Merge pull request #17 from projectdiscovery/dev

ehsandeep · web-flow · commit 90d4f9c470fd · 2022-02-07T19:12:35.000+05:30
0.0.3
diff --git a/README.md b/README.md
@@ -1,8 +1,7 @@
 # cdncheck
-Helper library that checks if a given IP belongs to known CDN ranges (akamai, cloudflare, incapsula and sucuri).
+Helper library that checks if a given IP belongs to known CDN ranges (akamai, cloudflare, incapsula, sucuri and leaseweb).
 The library can be used by importing `github.com/projectdiscovery/cdncheck`. here follows a basic example:
 
-
 ```go
 package main
 
diff --git a/cdn-server/main.go b/cdn-server/main.go
@@ -0,0 +1,87 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"flag"
+	"log"
+	"net/http"
+	"sync"
+	"time"
+
+	"github.com/projectdiscovery/cdncheck"
+)
+
+var (
+	cdncheckData      []byte
+	cdncehckDataMutex = &sync.RWMutex{}
+
+	addr = flag.String("addr", "127.0.0.1:80", "Address to listen cdncheck server on")
+)
+
+func main() {
+	flag.Parse()
+
+	var cancel context.CancelFunc
+	go func() {
+		cancel = cdncheckWorker()
+	}()
+	cdncheckRefreshDataFunc()
+
+	http.HandleFunc("/", cdncheckHandler)
+	if err := http.ListenAndServe(*addr, http.DefaultServeMux); err != nil {
+		cancel()
+		panic(err)
+	}
+}
+
+func cdncheckWorker() context.CancelFunc {
+	ctx, cancel := context.WithCancel(context.Background())
+
+	ticker := time.NewTicker(24 * time.Hour)
+	go func() {
+		for {
+			select {
+			case <-ticker.C:
+				cdncheckRefreshDataFunc()
+			case <-ctx.Done():
+				ticker.Stop()
+				return
+			default:
+				continue
+			}
+		}
+	}()
+	return cancel
+}
+
+func cdncheckRefreshDataFunc() {
+	log.Printf("[%s] Refreshing cdncheck data from providers\n", time.Now().String())
+
+	client, err := cdncheck.New()
+	if err != nil {
+		log.Printf("[err] could not create cdncheck client: %s\n", err)
+		return
+	}
+	data := client.Ranges()
+
+	var buf bytes.Buffer
+	if err := json.NewEncoder(&buf).Encode(data); err != nil {
+		log.Printf("[err] could not json encode cdn data: %s\n", err)
+		return
+	}
+
+	cdncehckDataMutex.Lock()
+	cdncheckData = buf.Bytes()
+	cdncehckDataMutex.Unlock()
+}
+
+func cdncheckHandler(w http.ResponseWriter, r *http.Request) {
+	cdncehckDataMutex.RLock()
+	data := cdncheckData
+	cdncehckDataMutex.RUnlock()
+
+	w.Header().Set("Content-Type", "application/json; charset=UTF-8")
+	_, _ = w.Write(data)
+}
diff --git a/cdncheck.go b/cdncheck.go
@@ -12,32 +12,41 @@ import (
 // Client checks for CDN based IPs which should be excluded
 // during scans since they belong to third party firewalls.
 type Client struct {
-	Data   map[string]struct{}
-	ranger cidranger.Ranger
+	Options *Options
+	ranges  map[string][]string
+	rangers map[string]cidranger.Ranger
 }
 
 var defaultScrapers = map[string]scraperFunc{
-	"akamai":     scrapeAkamai,
+	"azure":      scrapeAzure,
 	"cloudflare": scrapeCloudflare,
+	"cloudfront": scrapeCloudFront,
+	"fastly":     scrapeFastly,
 	"incapsula":  scrapeIncapsula,
-	"sucuri":     scrapeSucuri,
 }
 
-var cachedScrapers = map[string]scraperFunc{
-	"projectdiscovery": scrapeProjectDiscovery,
+var defaultScrapersWithOptions = map[string]scraperWithOptionsFunc{
+	"akamai":   scrapeAkamai,
+	"sucuri":   scrapeSucuri,
+	"leaseweb": scrapeLeaseweb,
 }
 
 // New creates a new firewall IP checking client.
