Skip to content

Commit

Permalink
Add a azure-ip-range function
Browse files Browse the repository at this point in the history
This function get the list of IP addresses associated with the named
Microsoft Azure service.

```
pass in proto tcp from azure-ip-range('DataFactory.FranceCentral') to any port 5432
```
  • Loading branch information
smortex committed Jul 6, 2024
1 parent 0cdaf89 commit 6c0e2cb
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 2 deletions.
7 changes: 5 additions & 2 deletions lib/puffy/parser.y
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,9 @@ rule
| host_list host_list_item { result = val[0] + val[1] }
| host_list_item { result = val[0] }

host_list_item: host { result = [val[0]] }
| VARIABLE { result = @variables.fetch(val[0][:value]) }
host_list_item: host { result = [val[0]] }
| VARIABLE { result = @variables.fetch(val[0][:value]) }
| AZURE_IP_RANGE '(' STRING ')' { result = Resolver.instance.resolv_azure_ip_range(val[2][:value]) }

filteropts: filteropts ',' filteropt { result = val[0].merge(val[2]) }
| filteropts filteropt { result = val[0].merge(val[1]) }
Expand All @@ -164,6 +165,7 @@ end

require 'deep_merge'
require 'ipaddr'
require 'json'
require 'strscan'

---- inner
Expand Down Expand Up @@ -250,6 +252,7 @@ require 'strscan'
when s.scan(/rdr-to\b/) then emit(:RDR_TO, s.matched)
when s.scan(/srv\b/) then emit(:SRV, s.matched)
when s.scan(/apt-mirror\b/) then emit(:APT_MIRROR, s.matched)
when s.scan(/azure-ip-range\b/) then emit(:AZURE_IP_RANGE, s.matched)
when s.scan(/\d+\.\d+\.\d+\.\d+(\/\d+)?/) && ip = ipaddress?(s) then emit(:ADDRESS, ip, s.matched_size)
when s.scan(/[[:xdigit:]]*:[:[:xdigit:]]+(\/\d+)?/) && ip = ipaddress?(s) then emit(:ADDRESS, ip, s.matched_size)
Expand Down
8 changes: 8 additions & 0 deletions lib/puffy/resolver.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,14 @@ def resolv_apt_mirror(url)
res
end

def resolv_azure_ip_range(service_name)
# https://www.microsoft.com/en-us/download/details.aspx?id=56519
@azure_ip_range ||= JSON.parse(URI('https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20240701.json').read)

res = @azure_ip_range['values'].select { |service| service['name'] == service_name }[0]['properties']['addressPrefixes']
res.map { |ip| IPAddr.new(ip) }
end

private

def parse_url(url)
Expand Down
10 changes: 10 additions & 0 deletions spec/puffy/resolver_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,5 +56,15 @@ module Puffy
])
end
end

describe '#resolv_azure_ip_range' do
it 'works' do
res = subject.resolv_azure_ip_range('ActionGroup')

expect(res).to be_an(Array)
expect(res).not_to be_empty
expect(res.first).to be_an(IPAddr)
end
end
end
end

0 comments on commit 6c0e2cb

Please sign in to comment.