Update map to list for ipv6

2019-06-28 17:45:21 -05:00 · 2019-06-28 17:45:21 -05:00 · 3c394a1365
--- a/alerts/plugins/ip_source_enrichment.py
+++ b/alerts/plugins/ip_source_enrichment.py
@ -8,6 +8,7 @@ from operator import add
 import os
 import re

+import functools
 import netaddr


@ -23,10 +24,11 @@ def _find_ip_addresses(string):
    ipv6_rx = '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'

    ipv4 = re.findall(ipv4_rx, string)
-    ipv6 = map(
+    ipv6_map = map(
        lambda match: match[0] if isinstance(match, tuple) else match,
        re.findall(ipv6_rx, string))

+    ipv6 = [x for x in ipv6_map]
    return ipv4 + ipv6


@ -42,11 +44,11 @@ def enrich(alert, known_ips):

        if isinstance(value, list) or isinstance(value, tuple):
            found = [find_ips(item) for item in value]
-            return reduce(add, found, [])
+            return functools.reduce(add, found, [])

        if isinstance(value, dict):
            found = [find_ips(item) for item in value.values()]
-            return reduce(add, found, [])
+            return functools.reduce(add, found, [])

        return []