RubyGems - dnsbl-client - Versions diffs - 0.3.1 → 0.4.0 - Mend

dnsbl-client 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data.tar.gz.sig +0 -0
data/README.rdoc +5 -5
data/lib/dnsbl-client/dnsbl-client.rb +50 -6
data/lib/dnsbl-client/dnsbl.yaml +10 -3
metadata +39 -40
metadata.gz.sig +0 -0
data/test/helper.rb +0 -18
data/test/test_dnsbl-client.rb +0 -44

data.tar.gz.sig CHANGED

Binary file

data/README.rdoc CHANGED

@@ -2,11 +2,11 @@
 dnsbl-client queries DNS Blacklists for listings. Currently this only does IP lookups, but the next version will handle domains.
-	require "dnsbl-client"
-	c = DNSBL::Client.new
-	c.lookup("203.150.14.85")
-	=> [#<struct DNSBL::DNSBLResult dnsbl="UCEPROTECT1", query="85.14.150.203.dnsbl-1.uceprotect.net", result="127.0.0.2", meaning="Blacklisted", timing=0.0247988700866699>, #<struct DNSBL::DNSBLResult dnsbl="BARRACUDA", query="85.14.150.203.b.barracudacentral.org", result="127.0.0.2", meaning="Listed", timing=0.0266849994659424>]
+  require "dnsbl-client"
+  c = DNSBL::Client.new
+  c.lookup("203.150.14.85")
+  => [#<struct DNSBL::DNSBLResult dnsbl="UCEPROTECT1", query="85.14.150.203.dnsbl-1.uceprotect.net", result="127.0.0.2", meaning="Blacklisted", timing=0.0247988700866699>, #<struct DNSBL::DNSBLResult dnsbl="BARRACUDA", query="85.14.150.203.b.barracudacentral.org", result="127.0.0.2", meaning="Listed", timing=0.0266849994659424>]
 == Contributing to dnsbl-client
 * Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet

data/lib/dnsbl-client/dnsbl-client.rb CHANGED

@@ -12,7 +12,7 @@ class Resolv::DNS::Config
 		if self.respond_to? :nameserver_port
 			@nameservers = nameserver_port
 		else
-			@nameserver ||= ['4.2.2.2','4.2.2.5','8.8.4.4','8.8.8.8','208.67.222.222','208.67.220.220']
+			@nameserver ||= ['4.2.2.2','4.2.2.5','8.8.4.4','8.8.8.8','208.67.222.222','208.67.220.220'].sort {rand}
 			@nameservers ||= @nameserver.map {|i| [i, 53] }
 		end
 		@nameservers
@@ -33,10 +33,10 @@ module DNSBL
 		# initialize a new DNSBL::Client object
 		# the config file automatically points to a YAML file containing the list of DNSBLs and their return codes
 		# the two-level-tlds file lists most of the two level tlds, needed for hostname to domain normalization
-		def initialize(configfile = File.dirname(__FILE__)+"/dnsbl.yaml",
+		def initialize(config = YAML.load(File.open(File.dirname(__FILE__)+"/dnsbl.yaml").read),
 									 two_level_tldfile = File.dirname(__FILE__)+"/two-level-tlds",
 									 three_level_tldfile = File.dirname(__FILE__)+"/three-level-tlds")
-			@dnsbls = YAML.load(File.open(configfile).read)
+			@dnsbls = config
 			@two_level_tld = []
 			@three_level_tld = []
 			File.open(two_level_tldfile).readlines.each do |l|
@@ -86,7 +86,7 @@ module DNSBL
 		end
 		# converts an ip or a hostname into the DNS query packet requires to lookup the result
-		def _encode_query(item,itemtype,domain)
+		def _encode_query(item,itemtype,domain,apikey=nil)
 			label = nil
 			if itemtype == 'ip'
 				label = item.split(/\./).reverse.join(".")
@@ -94,6 +94,9 @@ module DNSBL
 				label = normalize(item)
 			end
 			lookup = "#{label}.#{domain}"
+			if apikey
+				lookup = "#{apikey}.#{lookup}"
+			end
 			txid = lookup.sum
 			message = Resolv::DNS::Message.new(txid)
 			message.rd = 1
@@ -120,7 +123,14 @@ module DNSBL
 				else
 					@dnsbls.each do |dnsblname, config|
 						if name.to_s.end_with?(config['domain'])
-							meaning = config[data.address.to_s] || data.address.to_s
+							meaning = nil
+							if config['decoder']
+								meaning = self.send(("__"+config['decoder']).to_sym, data.address.to_s)
+							elsif config[data.address.to_s]
+								meaning = config[data.address.to_s]
+							else
+								meaning = data.address.to_s
+							end
 							results << DNSBLResult.new(dnsblname, name.to_s.gsub("."+config['domain'],''), name.to_s, data.address.to_s, meaning, Time.now.to_f - @starttime)
 							break
 						end
@@ -130,6 +140,39 @@ module DNSBL
 			results
 		end
+		def __phpot_decoder(ip)
+			octets = ip.split(/\./)
+			if octets.length != 4 or octets[0] != "127"
+				return "invalid response"
+			elsif octets[3] == "0"
+				search_engines = ["undocumented", "AltaVista", "Ask", "Baidu", "Excite", "Google", "Looksmart", "Lycos", "MSN", "Yahoo", "Cuil", "InfoSeek", "Miscellaneous"]
+				sindex = octets[2].to_i
+				if sindex >= search_engines.length
+					return "type=search engine,engine=unknown"
+				else
+					return "type=search engine,engine=#{search_engines[sindex]}"
+				end
+			else
+				days, threatscore, flags = octets[1,3]
+				flags = flags.to_i
+				types = []
+				if (flags & 0x1) == 0x1
+					types << "suspicious"
+				end
+				if (flags & 0x2) == 0x2
+					types << "harvester"
+				end
+				if (flags & 0x4) == 0x4
+					types << "comment spammer"
+				end
+				if (flags & 0xf8) > 0
+					types << "reserved"
+				end
+				type = types.join(",")
+				return "days=#{days},score=#{threatscore},type=#{type}"
+			end
+		end
 		# the main method of this class, lookup performs the sending of DNS queries for the items
 		def lookup(item)
 			# if item is an array, use it, otherwise make it one
@@ -150,9 +193,10 @@ module DNSBL
 				# for each dnsbl that supports our type, create the DNS query packet and send it
 				# rotate across our configured name servers and increment sent
 				@dnsbls.each do |name,config|
+					next if config['disabled']
 					next unless config['type'] == itemtype
 					begin
-						msg = _encode_query(item,itemtype,config['domain'])
+						msg = _encode_query(item,itemtype,config['domain'],config['apikey'])
 						@sockets[@socket_index].send(msg,0)
 						@socket_index += 1
 						@socket_index %= @sockets.length

