def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug('Module: grep Start validating params for check-id: {0}'.format(
block_id))
error = {}
filepath = None
chaining_file_mode = runner_utils.get_param_for_module(
block_id, block_dict, 'chain_filepath', False)
if chaining_file_mode:
# in chain_filepath mode, filepath from chaining is mandatory
filepath = runner_utils.get_chained_param(extra_args)
if not filepath:
error[
'path'] = 'Mandatory parameter: path not found for id: %s' % (
block_id)
else:
# fetch required param
file_content = runner_utils.get_chained_param(extra_args)
if not file_content:
filepath = runner_utils.get_param_for_module(
block_id, block_dict, 'path')
if not file_content and not filepath:
error[
'path'] = 'Mandatory parameter: path not found for id: %s' % (
block_id)
pattern_val = runner_utils.get_param_for_module(block_id, block_dict,
'pattern')
if not pattern_val:
error[
'pattern'] = 'Mandatory parameter: pattern not found for id: %s' % (
block_id)
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing pkg module for id: {0}'.format(block_id))
# fetch required param
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
installed_pkgs_dict = __mods__['pkg.list_pkgs']()
filtered_pkgs_list = fnmatch.filter(installed_pkgs_dict, name)
result_dict = {}
for package in filtered_pkgs_list:
result_dict[package] = installed_pkgs_dict[package]
return runner_utils.prepare_positive_result_for_module(
block_id, result_dict)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing stat module for id: {0}'.format(block_id))
# fetch required param
filepath = runner_utils.get_chained_param(extra_args)
if filepath and isinstance(filepath, dict):
# in case, the result is a dictionary. Fetch the path
for key, value in filepath.items():
filepath = value
if not filepath:
filepath = runner_utils.get_param_for_module(block_id, block_dict, 'path')
# check filepath existence
if not os.path.exists(filepath):
return runner_utils.prepare_negative_result_for_module(block_id, 'file_not_found')
stat_res = __mods__['file.stats'](filepath)
return runner_utils.prepare_positive_result_for_module(block_id, stat_res)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "vm.zone_reclaim_mode", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing sysctl module for id: {0}'.format(block_id))
# fetch required param
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
sysctl_res = __mods__['sysctl.get'](name)
result = {name: sysctl_res}
if not sysctl_res or "No such file or directory" in sysctl_res:
return runner_utils.prepare_negative_result_for_module(
block_id, "Could not find attribute %s in the kernel" % (name))
if sysctl_res.lower().startswith("error"):
return runner_utils.prepare_negative_result_for_module(
block_id, "An error occurred while reading the value "
"of kernel attribute %s" % (name))
return runner_utils.prepare_positive_result_for_module(block_id, result)
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
r"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize", 'status': True},
'caller': 'Audit'}
"""
log.debug(
"get_filtered_params_to_log for win_reg and id: {0}".format(block_id))
# fetch required param
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
reg_name = chained_result
else:
reg_name = runner_utils.get_param_for_module(block_id, block_dict,
"name")
return {"name": reg_name}
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': {"name": "LogFileName", "value_type": "public"}, 'status': True},
'caller': 'Audit'}
"""
log.debug('get_filtered_params_to_log for win_firewall and id: {0}'.format(
block_id))
# fetch required param
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
name = chained_result.get('name')
value_type = chained_result.get('value_type')
else:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
value_type = runner_utils.get_param_for_module(block_id, block_dict,
'value_type')
return {'name': name, 'value_type': value_type}
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug('Module: pkg Start validating params for check-id: {0}'.format(
block_id))
error = {}
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
if not name:
error['name'] = 'Mandatory parameter: name not found for id: %s' % (
block_id)
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'host_ip': '127.0.0.1',
'host_port': 443},
'status': True},
'caller': 'Audit'}
"""
log.debug('get_filtered_params_to_log for id: {0}'.format(block_id))
chain_args = extra_args.get('chaining_args') if extra_args else None
endpoint_chained = runner_utils.get_chained_param(chain_args)
if endpoint_chained:
host_ip = endpoint_chained.get('host_ip')
host_port = endpoint_chained.get('host_port')
else:
host_ip = runner_utils.get_param_for_module(block_id, block_dict,
'host_ip')
