Skip to content

Commit 75493b4

Browse files
jjxtrajjxtra
committed
Handle hyphens
Windows firewall will use a hyphen if the range is not a proper cidr mask
1 parent 55250ec commit 75493b4

File tree

2 files changed

+39
-10
lines changed

2 files changed

+39
-10
lines changed

IPBanCore/Windows/IPBanWindowsFirewall.cs

+2-2
Original file line numberDiff line numberDiff line change
@@ -513,7 +513,7 @@ public override Task<bool> BlockIPAddressesDelta(string ruleNamePrefix, IEnumera
513513
foreach (string ip in ipList)
514514
{
515515
// trim out submask
516-
int pos = ip.IndexOf('/');
516+
int pos = ip.IndexOfAny(firewallEntryDelimiters);
517517
if (pos >= 0)
518518
{
519519
ipSet.Add(ip[..pos]);
@@ -779,7 +779,7 @@ public override IEnumerable<string> EnumerateAllowedIPAddresses()
779779
}
780780
foreach (string ip in rule.RemoteAddresses.Split(','))
781781
{
782-
int pos = ip.IndexOf('/');
782+
int pos = ip.IndexOfAny(firewallEntryDelimiters);
783783
if (pos < 0)
784784
{
785785
yield return ip;

IPBanTests/IPBanBanTests.cs

+37-8
Original file line numberDiff line numberDiff line change
@@ -39,13 +39,13 @@ namespace DigitalRuby.IPBanTests
3939
[TestFixture]
4040
public class IPBanBanTests
4141
{
42-
43-
4442
private const string ip1 = "99.99.99.97";
4543
private const string ip2 = "99.99.99.98";
44+
private const string ip3 = "2a0f:5840::";
4645
private static readonly IPAddressLogEvent info1 = new(ip1, "test_user", "RDP", 98, IPAddressEventType.FailedLogin);
4746
private static readonly IPAddressLogEvent info2 = new(ip2, "test_user2", "SSH", 99, IPAddressEventType.FailedLogin);
4847
private static readonly IPAddressLogEvent info3 = new(ip1, "test_user", "RDP", 1, IPAddressEventType.FailedLogin);
48+
private static readonly IPAddressLogEvent info4 = new(ip3, "test_user", "RDP", 25, IPAddressEventType.FailedLogin);
4949

5050
private IPBanService service;
5151

@@ -64,7 +64,7 @@ public void Teardown()
6464
IPBanService.DisposeIPBanTestService(service);
6565
}
6666

67-
private void AddFailedLogins(int count = -1)
67+
private void AddFailedLogins(int count = -1, bool ipv6 = false)
6868
{
6969
int count1 = (count < 0 ? info1.Count : count);
7070
int count2 = (count < 0 ? info2.Count : count);
@@ -73,13 +73,24 @@ private void AddFailedLogins(int count = -1)
7373
new IPAddressLogEvent(info1.IPAddress, info1.UserName, info1.Source, count1, info1.Type),
7474
new IPAddressLogEvent(info2.IPAddress, info2.UserName, info2.Source, count2, info2.Type)
7575
});
76+
if (ipv6)
77+
{
78+
service.AddIPAddressLogEvents(new IPAddressLogEvent[]
79+
{
80+
new IPAddressLogEvent(info4.IPAddress, info4.UserName, info4.Source, count < 0 ? info4.Count : count, info4.Type),
81+
});
82+
}
7683
service.RunCycleAsync().Sync();
7784
}
7885

