+			for _, cidr := range cidrs {
+				_, network, err := net.ParseCIDR(cidr)
+				if err != nil {
+					continue
+				}
+				_ = ranger.Insert(cidranger.NewBasicRangerEntry(*network))
+			}
 		}
-		ranger.Insert(cidranger.NewBasicRangerEntry(*network))
 	}
-	client.ranger = ranger
-
-	return client, nil
+	return nil
 }
 
-// parseCidrs inserts the scraped cidrs to the internal structure
-func (c *Client) parseCidrs(cidrs []string) {
-	if c.Data == nil {
-		c.Data = make(map[string]struct{})
+func (c *Client) getCDNDataFromCache(httpClient *http.Client) error {
+	var err error
+	c.ranges, err = scrapeProjectDiscovery(httpClient)
+	if err != nil {
+		return err
 	}
-	for _, cidr := range cidrs {
-		c.Data[cidr] = struct{}{}
+
+	c.rangers = make(map[string]cidranger.Ranger)
+	for provider, ranges := range c.ranges {
+		ranger := cidranger.NewPCTrieRanger()
+
+		for _, cidr := range ranges {
+			_, network, err := net.ParseCIDR(cidr)
+			if err != nil {
+				continue
+			}
+			_ = ranger.Insert(cidranger.NewBasicRangerEntry(*network))
+		}
+		c.rangers[provider] = ranger
 	}
+	return nil
 }
 
 // Check checks if an IP is contained in the blacklist
-func (c *Client) Check(ip net.IP) (bool, error) {
-	return c.ranger.Contains(ip)
+func (c *Client) Check(ip net.IP) (bool, string, error) {
+	for provider, ranger := range c.rangers {
+		if contains, err := ranger.Contains(ip); contains {
+			return true, provider, err
+		}
+	}
+	return false, "", nil
+}
+
+// Ranges returns the providers and ranges for the cdn client
+func (c *Client) Ranges() map[string][]string {
+	return c.ranges
 }

cdncheck_test.go

@@ -11,11 +11,12 @@ func TestCDNCheck(t *testing.T) {
 	client, err := New()
 	require.Nil(t, err, "Could not create cdncheck client")
 
-	found, err := client.Check(net.ParseIP("173.245.48.12"))
+	found, provider, err := client.Check(net.ParseIP("173.245.48.12"))
+	require.Equal(t, "cloudflare", provider, "could not get correct provider")
 	require.Nil(t, err, "Could not check ip in ranger")
 	require.True(t, found, "Could not check cloudlfare ip blacklist")
 
-	found, err = client.Check(net.ParseIP("127.0.0.1"))
+	found, _, err = client.Check(net.ParseIP("127.0.0.1"))
 	require.Nil(t, err, "Could not check ip in ranger")
 	require.False(t, found, "Localhost IP found in blacklist")
 }

go.mod

@@ -3,7 +3,7 @@ module github.com/projectdiscovery/cdncheck
 go 1.14
 
 require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/json-iterator/go v1.1.12
 	github.com/kr/text v0.2.0 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/yl2chen/cidranger v1.0.2

go.sum

@@ -1,30 +1,33 @@
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU=
 github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

ranges.go

@@ -5,6 +5,8 @@ import (
 	"net/http"
 	"regexp"
 	"strings"
+
+	jsoniter "github.com/json-iterator/go"
 )
 
 var cidrRegex = regexp.MustCompile(`[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,3}`)
@@ -173,21 +175,18 @@ func scrapeLeaseweb(httpClient *http.Client, options *Options) ([]string, error)
 	return cidrs, nil
 }
 
-func scrapeProjectDiscovery(httpClient *http.Client) ([]string, error) {
-	resp, err := httpClient.Get("https://cdn.projectdiscovery.io/cdn/cdn-ips")
+func scrapeProjectDiscovery(httpClient *http.Client) (map[string][]string, error) {
+	resp, err := httpClient.Get("https://cdn.nuclei.sh")
 	if err != nil {
 		return nil, err
 	}
 	defer resp.Body.Close()
 
-	data, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
+	var data map[string][]string
+	if err := jsoniter.NewDecoder(resp.Body).Decode(&data); err != nil {
 		return nil, err
 	}
-	body := string(data)
-
-	cidrs := cidrRegex.FindAllString(body, -1)
-	return cidrs, nil
+	return data, nil
 }
 
 func makeReqWithAuth(method, URL, headerName, bearerValue string) (*http.Request, error) {