def is_internal(x: str):
x = x.replace(" ", "")
is_ip_re = re.compile(
r"((^\s*((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}"
r"|2[0-4][0-9]|25[0-5]))\s*$)|(^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|"
r"(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)"
r"(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}"
r"(((:[0-9A-Fa-f]{1,4})"
r"{1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|"
r"(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:"
r"((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|"
r"(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:"
r"((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|"
r"(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:"
r"((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|"
r"(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:"
r"((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))"
r"|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:"
r"((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))"
r"(%.+)?\s*$))")
is_host_re = re.compile("[a-zA-Z0-9.]+")
if x == "0.0.0.0" or x == "::":
return False
if is_ip_re.match(x) is not None:
return ipaddress.ip_address(x).is_private
elif is_host_re.match(x) is not None:
try:
ip = socket.gethostbyname(x)
return ipaddress.ip_address(ip).is_private
except socket.gaierror:
logs.ERROR(f"Unknown host: {x}")
elif x == "%" or x == "*":
return False
else:
logs.ERROR(f"Unknown host: {x}")
def get_paths(self,
expected_file="",
expected_files=None,
files_appear=None):
result = []
paths = self.enumerate_path()
for path in paths:
if expected_files and (not self.__test_exp_files(
path, expected_files)):
continue
if expected_file != "" and (not utils.exists_file(
path, expected_file)):
continue
if files_appear is not None and (not self.__test_files_appear(
path, files_appear)):
continue
result.append(path)
if len(result) == 0:
logs.ERROR(
"Cannot find configuration file location, please specify")
sys.exit(0)
if len(result) > 1:
logs.ERROR(
"Multiple configuration file locations found (listed below), "
"please specify (e.g. --dir=/etc)")
for k, v in enumerate(result):
logs.INFO(f"[{k}]. {v}")
sys.exit(0)
return result[0]
def connect(self):
try:
self.conn = pymysql.connect(host=self.__host,
user=self.__username,
passwd=self.__password,
port=self.__port)
self.cursor = self.conn.cursor()
except pymysql.err.OperationalError:
logs.ERROR('Cannot connect to MySQL')
sys.exit(0)
except pymysql.err.InternalError as e:
logs.ERROR(f'Cannot connect to MySQL: {e}')
sys.exit(0)
def read_content(self):
try:
fp = open(self.conf_file)
self.conf_content = fp.read()
fp.close()
except FileNotFoundError:
logs.ERROR("Redis Error")
def abs_path_from_args(args):
path = args.dir
abs_path = None
if path is not None:
if not os.path.exists(path):
logs.ERROR("'%s' is not a dir!" % path)
sys.exit(0)
abs_path = os.path.abspath(path)
return abs_path
def parse_content(self):
try:
fp = open(self.file)
for i in fp.readlines():
kv_temp = re.compile("\s+").split(i)
if len(kv_temp) == 2:
self.content[kv_temp[0]] = kv_temp[1]
fp.close()
except FileNotFoundError:
logs.ERROR("Spark Unknown Issue")
sys.exit(0)
def check_exposure(self):
try:
ips = self.ip_extraction()[0].split()
for ip in ips:
if not utils.is_internal(ip):
logs.ISSUE(f"Redis is set to be exposed to the internet ({ip}).")
logs.RECOMMENDATION("bind [internal_ip]")
else:
logs.DEBUG(f"Redis is only exposed to internal network ({ip})")
except IndexError:
logs.ERROR("No IP is extracted from config file. Is the config file correct?")
def xml_conf_to_obj(file):
res = {}
try:
root = xml.etree.ElementTree.parse(file).getroot()
props = root.findall(".//property")
for prop in props:
name = prop.find(".//name").text
try:
value = prop.find(".//value").text
res[name] = value
except AttributeError:
continue
except FileNotFoundError:
logs.INFO(f"{file} not found, skipped.")
except Exception as e:
logs.ERROR(e)
sys.exit(0)
return res
# Copyright: [DAudit] - See LICENSE for details.
# Authors: Shou Chaofan (@shouc),
import interface
import logs
import utils
import sys
try:
import pymysql
import pymysql.err
except ModuleNotFoundError:
logs.ERROR("PyMySQL is not installed! Run python3 -m pip install pymysql before checking MySQL / MariaDB")
sys.exit(0)
class Mysql(interface.Interface):
def __init__(self,
host="127.0.0.1",
port=3306,
username="******",
password=""):
super().__init__()
if username is not None:
self.__username = username
else:
self.__username = "******"
if password is not None:
self.__password = password
else:
self.__password = ""
if host is not None:
self.__host = host