def __init__(self, element):
"""Initialize file search"""
self.regex = element["regex"] if "regex" in element else ""
assert (isinstance(self.regex,
(str, unicode,
type(None)) if common.is_python2x() else
(str, type(None))))
self.nregex = element["nregex"] if "nregex" in element else ""
assert (isinstance(self.nregex,
(str, unicode,
type(None)) if common.is_python2x() else
(str, type(None))))
self.wholeregex = element[
"wholeregex"] if "wholeregex" in element else ""
assert (isinstance(self.wholeregex,
(str, unicode,
type(None)) if common.is_python2x() else
(str, type(None))))
self.nwholeregex = element[
"nwholeregex"] if "nwholeregex" in element else ""
assert (isinstance(self.nwholeregex,
(str, unicode,
type(None)) if common.is_python2x() else
(str, type(None))))
self.search = element["search"] if "search" in element else ""
self.object_type = element["type"] if "type" in element else ""
self.path = common.expanduser(
common.expandvars(element["path"] if "path" in element else ""))
if 'nt' == os.name and self.path:
# convert forward slash to backslash for compatibility with getsize()
# and for display. Do not convert an empty path, or it will become
# the current directory (.).
self.path = os.path.normpath(self.path)
self.ds = {}
if 'deep' == self.search:
self.ds['regex'] = self.regex
self.ds['nregex'] = self.nregex
self.ds['cache'] = common.boolstr_to_bool(element["cache"])
self.ds['command'] = element["command"]
self.ds['path'] = self.path
if not any([
self.object_type, self.regex, self.nregex, self.wholeregex,
self.nwholeregex
]):
# If the filter is not needed, bypass it for speed.
self.get_paths = self._get_paths
def get_paths(self):
if common.is_python2x():
import itertools
for f in itertools.ifilter(self.path_filter, self._get_paths()):
yield f
else:
for f in filter(self.path_filter, self._get_paths()):
yield f
def get_last_month(t=None):
if not t:
t = time.time()
t = time.localtime(t)
time1 = time.mktime(
time.strptime(time.strftime('%Y-%m-1 00:00:00', t),
'%Y-%m-%d %H:%M:%S'))
if common.is_python2x():
return long(time1)
else:
return time1
def set_environ(varname, path):
"""Define an environment variable for use in CleanerML and Winapp2.ini"""
if not path:
return
if varname in os.environ:
#logger.debug('set_environ(%s, %s): skipping because environment variable is already defined', varname, path)
if 'nt' == os.name:
if common.is_python2x():
os.environ[varname] = common.expandvars(u'%%%s%%' % varname).encode('utf-8')
else:
os.environ[varname] = common.expandvars(u'%%%s%%' % varname)
# Do not redefine the environment variable when it already exists
# But re-encode them with utf-8 instead of mbcs
return
try:
if not os.path.exists(path):
raise RuntimeError('Variable %s points to a non-existent path %s' % (varname, path))
if common.is_python2x():
os.environ[varname] = path.encode('utf8')
else:
os.environ[varname] = path
except:
logger().error('set_environ(%s, %s): exception when setting environment variable', varname, path)
def on_initializing(self, *args, **kwargs):
for pathname in self.list_jsons():
if common.is_python2x():
with open(pathname, "r") as f:
self.conf[os.path.splitext(
os.path.basename(pathname))[0]] = json.load(f)
else:
with open(pathname, "r", encoding="utf-8") as f:
self.conf[os.path.splitext(
os.path.basename(pathname))[0]] = json.load(f)
if self.lang in self.conf:
return True
return False
def get_connection(self, addr, userID):
host = None
port = None
gate_host, gate_port = addr.rsplit(":", 1)
if common.is_python2x():
import httplib
if Kconfig().release:
conn = httplib.HTTPSConnection(gate_host, gate_port)
else:
conn = httplib.HTTPConnection(gate_host, gate_port)
else:
from http.client import HTTPConnection
conn = HTTPConnection(gate_host, gate_port)
data = "{};{}".format(userID, Ksecurity().get_pubkey())
encrypt = Ksecurity().rsa_long_encrypt(data, 200)
Klogger().info("Request to Gateway server userid:{}".format(userID))
conn.request("POST", "/xxx", encrypt, {
"Content-type": "application/octet-stream",
"Accept": "text/plain"
})
res = conn.getresponse()
Klogger().info("Get Response From Gateway server status({})".format(
res.status))
if res.status == 200:
data = res.read()
data = Ksecurity().rsa_long_decrypt(data, 256)
if ":" in data:
host, port, en_mods = data.split(":", 2)
pattern = re.compile(r"<data>(.*)</data>", re.S)
match = re.search(pattern, en_mods)
if match and len(match.groups()):
en_mods = match.groups()[0]
conn.close()
Klogger().info("Logic Server Host:{} Port:{}".format(host, port))
return host, port, en_mods
def aes_encrypt(self, data):
count = 0
encrypt = []
if common.is_python2x():
for i in data:
encrypt.append(
chr(ord(i) ^ ord(self.aes[count % len(self.aes)])))
count += 1
return b"".join(encrypt)
else:
for i in data:
encrypt.append(i ^ self.aes[count % len(self.aes)])
count += 1
return bytes(encrypt)
def network_status(response):
interfaces = psutil.net_if_addrs()
for name, addrs in interfaces.items():
key = common.decode2utf8(name) if common.is_python2x() else name
status = {"ipv4": "-", "ipv6": "-", "mac": "-"}
for addr in addrs:
if addr.family == socket.AF_INET:
status["ipv4"] = addr.address
if addr.family == socket.AF_INET6:
status["ipv6"] = addr.address
if addr.family == psutil.AF_LINK:
status["mac"] = addr.address
response["nic"][key] = status
def create_http_request(addr, method, url, data, header=None):
host, port = addr.rsplit(":", 1)
if common.is_python2x():
import httplib
if port == "443":
conn = httplib.HTTPSConnection(host, port, timeout=5)
else:
conn = httplib.HTTPConnection(host, port, timeout=5)
else:
from http.client import HTTPConnection
from http.client import HTTPSConnection
if port == "443":
conn = HTTPSConnection(host, port, timeout=5)
else:
conn = HTTPConnection(host, port, timeout=5)
if not header:
header = {
"Content-type": "application/octet-stream",
"Accept": "text/plain"
}
response_data = None
status = 404
try:
conn.request(method, url, data, header)
res = conn.getresponse()
status = res.status
if status == 200:
response_data = res.read()
except Exception as e:
pass
finally:
conn.close()
return status, response_data
def get_last_nmonth_ts(n):
t = time.localtime(time.time())
year, month = t.tm_year, t.tm_mon
last_nmonth = []
for i in range(n):
time_format = '{}-{}-1 00:00:00'.format(year, month)
month -= 1
if month == 0:
year -= 1
month = 12
time1 = time.mktime(time.strptime(time_format, '%Y-%m-%d %H:%M:%S'))
if common.is_python2x():
time1 = long(time1)
last_nmonth.append(time1)
return last_nmonth
def detect_cms(socket, session_id, existports, response):
rules = {}
with open(os.path.join(common.get_work_dir(), "config/cms_rules.lst"),
"r") as f:
rules = json.load(f)
for existport in existports:
Kharden().sync_process(
socket, session_id,
Kharden().WEBSCAN, 0, [get_percent()],
["Detecting fingerprint of {}".format(str(existport))])
for cms in rules:
for rule in rules[cms]:
try:
if common.is_python2x():
import httplib
conn = httplib.HTTPConnection("127.0.0.1",
existport,
timeout=1)
else:
from http.client import HTTPConnection
conn = HTTPConnection("127.0.0.1",
existport,
timeout=1)
if conn:
conn.request("GET", rule["url"])
res = conn.getresponse()
if res.status == 200:
data = res.read()
if "md5" in rule and hashlib.md5(
data).hexdigest() == rule["md5"]:
return cms
elif "text" in rule:
if type(rule["text"]) is list:
for itext in rule["text"]:
if itext in data:
return cms
elif rule["text"] in data:
return cms
elif "regexp" in rule:
if type(rule["regexp"]) is list:
for reg in rule["regexp"]:
if re.search(reg, data):
return cms
elif re.search(rule["regexp"], data):
return cms
conn.close()
except Exception as e:
Klogger.error(str(e))
return "Not CMS"