host_port = runner_utils.get_param_for_module(block_id, block_dict,
'host_port')
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
if path:
return {'path': path}
return {'host_ip': host_ip, 'host_port': host_port}
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'cmdline': 'app --config-file=test test'}, 'status': True},
'caller': 'Audit'}
"""
log.debug('get_filtered_params_to_log for id: {0}'.format(block_id))
chained_param = runner_utils.get_chained_param(extra_args)
command_line = None
if chained_param:
command_line = chained_param.get('cmdline')
if not command_line:
# get it from args
command_line = runner_utils.get_param_for_module(
block_id, block_dict, 'cmdline')
key_aliases = runner_utils.get_param_for_module(block_id, block_dict,
'key_aliases')
delimiter = runner_utils.get_param_for_module(block_id, block_dict,
'delimiter')
return {
'command_line': command_line,
'key_aliases': key_aliases,
'delimiter': delimiter
}
def _handle_string_file(block_id, block_dict, extra_args=None):
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
chained_param = runner_utils.get_chained_param(extra_args)
encode_b64 = runner_utils.get_param_for_module(block_id, block_dict,
'encode_b64')
return _readfile_string(block_id, path, encode_b64, chained_param)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing stat module for id: {0}'.format(block_id))
# fetch required param
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
result = []
matched_services = fnmatch.filter(__mods__['service.get_all'](), name)
for matched_service in matched_services:
service_status = __mods__['service.status'](matched_service)
is_enabled = __mods__['service.enabled'](matched_service)
result.append({
"name": matched_service,
"running": service_status,
"enabled": is_enabled
})
return runner_utils.prepare_positive_result_for_module(block_id, result)
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': "Local Administrator Password Solution", 'status': True},
'caller': 'Audit'}
"""
log.debug(
'get_filtered_params_to_log for win_pkg and id: {0}'.format(block_id))
# fetch required param
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
pkg_name = chained_result
else:
pkg_name = runner_utils.get_param_for_module(block_id, block_dict,
'name')
return {'name': pkg_name}
def _handle_file(file_format, block_id, block_dict, extra_args=None):
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
chained_param = runner_utils.get_chained_param(extra_args)
subkey = runner_utils.get_param_for_module(block_id, block_dict, 'subkey')
sep = runner_utils.get_param_for_module(block_id, block_dict, 'sep')
return _handle_file_helper(file_format, block_id, path, subkey, sep,
chained_param)
def _get_key(block_id, block_dict, extra_args):
"""
Given a dictionary, return an element by ``key``.
block_id:
Block id
block_dict:
key: (Mandatory)
Key value to get
starting_dict: (Optional)
Starting dictionary param
extend_chained: (Default True)
By default, ``chained`` will have ``.update()`` called on it with
``starting_dict`` as the only argument. Set ``extend_chained`` to False
to ignore ``starting_dict``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the key is found, and
False othewise. The second argument will be the value found by the key or
None if the key is not present in the dictionary.
"""
chained = runner_utils.get_chained_param(extra_args)
key = runner_utils.get_param_for_module(block_id, block_dict, 'key')
starting_dict = runner_utils.get_param_for_module(block_id, block_dict,
'starting_dict')
update_chained = runner_utils.get_param_for_module(block_id, block_dict,
'update_chained', True)
if update_chained and starting_dict:
try:
chained.update(starting_dict)
except (TypeError, ValueError):
log.error("Arguments should be of type dict.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
try:
ret = chained[key]
except KeyError:
log.error("Key not found: %s", key, exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'key_not_found')
return False, None
except TypeError:
log.error("Arguments should be of type dict.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def _sort(block_id, block_dict, extra_args):
"""
Given a target sequence, sort it and return the sorted result.
block_id:
Block id
block_dict:
seq: (Optional)
Input sequence to be sorted
lexico: (Optional) (Default False)
Set to True if the sorting thould be in lexicographical order.
desc: (Optional) (Default False)
Set to True if the sorting should be in descending order.
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` or
``.update()`` or ``.format()``
called on it with ``seq`` as the only argument.
Set ``extend_chained`` to False to ignore ``seq``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the sort is successful, and
False othewise. The second argument will be the sorted sequence.
