package org.graylog.plugins.threatintel.functions.misc;

import com.codahale.metrics.MetricRegistry;
import com.codahale.metrics.Timer;
import javax.inject.Inject;
import org.graylog.plugins.pipelineprocessor.EvaluationContext;
import org.graylog.plugins.pipelineprocessor.ast.functions.AbstractFunction;
import org.graylog.plugins.pipelineprocessor.ast.functions.FunctionArgs;
import org.graylog.plugins.pipelineprocessor.ast.functions.FunctionDescriptor;
import org.graylog.plugins.pipelineprocessor.ast.functions.ParameterDescriptor;
import org.graylog.plugins.threatintel.tools.PrivateNet;
import org.graylog2.shared.utilities.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/graylog/plugins/threatintel/functions/misc/PrivateNetLookupFunction.class */
public class PrivateNetLookupFunction extends AbstractFunction<Boolean> {
    private static final Logger LOG = LoggerFactory.getLogger(PrivateNetLookupFunction.class);
    public static final String NAME = "in_private_net";
    private static final String VALUE = "ip_address";
    private final ParameterDescriptor<String, String> valueParam = ParameterDescriptor.string(VALUE).description("The IP address to look up.").build();
    protected Timer lookupTime;

    @Inject
    public PrivateNetLookupFunction(MetricRegistry metricRegistry) {
        this.lookupTime = metricRegistry.timer(MetricRegistry.name(getClass(), new String[]{"lookupTime"}));
    }

    @Override // org.graylog.plugins.pipelineprocessor.ast.functions.Function
    public Boolean evaluate(FunctionArgs functionArgs, EvaluationContext evaluationContext) {
        String required = this.valueParam.required(functionArgs, evaluationContext);
        if (required == null || required.isEmpty()) {
            LOG.debug("NULL or empty parameter passed to private network lookup.");
            return null;
        }
        LOG.debug("Running private network lookup for IP [{}].", required);
        try {
            Timer.Context time = this.lookupTime.time();
            boolean isInPrivateAddressSpace = PrivateNet.isInPrivateAddressSpace(required);
            time.stop();
            return Boolean.valueOf(isInPrivateAddressSpace);
        } catch (Exception e) {
            LOG.error("Could not run private net lookup for IP [{}]: {}", required, ExceptionUtils.getRootCauseMessage(e));
            return null;
        }
    }

    @Override // org.graylog.plugins.pipelineprocessor.ast.functions.Function
    public FunctionDescriptor<Boolean> descriptor() {
        return FunctionDescriptor.builder().name(NAME).description("Check if an IP address is in a private network as defined in RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or RFC 4193 (fc00::/7)").params(this.valueParam).returnType(Boolean.class).build();
    }
}
