def __init__(self, execparams, parent):
mandatoryparams = ['filepath', 'pattern']
Action.__init__(self,
execparams=execparams,
manparams=mandatoryparams,
parent=parent)
ProcessableAction.__init__(self, ['matchval'])
def __init__(self, execparams, parent):
psplog.debug('New reg query action: exparms: {0} parent: {1}'.format(execparams, parent))
Action.__init__(self, execparams=execparams, parent=parent)
hivemap = {'hklm': 'L', 'hkey_local_machine': 'L', 'hku': 'U', 'hkey_users': 'U', 'hkcu': 'C', 'hkey_current_user': '******', 'hkcc': 'G', 'hkey_current_config': 'G', 'hkcr': 'R', 'hkey_classes_root': 'R'}
try:
self.hive = hivemap[self.execparams['regkey'].split('\\', 1)[0].lower()]
except:
self.hive = None
def Execute(self):
Action.Execute(self)
attrib = self.execparams['attribute']
value = self.execparams['value']
pspid = self.execparams.get('pspid', None)
config = (self.execparams.get('config', 'false').lower() == 'true')
if (attrib in ['vendor', 'product', 'version', 'installDate']):
config = True
try:
prevPSPs = self.actmgr.GetPSPsFrom(self.parent.parent)
except:
psplog.error('Error getting previous PSP objects. Make sure there is a NewSWAction before you try to save to it.', exc_info=True)
return False
if (pspid != None):
prevPSP = filter((lambda x: (x.pspid == pspid)), prevPSPs)[0]
if ((prevPSP[attrib] != None) and (prevPSP[attrib] != 'NTR')):
psplog.debug('before copy: {0}'.format(prevPSP))
prevPSP = copy.deepcopy(prevPSP)
psplog.debug('after copy: {0}'.format(prevPSP))
self.actmgr.addPSP(prevPSP, self.parent)
prevPSP.SaveAttribute(attrib, value, config)
else:
for prevPSP in prevPSPs:
if ((prevPSP[attrib] != None) and (prevPSP[attrib] != 'NTR')):
psplog.debug('prevPSP: {0}'.format(prevPSP))
newPSP = copy.deepcopy(prevPSP)
psplog.debug('newPSP: {0}'.format(newPSP))
self.actmgr.addPSP(newPSP, self.parent)
newPSP.SaveAttribute(attrib, value, config)
return True
def Validate(self):
result = Action.Validate(self)
if (self.hive is None):
result.append(ValidationFailure(self, 'Invalid Hive: {0}'.format(self.execparams['regkey'].split('\\', 1)[0])))
if ((self.execparams.get('regvalue') is None) and (self.execparams.get('regdata') is not None)):
result.append(ValidationFailure(self, 'You cannot have a regdata without a regvalue.'))
return result
def Validate(self):
valid = Action.Validate(self)
goodif = self.execparams.get('goodif', None)
if (goodif is not None):
try:
parsed = self._parseIt(goodif)
for (ndx, item) in enumerate(parsed):
if (not (item in self.validstatements)):
valid.append(
ValidationFailure(
self,
('%s is not a valid SafetyCheck Statement' %
item)))
if (item in self.binaryops):
if (((ndx - 1) < 0) or ((ndx + 1) > len(parsed))
or (parsed[(ndx - 1)] not in self.conds)
or (parsed[(ndx + 1)] not in self.conds)):
valid.append(
ValidationFailure(
self, 'Invalid use of binary operator!'))
except SyntaxError:
psplog.critical('Unable to parse the SafetyCheck line!',
exc_info=True)
valid.append(
ValidationFailure(self,
'Unable to parse the SafetyCheck line!'))
return valid
def Execute(self):
Action.Execute(self)
self.script = self.execparams['name']
self.entrypoint = self.execparams.get('entrypoint', 'main')
self.args = self.execparams.get('args')
try:
PSPmodule = __import__('ops.psp.{0}'.format(self.script),
fromlist=self.entrypoint)
PSPmethod = PSPmodule.__dict__[self.entrypoint]
try:
if (self.additionaldata and self.args):
self.result = PSPmethod(self.additionaldata, self.args)
elif self.additionaldata:
self.result = PSPmethod(self.additionaldata)
else:
self.result = PSPmethod(self.args)
except SystemExit:
pass
except ImportError:
psplog.critical(
'[ScriptAction] There was an error importing the script: {0}'.
format(self.script),
exc_info=True)
self.result = False
except:
psplog.critical(
'[ScriptAction] There was an error executing the entrypoint: {0}.{1}'
.format(self.script, self.entrypoint),
exc_info=True)
self.result = False
return (self.result or False)
def Validate(self):
Action.Validate(self)
if (self.parent is None):
raise AttributeError('The Process Action cannot ride the rollercoaster by itself! (It needs a parent)')
if isinstance(self.parent, ProcessableAction):
return self.parent.validateprocess(self.execparams)
else:
raise AttributeError('The parent action is not processable.')
