def SelectFromWhere(where_key_values): """This must return at least the properties defined in the ontology. There is no constraints on the other properties, so the query can return any set of key-value pairs, if the minimal set of properties is there.""" # TODO: Add "select_attributes" logging.debug("CIM_Process SelectFromWhere where_key_values=%s", str(where_key_values)) for proc_obj in psutil.process_iter(): user_name = PsutilProcToUser(proc_obj,None) if user_name: user_name_host = lib_common.format_username(user_name) else: user_name_host = user_name parent_pid = proc_obj.ppid() if "Handle" in where_key_values and str(where_key_values["Handle"]) != str(proc_obj.pid): continue if "user" in where_key_values and where_key_values["user"] != user_name_host: continue if "parent_pid" in where_key_values and str(where_key_values["parent_pid"]) != str(parent_pid): continue # TODO: Should reuse the existing properties. ret_value = { lib_properties.MakeProp("Handle"): rdflib.Literal(proc_obj.pid), lib_properties.MakeProp("username"): rdflib.Literal(user_name_host), lib_properties.MakeProp("parent_pid"): rdflib.Literal(parent_pid)} yield ret_value
def _vmstat_to_graph(cgiEnv, vmstat_header, input_line): grph = cgiEnv.ReinitGraph() split_header = vmstat_header.split() split_line = input_line.split() if len(split_header) != len(split_line): logging.error("Different lengths: [%s] / [%s]" % (split_header, split_line)) return current_node_hostname = lib_uris.gUriGen.HostnameUri( lib_util.currentHostname) property_vmstat = lib_properties.MakeProp("vmstat") sample_root_node = rdflib.BNode() grph.add((current_node_hostname, property_vmstat, sample_root_node)) timestamp_node = lib_kbase.time_stamp_now_node() grph.add((sample_root_node, pc.property_information, timestamp_node)) for column_name, column_value in zip(split_header, split_line): if column_name == "": continue # Column name is binary and converted to unicode. property_node = lib_properties.MakeProp("vmstat.%s" % column_name.decode()) # TODO: Add a timestamp. grph.add((sample_root_node, property_node, lib_util.NodeLiteral(column_value))) cgiEnv.OutCgiRdf("LAYOUT_RECT", [property_vmstat])
def check_present(property_name): print("Checking property", property_name) """Now look for some randomly-chosen counters which must be here on all platforms.""" property_node = lib_properties.MakeProp(property_name) value_triples_list = list(result_graph.triples((sample_root_node, property_node, None))) test_object.assertEqual(len(value_triples_list), 1) test_object.assertEqual(type(value_triples_list[0][2]), rdflib.Literal)
def _check_events_feeder_psutil_system_counters(test_object, text_message, result_graph): """This checks the result of events_feeder_psutil_system_counters.py""" # The result should not be empty, and contain at least a couple of triples. test_object.assertTrue(result_graph) print(text_message, "len(result_graph)=", len(result_graph)) samples_number = 0 # There should be at least one sample. Normally only one if this is a snapshot, # but this is not an important constraint. property_system_counters = lib_properties.MakeProp("system_counters") for host_node, _, sample_node in result_graph.triples((None, property_system_counters, None)): def check_present(property_name): """Now look for some randomly-chosen counters which must be here on all platforms.""" property_node = lib_properties.MakeProp(property_name) value_triples_list = list(result_graph.triples((sample_node, property_node, None))) test_object.assertEqual(len(value_triples_list), 1) test_object.assertEqual(type(value_triples_list[0][2]), rdflib.Literal) check_present("swap_memory.total") if not is_travis_machine(): # FIXME: Not available on Travis. Why ? Protection ? check_present("disk_io_counters.read_count") check_present("virtual_memory.free") check_present("net_io_counters.errin") samples_number += 1 test_object.assertTrue(samples_number >= 1) print(text_message, "samples number=", samples_number)
