def test_guid(self): model = s_datamodel.Model() guid = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' self.eq(guid.lower(), model.type('guid').norm(guid)[0]) self.raises(s_exc.BadTypeValu, model.type('guid').norm, 'visi') guid = model.type('guid').norm('*')[0] self.true(s_common.isguid(guid)) objs = [1, 2, 'three', {'four': 5}] tobjs = tuple(objs) lnorm, _ = model.type('guid').norm(objs) tnorm, _ = model.type('guid').norm(tobjs) self.true(s_common.isguid(lnorm)) self.eq(lnorm, tnorm)
async def test_storm_lib_base(self): async with self.getTestCore() as core: nodes = await core.nodes('[ inet:asn=$lib.min(20, 0x30) ]') self.len(1, nodes) self.eq(20, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.min(20, (10, 30)) ]') self.len(1, nodes) self.eq(10, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.max(20, 0x30) ]') self.len(1, nodes) self.eq(0x30, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.max(20, (10, 30)) ]') self.len(1, nodes) self.eq(30, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.len(asdf) ]') self.len(1, nodes) self.eq(4, nodes[0].ndef[1]) nodes = await core.nodes('[ test:str=$lib.guid() test:str=$lib.guid() ]') self.len(2, nodes) self.true(s_common.isguid(nodes[0].ndef[1])) self.true(s_common.isguid(nodes[1].ndef[1])) self.ne(nodes[0].ndef[1], nodes[1].ndef[1]) nodes = await core.nodes('[ test:str=$lib.guid(hehe,haha) test:str=$lib.guid(hehe,haha) ]') self.len(2, nodes) self.true(s_common.isguid(nodes[0].ndef[1])) self.true(s_common.isguid(nodes[1].ndef[1])) self.eq(nodes[0].ndef[1], nodes[1].ndef[1]) async with core.getLocalProxy() as prox: mesgs = [m async for m in prox.storm('$lib.print("hi there")') if m[0] == 'print'] self.len(1, mesgs) self.stormIsInPrint('hi there', mesgs) mesgs = [m async for m in prox.storm('[ inet:fqdn=vertex.link inet:fqdn=woot.com ] $lib.print(:zone)')] mesgs = [m for m in mesgs if m[0] == 'print'] self.len(2, mesgs) self.eq('vertex.link', mesgs[0][1]['mesg']) self.eq('woot.com', mesgs[1][1]['mesg']) mesgs = [m async for m in prox.storm("$lib.print('woot at: {s} {num}', s=hello, num=$(42+43))")] self.stormIsInPrint('woot at: hello 85', mesgs)
async def test_storm_lib_base(self): async with self.getTestCore() as core: nodes = await core.nodes('[ inet:asn=$lib.min(20, 0x30) ]') self.len(1, nodes) self.eq(20, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.min(20, (10, 30)) ]') self.len(1, nodes) self.eq(10, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.max(20, 0x30) ]') self.len(1, nodes) self.eq(0x30, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.max(20, (10, 30)) ]') self.len(1, nodes) self.eq(30, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.len(asdf) ]') self.len(1, nodes) self.eq(4, nodes[0].ndef[1]) nodes = await core.nodes('[ test:str=$lib.guid() test:str=$lib.guid() ]') self.len(2, nodes) self.true(s_common.isguid(nodes[0].ndef[1])) self.true(s_common.isguid(nodes[1].ndef[1])) self.ne(nodes[0].ndef[1], nodes[1].ndef[1]) nodes = await core.nodes('[ test:str=$lib.guid(hehe,haha) test:str=$lib.guid(hehe,haha) ]') self.len(2, nodes) self.true(s_common.isguid(nodes[0].ndef[1])) self.true(s_common.isguid(nodes[1].ndef[1])) self.eq(nodes[0].ndef[1], nodes[1].ndef[1]) async with core.getLocalProxy() as prox: mesgs = [m async for m in prox.storm('$lib.print("hi there")')] mesgs = [m for m in mesgs if m[0] == 'print'] self.len(1, mesgs) self.eq('hi there', mesgs[0][1]['mesg']) mesgs = [m async for m in prox.storm('[ inet:fqdn=vertex.link inet:fqdn=woot.com ] $lib.print(:zone)')] mesgs = [m for m in mesgs if m[0] == 'print'] self.len(2, mesgs) self.eq('vertex.link', mesgs[0][1]['mesg']) self.eq('woot.com', mesgs[1][1]['mesg'])
