-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgen-msteams-new
executable file
·98 lines (82 loc) · 2.61 KB
/
gen-msteams-new
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/env ruby
require 'json'
require 'open-uri'
require 'securerandom'
require 'ipaddr'
# Any GUID is okay, but splitting them to separate use cases.
PULL_GUID = 'f11f029f-a2d4-4b75-92cd-2df8a9549b65'
DESC_GUID = 'b794baa0-662f-4592-b4f0-46ab3284b612'
PROCESS = '/Applications/Microsoft Teams.app/Contents/MacOS/MSTeams'
def endpoint(guid = SecureRandom.uuid)
'https://endpoints.office.com/endpoints/worldwide' \
"?clientrequestid=#{guid}&ServiceAreas=Skype"
end
def ports_to_ranges(ports)
ports
.split(',')
.map(&:to_i)
.chunk_while { |a, b| a.succ == b }
.map { |h, *t| [h, t.last].compact.join('-') }
.join(',')
end
def ips_to_ranges(ip_strings)
ip_strings
.map { |ip_string|
ip_range = IPAddr.new(ip_string).to_range
a = ip_range.begin.to_s
b = ip_range.end.to_s
a == b ? a : "#{a}-#{b}"
}
.join(',')
end
def get_domains(urls)
urls
.select { |v| v.start_with?('*') }
.map { |d| d.start_with?('*.') ? d[2..-1] : d[1..-1] }
end
def get_hosts(urls, domains = get_domains(urls))
urls.reject { |v| v.start_with?('*') } - domains
end
msrules = JSON.parse(URI.open(endpoint(PULL_GUID)).read)
def extract_lsrules(msrule)
lsrule = {
'action' => 'allow',
'notes' => msrule['notes'],
'process' => PROCESS
}.compact
lsrules = []
%w[ips hosts domains].product(%w[tcp udp]).each do |dest_type, protocol|
case dest_type
when 'ips'
next unless ['ips', "#{protocol}Ports"].all? { |k| msrule.key?(k) }
lsrules << lsrule.merge(
'remote-addresses' => ips_to_ranges(msrule['ips']),
'ports' => ports_to_ranges(msrule["#{protocol}Ports"]),
'protocol' => protocol
)
when 'hosts'
next unless ['urls', "#{protocol}Ports"].all? { |k| msrule.key?(k) }
hosts = get_hosts(msrule['urls'])
next if hosts.none?
lsrules << lsrule.merge(
'remote-hosts' => hosts,
'ports' => ports_to_ranges(msrule["#{protocol}Ports"]),
'protocol' => protocol
)
when 'domains'
next unless ['urls', "#{protocol}Ports"].all? { |k| msrule.key?(k) }
domains = get_domains(msrule['urls'])
next if domains.none?
lsrules << lsrule.merge(
'remote-domains' => domains,
'ports' => ports_to_ranges(msrule["#{protocol}Ports"]),
'protocol' => protocol
)
end
end
lsrules
end
puts JSON.pretty_generate \
description: "Rules based on Microsoft Endpoints at #{endpoint(DESC_GUID)}",
name: 'Microsoft Teams',
rules: msrules.flat_map { |msrule| extract_lsrules(msrule) }