diff --git a/src/core/config/Categories.json b/src/core/config/Categories.json index 2d194c37c..1692b434a 100755 --- a/src/core/config/Categories.json +++ b/src/core/config/Categories.json @@ -177,7 +177,8 @@ "Group IP addresses", "Encode NetBIOS Name", "Decode NetBIOS Name", - "Defang URL" + "Defang URL", + "Defang IP" ] }, { diff --git a/src/core/operations/DefangIP.mjs b/src/core/operations/DefangIP.mjs new file mode 100644 index 000000000..b993c81e3 --- /dev/null +++ b/src/core/operations/DefangIP.mjs @@ -0,0 +1,75 @@ +/** + * @author h345983745 + * @copyright Crown Copyright 2019 + * @license Apache-2.0 + */ + +import Operation from "../Operation"; + + +/** + * Defang IP operation + */ +class DefangIP extends Operation { + + /** + * DefangIP constructor + */ + constructor() { + super(); + + this.name = "Defang IP"; + this.module = "Default"; + this.description = "Takes a IPV4 or IPV6 address and 'Defangs' it; meaning the IP becomes invalid, removing the risk of accidentally utilising it as an IP address."; + this.infoURL = "https://isc.sans.edu/forums/diary/Defang+all+the+things/22744/"; + this.inputType = "string"; + this.outputType = "string"; + this.args = [ + { + name: "IPV4", + type: "boolean", + value: true + }, + { + name: "IPV6", + type: "boolean", + value: true + } + ]; + } + + /** + * @param {string} input + * @param {Object[]} args + * @returns {string} + */ + run(input, args) { + const [IPV4, IPV6] = args; + + if (IPV4) { + input = input.replace(IPV4_REGEX, x => { + return x.replace(/\./g, "[.]"); + }); + } + if (IPV6) { + input = input.replace(IPV6_REGEX, x => { + return x.replace(/:/g, "[:]"); + }); + } + return input; + } +} + +export default DefangIP; + + +/** + * IPV4 regular expression + */ +const IPV4_REGEX = new RegExp("(?:(?:\\d|[01]?\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:25[0-5]|2[0-4]\\d|[01]?\\d\\d|\\d)(?:\\/\\d{1,2})?", "g"); + + +/** + * IPV6 regular expression + */ +const IPV6_REGEX = new RegExp("((?=.*::)(?!.*::.+::)(::)?([\\dA-Fa-f]{1,4}:(:|\\b)|){5}|([\\dA-Fa-f]{1,4}:){6})((([\\dA-Fa-f]{1,4}((?!\\3)::|:\\b|(?![\\dA-Fa-f])))|(?!\\2\\3)){2}|(((2[0-4]|1\\d|[1-9])?\\d|25[0-5])\\.?\\b){4})", "g"); diff --git a/tests/operations/index.mjs b/tests/operations/index.mjs index 41d78c353..32c6e0cee 100644 --- a/tests/operations/index.mjs +++ b/tests/operations/index.mjs @@ -90,6 +90,7 @@ import "./tests/Typex"; import "./tests/BLAKE2b"; import "./tests/BLAKE2s"; import "./tests/Protobuf"; +import "./tests/DefangIP"; // Cannot test operations that use the File type yet //import "./tests/SplitColourChannels"; diff --git a/tests/operations/tests/DefangIP.mjs b/tests/operations/tests/DefangIP.mjs new file mode 100644 index 000000000..7c8c206c6 --- /dev/null +++ b/tests/operations/tests/DefangIP.mjs @@ -0,0 +1,64 @@ +/** + * DefangIP tests. + * + * @author h345983745 + * + * @copyright Crown Copyright 2017 + * @license Apache-2.0 + */ +import TestRegister from "../TestRegister"; + +TestRegister.addTests([ + { + name: "Defang IP: Valid IPV4", + input: "192.168.1.1", + expectedOutput: "192[.]168[.]1[.]1", + recipeConfig: [ + { + op: "Defang IP", + args: [true, true], + }, + ], + }, { + name: "Defang IP: Valid IPV6", + input: "2001:0db8:85a3:0000:0000:8a2e:0370:7343", + expectedOutput: "2001[:]0db8[:]85a3[:]0000[:]0000[:]8a2e[:]0370[:]7343", + recipeConfig: [ + { + op: "Defang IP", + args: [true, true], + }, + ], + }, { + name: "Defang IP: Valid IPV6 Shorthand", + input: "2001:db8:3c4d:15::1a2f:1a2b", + expectedOutput: "2001[:]db8[:]3c4d[:]15[:][:]1a2f[:]1a2b", + recipeConfig: [ + { + op: "Defang IP", + args: [true, true], + }, + ], + }, + { + name: "Defang IP: IPV4 Only", + input: "192.168.1.1 2001:0db8:85a3:0000:0000:8a2e:0370:7343", + expectedOutput: "192[.]168[.]1[.]1 2001:0db8:85a3:0000:0000:8a2e:0370:7343", + recipeConfig: [ + { + op: "Defang IP", + args: [true, false], + }, + ], + }, { + name: "Defang IP: IPV6 Only", + input: "192.168.1.1 2001:0db8:85a3:0000:0000:8a2e:0370:7343", + expectedOutput: "192.168.1.1 2001[:]0db8[:]85a3[:]0000[:]0000[:]8a2e[:]0370[:]7343", + recipeConfig: [ + { + op: "Defang IP", + args: [false, true], + }, + ], + } +]);