def Execute(self):
Action.Execute(self)
plugin = self.execparams['command']
handler = self.execparams['handlerfunc']
safetychecked = False
if (not safetychecked):
try:
addSafetyHandler(plugin, handler)
except:
psplog.critical("Unable to add safetyHandler for '{0}'. Please use caution!".format(plugin))
def Execute(self):
Action.Execute(self)
swtype = self.execparams.get('type')
if (swtype == 'PSP'):
res = PSP()
else:
res = None
self.result = res
self.actmgr.addPSP(self.result, self)
return (self.result is not None)
def Execute(self):
Action.Execute(self)
flag = self.execparams['flag']
val = (True if (self.execparams.get('unset') is None) else False)
if (flag in self.paramvalues['flag']):
ops.env.set(flag, val)
self.result = True
else:
self.result = False
return self.result
def Execute(self):
Action.Execute(self)
self.result = None
suc = False
self.command = self.execparams['command']
self.note = self.execparams.get('note', None)
self.arguments = self.execparams.get('arguments', None)
try:
suc = True
except:
psplog.error('Greylist failed.', exc_info=True)
suc = False
return suc
def Execute(self):
Action.Execute(self)
self.result = None
suc = False
self.regkey = self.execparams['regkey'].split('\\', 1)[1]
self.regvalue = self.execparams.get('regvalue', None)
self.regsubkey = self.execparams.get('regsubkey', None)
self.regdata = self.execparams.get('regdata', None)
self.regcompare = self.execparams.get('regcompare', '=')
searchkeys = (True if ((self.regsubkey is not None) and (self.regvalue is None)) else False)
searchvalues = (True if (self.regvalue is not None) else False)
try:
result = ops.psp.RegQuery(self.hive, self.regkey, self.regvalue, searchvalues, searchkeys, haltonerror=True)
if ((self.regvalue is None) and (self.regsubkey is None) and (self.regdata is None)):
self.result = result
suc = True
elif ((len(result) > 0) and ((self.regvalue in result) or (self.regvalue is None)) and ((self.regsubkey in result) or (self.regsubkey is None))):
self.result = result
suc = True
if (self.regdata is not None):
if ((self.regcompare == 'regex') and (not re.match(self.regdata, result[self.regvalue], re.IGNORECASE))):
suc = False
elif ((self.regcompare == '>') and (not (result[self.regvalue].lower() > self.regdata.lower()))):
suc = False
elif ((self.regcompare == '<') and (not (result[self.regvalue].lower() < self.regdata.lower()))):
suc = False
elif ((self.regcompare == '=') and (not (result[self.regvalue].lower() == self.regdata.lower()))):
suc = False
elif ((self.regcompare == '>=') and (not (result[self.regvalue].lower() >= self.regdata.lower()))):
suc = False
elif ((self.regcompare == '<=') and (not (result[self.regvalue].lower() <= self.regdata.lower()))):
suc = False
else:
suc = False
except RegistryError:
suc = False
except:
psplog.error('Unknown error while querying registry (See OPLOGS for more info)!', exc_info=True)
suc = False
psplog.debug('Registry Query key,result,success?: {2},{0},{1}'.format(self.result, suc, self.regkey))
return suc
def __init__(self, execparams, parent):
mandatoryparams = ['filepath', 'pattern']
Action.__init__(self, execparams=execparams, manparams=mandatoryparams, parent=parent)
ProcessableAction.__init__(self, ['matchval'])
def __init__(self, execparams, parent):
Action.__init__(self, execparams=execparams, parent=parent)
def Execute(self):
Action.Execute(self)
self.path = self.execparams['directory']
mask = self.execparams.get('dirmask', '*')
self.result = GetDirList(mask=mask, path=self.path)
return (self.result is not None)
def __init__(self, params, **kwargs):
Action.__init__(self, execparams=params, **kwargs)
def __init__(self, params, parent):
self.additionaldata = None
Action.__init__(self, execparams=params, parent=parent)
def __init__(self, params, parent):
self.mandatoryparams = ['text']
Action.__init__(self, params, parent)
def Execute(self):
Action.Execute(self)
self.result = self.parent.process(self.execparams)
return (self.result is not None)
def __init__(self, params, parent):
self.mandatoryparams = None
Action.__init__(self, execparams=params, parent=parent)
def Execute(self):
Action.Execute(self)
pathnmask = self.execparams['filepath']
pattern = self.execparams['pattern']
self.result = GetFileGrep(pathnmask=pathnmask, pattern=pattern)
return (self.result is not None)
def Execute(self):
Action.Execute(self)
self.result = self.execparams['text']
return True