def _normPyStr(self, valu): if valu == '*': guid = s_common.guid() norm = f'guid:{guid}' return norm, {} if valu.find(':') == -1: # we're ok with un-adorned sha256s if len(valu) == 64 and s_common.uhex(valu): valu = valu.lower() subs = {'sha256': valu} return f'sha256:{valu}', {'subs': subs} raise s_exc.BadTypeValu( name=self.name, valu=valu, mesg='unadorned file:bytes value is not a sha256') kind, kval = valu.split(':', 1) if kind == 'base64': byts = base64.b64decode(kval) return self._normPyBytes(byts) kval = kval.lower() if kind == 'hex': byts = s_common.uhex(kval) return self._normPyBytes(byts) if kind == 'guid': kval = kval.lower() if not s_common.isguid(kval): raise s_exc.BadTypeValu(name=self.name, valu=valu, mesg='guid is not a guid') return f'guid:{kval}', {} if kind == 'sha256': if len(kval) != 64: raise s_exc.BadTypeValu(name=self.name, valu=valu, mesg='invalid length for sha256 valu') s_common.uhex(kval) subs = {'sha256': kval} return f'sha256:{kval}', {'subs': subs} raise s_exc.BadTypeValu(name=self.name, valu=valu, kind=kind, mesg='unable to norm as file:bytes')
def _normPyStr(self, valu): if valu == '*': valu = s_common.guid() return valu, {} valu = valu.lower() if not s_common.isguid(valu): raise s_exc.BadTypeValu(name=self.name, valu=valu, mesg='valu is not a guid.') return valu, {}
def _norm_str(self, text, oldval=None): text = text.strip() if not text: self._raiseBadValu(text, mesg='No text left after strip().') if text[0] == '(': vals, off = s_syntax.parse_list(text) if off != len(text): self._raiseBadValu( text, off=off, vals=vals, mesg= 'List parting for guid type did not consume all of the input text.' ) return self._norm_list(vals, oldval) # generate me one. we dont care. if text == '*': return s_common.guid(), {} if text[0] != '$': retn = text.lower().replace('-', '') if not s_common.isguid(retn): self._raiseBadValu(text, mesg='Expected a 32 char guid string') return retn, {} node = self.tlib.getTufoByProp('syn:alias', text) if node is not None: return node[1].get('syn:alias:iden'), {} # TODO remove legacy model aliases if self._guid_alias is None: self._raiseBadValu( text, mesg='guid resolver syntax used with non-aliased guid') if self._getTufoByProp is None: self._raiseBadValu( text, mesg='guid resolver syntax used with non-cortex tlib') # ( sigh... eventually everything will be a cortex... ) node = self._getTufoByProp(self._guid_alias, text[1:]) if node is None: self._raiseBadValu(text, mesg='no result for guid resolver', alias=self._guid_alias) iden = node[1].get(node[1].get('tufo:form')) return iden, {}
def _norm_str(self, text, oldval=None): text = text.strip() if not text: self._raiseBadValu(text, mesg='No text left after strip().') if text[0] == '(': vals, off = s_syntax.parse_list(text) if off != len(text): # pragma: no cover self._raiseBadValu(text, off=off, vals=vals, mesg='List parting for ndef type did not consume all of the input text.') return self._norm_list(vals, oldval) if not s_common.isguid(text): self._raiseBadValu(text, mesg='Expected a 32 char guid string') return text, {}