data/lib/dnsbl-client/dnsbl.yaml CHANGED

@@ -102,6 +102,7 @@ DRONEBL:
   127.0.0.13: Brute force attackers
   127.0.0.14: Open Wingate Proxy
   127.0.0.15: Compromised router / gateway
+  127.0.0.17: Automatically determined botnet IPs (experimental)
   127.0.0.255: Unknown
 BARRACUDA:
   domain: b.barracudacentral.org
@@ -179,7 +180,7 @@ NOMOREFUN:
   127.0.0.7: Ignoring complaints of spamming by customers
   127.0.0.8: Please update your formmail.pl script
   127.0.0.9: See http://moensted.dk/spam/no-more-funn/?addr=$
-  127.0.0.10: posible open proxies
+  127.0.0.10: Possible open proxy
   127.0.0.11: Please stop testing our servers
 SPAMCANNIBAL:
   domain: bl.spamcannibal.org
@@ -202,6 +203,12 @@ WHITELIST:
   type: ip
   127.0.0.2: Whitelisted
 BACKSCATTERER:
-  domains: ips.backscatterer.org
+  domain: ips.backscatterer.org
   type: ip
-  127.0.0.2: Backscatterer
+  127.0.0.2: Backscatterer
+PROJECTHONEYPOT:
+  domain: dnsbl.httpbl.org
+  type: ip
+  apikey: abcdefghijkl
+  disabled: true
+  decoder: phpot_decoder