def test_rdf_windows_resource_icons(self): # This file contains at least one icon. file_path = "C:/Windows/System32/notepad.exe" result_graph = self._check_script( "/survol/sources_types/CIM_DataFile/win_resource_icons.py?xid=CIM_DataFile.Name=%s" % file_path) print("result_graph=", result_graph) for s, p, o in result_graph: if p.find("label") < 0 and p.find("comment") < 0 and p.find( "domain") < 0 and p.find("range") < 0: print(s, p, o) print("") icon_url = None icon_attributes = None resource_icons = [] resource_property = lib_properties.MakeProp("win32/resource") resources_triples = result_graph.triples( (None, rdflib.namespace.RDF.type, resource_property)) for url_subject, url_predicate, url_object in resources_triples: url_path, entity_type, entity_id_dict = lib_util.split_url_to_entity( url_subject) print("Resource icons=", resource_icons) self.assertEqual(entity_type, "win32/resource") self.assertEqual(entity_id_dict, { u'GroupName': u'2', u'Name': u'C:/Windows/System32/notepad.exe' })
def WbemKeyValues(key_value_items, display_none_values=False): """This is conceptually similar to WmiKeyValues""" dict_key_values = {} for wbem_key_name, wbem_value_literal in key_value_items: wbem_property = lib_properties.MakeProp(wbem_key_name) if isinstance(wbem_value_literal, lib_util.scalar_data_types): wbem_value_node = lib_util.NodeLiteral(wbem_value_literal) elif isinstance(wbem_value_literal, (tuple)): tuple_joined = " ; ".join(wbem_value_literal) wbem_value_node = lib_util.NodeLiteral(tuple_joined) elif wbem_value_literal is None: if display_none_values: wbem_value_node = lib_util.NodeLiteral("None") else: wbem_value_node = lib_util.NodeLiteral( "type=" + str(type(wbem_value_literal)) + ":" + str(wbem_value_literal)) #try: # refMoniker = str(wbem_value_literal.path()) # instance_url = lib_util.EntityUrlFromMoniker(refMoniker) # wbem_value_node = lib_common.NodeUrl(instance_url) #except AttributeError as exc: # wbem_value_node = lib_util.NodeLiteral(str(exc)) dict_key_values[wbem_property] = wbem_value_node return dict_key_values
def _property_name_to_node(attribute_key): if attribute_key.startswith(predicate_prefix+":"): attribute_key_without_prefix = attribute_key[len(predicate_prefix)+1:] else: attribute_key_without_prefix = attribute_key # This calculates the qname and should use the graph. Is it what we want ? return lib_properties.MakeProp(attribute_key_without_prefix)
def Snapshot(): cgiEnv = lib_common.ScriptEnvironment() grph = cgiEnv.GetGraph() sample_root_node = rdflib.BNode() logging.debug("Adding net_io_counters") try: _add_system_counters_to_sample_node(grph, sample_root_node) except Exception as exc: logging.error("Caught:%s" % exc) logging.debug("Added net_io_counters") property_system_counters = lib_properties.MakeProp("system_counters") current_node_hostname = lib_uris.gUriGen.HostnameUri( lib_util.currentHostname) # TODO: pc.property_information is the default property for sorting. # TODO: This could use a specific timestamp property, for example "point in time" P585 timestamp_node = lib_kbase.time_stamp_now_node() grph.add((sample_root_node, pc.property_information, timestamp_node)) grph.add( (current_node_hostname, property_system_counters, sample_root_node)) cgiEnv.OutCgiRdf("LAYOUT_RECT", [property_system_counters])
def GetElementAsString(one_dict, property_name): """ There is a similar function in test_lib_wbem.py """ property_node = lib_properties.MakeProp(property_name) value_node = one_dict[property_node] value_literal = str(value_node) return value_literal
def _check_events_feeder_win32_dir_changes(test_object, text_message, result_graph, updated_files): test_object.assertTrue(result_graph) print(text_message, "len(result_graph)=", len(result_graph)) print("updated_files=", updated_files) property_notified_file_change = lib_properties.MakeProp("file change") property_notified_change_type = lib_properties.MakeProp("change type") found_files = set() for one_updated_file in updated_files: print("one_updated_file=", one_updated_file) node_path = test_object._agent_box().FileUri(one_updated_file) for _, _, sample_root_node in result_graph.triples((node_path, property_notified_file_change, None)): for _, _, action_node in result_graph.triples((sample_root_node, property_notified_change_type, None)): print("Updated file:", one_updated_file, "action=", action_node) found_files.add(one_updated_file) test_object.assertEqual(sorted(updated_files), sorted(list(found_files)))