async def addUser(self, name, passwd=None, email=None, iden=None): ''' Add a User to the Hive. Args: name (str): The name of the User. passwd (str): A optional password for the user. email (str): A optional email for the user. iden (str): A optional iden to use as the user iden. Returns: HiveUser: A Hive User. ''' if self.usersbyname.get(name) is not None: raise s_exc.DupUserName(name=name) if iden is None: iden = s_common.guid() else: if not s_common.isguid(iden): raise s_exc.BadArg(name='iden', arg=iden, mesg='Argument it not a valid iden.') if self.usersbyiden.get(iden) is not None: raise s_exc.DupIden(name=name, iden=iden, mesg='User already exists for the iden.') await self._push('user:add', iden, name) user = self.user(iden) if passwd is not None: await user.setPasswd(passwd) if email is not None: await self.setUserInfo(user.iden, 'email', email) # Everyone's a member of 'all' await user.grant(self.allrole.iden) return user
def test_common_isguid(self): self.true(s_common.isguid('98db59098e385f0bfdec8a6a0a6118b3')) self.false(s_common.isguid('visi'))
def test_types_guid(self): with self.getRamCore() as core: # Random guids from "*" v0, _ = core.getPropNorm('guidform', '*') v1, _ = core.getPropNorm('guidform', '*') self.true(s_common.isguid(v0)) self.true(s_common.isguid(v1)) self.ne(v0, v1) # Stable guids from strings v0, subs0 = core.getPropNorm('guidform', '(foo="1",baz=2)') v1, subs1 = core.getPropNorm('guidform', (['baz', '2'], ('foo', '1'))) v2, _ = core.getPropNorm('guidform', ' (foo="1",baz=2) ') v3, _ = core.getPropNorm('guidform', {'foo': '1', 'baz': 2}) self.eq(v0, '1312b101a21bdfd0d96f896ecc5cc113') self.eq(v0, v1) self.eq(v0, v2) self.eq(v0, v3) self.len(2, subs0) self.eq(subs0.get('foo'), '1') self.eq(subs0.get('baz'), 2) self.eq(subs0, subs1) # Do partial subs v3, subs3 = core.getPropNorm('guidform', '(foo="1")') v4, _ = core.getPropNorm('guidform', [['foo', '1']]) self.eq(v3, '9d13c5c5f307199cfd9861584bac35f2') self.eq(v3, v4) self.eq(subs0.get('foo'), subs3.get('foo')) self.none(subs3.get('baz')) # Test a model form with nested subs from a guid type v5, subs5 = core.getPropNorm( 'inet:dns:look', '(time="20171002",a="woot.com/1.2.3.4")') self.eq(v5, '78241202d9af8b1403e9e391336922a1') self.eq(subs5.get('a'), 'woot.com/1.2.3.4') self.eq(subs5.get('a:fqdn'), 'woot.com') self.eq(subs5.get('a:fqdn:domain'), 'com') self.eq(subs5.get('a:fqdn:host'), 'woot') self.eq(subs5.get('a:ipv4'), 0x01020304) self.eq(subs5.get('time'), 1506902400000) # Add a custom form which is a subtype of guid itself without a separate form # which has subs which also include a guid! core.addTufoForm('bobboblaw', ptype='guid') core.addTufoProp('bobboblaw', 'foo', ptype='str') core.addTufoProp('bobboblaw', 'baz', ptype='int') core.addTufoProp('bobboblaw', 'ohmai', ptype='guid') core.addTufoProp('bobboblaw', 'ohmai:s', ptype='str') core.addTufoProp('bobboblaw', 'ohmai:i', ptype='int') v6, subs6 = core.getPropNorm('bobboblaw', '(foo="1",baz=2)') self.eq(v0, v6) self.eq(subs0, subs6) # And now with nested subs! v7, subs7 = core.getPropNorm( 'bobboblaw', '(foo="1",baz=2,ohmai=(s=foo, i=137))') self.ne(v0, v7) self.eq(v7, '706f471a707370fdb8fc3d0590b4dce1') self.isin('foo', subs7) self.isin('baz', subs7) self.isin('ohmai', subs7) self.isin('ohmai:s', subs7) self.isin('ohmai:i', subs7) self.eq(subs7.get('ohmai'), '59cbcbc1b5593d719aeae1e75d05cabf') # Bad