def process(self, fileSignature, configFile): """ @type configFile: asm_file_system.ResolvedConfigFile """ fileContent = configFile.getContent() try: self._prepareFile(fileContent) except: e = sys.exc_info()[1] logger.debug('Error occurred when preparing config file %s:' % ExpressionResolver.quote(configFile.getName()), e) return logger.debug('Processing configuration file %s found in path %s' % ( ExpressionResolver.quote(configFile.getName()), ExpressionResolver.quote(configFile.getPath()))) for signature in fileSignature.children: if signature.getType() == TAG_REGEX: processRegex(signature, fileContent, self.variableResolver) elif signature.getType() == TAG_SYSTEM_VARIABLE or signature.getType() == TAG_PYTHON_VARIABLE: processVariable(signature, self.variableResolver, self.shell, False) elif signature.getType() != TAG_FILE_LOCATIONS: self._processVariable(signature)
def processRegex(regExpSignature, input, variableResolver): pattern = ExpressionResolver.resolve(variableResolver, regExpSignature.expr, ExpressionResolver.REGULAR_EXPRESSION) if not pattern: logger.debug('Skip ', regExpSignature) return flags = getFlags(regExpSignature) try: compiledRegex = re.compile('(%s)' % pattern, flags) except Exception, e: logger.debug('Skip %s because regex %s is invalid:' % (regExpSignature, ExpressionResolver.quote(pattern)), e) return
def _processVariable(self, signature): if signature.getType() == TAG_XPATH: xpaths = ExpressionResolver.resolve(self.variableResolver, signature.xpath, ExpressionResolver.STRING_LITERAL_LIST) if not xpaths: logger.debug('Skip ', signature) return for xpath in xpaths: items = [] try: items = self.processor.evaluateItem(xpath) except Exception, e: logger.debug('Fail to evaluate xpath %s:' % ExpressionResolver.quote(xpath), e) return if not items: logger.debug('No matches for xpath:', xpath) for item in items: logger.debug('Found result for xpath %s:' % ExpressionResolver.quote(xpath), item) for var in signature.children: if var.getType() == TAG_REGEX: if hasattr(var, ATTR_RELATIVE_PATH): relativePath = ExpressionResolver.resolve(self.variableResolver, var.relativePath, ExpressionResolver.XPATH) if not relativePath: logger.debug('Skip ', var) continue try: values = self.processor.evaluate(relativePath, item) except Exception, e: logger.debug('Fail to evaluate relative xpath %s:' % ExpressionResolver.quote(relativePath), e) continue if items: logger.debug('Found result for relative xpath %s:' % ExpressionResolver.quote(relativePath), values) else: logger.debug('No matches for relative xpath:', relativePath) else: values = [item.getStringValue()] for value in values: processRegex(var, value, self.variableResolver) elif var.getType() == TAG_VARIABLE: XPathVariableProcessor.process(var, self.variableResolver, (self.processor, item), True)
def _process(cls, variableSignature, variableResolver, input): processor, context = input xpath = ExpressionResolver.resolve(variableResolver, getattr(variableSignature, ATTR_XPATH, None) or variableSignature.relativePath, ExpressionResolver.XPATH) if not xpath: logger.debug('Skip ', variableSignature) return try: result = processor.evaluate(xpath, context) if result: logger.debug('Found result for xpath %s:' % ExpressionResolver.quote(xpath), result) else: logger.debug('No matches for xpath:', xpath) result = '' return result except Exception, e: logger.debug('Skip %s because fail to evaluate xpath %s:' % (variableSignature, ExpressionResolver.quote(xpath)), e)
def processCommandLine(cmdlineSignature, application, shell, processMap, variableResolver): processes = list(application.getProcesses()) if cmdlineSignature.includeParentProcesses: for process in processes: processes.extend(getParentProcesses(process, processMap)) for signature in cmdlineSignature.children: if signature.getType() == TAG_REGEX: regex = signature.expr if not OSType.match(signature.os, shell): logger.debug('Skip command line pattern %s because expect os type "%s" but actual is %s' % (ExpressionResolver.quote(regex), signature.os, OSType.fromShell(shell))) continue # ignore the expression because os type mismatch for process in processes: logger.debug('Check process command line %s with pattern:' % process.commandLine, regex) processRegex(signature, process.commandLine, variableResolver) elif TAG_VARIABLE in signature.getType(): processVariable(signature, variableResolver, shell, False) elif signature.getType() == TAG_EXECUTE: processExecuteCommand(shell, signature, variableResolver)
def processRegex(regExpSignature, input, variableResolver): pattern = ExpressionResolver.resolve(variableResolver, regExpSignature.expr, ExpressionResolver.REGULAR_EXPRESSION) if not pattern: logger.debug('Skip ', regExpSignature) return flags = getFlags(regExpSignature) try: compiledRegex = re.compile('(%s)' % pattern, flags) except Exception, e: logger.debug('Skip %s because regex %s is invalid:' % (regExpSignature, ExpressionResolver.quote(pattern)), e) return match = compiledRegex.findall(input) if match: logger.debug('Found match string for regex %s:' % ExpressionResolver.quote(pattern), ', '.join([m[0] for m in match])) for variable in regExpSignature.children: RegexVariableProcessor.process(variable, variableResolver, match, len(regExpSignature.children) > 1) else: logger.debug('No match string found for regex %s' % ExpressionResolver.quote(pattern)) def getFlags(regExpSignature): flags = 0 flagAttrValue = getattr(regExpSignature, ATTR_REGEX_FLAG, None) if flagAttrValue: for flag in flagAttrValue.split(','): flagValue = getattr(re, flag.strip().upper(), None) if flagValue: flags |= flagValue else: