class FilenameMatchTrigger(BaseTrigger):
__trigger_name__ = 'FILENAMEMATCH'
__description__ = 'Triggers if a file exists in the container that matches with any of the regular expressions given as FILECHECK_NAMEREGEXP parameters.'
__params__ = {'FILECHECK_NAMEREGEXP': PipeDelimitedStringListValidator()}
def evaluate(self, image_obj, context):
# decode the param regexes from b64
fname_regexps = []
regex_param = self.eval_params.get(self.__params__.keys()[0])
if regex_param:
fname_regexps = regex_param.split('|')
if not fname_regexps:
# Short circuit
return
if context.data.get('filenames'):
files = context.data.get('filenames')
else:
files = image_obj.fs.files().keys(
) # returns a map of path -> entry
for thefile in files:
thefile = thefile.encode('ascii', errors='replace')
for regexp in fname_regexps:
if re.match(regexp, thefile):
self._fire(
msg=
'Application of regexp matched file found in container: file={} regexp={}'
.format(thefile, regexp))
class ContentMatchTrigger(BaseTrigger):
__trigger_name__ = 'CONTENTMATCH'
__description__ = 'Triggers if the content search analyzer has found any matches. If the parameter is set, then will only trigger against found matches that are also in the FILECHECK_CONTENTMATCH parameter list. If the parameter is absent or blank, then the trigger will fire if the analyzer found any matches.'
__params__ = {
'FILECHECK_CONTENTREGEXP': PipeDelimitedStringListValidator()
}
def evaluate(self, image_obj, context):
match_filter = self.eval_params.get(self.__params__.keys()[0])
if match_filter:
matches = [x.encode('base64') for x in match_filter.split('|')]
matches_decoded = match_filter.split('|')
else:
matches = []
matches_decoded = []
for thefile, regexps in context.data.get('content_regexp', {}).items():
thefile = thefile.encode('ascii', errors='replace')
if not regexps:
continue
for regexp in regexps.keys():
try:
regexp_name, theregexp = regexp.decode('base64').split("=", 1)
except:
regexp_name = None
theregexp = regexp.decode('base64')
if not matches:
self._fire(msg='File content analyzer found regexp match in container: file={} regexp={}'.format(thefile, regexp.decode('base64')))
elif regexp in matches or theregexp in matches_decoded:
self._fire(msg='File content analyzer found regexp match in container: file={} regexp={}'.format(thefile, regexp.decode('base64')))
elif regexp_name and regexp_name in matches_decoded:
self._fire(msg='File content analyzer found regexp match in container: file={} regexp={}'.format(thefile, regexp.decode('base64')))
class PEntryMatchTrigger(BaseTrigger, PentryBlacklistMixin):
__trigger_name__ = 'PENTRYMATCH'
__description__ = 'triggers if specified entire passwd entry is found in the /etc/passwd file'
__params__ = {'PENTRYBLACKLIST': PipeDelimitedStringListValidator()}
def evaluate(self, image_obj, context):
if not context.data.get('passwd_entries'):
return
user_entries = context.data.get('passwd_entries')
blacklisted = [
x.strip() for x in self.eval_params['PENTRYBLACKLIST'].split('|')
]
for pentry, pentry in self.exec_blacklist(blacklisted, None,
user_entries):
self._fire(
msg=
"Blacklisted pentry '{}' found in image's /etc/passwd: pentry={}"
.format(pentry, str(pentry)))
return