コード例 #1
0
    def main(self, argumentList):
        # Disabling contracts solves some performance issues.
        contracts.disable_all()

        argumentParser = argparse.ArgumentParser(
            description=u"Make ModSecurity exceptions.")
        argumentParser.add_argument(
            u"-i",
            u"--input",
            metavar=u"MODSEC_AUDIT_LOG_FILE",
            dest='modsecurityAuditLogPath',
            type=unicode,
            default=None,
            help=
            u"Modsecurity audit log file path or '-' to read from standard input."
        )
        argumentParser.add_argument(
            u"-d",
            u"--data-url",
            dest='dataURL',
            type=unicode,
            required=True,
            default=None,
            help=u"Example: 'sqlite:////tmp/modsecurity-exception-factory.db'")
        argumentParser.add_argument(u"-c",
                                    u"--config-file",
                                    dest='configFilePath',
                                    type=unicode,
                                    default=None)

        argumentObject = argumentParser.parse_args(argumentList)

        # Try to parse config.
        config = Config(argumentObject.configFilePath)
        variableNameList = config.variableNameList()
        ignoredVariableDict = config.ignoredVariableDict()
        minimumOccurrenceCountThreshold = config.minimumOccurrenceCountThreshold(
        )
        maximumValueCountThreshold = config.maximumValueCountThreshold()

        # Initialize data source object.
        dataSource = ModsecurityAuditDataSourceSQL(argumentObject.dataURL)

        # Parse log if given.
        if argumentObject.modsecurityAuditLogPath is not None:
            self._parseFile(argumentObject.modsecurityAuditLogPath, dataSource)

        # Preparing correlation engine.
        correlationEngine = CorrelationEngine(variableNameList,
                                              ignoredVariableDict,
                                              minimumOccurrenceCountThreshold,
                                              maximumValueCountThreshold)
        correlationEngine.addProgressListener(
            CorrelationProgressListenerConsole(sys.stderr))

        # Correlating and writing exceptions progressively using the power of Python generators.
        ModsecurityExceptionWriter(stream=sys.stdout).write(
            correlationEngine.correlate(dataSource))

        return 0
コード例 #2
0
 def testDefault(self):
     config = Config()
     self.assertEqual({}, config.ignoredVariableDict())
     self.assertEqual(
         ['host_name', 'request_file_name', 'payload_container', 'rule_id'],
         config.variableNameList())
     self.assertEqual(0, config.minimumOccurrenceCountThreshold())
     self.assertEqual(None, config.maximumValueCountThreshold())
コード例 #3
0
 def testOK(self):
     config = Config(self._TEST_CONFIG_OK)
     self.assertEqual(
         {
             'rule_id': [u"111111", u"222222", u"333333"],
             'host_name': [u"1.1.1.1"]
         }, config.ignoredVariableDict())
     self.assertEqual(['aaa', 'bbb', 'ccc'], config.variableNameList())
     self.assertEqual(10, config.minimumOccurrenceCountThreshold())
     self.assertEqual(20, config.maximumValueCountThreshold())