crowdsec icon indicating copy to clipboard operation
crowdsec copied to clipboard
verified publisher icon crowdsecurity

Helper function similar to IpInRange but with multiple ranges

Open arthurzenika opened this issue 3 months ago • 4 comments

What would you like to be added?

A helper function IpInRanges that would check an IP against multiple ranges.

Pseudo documentation :

IpInRanges(IPStr, RangeCIDRs) bool

Returns true if the IP IPStr is contained in the slice RangeCIDRs (uses go slice & net.ParseCIDR)

    IpInRange("1.2.3.4", ["1.2.3.0/24", "3.4.5.6/24"])

/kind feature

Why is this needed?

To develop an allowlist that uses multiple IP ranges published in a JSON file as described in https://github.com/crowdsecurity/hub/issues/1466 we seem to need a helper function that is not available yet : IpInRanges

arthurzenika avatar Sep 08 '25 15:09 arthurzenika

@arthurzenika: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

github-actions[bot] avatar Sep 08 '25 15:09 github-actions[bot]

@arthurzenika: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

  • /kind feature
  • /kind enhancement
  • /kind refactoring
  • /kind bug
  • /kind packaging
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

github-actions[bot] avatar Sep 08 '25 15:09 github-actions[bot]

/kind feature

arthurzenika avatar Sep 09 '25 06:09 arthurzenika

Hello,

This is already possible, using the any helper, for example with this parser whitelist (although it should probably be a postoverflow if you want to check a lot of ranges):

name: custom/multiple-ranges
description: foo
whitelist:
 expression: # assume a single range per line
  - |
      any(
        File("aws_ips.txt"), { IpInRange(evt.Meta.source_ip, #) }
      )
data: #data section required for crowdsec to load the file and make it available in expressions 
 - dest_file: aws_ips.txt
   type: string

any expects an array as 1st parameter, and will call the function provided in the 2nd parameter with each item of the array, and if any call returns true, any will return true, which will whitelist the event.

blotus avatar Sep 17 '25 12:09 blotus