"""
chained = runner_utils.get_chained_param(extra_args)
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
lexico = runner_utils.get_param_for_module(block_id, block_dict, 'lexico',
False)
desc = runner_utils.get_param_for_module(block_id, block_dict, 'desc',
False)
seq = runner_utils.get_param_for_module(block_id, block_dict, 'seq')
if extend_chained and seq:
try:
if isinstance(chained, (dict, set)):
chained.update(seq)
elif isinstance(chained, list):
chained.extend(seq)
elif isinstance(chained, str):
chained = seq.format(chained)
except (AttributeError, TypeError, ValueError):
log.error("Invalid arguments type.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
ret = _sort_helper(chained, desc, lexico)
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing FDG Connector module for id: {0}'.format(block_id))
fdg_file = runner_utils.get_chained_param(extra_args)
if not fdg_file:
fdg_file = runner_utils.get_param_for_module(block_id, block_dict,
'fdg_file')
# read other params for fdg connector module
starting_chained = runner_utils.get_param_for_module(
block_id, block_dict, 'starting_chained')
use_status = runner_utils.get_param_for_module(block_id, block_dict,
'use_status', False)
consolidation_operator = runner_utils.get_param_for_module(
block_id, block_dict, 'consolidation_operator', 'and')
try:
# fdg runner class
fdg_runner = runner_factory.get_fdg_runner()
fdg_runner.init_loader()
# Handover to fdg_runner
_, fdg_run = fdg_runner.execute(fdg_file,
{'starting_chained': starting_chained})
except Exception as e:
raise HubbleCheckValidationError(
'fdg_runner raised {0}: in file {1}, {2}'.format(
e.__class__, fdg_file, e))
if not isinstance(fdg_run, tuple):
log.debug("consolidation_operator is %s", consolidation_operator)
fdg_run = _get_consolidated_result(fdg_run, consolidation_operator)
fdg_result, fdg_status = fdg_run
if isinstance(fdg_result, dict) and 'error' in (k.lower()
for k in fdg_result):
return runner_utils.prepare_negative_result_for_module(block_id, False)
check_value = fdg_status if use_status else bool(fdg_result)
if check_value:
return runner_utils.prepare_positive_result_for_module(block_id, True)
return runner_utils.prepare_negative_result_for_module(block_id, False)
def _join(block_id, block_dict, extra_args):
"""
Given a list of strings, join them into a string, using ``sep`` as delimiter.
block_id:
Block id
block_dict:
words: (Mandatory)
List of string
sep: (Optional)
Separator, Default: ''
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` called on it with
``words`` as the only argument.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the join was successful, and
False othewise. The second argument will be the output of the ``join``
command.
``extend_chained`` is set to True when ``chained`` should be extended with ``words``.
If set to False, ``words`` is ignored.
"""
chained = runner_utils.get_chained_param(extra_args)
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
sep = runner_utils.get_param_for_module(block_id, block_dict, 'sep', '')
words = runner_utils.get_param_for_module(block_id, block_dict, 'words',
None)
if extend_chained and words:
try:
chained.extend(words)
except (AttributeError, TypeError):
log.error("Arguments should be of type list.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
try:
ret = sep.join(chained)
except (TypeError, AttributeError):
log.error("Invalid arguments type.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def _get_index(block_id, block_dict, extra_args):
"""
Given a list list, return the item found at ``index``.
block_id:
Block id
block_dict:
index: (Mandatory)
Index value for which value is needed
starting_list: (Optional)
Starting list param
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` called on it with
``starting_list`` as the only argument.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the return was successful, and
False othewise. The second argument will be the requested list element.
"""
chained = runner_utils.get_chained_param(extra_args)
index = runner_utils.get_param_for_module(block_id, block_dict, 'index', 0)
starting_list = runner_utils.get_param_for_module(block_id, block_dict,
'starting_list')
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
if extend_chained and starting_list:
try:
chained.extend(starting_list)
except (AttributeError, TypeError):
log.error("Invalid argument type", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
try:
ret = chained[index]
except IndexError:
log.error('List index out of range %d', index, exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
except TypeError:
log.error('Arguments should be of type list', exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
status = bool(ret)
if status:
return runner_utils.prepare_positive_result_for_module(block_id, ret)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_result')
def _dict_convert_none(block_id, block_dict, extra_args):
"""
Given a target sequence, look for dictionary keys that have empty string values
and replace them with None.
block_id:
Block id
block_dict:
starting_seq: (Optional)
Initial dictionary
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` or ``.update()`` called on it with
``starting_seq`` as the only argument.
