Adding functionality to check for 'no-scan' countries

st0rmbl3ss3d commented 3 years ago

🗣 Description

This is a change designed to check the GeoIP db for IPs in countries that are currently not supposed to be scanned per policy.

💭 Motivation and context

This change is required because we recently officially updated our scanning policy across VM to exclude scans to IPs located in certain countries. This change solves the problem by adding an automatic check to look up the country for each CIDR that is either imported or added to avoid importing IPs that should not be scanned.

🧪 Testing

I tested this change by forking my own repo and then generating a local docker instance, with the actual importing steps that would change the DB commented out. I then made a dummy json file and attempted to import it with known IPs that belong to those countries. I also tested the 'add' functionality in the same way, commenting out the actual addition, but attempting to add known IPs that belong to said countries. The tests were successful as I tried them.

lgtm-com[bot] commented 3 years ago

This pull request introduces 1 alert and fixes 2 when merging 008f0571a776468c8a529af20a42bc0056573f1e into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

new alerts:

1 for Syntax error

fixed alerts:

2 for Testing equality to None

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 65339e52471c1319706cdd600524028ed71a09de into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

jsf9k commented 3 years ago

@st0rmbl3ss3d - in the future please try to create git commit messages with more descriptive content, even when committing suggested changes. The default message of "Update bin/cyhy-import", for example, does not tell the reader anything about what changes are being made.

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 6a1eac62c25aac314c1013d6484f650b3254c1e0 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 49bc9c4605531494ac0ffc390113fa52e1a5c0cf into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging ca0e19e514a92fdf26919f392e28331b7d085014 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 4c6fec2e2595e2d361c2a0e672a697edfef0cfb7 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging d1bc9dcd9f3af54f2767a3c7a91942b2623fe403 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 891e18a6d3560c47d07e0a359c1d8b85122900a0 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 528cd0890d3fc0b87075a97ccb7cc50c2fad8458 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging be6cd6f22c469fc169e79507104f3521aceb7ecd into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 809cc808b2bbb59be8e5e2d8f71349c0dd2b2eba into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

st0rmbl3ss3d commented 3 years ago

Just committed some changes. What do you think of that handling? Or should we use something other than defaultdict?

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 459aa82e7c6441d996470a8964160387f2c34743 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 302447a3c851629ead771878261bf09cca5948b6 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 2ea4f51046e4d4017ad23a4d707b16ebe661f8d9 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging f4516bd926b1de99396617886a793c14ff637bfa into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 127fdccc1c21181f2fb60a145a7bd75ff1199ad4 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging acca18cb65c9b37ae0c2dbddb011d865f2dd1659 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

lgtm-com[bot] commented 3 years ago

This pull request fixes 1 alert when merging 4894dd0f19a72ea6d52fee46b36ad0ceccb580d9 into 79d25173b91c6cd71bd106733f21020c81282e5a - view on LGTM.com

fixed alerts:

1 for Unused import

mcdonnnj commented 3 years ago

@st0rmbl3ss3d Sorry this slid by this week, but you should be good to build a new image now.

cisagov / cyhy-core