 func New() (*Client, error) {
-	return new(false)
+	return new(&Options{})
 }
 
 // NewWithCache creates a new firewall IP with cached data from project discovery (faster)
 func NewWithCache() (*Client, error) {
-	return new(true)
+	return new(&Options{Cache: true})
 }
 
-func new(cache bool) (*Client, error) {
+// NewWithOptions creates a new instance with options
+func NewWithOptions(Options *Options) (*Client, error) {
+	return new(Options)
+}
+
+func new(options *Options) (*Client, error) {
 	httpClient := &http.Client{
 		Transport: &http.Transport{
 			MaxIdleConns:        100,
@@ -49,40 +58,95 @@ func new(cache bool) (*Client, error) {
 		},
 		Timeout: time.Duration(30) * time.Second,
 	}
-	client := &Client{}
+	client := &Client{Options: options}
 
-	var scrapers map[string]scraperFunc
-	if cache {
-		scrapers = cachedScrapers
+	var err error
+	if options.Cache {
+		err = client.getCDNDataFromCache(httpClient)
 	} else {
-		scrapers = defaultScrapers
+		err = client.getCDNData(httpClient)
+	}
+	if err != nil {
+		return nil, err
 	}
+	return client, nil
+}
 
-	client.Data = make(map[string]struct{})
-	for _, scraper := range scrapers {
+func (c *Client) getCDNData(httpClient *http.Client) error {
+	c.ranges = make(map[string][]string)
+	c.rangers = make(map[string]cidranger.Ranger)
+
+	for provider, scraper := range defaultScrapers {
 		cidrs, err := scraper(httpClient)
 		if err != nil {
-			return nil, err
+			return err
 		}
+
+		c.ranges[provider] = cidrs
+		ranger := cidranger.NewPCTrieRanger()
 		for _, cidr := range cidrs {
-			client.Data[cidr] = struct{}{}
+			_, network, err := net.ParseCIDR(cidr)
+			if err != nil {
+				continue
+			}
+			_ = ranger.Insert(cidranger.NewBasicRangerEntry(*network))
 		}
 	}
+	if c.Options.HasAuthInfo() {
+		for provider, scraper := range defaultScrapersWithOptions {
+			cidrs, err := scraper(httpClient, c.Options)
+			if err != nil {
+				return err
+			}
 
-	ranger := cidranger.NewPCTrieRanger()
-	for cidr := range client.Data {
-		_, network, err := net.ParseCIDR(cidr)
-		if err != nil {
-			continue
+			c.ranges[provider] = cidrs
+			ranger := cidranger.NewPCTrieRanger()
+			for _, cidr := range cidrs {
+				_, network, err := net.ParseCIDR(cidr)
+				if err != nil {
+					continue
+				}
+				_ = ranger.Insert(cidranger.NewBasicRangerEntry(*network))
+			}
 		}
-		ranger.Insert(cidranger.NewBasicRangerEntry(*network))
 	}
-	client.ranger = ranger
+	return nil
+}
 
-	return client, nil
+func (c *Client) getCDNDataFromCache(httpClient *http.Client) error {
+	var err error
+	c.ranges, err = scrapeProjectDiscovery(httpClient)
+	if err != nil {
+		return err
+	}
+
+	c.rangers = make(map[string]cidranger.Ranger)
+	for provider, ranges := range c.ranges {
+		ranger := cidranger.NewPCTrieRanger()
+
+		for _, cidr := range ranges {
+			_, network, err := net.ParseCIDR(cidr)
+			if err != nil {
+				continue
+			}
+			_ = ranger.Insert(cidranger.NewBasicRangerEntry(*network))
+		}
+		c.rangers[provider] = ranger
+	}
+	return nil
 }
 
 // Check checks if an IP is contained in the blacklist
-func (c *Client) Check(ip net.IP) (bool, error) {
-	return c.ranger.Contains(ip)
+func (c *Client) Check(ip net.IP) (bool, string, error) {
+	for provider, ranger := range c.rangers {
+		if contains, err := ranger.Contains(ip); contains {
+			return true, provider, err
+		}
+	}
+	return false, "", nil
+}
+
+// Ranges returns the providers and ranges for the cdn client
+func (c *Client) Ranges() map[string][]string {
+	return c.ranges
 }
diff --git a/cdncheck_test.go b/cdncheck_test.go
@@ -11,11 +11,12 @@ func TestCDNCheck(t *testing.T) {
 	client, err := New()
 	require.Nil(t, err, "Could not create cdncheck client")
 
-	found, err := client.Check(net.ParseIP("173.245.48.12"))
+	found, provider, err := client.Check(net.ParseIP("173.245.48.12"))
+	require.Equal(t, "cloudflare", provider, "could not get correct provider")
 	require.Nil(t, err, "Could not check ip in ranger")
 	require.True(t, found, "Could not check cloudlfare ip blacklist")
 
-	found, err = client.Check(net.ParseIP("127.0.0.1"))
+	found, _, err = client.Check(net.ParseIP("127.0.0.1"))
 	require.Nil(t, err, "Could not check ip in ranger")
 	require.False(t, found, "Localhost IP found in blacklist")
 }
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/projectdiscovery/cdncheck
 go 1.14
 
 require (
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/json-iterator/go v1.1.12
 	github.com/kr/text v0.2.0 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/yl2chen/cidranger v1.0.2
diff --git a/go.sum b/go.sum
@@ -1,30 +1,33 @@
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/yl2chen/cidranger v1.0.2 h1:lbOWZVCG1tCRX4u24kuM1Tb4nHqWkDxwLdoS+SevawU=
 github.com/yl2chen/cidranger v1.0.2/go.mod h1:9U1yz7WPYDwf0vpNWFaeRh0bjwz5RVgRy/9UEQfHl0g=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/options.go b/options.go
@@ -0,0 +1,10 @@
+package cdncheck
+
+type Options struct {
+	Cache       bool
+	IPInfoToken string
+}
+
+func (options *Options) HasAuthInfo() bool {
+	return options.IPInfoToken != ""
+}
diff --git a/ranges.go b/ranges.go
diff --git a/ranges_test.go b/ranges_test.go