Set ``extend_chained`` to False to ignore ``starting_seq``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the replacing is successful, and
False othewise. The second argument will be the updated sequence.
"""
chained = runner_utils.get_chained_param(extra_args)
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
starting_seq = runner_utils.get_param_for_module(block_id, block_dict,
'starting_seq')
if extend_chained and starting_seq:
try:
if isinstance(chained, (set, dict)):
chained.update(starting_seq)
elif isinstance(chained, list):
chained.extend(starting_seq)
except (AttributeError, TypeError, ValueError):
log.error("Invalid type of arguments", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
if isinstance(chained, dict):
ret = _dict_convert_none_helper(chained)
elif isinstance(chained, (set, list, tuple)):
ret = _seq_convert_none_helper(chained)
else:
log.error("Invalid arguments type - dict or sequence expected")
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_error')
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'host_ip': '127.0.0.1',
'host_port': 443},
'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug(
'Module: ssl_certificate Start validating params for check-id: {0}'.
format(block_id))
error = {}
endpoint_chained = runner_utils.get_chained_param(extra_args)
if endpoint_chained:
host_ip = endpoint_chained.get('host_ip')
host_port = endpoint_chained.get('host_port')
else:
host_ip = runner_utils.get_param_for_module(block_id, block_dict,
'host_ip')
host_port = runner_utils.get_param_for_module(block_id, block_dict,
'host_port')
ssl_timeout = runner_utils.get_param_for_module(block_id, block_dict,
'ssl_timeout', 0)
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
endpoint_present = bool(host_ip and host_port)
if not endpoint_present and not path:
error[
'endpoint'] = 'Mandatory parameter: host_ip, host_port or path not found for id: %s' % (
block_id)
if endpoint_present and path:
error[
'endpoint'] = 'Only one of either endpoint data or path is required not both. Only one certificate per check for id: %s' % (
block_id)
if ssl_timeout < 0:
error['ssl_timeout'] = 'Incorrect value provided for ssl_timeout'
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def _nop(block_id, block_dict, extra_args):
"""
This function just returns the chained value. It is a nop/no operation.
This can be useful if you want to do a pipe_on_true to filter out
False values -- you can pipe_on_true to util's nop, and stick a
returner on the nop operation to just return the True values.
"""
chained_params = runner_utils.get_chained_param(extra_args)
return runner_utils.prepare_positive_result_for_module(
block_id, chained_params)
def _split(block_id, block_dict, extra_args):
"""
Given a ``phrase`` string, split it into a list of words by a ``sep`` delimiter.
block_id:
Block id
block_dict:
phrase: (Mandatory)
Input Phrase(string) to be split.
sep: (Optional)
Separator to split by. It can either be a delimiter or a regex.
If it's None it will split by whitespace.
regex: (Optional) (Default False)
Set to True if ``sep`` should be treated as a regex instead of a delimiter.
format_chained: (Default True)
By default, the ``phrase`` will have ``.format()`` called on it with
``chained`` as the only argument. (So, use ``{0}`` in your phrase to
substitute the chained value.) If you want to avoid having to escape
curly braces, set ``format_chained=False``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the delimiter is found and
the splitting is successful, and False othewise. The second argument will be
the output of the ``split`` command.