def add_associated_instances(grph, root_node, entity_type, entity_id, associator_attribute): assert root_node.find("__associator_attribute__") < 0 logging.debug("This is implemented for WMI only, yet.") logging.debug("entity_type=%s entity_id=%s associator_attribute=%s", entity_type, entity_id, associator_attribute) #result_class, result_role = lib_ontology_tools.get_associated_attribute( # "wmi", lib_wmi.extract_specific_ontology_wmi, associator_attribute) result_class, result_role = lib_ontology_tools.get_associated_class_role( "wmi", lib_wmi.extract_specific_ontology_wmi, associator_attribute) associator_name, _, input_role = associator_attribute.partition(".") if not input_role: raise Exception("associator_attribute %s is invalid" % associator_attribute) # This path will eventually be reformatted for WMI needs. wmi_path = entity_type + "." + entity_id iter_objects = lib_wmi.WmiSparqlExecutor().enumerate_associated_instances( wmi_path, associator_name, result_class, result_role) # WMI returns the attributes of each associated instances, only for the keys. # However, it is needed to iterated on the key-value pairs to trnsform them into strings. # So, an extra check is done, to be sure that the simplified ontology of survol # (List of keys per class) matches WMI class definition. Survol ontology of classes is much simpler # and is just the list of keys, but must be the same as WMI class description. result_class_keys = lib_util.OntologyClassKeys(result_class) for associated_dict_key_values in iter_objects: #logging.debug("associated_dict_key_values=%s", associated_dict_key_values) # This key-values dictionary contains all the attributes of each associated instance, # at least for the keys converted_key_value_dict = {} for property_key_node, property_value_node in associated_dict_key_values.items( ): property_key_name = lib_properties.PropToQName(property_key_node) property_value = str(property_value_node) if property_key_name in result_class_keys: converted_key_value_dict[property_key_name] = property_value logging.debug(" key=%s value=%s", property_key_name, property_value) else: logging.debug("Class %s, key %s is not in the ontology", result_class, property_key_name) script_node = lib_uris.LocalBox().node_from_dict( result_class, converted_key_value_dict) property_node = lib_properties.MakeProp(result_role) logging.debug("script_node=%s", script_node) grph.add((root_node, property_node, script_node))
def _add_property_values(grph, root_node, results_set, property_names, property_prefix): logging.debug("attributes=%s" % dir(results_set)) for property_name in property_names: logging.debug("property_name=%s" % property_name) property_node = lib_properties.MakeProp( "%s.%s" % (property_prefix, property_name)) try: property_value = getattr(results_set, property_name) grph.add((root_node, property_node, lib_util.NodeLiteral(property_value))) except Exception as exc: logging.error("Cannot get property_name=%s: %s" % (property_name, exc))
def _io_stat_to_graph(grph, spl, iostat_header): """This runs in the HTTP server and uses the data from the queue. This reads a record from the queue and builds a RDF relation with it.""" device_node = lib_uris.gUriGen.DiskUri(spl[0]) property_name_to_node = dict() for idx in range(1, len(spl)): # No idea why doubles are written with a comma. Maybe the locale? qty = float(spl[idx].replace(",", ".")) property_name = iostat_header[idx] property_node = property_name_to_node.get( property_name, lib_properties.MakeProp(property_name)) grph.add((device_node, property_node, lib_util.NodeLiteral(qty)))
def Snapshot(): global _global_counter cgiEnv = lib_common.ScriptEnvironment(parameters={ _param_a: _global_counter, _param_b: "Two" }) _global_counter += 1 # This is to ensure that all CGI parameters are handled. parameter_a = int(cgiEnv.get_parameters(_param_a)) parameter_b = cgiEnv.get_parameters(_param_b) grph = cgiEnv.ReinitGraph() current_pid = os.getpid() node_process = lib_uris.gUriGen.PidUri(current_pid) param_a_property = lib_properties.MakeProp(_param_a) param_b_property = lib_properties.MakeProp(_param_b) sample_root_node = rdflib.BNode() # TODO: pc.property_information is the default property for sorting by time-stamp. # TODO: This could use a specific timestamp property, for example "point in time" P585 timestamp_node = lib_kbase.time_stamp_now_node() grph.add((sample_root_node, pc.property_information, timestamp_node)) grph.add((sample_root_node, param_a_property, lib_util.NodeLiteral(parameter_a))) grph.add((sample_root_node, param_b_property, lib_util.NodeLiteral(parameter_b))) property_sample = lib_properties.MakeProp("sample") grph.add((node_process, property_sample, sample_root_node)) cgiEnv.OutCgiRdf("LAYOUT_RECT", [property_sample])
