Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved IPv6 Handling for Nmap Agent #113

Closed
wants to merge 7 commits into from
Closed

Improved IPv6 Handling for Nmap Agent #113

wants to merge 7 commits into from

Conversation

nmasdoufi-ol
Copy link

Enhancements to IPv6 Handling in NmapAgent

This PR introduces several improvements and enhancements to the IPv6 handling logic in the NmapAgent class. The changes include validation of IPv6 settings, normalization of IPv6 addresses, and updates to subnet handling during the scanning process. Additionally, the PR modifies the process method to ensure that invalid or misconfigured IPv6 addresses and subnets are properly handled.

Key Changes:

  1. IPv6 Validation Enhancements:

    • Introduced a _validate_ipv6_settings method to validate IPv6-specific settings.
    • This method ensures that the configured max_network_mask_ipv6 is within the allowed range (IPV6_MIN_PREFIX to 128).
    • If the validation fails, a ValueError is raised with an appropriate error message.

  2. IPv6 Address Normalization:

    • Implemented the _normalize_ipv6_address method to normalize IPv6 addresses into their compressed format.
    • The method uses the ipaddress.IPv6Address class to validate and compress IPv6 addresses. If an invalid address is provided, it raises an AddressValueError, which is logged with an error message.

  3. IPv6 Subnet Handling:

    • In the process method, added logic to handle IPv6 subnets:
      • If the subnet mask is below IPV6_CIDR_LIMIT, a ValueError is raised to prevent further processing.
      • If the subnet mask is valid, the address is normalized and scanned.
    • Added checks to ensure that subnet masks below the allowed limits for IPv6 (IPV6_CIDR_LIMIT) are properly handled with an error message.

  4. IPv6 Scan Options:

    • Introduced a _get_ipv6_scan_options method to retrieve IPv6-specific scan options, including parameters like ping_timeout, min_rate, max_rate, max_retries, and fragment_mtu.
    • These options are now configurable via the agent’s arguments and are used during IPv6 scanning.

  5. Logging and Error Reporting:

    • Added detailed logging to capture invalid IPv6 address errors and subnet mask issues.
    • When invalid subnets are encountered, the error message is logged, and further processing is halted.
    • For valid addresses, the processing continues as usual, with network scanning and vulnerability reporting.

@codecov Codecov
Copy link

codecov bot commented Dec 2, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.94%. Comparing base (fd705b7) to head (a7eaf3c).
Report is 6 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #113      +/-   ##
==========================================
+ Coverage   94.74%   94.94%   +0.20%     
==========================================
  Files           9        9              
  Lines         932      970      +38     
==========================================
+ Hits          883      921      +38     
  Misses         49       49

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

ohachimOs
ohachimOs reviewed Dec 2, 2024
View reviewed changes
agent/nmap_agent.py Outdated Show resolved Hide resolved
3asm
3asm requested changes Dec 2, 2024
View reviewed changes
agent/nmap_agent.py Outdated Show resolved Hide resolved
agent/nmap_agent.py Outdated Show resolved Hide resolved
agent/nmap_agent.py Outdated Show resolved Hide resolved
agent/nmap_agent.py Outdated Show resolved Hide resolved
adnaneserrar
adnaneserrar reviewed Dec 2, 2024
View reviewed changes
tests/nmap_agent_test.py Outdated Show resolved Hide resolved
tests/nmap_agent_test.py Outdated Show resolved Hide resolved
@nmasdoufi-ol nmasdoufi-ol requested a review from a team as a code owner December 3, 2024 13:01
elyousfi5
elyousfi5 reviewed Dec 3, 2024
View reviewed changes
agent/nmap_agent.py Outdated Show resolved Hide resolved
mohsinenar
mohsinenar reviewed Dec 3, 2024
View reviewed changes
agent/nmap_agent.py Outdated Show resolved Hide resolved
@3asm 3asm marked this pull request as draft December 4, 2024 10:41
ErebusZ
ErebusZ reviewed Dec 6, 2024
View reviewed changes
agent/nmap_agent.py
IPV6_CIDR_LIMIT = 112
IPV6_MIN_PREFIX = 8 # Minimum safe prefix length for IPv6
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not used anywhere

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adnaneserrar adnaneserrar adnaneserrar left review comments

@ohachimOs ohachimOs ohachimOs left review comments

@elyousfi5 elyousfi5 elyousfi5 left review comments

@ErebusZ ErebusZ ErebusZ left review comments

@mohsinenar mohsinenar mohsinenar left review comments

@deadly-panda deadly-panda deadly-panda left review comments

@amine3 amine3 amine3 left review comments

@3asm 3asm 3asm requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@nmasdoufi-ol @3asm @amine3 @deadly-panda @mohsinenar @ErebusZ @elyousfi5 @ohachimOs @adnaneserrar