File Coverage

blib/lib/Mail/Milter/Authentication/Handler/TrustedIP.pm

Criterion	Covered	Total	%
statement	45	46	97.8
branch	7	8	87.5
condition	8	11	72.7
subroutine	12	12	100.0
pod	2	6	33.3
total	74	83	89.1

line	stmt	bran	cond	sub	pod	time	code
1							package Mail::Milter::Authentication::Handler::TrustedIP;
2	30			30		19948	use 5.20.0;
	30					158
3	30			30		210	use strict;
	30					324
	30					903
4	30			30		203	use warnings;
	30					125
	30					1118
5	30			30		264	use Mail::Milter::Authentication::Pragmas;
	30					125
	30					390
6							# ABSTRACT: Handler class for Trusted IP addresses
7							our $VERSION = '3.20230629'; # VERSION
8	30			30		7934	use base 'Mail::Milter::Authentication::Handler';
	30					90
	30					3904
9	30			30		258	use Net::IP;
	30					92
	30					23246
10
11							sub default_config {
12							return {
13	1			1	0	1710	'trusted_ip_list' => [],
14							};
15							}
16
17							sub grafana_rows {
18	1			1	0	4375	my ( $self ) = @_;
19	1					2	my @rows;
20	1					10	push @rows, $self->get_json( 'TrustedIP_metrics' );
21	1					4	return \@rows;
22							}
23
24							sub is_trusted_ip_address {
25	74			74	1	285	my ( $self, $ip_obj ) = @_;
26	74					678	my $config = $self->handler_config();
27	74	100				1112	return 0 if not exists( $config->{'trusted_ip_list'} );
28	66					236	my $trusted = 0;
29	66					267	foreach my $trusted_ip ( @{ $config->{'trusted_ip_list'} } ) {
	66					439
30	84					454	my $trusted_obj = Net::IP->new($trusted_ip);
31	84	50				83642	if ( !$trusted_obj ) {
32	0					0	$self->log_error( 'TrustedIP: Could not parse Trusted IP '.$trusted_ip );
33							}
34							else {
35	84		100			1280	my $is_overlap = $ip_obj->overlaps($trusted_obj) \|\| 0;
36	84	100	66			14167	if (
			66
			66
37							$is_overlap == $IP_A_IN_B_OVERLAP
38							\|\| $is_overlap == $IP_B_IN_A_OVERLAP # Should never happen
39							\|\| $is_overlap == $IP_PARTIAL_OVERLAP # Should never happen
40							\|\| $is_overlap == $IP_IDENTICAL
41							)
42							{
43	6					41	$trusted = 1;
44							}
45							}
46							}
47	66					468	return $trusted;
48							}
49
50							sub register_metrics {
51							return {
52	29			29	1	318	'trustedip_connect_total' => 'The number of connections from a trusted IP',
53							};
54							}
55
56							sub connect_callback {
57	74			74	0	410	my ( $self, $hostname, $ip ) = @_;
58	74					478	$self->{'is_trusted_ip_address'} = 0;
59	74	100				506	if ( $self->is_trusted_ip_address($ip) ) {
60	6					66	$self->dbgout( 'TrustedIP', 'pass', LOG_DEBUG );
61	6					95	my $header = Mail::AuthenticationResults::Header::Entry->new()->set_key( 'x-trusted-ip' )->safe_set_value( 'pass' );
62	6					633	$self->add_c_auth_header( $header );
63	6					16	$self->{'is_trusted_ip_address'} = 1;
64	6					40	$self->metric_count( 'trustedip_connect_total' );
65							}
66							}
67
68							sub close_callback {
69	105			105	0	385	my ( $self ) = @_;
70	105					421	delete $self->{'is_trusted_ip_address'};
71							}
72
73							1;
74
75							__END__
76
77							=pod
78
79							=encoding UTF-8
80
81							=head1 NAME
82
83							Mail::Milter::Authentication::Handler::TrustedIP - Handler class for Trusted IP addresses
84
85							=head1 VERSION
86
87							version 3.20230629
88
89							=head1 DESCRIPTION
90
91							Detect a trusted IP address and act accordingly.
92
93							=head1 CONFIGURATION
94
95							"TrustedIP" : { \| Config the the TruetedIP Module
96							\| Check for TrustedIP Addresses
97							"trusted_ip_list" : [ \| List of IP Addresses considered to be trusted
98							"100.200.100.2", \| CIDR Ranges are valid syntax
99							"2001:44c2:3881:aa00::/56",
100							"2001:44b8:3021:123:dead:beef:abcd:1234"
101							],
102							},
103
104							=head1 AUTHOR
105
106							Marc Bradshaw <marc@marcbradshaw.net>
107
108							=head1 COPYRIGHT AND LICENSE
109
110							This software is copyright (c) 2020 by Marc Bradshaw.
111
112							This is free software; you can redistribute it and/or modify it under
113							the same terms as the Perl 5 programming language system itself.
114
115							=cut