def Snapshot(): cgiEnv = lib_common.ScriptEnvironment() grph = cgiEnv.GetGraph() cpu_property = lib_properties.MakeProp("cpu") rss_property = lib_properties.MakeProp("rss") vms_property = lib_properties.MakeProp("vms") property_process_perf = lib_properties.MakeProp("Processes performances") for proc in psutil.process_iter(): node_process = lib_uris.gUriGen.PidUri(proc.pid) sample_root_node = rdflib.BNode() grph.add((node_process, property_process_perf, sample_root_node)) timestamp_node = lib_kbase.time_stamp_now_node() # TODO: pc.property_information is the default property for sorting. # TODO: This could use a specific timestamp property, for example "point in time" P585 grph.add((sample_root_node, pc.property_information, timestamp_node)) cpu_percent = proc.cpu_percent(interval=0) grph.add((sample_root_node, cpu_property, lib_util.NodeLiteral(cpu_percent))) try: memory_dict = proc.memory_full_info() grph.add((sample_root_node, rss_property, lib_util.NodeLiteral(memory_dict.rss))) grph.add((sample_root_node, vms_property, lib_util.NodeLiteral(memory_dict.vms))) except psutil.AccessDenied: pass cgiEnv.OutCgiRdf("LAYOUT_RECT", [property_process_perf])
def SelectFromWhere( where_key_values ): DEBUG("CIM_Process SelectFromWhere where_key_values=%s",str(where_key_values)) for proc_obj in ProcessIter(): user_name = PsutilProcToUser(proc_obj,None) if user_name: user_name_host = lib_common.format_username(user_name) else: user_name_host = user_name parent_pid = PsutilProcToPPid(proc_obj) if "Handle" in where_key_values and str(where_key_values["Handle"]) != str(proc_obj.pid): continue if "user" in where_key_values and where_key_values["user"] != user_name_host: continue if "parent_pid" in where_key_values and str(where_key_values["parent_pid"]) != str(parent_pid): continue # TODO: Should reuse the existing properties. ret_value = { lib_properties.MakeProp("Handle"):lib_util.NodeLiteral(proc_obj.pid), lib_properties.MakeProp("username"):lib_util.NodeLiteral(user_name_host), lib_properties.MakeProp("parent_pid"):lib_util.NodeLiteral(parent_pid)} yield ret_value
def CallbackSelect(self, grph, class_name, predicate_prefix, filtered_where_key_values): INFO( "WbemSparqlCallbackApi.CallbackSelect class_name=%s where_key_values=%s", class_name, filtered_where_key_values) assert class_name # This comes from such a Sparql triple: " ?variable rdf:type rdf:type" if class_name == "type": return wbem_query = lib_util.SplitMonikToWQL(filtered_where_key_values, class_name) DEBUG("WbemSparqlCallbackApi.CallbackSelect wbem_query=%s", wbem_query) wbem_objects = self.m_wbem_connection.ExecQuery( "WQL", wbem_query, "root/cimv2") # This returns a list of CIMInstance. for one_wbem_object in wbem_objects: # dir(one_wbem_object) # ['_CIMComparisonMixin__ordering_deprecated', '__class__', '__contains__', '__delattr__', '__delitem__', '__dict__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__getitem__', '__gt__', '__hash__', '__init__', '__iter__', '__le__', '__len__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setitem__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_classname', '_cmp', '_path', '_properties', '_property_list', '_qualifiers', 'classname', 'copy', 'get', 'has_key', 'items', 'iteritems', 'iterkeys', 'itervalues', 'keys', 'path', 'properties', 'property_list', 'qualifiers', 'tocimxml', 'tocimxmlstr', 'tomof', 'update', 'update_existing', 'values'] # one_wbem_object is a CIMInstanceName # dir(one_wbem_object.path) # ['_CIMComparisonMixin__ordering_deprecated', '__class__', '__contains__', '__delattr__', '__delitem__', '__dict__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__getitem__', '__gt__', '__hash__', '__init__', '__iter__', '__le__', '__len__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setitem__', '__sizeof__', '__slotnames__', '__str__', '__subclasshook__', '__weakref__', '_classname', '_cmp', '_host', '_kbstr_to_cimval', '_keybindings', '_namespace', 