79-
private void AssertIPAddressesAreBanned(int failCount1 = -1, int failCount2 = -1)
86+
private void AssertIPAddressesAreBanned(int failCount1 = -1, int failCount2 = -1, int failCount3 = -1, bool ipv6 = false)
8087
{
8188
Assert.IsTrue(service.Firewall.IsIPAddressBlocked(ip1, out _));
8289
Assert.IsTrue(service.Firewall.IsIPAddressBlocked(ip2, out _));
90+
if (ipv6)
91+
{
92+
Assert.IsTrue(service.Firewall.IsIPAddressBlocked(ip3, out _));
93+
}
8394
Assert.IsTrue(service.DB.TryGetIPAddress(ip1, out IPBanDB.IPAddressEntry e1));
8495
Assert.IsTrue(service.DB.TryGetIPAddress(ip2, out IPBanDB.IPAddressEntry e2));
8596
failCount1 = (failCount1 < 0 ? info1.Count : failCount1);
@@ -88,12 +99,20 @@ private void AssertIPAddressesAreBanned(int failCount1 = -1, int failCount2 = -1
8899
Assert.AreEqual(failCount2, e2.FailedLoginCount);
89100
Assert.AreEqual(IPBanDB.IPAddressState.Active, e1.State);
90101
Assert.AreEqual(IPBanDB.IPAddressState.Active, e2.State);
102+
if (ipv6)
103+
{
104+
failCount3 = (failCount3 < 0 ? info4.Count : failCount3);
105+
Assert.IsTrue(service.DB.TryGetIPAddress(ip3, out IPBanDB.IPAddressEntry e3));
106+
Assert.AreEqual(failCount3, e3.FailedLoginCount);
107+
Assert.AreEqual(IPBanDB.IPAddressState.Active, e3.State);
108+
}
91109
}
92110

93-
private void AssertIPAddressesAreNotBanned(bool exists1 = false, bool exists2 = false)
111+
private void AssertIPAddressesAreNotBanned(bool exists1 = false, bool exists2 = false, bool exists3 = false)
94112
{
95113
Assert.IsFalse(service.Firewall.IsIPAddressBlocked(ip1, out _));
96114
Assert.IsFalse(service.Firewall.IsIPAddressBlocked(ip2, out _));
115+
Assert.IsFalse(service.Firewall.IsIPAddressBlocked(ip3, out _));
97116
if (exists1)
98117
{
99118
Assert.IsTrue(service.DB.TryGetIPAddress(ip1, out IPBanDB.IPAddressEntry e1));
@@ -112,12 +131,22 @@ private void AssertIPAddressesAreNotBanned(bool exists1 = false, bool exists2 =
112131
{
113132
Assert.IsFalse(service.DB.TryGetIPAddress(ip2, out _));
114133
}
134+
if (exists3)
135+
{
136+
Assert.IsTrue(service.DB.TryGetIPAddress(ip3, out IPBanDB.IPAddressEntry e3));
137+
Assert.AreNotEqual(IPBanDB.IPAddressState.Active, e3.State);
138+
}
139+
else
140+
{
141+
Assert.IsFalse(service.DB.TryGetIPAddress(ip3, out _));
142+
}
115143
}
116144

117145
private void AssertNoIPInDB()
118146
{
119147
Assert.IsFalse(service.DB.TryGetIPAddress(ip1, out _));
120148
Assert.IsFalse(service.DB.TryGetIPAddress(ip2, out _));
149+
Assert.IsFalse(service.DB.TryGetIPAddress(ip3, out _));
121150
}
122151

123152
[Test]
@@ -199,11 +228,11 @@ public void TestBlockIPAddressesMethodCall()
199228
[Test]
200229
public void TestUnblockIPAddresesUnblockFile()
201230
{
202-
AddFailedLogins();
203-
AssertIPAddressesAreBanned();
231+
AddFailedLogins(ipv6: true);
232+
AssertIPAddressesAreBanned(ipv6: true);
204233

205234
// put an unban.txt file in path, service should pick it up
206-
File.WriteAllLines(service.UnblockIPAddressesFileName, new string[] { ip1, ip2 });
235+
File.WriteAllLines(service.UnblockIPAddressesFileName, new string[] { ip1, ip2, ip3 });
207236

208237
// this should un ban the ip addresses
209238
service.RunCycleAsync().Sync();

0 commit comments

Comments
 (0)