diff --git a/config.py b/config.py index fb299620c..b3484337f 100644 --- a/config.py +++ b/config.py @@ -519,6 +519,9 @@ class DefaultConfig(ImmutableConfig): # creator IP is deemed a threat. THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT = None + # The API Key to use when requesting IP information. + IP_DATA_API_KEY = None + # For Billing Support Only: The number of allowed builds on a namespace that has been billed # successfully. BILLED_NAMESPACE_MAXIMUM_BUILD_COUNT = None diff --git a/util/config/schema.py b/util/config/schema.py index d594d7dd2..8c425dc83 100644 --- a/util/config/schema.py +++ b/util/config/schema.py @@ -74,6 +74,7 @@ INTERNAL_ONLY_PROPERTIES = { 'BILLED_NAMESPACE_MAXIMUM_BUILD_COUNT', 'THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT', + 'IP_DATA_API_KEY', 'SECURITY_SCANNER_ENDPOINT_BATCH', 'SECURITY_SCANNER_API_TIMEOUT_SECONDS', diff --git a/util/ipresolver/__init__.py b/util/ipresolver/__init__.py index 270f59ff7..0f16948d9 100644 --- a/util/ipresolver/__init__.py +++ b/util/ipresolver/__init__.py @@ -68,18 +68,24 @@ class IPResolver(IPResolverInterface): if self.app.config.get('THREAT_NAMESPACE_MAXIMUM_BUILD_COUNT') is None: return False + if self.app.config.get('IP_DATA_API_KEY') is None: + return False + if not ip_address: return False + api_key = self.app.config['IP_DATA_API_KEY'] + try: logger.debug('Requesting IP data for IP %s', ip_address) - r = requests.get('https://api.ipdata.co/%s/en' % ip_address, timeout=1) + r = requests.get('https://api.ipdata.co/%s/threat?api-key=%s' % (ip_address, api_key), + timeout=1) if r.status_code != 200: logger.debug('Got non-200 response for IP %s: %s', ip_address, r.status_code) return False logger.debug('Got IP data for IP %s: %s => %s', ip_address, r.status_code, r.json()) - threat_data = r.json().get('threat', {}) + threat_data = r.json() return threat_data.get('is_threat', False) or threat_data.get('is_bogon', False) except requests.RequestException: logger.exception('Got exception when trying to lookup IP Address')