'classname', 'copy', 'from_instance', 'from_wbem_uri', 'get', 'has_key', 'host', 'items', 'iteritems', 'iterkeys', 'itervalues', 'keybindings', 'keys', 'namespace', 'to_wbem_uri', 'tocimxml', 'tocimxmlstr', 'update', 'values'] object_path = one_wbem_object.path.to_wbem_uri() # u'//vps516494.ovh.net/root/cimv2:PG_UnixProcess.CSName="vps516494.localdomain",Handle="1",OSCreationClassName="CIM_OperatingSystem",CreationClassName="PG_UnixProcess",CSCreationClassName="CIM_UnitaryComputerSystem",OSName="Fedora"' DEBUG("object.path=%s", object_path) dict_key_values = WbemKeyValues(one_wbem_object.iteritems()) dict_key_values[ lib_kbase.PredicateIsDefinedBy] = lib_common.NodeLiteral( "WBEM") # Add it again, so the original Sparql query will work. dict_key_values[ lib_kbase.PredicateSeeAlso] = lib_common.NodeLiteral("WBEM") # # s=\\RCHATEAU-HP\root\cimv2:Win32_UserAccount.Domain="rchateau-HP",Name="rchateau" phttp://www.w3.org/1999/02/22-rdf-syntax-ns#type o=Win32_UserAccount dict_key_values[lib_kbase.PredicateType] = lib_properties.MakeProp( class_name) DEBUG("dict_key_values=%s", dict_key_values) lib_util.PathAndKeyValuePairsToRdf(grph, object_path, dict_key_values) yield (object_path, dict_key_values)
def _define_class_in_ontology(url_node): """This takes the class from an Url and defines it in the RDF ontology. This returns the class name as a string.""" entity_label, class_name, entity_id = lib_naming.ParseEntityUri( url_node) # This could be: ("http://the_host", "http://primhillcomputers.com/survol/____Information", "HTTP url") if not class_name: return None # TODO: Define base classes with rdfs:subClassOf / RDFS.subClassOf # "base_class" and "class_description' ??? # A class name with the WMI namespace might be produced with this kind of URL: # "http://www.primhillcomputers.com/survol#root\CIMV2:CIM_Process" class_name = class_name.replace("\\", "%5C") assert isinstance(class_name, str) if class_name not in map_classes: if class_name == "": raise Exception("No class name for url=%s type=%s" % (str(url_node), str(type(url_node)))) # Maybe this CIM class is not defined as an RDFS class. # This function might also filter duplicate and redundant insertions. lib_util.AppendClassSurvolOntology(class_name, map_classes, map_attributes) # The entity_id is a concatenation of CIM property-value paris, and define an unique object. # They are different of the triples, but might overlap. entity_id_dict = lib_util.SplitMoniker(entity_id) for predicate_key in entity_id_dict: if predicate_key not in map_attributes: # This function might also filter a duplicate and redundant insertion. lib_util.append_property_survol_ontology( predicate_key, "CIM key predicate %s" % predicate_key, class_name, None, map_attributes) # This value is explicitly added to the node. predicate_value = entity_id_dict[predicate_key] new_grph.add((url_node, lib_properties.MakeProp(predicate_key), rdflib.Literal(predicate_value))) # This adds a triple specifying that this node belongs to this RDFS class. lib_kbase.add_node_to_rdfs_class(new_grph, url_node, class_name, entity_label) return class_name
def filter_objects_with_predicate_class(self, associator_key_name, result_class_name): """This returns only the objects of a given class and for a given predicate.""" logging.debug("associator_key_name=%s, result_class_name=%s", associator_key_name, result_class_name) dict_objects = {} # First pass to filter the objects nodes of a given class labelled with the predicate.. for source_subject, source_predicate, source_object in self.m_triplestore: #logging.warning("TripleStore.ObjectFromPredicate s=%s, p=%s, o=%s", # source_subject, source_predicate, source_object) # This transforms for example "http://primhillcomputers.com/survol#Domain" into "Domain" predicate_name = lib_properties.PropToQName(source_predicate) # logging.warning("filter_objects_with_predicate_class predicate_name=%s",predicate_name) # s=http://LOCALHOST:80/LocalExecution/entity.py?xid=CIM_Process.Handle=2544 # p=http://primhillcomputers.com/survol#ppid # o=http://LOCALHOST:80/LocalExecution/entity.py?xid=CIM_Process.Handle=2092 if predicate_name == associator_key_name: # class_object = source_object object_instance = url_to_instance(source_object) if object_instance.