def testParse(self): filt = filters.ItemFilter() one = rdfvalue.Config(test1="1", test2=[2, 3]) foo = rdfvalue.Config(test1="foo", test2=["bar", "baz"]) fs = rdfvalue.Filesystem(device="/dev/sda1", mount_point="/root") objs = [one, foo, fs] results = filt.Parse(objs, "test1 is '1'") self.assertEqual(1, len(results)) self.assertEqual("test1", results[0].k) self.assertEqual("1", results[0].v) results = filt.Parse(objs, "test1 is '2'") self.assertFalse(results) results = filt.Parse(objs, "test2 contains 3") self.assertEqual(1, len(results)) self.assertEqual("test2", results[0].k) self.assertEqual([2, 3], results[0].v) results = filt.Parse(objs, "test1 is '1' or test1 contains 'foo'") self.assertEqual(2, len(results)) self.assertEqual("test1", results[0].k) self.assertEqual("1", results[0].v) self.assertEqual("test1", results[1].k) self.assertEqual("foo", results[1].v) results = filt.Parse(objs, "mount_point is '/root'") self.assertEqual(1, len(results)) self.assertEqual("mount_point", results[0].k) self.assertEqual("/root", results[0].v)
def testParse(self): filt = filters.ObjectFilter() cfg = rdfvalue.Config(test="ok") results = list(filt.Parse(cfg, "test is 'ok'")) self.assertEqual([cfg], results) cfg = rdfvalue.Config(test="miss") results = list(filt.Parse(cfg, "test is 'ok'")) self.assertEqual([], results)
def testParse(self): filt = filters.ObjectFilter() hit1 = rdfvalue.Config(test="hit1") hit2 = rdfvalue.Config(test="hit2") miss = rdfvalue.Config(test="miss") objs = [hit1, hit2, miss] results = filt.Parse(objs, "test is 'hit1'") self.assertItemsEqual([hit1], results) results = filt.Parse(objs, "test is 'hit2'") self.assertItemsEqual([hit2], results) results = filt.Parse(objs, "test inset 'hit1,hit2'") self.assertItemsEqual([hit1, hit2], results)
def ParseObjs(self, objs, expression): filt = self._Compile(expression) key = expression.split(None, 1)[0] for obj in objs: for result in filt.Filter(obj): val = getattr(result, key) yield rdfvalue.Config({"k": key, "v": val})
def testParse(self): filt = filters.RDFFilter() cfg = rdfvalue.Config() results = list(filt.Parse(cfg, "KnowledgeBase")) self.assertFalse(results) results = list(filt.Parse(cfg, "KnowledgeBase,Config")) self.assertItemsEqual([cfg], results)
def _Load(self, expression): self._Flush() parser = config_file.KeyValueParser(kv_sep=":", sep=",", term=(r"\s+", r"\n")) parsed = {} for entry in parser.ParseEntries(expression): parsed.update(entry) self.cfg = rdfvalue.Config(parsed) return parsed
def Parse(self, obj, expression): filt = self._Compile(expression) key = expression.split(None, 1)[0] for result in filt.Filter(obj): val = getattr(result, key) # Use a Config. KeyValueRDF values don't support attribute or dict # expansion for objectfilter expressions, and Dict RDF values require # a DictExpander. Using Config keeps the interface to objects consistent. yield rdfvalue.Config({"k": key, "v": val})
def testParse(self): filt = filters.AttrFilter() hit = rdfvalue.Config(test1="1", test2=2, test3=[3, 4]) miss = rdfvalue.Config(test1="5", test2=6, test3=[7, 8]) metacfg = rdfvalue.Config(hit=hit, miss=miss) result = list(filt.Parse(hit, "test1 test2")) self.assertEqual(2, len(result)) self.assertEqual("test1", result[0].k) self.assertEqual("1", result[0].v) self.assertEqual("test2", result[1].k) self.assertEqual(2, result[1].v) result = list(filt.Parse(metacfg, "hit.test3")) self.assertEqual(1, len(result)) self.assertEqual("hit.test3", result[0].k) self.assertEqual([3, 4], result[0].v)
def testParse(self): filt = filters.RDFFilter() cfg = rdfvalue.Config() anom = rdfvalue.Anomaly() objs = [cfg, anom] results = filt.Parse(objs, "KnowledgeBase") self.assertFalse(results) results = filt.Parse(objs, "Config,KnowledgeBase") self.assertItemsEqual([cfg], results) results = filt.Parse(objs, "Anomaly,Config,KnowledgeBase") self.assertItemsEqual(objs, results)
def testParse(self): filt = filters.AttrFilter() hit1 = rdfvalue.Config(k1="hit1", k2="found1", k3=[3, 4]) hit2 = rdfvalue.Config(k1="hit2", k2="found2") meta = rdfvalue.Config(one=hit1, two=hit2) objs = [hit1, hit2, meta] results = filt.Parse(objs, "k1 k2 one.k3") self.assertEqual(5, len(results)) r1, r2, r3, r4, r5 = results self.assertEqual("k1", r1.k) self.assertEqual("hit1", r1.v) self.assertEqual("k1", r2.k) self.assertEqual("hit2", r2.v) self.assertEqual("k2", r3.k) self.assertEqual("found1", r3.v) self.assertEqual("k2", r4.k) self.assertEqual("found2", r4.v) self.assertEqual("one.k3", r5.k) self.assertEqual([3, 4], r5.v)
def testParse(self): filt = filters.ItemFilter() cfg = rdfvalue.Config(test1="1", test2=[2, 3]) result = list(filt.Parse(cfg, "test1 is '1'")) self.assertEqual(1, len(result)) self.assertEqual("test1", result[0].k) self.assertEqual("1", result[0].v) result = list(filt.Parse(cfg, "test1 is '2'")) self.assertFalse(result) result = list(filt.Parse(cfg, "test2 contains 3")) self.assertEqual(1, len(result)) self.assertEqual("test2", result[0].k) self.assertEqual([2, 3], result[0].v) # Ensure this works on other RDF types, not just Configs. cfg = rdfvalue.Filesystem(device="/dev/sda1", mount_point="/root") result = list(filt.Parse(cfg, "mount_point is '/root'")) self.assertEqual(1, len(result)) self.assertEqual("mount_point", result[0].k) self.assertEqual("/root", result[0].v)
def testParseFileObjs(self): """Multiple file types are parsed successfully.""" filt = filters.StatFilter() ok = self._GenStat(path="/etc/shadow", st_uid=0, st_gid=0, st_mode=0100640) link = self._GenStat(path="/etc/shadow", st_uid=0, st_gid=0, st_mode=0120640) user = self._GenStat(path="/etc/shadow", st_uid=1000, st_gid=1000, st_mode=0100640) writable = self._GenStat(path="/etc/shadow", st_uid=0, st_gid=0, st_mode=0100666) cfg = { "path": "/etc/shadow", "st_uid": 0, "st_gid": 0, "st_mode": 0100640 } invalid = rdfvalue.Config(**cfg) objs = [ok, link, user, writable, invalid] results = list(filt.Parse(objs, "uid:>=0 gid:>=0")) self.assertItemsEqual([ok, link, user, writable], results) results = list(filt.Parse(objs, "uid:=0 mode:0440 mask:0440")) self.assertItemsEqual([ok, link, writable], results) results = list(filt.Parse(objs, "uid:=0 mode:0440 mask:0444")) self.assertItemsEqual([ok, link], results) results = list( filt.Parse(objs, "uid:=0 mode:0440 mask:0444 file_type:regular")) self.assertItemsEqual([ok], results)
def ParseObjs(self, objs, expression): for key in self._Attrs(expression): for obj in objs: val = self._GetVal(obj, key) if val: yield rdfvalue.Config({"k": key, "v": val})
def Parse(self, obj, expression): for key in self._Attrs(expression): val = self._GetVal(obj, key) yield rdfvalue.Config({"k": key, "v": val})
def GenerateSample(self, number=0): return rdfvalue.Config({"number": number})
def ParseMultiple(self, stats, file_objs, _): config = {} for stat, file_obj in zip(stats, file_objs): k, v = self._Parse(stat, file_obj) config[k] = v return rdfvalue.Config(config)