bitwire-it
Missing IPv6 addresses and a typo
Hello @Rush-er
since 2 days ago, I noticed that IPv6 addresses are missing from 'inbound.txt', is that alright ?
Also, I noticed that the url on line 2 https://github.com/bitwire-it/ipblocklist/blob/main/tables/inbound/urltable_inbound#L2 should is a 't' at the end of the line; so it should be https://raw.githubusercontent.com/montysecurity/C2-Tracker/refs/heads/main/data/all.txt
Is it possible to fix this ?
Thank you and have a nice day :)
Hello @Rush-er
since 2 days ago, I noticed that IPv6 addresses are missing from 'inbound.txt', is that alright ?
Also, I noticed that the url on line 2 https://github.com/bitwire-it/ipblocklist/blob/main/tables/inbound/urltable_inbound#L2 should is a 't' at the end of the line; so it should be
https://raw.githubusercontent.com/montysecurity/C2-Tracker/refs/heads/main/data/all.txtIs it possible to fix this ?
Thank you and have a nice day :)
Thank you for sending the report. I will investigate the IPv6 issue further.
Regarding the typo, that was an error in the upstream list. I have fixed it now. 1cfec4ecd0e26f8987911ee04782ff10ef971f89
Thank you for the commit of the missing 't'.
Also, I'm looking forward for the ipv6 fix, thank you :)
Edit : I noticed that the bug occured since commit 3274fbf04ad6a68554e361449a44cb9fd1a7abaf
I'm not an expert, but I think the bug might be here : https://github.com/bitwire-it/ipblocklist/commit/3274fbf04ad6a68554e361449a44cb9fd1a7abaf#diff-aebdf3f2b87fb04a06dbaa6b57eca7615d3a974a71a883987b0606f3ac4e1d07R10-R55
Since IP_CIDR_REGEX = re.compile(r"\b((?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b") doesn't seems to match IPv6 addresses, but works fine with IPv4.
OK with IPv4 code snippet:
>>> re.compile(r"\b((?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('127.0.0.1')
KO with IPv6 code snippet:
>>> re.compile(r"\b((?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('2001:0000:130F:0000::')
>>> re.compile(r"\b((?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('2001:0000:130F:0000:0000:09C0:876A:130B')
>>> re.compile(r"\b((?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('fe80::/64')
I have tried to have a regex to match both IPv4 and IPv6 : r"\b(("r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b"
Examples :
>>> re.compile(r"\b(("r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('1.2.3.4')
<re.Match object; span=(0, 7), match='1.2.3.4'>
>>> re.compile(r"\b(("r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('fe80::/64')
<re.Match object; span=(0, 9), match='fe80::/64'>
>>> re.compile(r"\b(("r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('fe80:')
>>> re.compile(r"\b(("r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('2a12:a800:2:1:45:141:215:169')
<re.Match object; span=(0, 28), match='2a12:a800:2:1:45:141:215:169'>
>>> re.compile(r"\b(("r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('2a13:ef45::')
<re.Match object; span=(0, 9), match='2a13:ef45'>
Maybe we should have some unit tests with pytest to prevent further issues.
Thank you for all your work on this repository and have a nice day 😸
Edit : I noticed that the bug occured since commit 3274fbf04ad6a68554e361449a44cb9fd1a7abaf
I'm not an expert, but I think the bug might be here : 3274fbf#diff-aebdf3f2b87fb04a06dbaa6b57eca7615d3a974a71a883987b0606f3ac4e1d07R10-R55
Since
IP_CIDR_REGEX = re.compile(r"\b((?:[0-9]{1,3}\.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b")doesn't seems to match IPv6 addresses, but works fine with IPv4.OK with IPv4 code snippet:
re.compile(r"\b((?:[0-9]{1,3}.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('127.0.0.1') KO with IPv6 code snippet:
re.compile(r"\b((?:[0-9]{1,3}.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('2001:0000:130F:0000::') re.compile(r"\b((?:[0-9]{1,3}.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('2001:0000:130F:0000:0000:09C0:876A:130B') re.compile(r"\b((?:[0-9]{1,3}.){3}[0-9]{1,3}(?:/[0-9]{1,2})?)\b").match('fe80::/64') I have tried to have a regex to match both IPv4 and IPv6 :
r"\b(("r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b"Examples :
re.compile(r"\b(("r"(?:[0-9]{1,3}.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('1.2.3.4') <re.Match object; span=(0, 7), match='1.2.3.4'> re.compile(r"\b(("r"(?:[0-9]{1,3}.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('fe80::/64') <re.Match object; span=(0, 9), match='fe80::/64'> re.compile(r"\b(("r"(?:[0-9]{1,3}.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('fe80:') re.compile(r"\b(("r"(?:[0-9]{1,3}.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('2a12:a800:2:1:45:141:215:169') <re.Match object; span=(0, 28), match='2a12:a800:2:1:45:141:215:169'> re.compile(r"\b(("r"(?:[0-9]{1,3}.){3}[0-9]{1,3}"r"|"r"[0-9A-Fa-f:]+:[0-9A-Fa-f:]+"r")(?:/\d{1,3})?)\b").match('2a13:ef45::') <re.Match object; span=(0, 9), match='2a13:ef45'> Maybe we should have some unit tests with pytest to prevent further issues.
Thank you for all your work on this repository and have a nice day 😸
Thanks for the input, you can make a PR next time so i will check and merge
I added the new part for the IPv6 regex commit d8d3a8b20e8be43efcc77a208ddf1190f055ba09