__class__.__name__ == result_class_name: dict_objects[source_object] = object_instance # Now, it gathers extra properties for the selected objects. # This does not fit exactly in the object model, # because the extra properties are added in the internal dictonal, # but are not members of the object. for source_subject, source_predicate, source_object in self.m_triplestore: if source_subject in dict_objects: predicate_name = lib_properties.PropToQName(source_predicate) object_value = str(source_object) dict_objects[source_subject].m_key_value_pairs[ predicate_name] = object_value for dict_objects, object_instance in dict_objects.items(): node_path = str(dict_objects) # The keys of the key-value dictionary must be nodes, not string, # for example: rdflib.term.URIRef(u'http://primhillcomputers.com/survol#runs') dict_nodes_keys_values = { lib_properties.MakeProp(dict_key): dict_value for dict_key, dict_value in object_instance.m_key_value_pairs.items() } yield (node_path, dict_nodes_keys_values)
def GetElementAsString(dict_key_values, property_name): property_node = lib_properties.MakeProp(property_name) value_node = dict_key_values[property_node] value_literal = str(value_node) return value_literal
def Main(): cgiEnv = lib_common.ScriptEnvironment() try: the_pid = int(cgiEnv.GetId()) except Exception: lib_common.ErrorMessageHtml("Must provide a pid") # If cannot be the current pid, otherwise it will block. if the_pid == os.getpid(): lib_common.ErrorMessageHtml("Cannot debug current process") if not lib_util.isPlatformWindows: lib_common.ErrorMessageHtml("This works only on Windows platforms") grph = cgiEnv.GetGraph() # Starts a second session cdb_fil = lib_util.TmpFile("CdbCommand", "cdb") cdb_fd = open(cdb_fil.Name, "w") cdb_fd.write("lm\n") # List loaded modules cdb_fd.write("k\n") # Display stack backtrace. cdb_fd.write("qd\n") # Quit and detach. cdb_fd.close() cdb_cmd = "cdb -p " + str(the_pid) + " -cf " + cdb_fil.Name proc_node = lib_uris.gUriGen.PidUri(the_pid) call_node_prev = None modules_map = {} logging.debug("Starting cdb_cmd=%s", cdb_cmd) try: cdb_pipe = lib_common.SubProcPOpen(cdb_cmd) except WindowsError as exc: lib_common.ErrorMessageHtml("cdb not available: Caught:%s" % str(exc)) logging.debug("Started cdb_cmd=%s", cdb_cmd) cdb_output, cdb_err = cdb_pipe.communicate() # Without decode, "TypeError: Type str does not support the buffer API" cdb_str = cdb_output.decode("utf-8") call_depth = 0 for dot_line in cdb_str.split('\n'): err_match = re.match(".*parameter is incorrect.*", dot_line) if err_match: lib_common.ErrorMessageHtml("CDB:"+dot_line) # 76590000 766a0000 kernel32 (export symbols) C:\Windows\syswow64\kernel32.dll match_lm = re.match(r"[0-9a-fA-F]+ [0-9a-fA-F]+ +([^ ]*) +\(export symbols\) +(.*)", dot_line ) if match_lm: module_name = match_lm.group(1) dll_name_raw = match_lm.group(2).strip() dll_name = lib_util.standardized_file_path(dll_name_raw) logging.debug("module_name=%s dll_name=%s", module_name, dll_name) modules_map[module_name] = dll_name continue # 295cfb0c 00000000 ntdll!RtlInitializeExceptionChain+0x36 # Another format, maybe because of a 64 bits machine. # 00000000`02edff90 00000000`00000000 ntdll!RtlUserThreadStart+0x21 match_k = re.match("[`0-9a-fA-F]+ [`0-9a-fA-F]+ ([^!]*)!([^+]*)", dot_line) if match_k: module_name = match_k.group(1) try: dll_name = modules_map[module_name] except KeyError: dll_name = module_name func_name = match_k.group(2).strip() logging.debug("module_name=%s dll_name=%s func_name=%s", module_name, dll_name, func_name) dll_name = CDB.TestIfKnownDll(dll_name) call_node_prev = survol_symbol.AddFunctionCall(grph, call_node_prev, proc_node, func_name, dll_name) grph.add((call_node_prev, lib_properties.MakeProp("Call_depth"), lib_util.NodeLiteral(call_depth))) call_depth += 1 continue logging.debug("dot_line=%s", dot_line) logging.debug("Parsed cdb result") call_node_prev = survol_symbol.AddFunctionCall(grph, call_node_prev, proc_node, None, None) CIM_Process.AddInfo(grph, proc_node, [the_pid]) # http://msdn.microsoft.com/en-us/library/windows/hardware/ff539058(v=vs.85).aspx # # This section describes how to perform basic debugging tasks using # the Microsoft Console Debugger (CDB) and Microsoft NT Symbolic Debugger (NTSD). # CDB and NTSD are identical in every way, except that NTSD spawns # a new text window when it is started, whereas CDB inherits # the Command Prompt window from which it was invoked. # The instructions in this section are given for CDB, # but they work equally well for NTSD. For a discussion # of when to use CDB or NTSD, see Debugging Environments. cgiEnv.OutCgiRdf("LAYOUT_SPLINE")
