Socket
Socket
Sign inDemoInstall

roa-checker

Package Overview
Dependencies
10
Maintainers
1
Alerts
File Explorer

Install Socket

Detect and block malicious and high-risk dependencies

Install

    roa-checker

Fast prefix origin pair lookups

Maintainers
1

Readme

Python 3.10 Python 3.11 Python 3.12 Tests Ruff Code style: black Checked with mypy

roa_checker

This package contains a trie of ROAs for fast prefix-origin pair lookups

Usage

from ipaddress import ip_network

from roa_checker import ROAChecker, ROARouted, ROAValidity


def test_tree():
    # TODO: Break up into unit tests
    trie = ROAChecker()
    cidrs = [ip_network(x) for x in ["1.2.0.0/16", "1.2.3.0/24", "1.2.3.4"]]
    routed_origin = 1
    for cidr in cidrs:
        trie.insert(cidr, routed_origin, cidr.prefixlen)
    for cidr in cidrs:
        assert trie.get_roa(cidr, routed_origin).prefix == cidr
        validity, routed = trie.get_validity(cidr, routed_origin)
        assert validity, routed == (ROAValidity.VALID, ROARouted.ROUTED,)
        assert ROAValidity.is_unknown(validity) is False
        assert ROAValidity.is_invalid(validity) is False
        assert ROAValidity.is_valid(validity) is True


    non_routed_cidrs = [ip_network(x) for x in ["2.2.0.0/16", "2.2.3.0/24", "2.2.3.4"]]
    non_routed_origin = 0
    for cidr in non_routed_cidrs:
        trie.insert(cidr, non_routed_origin, cidr.prefixlen)
    for cidr in non_routed_cidrs:
        assert trie.get_roa(cidr, non_routed_origin).prefix == cidr
        assert trie.get_validity(cidr, routed_origin) == (
            ROAValidity.INVALID_ORIGIN,
            ROARouted.NON_ROUTED,
        )

    validity, routed = trie.get_validity(ip_network("1.0.0.0/8"), routed_origin)
    assert validity == ROAValidity.UNKNOWN
    assert routed == ROARouted.UNKNOWN
    validity, routed = trie.get_validity(ip_network("255.255.255.255"), routed_origin)
    assert validity == ROAValidity.UNKNOWN
    assert routed == ROARouted.UNKNOWN
    assert ROAValidity.is_unknown(validity) is True
    assert ROAValidity.is_invalid(validity) is False
    assert ROAValidity.is_valid(validity) is False
    validity, routed = trie.get_validity(ip_network("1.2.4.0/24"), routed_origin)
    assert validity == ROAValidity.INVALID_LENGTH
    assert routed == ROARouted.ROUTED
    assert ROAValidity.is_unknown(validity) is False
    assert ROAValidity.is_invalid(validity) is True
    assert ROAValidity.is_valid(validity) is False
    validity, routed = trie.get_validity(ip_network("1.2.3.0/24"), routed_origin + 1)
    assert validity == ROAValidity.INVALID_ORIGIN
    assert routed == ROARouted.ROUTED
    assert ROAValidity.is_unknown(validity) is False
    assert ROAValidity.is_invalid(validity) is True
    assert ROAValidity.is_valid(validity) is False
    validity, routed = trie.get_validity(ip_network("1.2.4.0/24"), routed_origin + 1)
    assert validity == ROAValidity.INVALID_LENGTH_AND_ORIGIN
    assert routed == ROARouted.ROUTED
    assert ROAValidity.is_unknown(validity) is False
    assert ROAValidity.is_invalid(validity) is True
    assert ROAValidity.is_valid(validity) is False
    validity, routed = trie.get_validity(ip_network("1.2.0.255"), routed_origin)
    assert validity == ROAValidity.INVALID_LENGTH
    assert routed == ROARouted.ROUTED
    validity, routed = trie.get_validity(ip_network("1.3.0.0/16"), routed_origin)
    assert validity == ROAValidity.UNKNOWN
    assert routed == ROARouted.UNKNOWN
    validity, routed = trie.get_validity(ip_network("1.2.0.255"), routed_origin)
    assert validity == ROAValidity.INVALID_LENGTH
    assert routed == ROARouted.ROUTED

Installation

Install python and pip if you have not already. Then run:

pip3 install roa_checker

This will install the package and all of it's python dependencies.

If you want to install the project for development:

git clone https://github.com/jfuruness/roa_checker.git
cd roa_checker
pip3 install -e .[test]
pre-commit install

To test the development package: Testing

Testing

After installation for development:

cd roa_checker
python3 -m pytest roa_checker

To run all tests:

tox

Development/Contributing

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request
  6. Email me at jfuruness@gmail.com if I don't see it after a while

History

  • roa_checker
  • 1.1.4 Bug fix for multiple ROA case where multiple ROAs would result in the least valid ROA being selected, rather than the most valid ROA being selected. Thanks for finding this Cameron Morris!
  • 1.1.3 Dependency updates
  • 1.1.2 Added ROA to top level import
  • 1.1.1 mypy and linter fixes
  • 1.1.0 Updated test deps
  • 1.0.0 Updated package structure, typing, linters, etc, made ROAValidity contains multiple invalid types
  • 0.0.1 First working version

License

BSD License (see license file)

Keywords

FAQs

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Partners with CISA to Champion 'Secure by Design' Standards

Security News

Socket Partners with CISA to Champion 'Secure by Design' Standards

Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.

By Sarah Gooding  -  May 08, 2024
Recent Trends in Malicious Packages Targeting Discord

Research

Recent Trends in Malicious Packages Targeting Discord

The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.

By Socket Research Team  -  May 07, 2024
AI + a16z Podcast: Combatting Modern Supply Chain Attacks with AI

Security News

AI + a16z Podcast: Combatting Modern Supply Chain Attacks with AI

Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.

By Sarah Gooding  -  May 07, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc