def getFileNode(self, morse: Morse) -> FileNode: if self.type != -1: return None try: if self.subtype == -1: if (len(self.params) != 1): return None res = CommonFile(self.Id, self.time, self.type, self.subtype, self.params[0], morse.get_itag_benign(), morse.get_ctag_benign()) return res elif self.subtype == 1: #shared memory # if (len(self.params) != 1): # return None # res = CommonFile(self.Id, self.time, self.type, self.subtype, self.params[0]) # return res pass elif self.subtype == 2: if (len(self.params) != 1): return None res = UnixSocketFile(self.Id, self.time, self.type, self.subtype, self.params[0], morse) return res elif self.subtype == 3: if (len(self.params) != 3): return None res = InetSocketFile(self.Id, self.time, self.type, self.subtype, self.params[0], self.params[1], self.params[2], morse) return res elif self.subtype == 4: if (len(self.params) != 2): return None res = PipFile(self.Id, self.time, self.type, self.subtype, self.params[0], self.params[1], morse.get_itag_benign(), morse.get_ctag_benign()) return res else: print("unexpected filenode subtype", self.subtype) except Exception as err: logger.error("get file node failed") msg = str(self.Id) + " " + str(self.time) + " " + str( self.type) + " " + str(self.subtype) + " " + str(self.params) logger.error(msg) traceback.print_exc() # print("get file node failed") return None
def __init__(self, id: int, time: int, type: int, subtype: int, inetSocketFd: str, ip: str, port: int, morse: Morse): super(InetSocketFile, self).__init__(id, time, type, subtype) self.inetSocketFd = inetSocketFd self.ip = ip self.port = port # for localhost connection or local network connection, we set them as benign self.iTag = morse.get_itag_susp_env() self.cTag = morse.get_itag_susp_env() for pattern in trusted_ip_pattern: if re.search(self.ip, pattern): self.iTag = morse.get_itag_benign() self.cTag = morse.get_ctag_benign() break
def __init__(self, id: int, time: int, type: int, subtype: int, unixSocketFd: str, morse: Morse): super(UnixSocketFile, self).__init__(id, time, type, subtype) self.unixSocketFd = unixSocketFd self.iTag = morse.get_itag_benign() self.cTag = morse.get_ctag_benign()