def _check_events_feeder_psutil_processes_perf(test_object, text_message, result_graph): """This checks the result of events_feeder_psutil_processes_perf.py""" test_object.assertTrue(result_graph) print(text_message, "len(result_graph)=", len(result_graph)) print("CurrentPid=", CurrentPid, "CurrentParentPid=", CurrentParentPid) property_process_perf = lib_properties.MakeProp("Processes performances") def check_one_process(process_id): # There should be at least one sample. Normally only one if this is a snapshot, # but this is not an important constraint. print(text_message, "Checking process", process_id) process_node = test_object._agent_box().node_from_dict("CIM_Process", {"Handle": process_id}) samples_number = 0 for _, _, sample_root_node in result_graph.triples((process_node, property_process_perf, None)): def check_present(property_name): print("Checking property", property_name) """Now look for some randomly-chosen counters which must be here on all platforms.""" property_node = lib_properties.MakeProp(property_name) value_triples_list = list(result_graph.triples((sample_root_node, property_node, None))) test_object.assertEqual(len(value_triples_list), 1) test_object.assertEqual(type(value_triples_list[0][2]), rdflib.Literal) print("Checking sample", sample_root_node) check_present("cpu") check_present("rss") check_present("vms") samples_number += 1 print(text_message, "pid=", process_id, "samples number=", samples_number) if samples_number == 0: def _simpler(the_node): cleaner_str = str(the_node) cleaner_str = cleaner_str.replace("http://www.primhillcomputers.com/survol", "") cleaner_str = cleaner_str.replace(test_object._agent_url + "/survol", "") return cleaner_str for a, b, c in result_graph: print(" ", _simpler(a), _simpler(b), _simpler(c)) test_object.assertTrue(samples_number >= 1) property_process_handle = lib_properties.MakeProp("Handle") # This lists processes with available data. process_handles_list = sorted([ int(process_id) for process_node, _, process_id in result_graph.triples((None, property_process_handle, None))]) print("Process handles=", len(process_handles_list), process_handles_list) samples_list = sorted([ process_node for process_node, _, sample_node in result_graph.triples((None, property_process_perf, None))]) print("Samples=", len(samples_list)) test_object.assertTrue(CurrentPid in process_handles_list) test_object.assertTrue(CurrentParentPid in process_handles_list) # The node of the current process must be in the detected processes. check_one_process(CurrentPid) # The node of the parent process must be in the detected processes. check_one_process(CurrentParentPid)
def GetElementAsString(one_dict, property_name): property_node = lib_properties.MakeProp(property_name) value_node = one_dict[property_node] value_literal = str(value_node) return value_literal
import lib_util import lib_common import lib_properties from lib_properties import pc from sources_types import CIM_Directory def Usable(entity_type, entity_ids_arr): """Can run on a directory only, on Windows.""" if not lib_util.UsableWindows(entity_type, entity_ids_arr): return False dir_nam = entity_ids_arr[0] return os.path.isdir(dir_nam) property_notified_file_change = lib_properties.MakeProp("file change") property_notified_change_type = lib_properties.MakeProp("change type") def _add_windows_dir_change(grph, path_to_watch, updated_file, action_code, timestamp_node): actions_codes = { 1: "Created", 2: "Deleted", 3: "Updated", 4: "Renamed from something", 5: "Renamed to something" } action_text = actions_codes.get(action_code, "Unknown") full_filename = os.path.join(path_to_watch, updated_file)