"""
chained = runner_utils.get_chained_param(extra_args)
format_chained = runner_utils.get_param_for_module(block_id, block_dict,
'format_chained', True)
phrase = runner_utils.get_param_for_module(block_id, block_dict, 'phrase')
sep = runner_utils.get_param_for_module(block_id, block_dict, 'sep')
regex = runner_utils.get_param_for_module(block_id, block_dict, 'regex',
False)
if format_chained and chained:
try:
phrase = phrase.format(chained)
except AttributeError:
log.error("Invalid attributes type.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
ret = _split_helper(phrase, sep, regex)
status = bool(ret) and len(ret) > 1
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def execute(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'host_ip': '127.0.0.1',
'host_port': 443},
'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
start_time = time.time()
log.debug('Executing ssl_certificate module for id: {0}'.format(block_id))
endpoint_chained = runner_utils.get_chained_param(extra_args)
if endpoint_chained:
host_ip = endpoint_chained.get('host_ip')
host_port = endpoint_chained.get('host_port')
else:
host_ip = runner_utils.get_param_for_module(block_id, block_dict,
'host_ip')
host_port = runner_utils.get_param_for_module(block_id, block_dict,
'host_port')
ssl_timeout = runner_utils.get_param_for_module(block_id, block_dict,
'ssl_timeout', 3)
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
cert = _get_cert(host_ip, host_port,
ssl_timeout=ssl_timeout) if host_ip else _get_cert(
path, from_file=True)
if not cert:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unable_to_load_certificate')
log.debug("ssl_certificate - cert found, parsing certificate")
cert_details = _parse_cert(cert, host_ip, host_port, path)
if 'error' in cert_details:
log.debug('Error in parsing certificate. {0}'.format(
cert_details['error']))
return runner_utils.prepare_negative_result_for_module(
block_id, 'unable_to_parse_certificate')
stop_time = time.time()
cert_details['execution_time'] = stop_time - start_time
return runner_utils.prepare_positive_result_for_module(
block_id, cert_details)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': {"name": "LogFileName", "value_type": "public"}, 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing win_firewall module for id: {0}'.format(block_id))
__firewalldata__ = _import_firewall()
if not __firewalldata__:
return runner_utils.prepare_negative_result_for_module(
block_id, "firewall data couldn't be fetched")
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
name = chained_result.get('name')
value_type = chained_result.get('value_type')
else:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
value_type = runner_utils.get_param_for_module(block_id, block_dict,
'value_type')
try:
setting_value = __firewalldata__.get(value_type).get(name).lower()
except Exception as e:
log.debug(
"for block id %s, setting name %s and value type %s is not "
"found in firewall data", block_id, name, value_type)
setting_value = "Not Found"
result = {
"name": name,
"value_type": value_type,
"setting_value": setting_value
}
log.debug("win_firewall module output for block_id %s, is %s", block_id,
result)
if not result:
return runner_utils.prepare_negative_result_for_module(
block_id, "firewall setting couldn't be fetched")
return runner_utils.prepare_positive_result_for_module(block_id, result)
def _handle_config_file(block_id, block_dict, extra_args=None):
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
chained_param = runner_utils.get_chained_param(extra_args)
pattern = runner_utils.get_param_for_module(block_id, block_dict,
'pattern')
ignore_pattern = runner_utils.get_param_for_module(block_id, block_dict,
'ignore_pattern')
dictsep = runner_utils.get_param_for_module(block_id, block_dict,
'dictsep')
valsep = runner_utils.get_param_for_module(block_id, block_dict, 'valsep')
subsep = runner_utils.get_param_for_module(block_id, block_dict, 'subsep')
return _handle_config_helper(block_id, path, pattern, ignore_pattern,
dictsep, valsep, subsep, chained_param)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': "Local Administrator Password Solution", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing win_pkg module for id: {0}'.format(block_id))
try:
__pkgdata__ = __mods__['pkg.list_pkgs']()
except CommandExecutionError:
__mods__['pkg.refresh_db']()
__pkgdata__ = __mods__['pkg.list_pkgs']()
if not __pkgdata__:
return runner_utils.prepare_negative_result_for_module(
block_id, "package list couldn't be fetched")
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
pkg_name = chained_result.get('name')
else:
pkg_name = runner_utils.get_param_for_module(block_id, block_dict,
'name')
if pkg_name in __pkgdata__:
audit_value = __pkgdata__.get(pkg_name)
else:
log.debug("for block id %s, pkg %s is not found in pkg data", block_id,
pkg_name)
audit_value = "Not Found"
result = {"package_name": pkg_name, "package_version": audit_value}
log.debug("win_pkg module output for block_id %s, is %s", block_id, result)
if audit_value == "Not Found":
return runner_utils.prepare_negative_result_for_module(
block_id, "package information couldn't be fetched")
return runner_utils.prepare_positive_result_for_module(block_id, result)
def _print_string(block_id, block_dict, extra_args):
"""
Given a string, return it.
block_id:
Block id
block_dict:
starting_string: (Optional)
Initial string
format_chained: (Default True)
By default, ``starting_string`` will have ``.format()`` called on it
with ``chained`` as the only argument. (So, use ``{0}`` in your pattern to
substitute the chained value.) If you want to avoid having to escape curly braces,
set ``format_chained=False``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be False only if an error will occur.
"""
chained = runner_utils.get_chained_param(extra_args)
format_chained = runner_utils.get_param_for_module(block_id, block_dict,
'format_chained', True)
starting_string = runner_utils.get_param_for_module(
block_id, block_dict, 'starting_string')
if format_chained:
try:
starting_string = starting_string.format(chained)
except AttributeError:
log.error("Invalid type for starting_string - has to be string.",
exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
if not isinstance(starting_string, str):
log.error('Invalid arguments - starting_string should be a string')
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
if not bool(starting_string):
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(
block_id, starting_string)
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'cmdline': 'app --config-file=test test'}, 'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug(
'Module: command_line_parser Start validating params for check-id: {0}'
.format(block_id))
error = {}
command_line = None
chained_param = runner_utils.get_chained_param(extra_args)
if chained_param:
command_line = chained_param.get('cmdline')
if not command_line:
# get it from args
command_line = runner_utils.get_param_for_module(
block_id, block_dict, 'cmdline')
if not command_line:
error['cmdline'] = 'No cmdline provided in chained params'
key_aliases = runner_utils.get_param_for_module(block_id, block_dict,
'key_aliases')
if not key_aliases:
error['key_aliases'] = 'No key_aliases provided in params'
delimiter = runner_utils.get_param_for_module(block_id, block_dict,
'delimiter')
if not delimiter:
error['delimiter'] = 'No delimiter provided'
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def _filter_seq(block_id, block_dict, extra_args):
"""
Given a target sequence, filter it and return the result.
block_dict:
By default, ``chained`` will have ``.extend()`` or ``.update()`` or ``.format()``
called on it with ``starting_seq`` as the only argument. Set ``extend_chained`` to False
to ignore ``starting_seq``.
starting_seq: (Optional) Starting sequence
extend_chained: (Optional) (Default True)
If True, update starting_seq with chained value
filter_rules: (Mandatory) is a dictionary mapping comparison types to values
to compare against.
It can take the following values:
ge = greater or equal, gt = greater than,
lt = lower than, le = lower or equal
ne = not equal, eq = equal
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
"""
chained = runner_utils.get_chained_param(extra_args)
starting_seq = runner_utils.get_param_for_module(block_id, block_dict,
'starting_seq')
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
filter_rules = runner_utils.get_param_for_module(block_id, block_dict,
'filter_rules')
if extend_chained and starting_seq:
try:
if isinstance(chained, set):
chained.update(starting_seq)
elif isinstance(chained, list):
chained.extend(starting_seq)
elif isinstance(chained, str):
chained = starting_seq.format(chained)
else:
raise AttributeError
except (AttributeError, TypeError, ValueError):
log.error("Invalid argument type", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
return _filter(block_id, seq=chained, filter_rules=filter_rules)
def _filter_dict(block_id, block_dict, extra_args=None):
"""
Given a target dictionary, filter it and return the result.
block_id:
Block id
block_dict:
starting_dict: (Optional) Starting dictionary
update_chained: (Default True)
If True, ``chained value`` will have ``.update()`` called on it
with ``starting_dict`` as the argument.
Set ``update_chained`` to False to ignore ``starting_dict``.
filter_values: (Default False)
By default, the filtering will be done on keys.
Set ``filter_values`` to True to filter by values.
filter_rules: (Mandatory) is a dictionary mapping comparison types to values
to compare against.
It can take the following values:
ge = greater or equal, gt = greater than,
lt = lower than, le = lower or equal
ne = not equal, eq = equal
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
"""
chained = runner_utils.get_chained_param(extra_args)
starting_dict = runner_utils.get_param_for_module(block_id, block_dict,
'starting_dict')
update_chained = runner_utils.get_param_for_module(block_id, block_dict,
'update_chained', True)
filter_values = runner_utils.get_param_for_module(block_id, block_dict,
'filter_values', False)
filter_rules = runner_utils.get_param_for_module(block_id, block_dict,
'filter_rules')
try:
if update_chained and starting_dict:
chained.update(starting_dict)
except (AttributeError, TypeError, ValueError):
log.error('Invalid argument type - dict required', exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
return _filter_dict_helper(block_id, chained, filter_values, filter_rules)