metadata CHANGED

@@ -1,13 +1,12 @@
 --- !ruby/object:Gem::Specification
 name: dnsbl-client
 version: !ruby/object:Gem::Version
-  hash: 17
-  prerelease:
+  prerelease: false
   segments:
   - 0
-  - 3
-  - 1
-  version: 0.3.1
+  - 4
+  - 0
+  version: 0.4.0
 platform: ruby
 authors:
 - Chris Lee
@@ -37,68 +36,74 @@ cert_chain:
   6yhklP75
   -----END CERTIFICATE-----
-date: 2011-07-16 00:00:00 Z
+date: 2012-09-28 00:00:00 -04:00
+default_executable: dnsbl-client
 dependencies:
 - !ruby/object:Gem::Dependency
+  prerelease: false
+  type: :development
+  name: shoulda
   version_requirements: &id001 !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        hash: 3
         segments:
         - 0
         version: "0"
   requirement: *id001
+- !ruby/object:Gem::Dependency
   prerelease: false
-  name: shoulda
   type: :development
-- !ruby/object:Gem::Dependency
+  name: rdoc
   version_requirements: &id002 !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        hash: 23
         segments:
-        - 1
-        - 0
-        - 0
-        version: 1.0.0
+        - 3
+        - 12
+        version: "3.12"
   requirement: *id002
+- !ruby/object:Gem::Dependency
   prerelease: false
-  name: bundler
   type: :development
-- !ruby/object:Gem::Dependency
+  name: bundler
   version_requirements: &id003 !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        hash: 7
         segments:
         - 1
+        - 1
         - 5
-        - 2
-        version: 1.5.2
+        version: 1.1.5
   requirement: *id003
+- !ruby/object:Gem::Dependency
   prerelease: false
-  name: jeweler
   type: :development
-- !ruby/object:Gem::Dependency
+  name: jeweler
   version_requirements: &id004 !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version
-        hash: 3
         segments:
-        - 0
-        version: "0"
+        - 1
+        - 8
+        - 4
+        version: 1.8.4
   requirement: *id004
+- !ruby/object:Gem::Dependency
   prerelease: false
-  name: rcov
   type: :development
+  name: rcov
+  version_requirements: &id005 !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        segments:
+        - 0
+        version: "0"
+  requirement: *id005
 description: simple interface to lookup blacklists results
 email: rubygems@chrislee.dhs.org
 executables:
@@ -117,8 +122,7 @@ files:
 - lib/dnsbl-client/two-level-tlds
 - LICENSE.txt
 - README.rdoc
-- test/helper.rb
-- test/test_dnsbl-client.rb
+has_rdoc: true
 homepage: http://github.com/chrislee35/dnsbl-client
 licenses:
 - MIT
@@ -128,30 +132,25 @@ rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      hash: 3
       segments:
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      hash: 3
       segments:
       - 0
       version: "0"
 requirements: []
 rubyforge_project:
-rubygems_version: 1.7.2
+rubygems_version: 1.3.6
 signing_key:
 specification_version: 3
 summary: queries various DNS Blacklists
-test_files:
-- test/helper.rb
-- test/test_dnsbl-client.rb
+test_files: []

metadata.gz.sig CHANGED

Binary file

data/test/helper.rb DELETED

@@ -1,18 +0,0 @@
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'test/unit'
-require 'shoulda'
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
-$LOAD_PATH.unshift(File.dirname(__FILE__))
-require 'dnsbl-client'
-class Test::Unit::TestCase
-end

data/test/test_dnsbl-client.rb DELETED

@@ -1,44 +0,0 @@
-require 'helper'
-class TestDnsblClient < Test::Unit::TestCase
-	should "return no hits for 127.0.0.255" do
-		c = DNSBL::Client.new
-		res = c.lookup("127.0.0.255")
-		assert_equal(0,res.length)
-	end
-	should "return all lists for 127.0.0.2" do
-		c = DNSBL::Client.new
-		res = c.lookup("127.0.0.2")
-		assert(res.length >= c.dnsbls.length)
-	end
-	should "return results for bad domains" do
-		c = DNSBL::Client.new
-		res = c.lookup("pfizer.viagra.aqybasej.gurdoctor.com")
-		assert(res.length >= 0)
-	end
-	should "normalize domains to two levels if it's neither in two-level nor three-level list" do
-		c = DNSBL::Client.new
-		assert_equal("example.org", c.normalize("example.org"))
-		assert_equal("example.org", c.normalize("www.example.org"))
-		assert_equal("example.org", c.normalize("foo.bar.baz.example.org"))
-	end
-	should "normaize domains to three levels if it's in two-level list" do
-		c = DNSBL::Client.new
-		assert_equal("example.co.uk", c.normalize("example.co.uk"))
-		assert_equal("example.co.uk", c.normalize("www.example.co.uk"))
-		assert_equal("example.co.uk", c.normalize("foo.bar.baz.example.co.uk"))
-		assert_equal("example.blogspot.com", c.normalize("example.blogspot.com"))
-	end
-	should "normalize domains to four levels if it's in three-level list" do
-		c = DNSBL::Client.new
-		assert_equal("example.act.edu.au", c.normalize("example.act.edu.au"))
-		assert_equal("example.act.edu.au", c.normalize("www.example.act.edu.au"))
-		assert_equal("example.act.edu.au", c.normalize("foo.bar.example.act.edu.au"))
-	end
-end