input self.raises(BadTypeValu, core.getPropNorm, 'guidform', ' ') self.raises(BadTypeValu, core.getPropNorm, 'guidform', '()') self.raises(BadTypeValu, core.getPropNorm, 'guidform', []) self.raises(BadTypeValu, core.getPropNorm, 'guidform', '(foo, bar)') self.raises(BadTypeValu, core.getPropNorm, 'guidform', (['baz', '2'], ('foo', '1', 'blerp'))) self.raises(BadTypeValu, core.getPropNorm, 'guidform', '(foo="1",junkProp=2)') self.raises(BadTypeValu, core.getPropNorm, 'guidform', '(foo="1",somevalu)') self.raises(BadTypeValu, core.getPropNorm, 'guidform', 'totally not a guid') self.raises(BadTypeValu, core.getPropNorm, 'guidform', 1234) self.raises(BadTypeValu, core.getPropNorm, 'guidform', '$1234') self.raises(BadTypeValu, core.getTypeNorm, 'guid', '(foo=1)')
async def test_storm_lib_base(self): pdef = { 'name': 'foo', 'desc': 'test', 'version': (0, 0, 1), 'modules': [ { 'name': 'test', 'storm': 'function f(a) { return ($a) }', } ], 'commands': [ ], } async with self.getTestCore() as core: await core.addStormPkg(pdef) nodes = await core.nodes('[ inet:asn=$lib.min(20, 0x30) ]') self.len(1, nodes) self.eq(20, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.min(20, (10, 30)) ]') self.len(1, nodes) self.eq(10, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.max(20, 0x30) ]') self.len(1, nodes) self.eq(0x30, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.max(20, (10, 30)) ]') self.len(1, nodes) self.eq(30, nodes[0].ndef[1]) nodes = await core.nodes('[ inet:asn=$lib.len(asdf) ]') self.len(1, nodes) self.eq(4, nodes[0].ndef[1]) nodes = await core.nodes('[ test:str=$lib.guid() test:str=$lib.guid() ]') self.len(2, nodes) self.true(s_common.isguid(nodes[0].ndef[1])) self.true(s_common.isguid(nodes[1].ndef[1])) self.ne(nodes[0].ndef[1], nodes[1].ndef[1]) nodes = await core.nodes('[ test:str=$lib.guid(hehe,haha) test:str=$lib.guid(hehe,haha) ]') self.len(2, nodes) self.true(s_common.isguid(nodes[0].ndef[1])) self.true(s_common.isguid(nodes[1].ndef[1])) self.eq(nodes[0].ndef[1], nodes[1].ndef[1]) async with core.getLocalProxy() as prox: mesgs = [m async for m in prox.storm('$lib.print("hi there")') if m[0] == 'print'] self.len(1, mesgs) self.stormIsInPrint('hi there', mesgs) mesgs = [m async for m in prox.storm('[ inet:fqdn=vertex.link inet:fqdn=woot.com ] $lib.print(:zone)')] mesgs = [m for m in mesgs if m[0] == 'print'] self.len(2, mesgs) self.eq('vertex.link', mesgs[0][1]['mesg']) self.eq('woot.com', mesgs[1][1]['mesg']) mesgs = [m async for m in prox.storm("$lib.print('woot at: {s} {num}', s=hello, num=$(42+43))")] self.stormIsInPrint('woot at: hello 85', mesgs) # lib.sorted() q = ''' $set = $lib.set(c, b, a) for $x in $lib.sorted($set) { [ test:str=$x ] } ''' nodes = await core.nodes(q) self.len(3, nodes) self.eq(nodes[0].ndef[1], 'a') self.eq(nodes[1].ndef[1], 'b') self.eq(nodes[2].ndef[1], 'c') # $lib.import q = '$test = $lib.import(test) $lib.print($test)' msgs = await core.streamstorm(q).list() self.stormIsInPrint('stormtypes.Lib object', msgs) q = '$test = $lib.import(newp)' msgs = await core.streamstorm(q).list() erfo = [m for m in msgs if m[0] == 'err'][0] self.eq(erfo[1][0], 'NoSuchName') self.eq(erfo[1][1].get('name'), 'newp')
def test_tools_guid(self): argv = [] outp = self.getTestOutp() s_guid.main(argv, outp=outp) self.true(s_common.isguid(str(outp)))