def parse_apps(apps_xml): obj = xmltodict.parse(apps_xml) try: apps = obj['response']['result']['application']['entry'] except KeyError as e: logger.error("Unable to parse app xml from firewall") raise e csv_apps = [] for app in apps: a = OrderedDict() try: a['app'] = app['@name'] a['app:category'] = app.get('category', "") a['app:subcategory'] = app.get('subcategory', "") a['app:technology'] = app.get('technology', "") a['app:risk'] = app['risk'] a['app:evasive'] = app['evasive-behavior'] a['app:excessive_bandwidth'] = app['consume-big-bandwidth'] a['app:used_by_malware'] = app['used-by-malware'] a['app:able_to_transfer_file'] = app['able-to-transfer-file'] a['app:has_known_vulnerability'] = app['has-known-vulnerability'] a['app:tunnels_other_application'] = app[ 'tunnel-other-application'] if a['app:tunnels_other_application'] != "yes" and a[ 'app:tunnels_other_application'] != "no": a['app:tunnels_other_application'] = a[ 'app:tunnels_other_application']['#text'] a['app:prone_to_misuse'] = app['prone-to-misuse'] a['app:pervasive_use'] = app['pervasive-use'] a['app:is_saas'] = app.get('is-saas', "no") a['app:default_ports'] = "" try: # Sometimes there are more than one default tag # so make it a list and iterate over the default tags. default = app['default'] if isinstance(default, list): for d in default: a['app:default_ports'] = d['port']['member'] break else: a['app:default_ports'] = default['port']['member'] except KeyError: pass else: if not isinstance(a['app:default_ports'], string_types): a['app:default_ports'] = "|".join(a['app:default_ports']) except Exception as e: logger.error("Error parsing app: %s" % app['@name']) logger.error(traceback.format_exc()) common.exit_with_error(string_types(e)) # convert all out of unicode for key in a: a[key] = string_types(a[key]) csv_apps.append(a) logger.info("Found %s apps" % len(csv_apps)) return csv_apps
def parse_threats(threats_xml): obj = xmltodict.parse(threats_xml) try: phone_home = obj['response']['result']['threats']['phone-home'][ 'entry'] vulnerability = obj['response']['result']['threats']['vulnerability'][ 'entry'] threats = phone_home + vulnerability except KeyError as e: logger.error("Unable to parse threat xml from firewall") raise e csv_threats = [] for threat in threats: a = OrderedDict() try: a['threat_id'] = threat['@name'] a['threat:name'] = threat['threatname'] a['threat:category'] = threat['category'] a['threat:severity'] = threat['severity'] a['threat:cve'] = threat.get('cve', None) if a['threat:cve'] is not None: a['threat:cve'] = threat['cve']['member'] if not isinstance(a['threat:cve'], string_types): a['threat:cve'] = ", ".join(a['threat:cve']) else: a['threat:cve'] = "" except KeyError as e: logger.error("Error parsing app: %s" % threat['@name']) raise e # convert all out of unicode for key in a: a[key] = string_types(a[key]) csv_threats.append(a) logger.info("Found %s threats" % len(csv_threats)) return csv_threats
def _get_fc_channel(self): """return : fcInfos[uuid] fcInfo[uuid]['display_name'] fcInfo[uuid]['display_description'] fcInfo[uuid]['hardware_address'] fcInfo[uuid]['type'] fcInfo[uuid]['speed'] fcInfo[uuid]['state'] """ output = None fcInfos = {} try: retCode, output = self.dpl.get_server_info() if retCode == 0 and output: fcUuids = output.get('metadata', {}).get('storage_adapter', {}).keys() for fcUuid in fcUuids: fcInfo = output.get('metadata', {}).get('storage_adapter', {}).get(fcUuid) if fcInfo['type'] == 'fc': fcInfos[fcUuid] = fcInfo except Exception as e: msg = _("Failed to get fiber channel info from storage due " "to %(stat)s") % { 'stat': six.string_types(e) } LOG.error(msg) return fcInfos
def _get_fc_channel(self): """return : fcInfos[uuid] fcInfo[uuid]['display_name'] fcInfo[uuid]['display_description'] fcInfo[uuid]['hardware_address'] fcInfo[uuid]['type'] fcInfo[uuid]['speed'] fcInfo[uuid]['state'] """ output = None fcInfos = {} try: retCode, output = self.dpl.get_server_info() if retCode == 0 and output: fcUuids = output.get('metadata', {}).get('storage_adapter', {}).keys() for fcUuid in fcUuids: fcInfo = output.get('metadata', {}).get('storage_adapter', {}).get(fcUuid) if fcInfo['type'] == 'fc': fcInfos[fcUuid] = fcInfo except Exception as e: msg = _("Failed to get fiber channel info from storage due " "to %(stat)s") % {'stat': six.string_types(e)} LOG.error(msg) return fcInfos
def get_token_generator(): token_generator_class = django_settings.DJOSER.get('TOKEN_GENERATOR') if not token_generator_class: return PasswordResetTokenGenerator() elif not isinstance(token_generator_class, six.string_types): raise Exception( "%s is not valid password reset token generator class" % six.string_types(token_generator_class)) return import_string(token_generator_class)()
def get_token_generator(): token_generator_class = django_settings.DJOSER.get('TOKEN_GENERATOR') if not token_generator_class: return PasswordResetTokenGenerator() elif not isinstance(token_generator_class, six.string_types): raise Exception("%s is not valid password reset token generator class" % six.string_types(token_generator_class) ) return import_string(token_generator_class)()
def categories(self, value): if isinstance(value, list): self._categories.purge() self._categories.extend([(six.string_types( x, self._base) if not isinstance(x, six.string_types) else x) for x in value]) elif isinstance(value, TypedList): self._categories.purge() self._categories = value.to_list() elif isinstance(value, six.string_types): self._categories.purge() self._categories.append(value)
def events(self, value): if isinstance(value, list): self._events.purge() self._events.extend([ (six.string_types(x, self._base) if not isinstance(x, six.string_types) else x) for x in value ]) elif isinstance(value, TypedList): self._events.purge() self._events = value.to_list() elif isinstance(value, six.string_types): self._events.purge() self._events.append(value)
def default(self, o): if isinstance(o, float): if o % 1 > 0: return decimal.Decimal(o) else: return int(o) elif isinstance(o, set): return list(o) elif isinstance(o, datetime.datetime): return string_types(o) elif isinstance(o, botocore.response.StreamingBody): return str(o) return super(DynamoDbEncoder, self).default(o)
def get(self, type_name, ref): e = self._aliased_objects.get(type_name, {}).get(ref, None) \ or self._objects.get(type_name, {}).get(ref, None) try: if not e and type(ref) in [int, float]: e = self._objects.get(type_name, {}).get(six.string_types(ref), None) if not e and isinstance(ref, six.string_types): e = self._objects.get(type_name, {}).get(int(ref), None) except: pass return e
def token_idx_map(context, context_tokens): acc = '' current_token_idx = 0 token_map = dict() for char_idx, char in enumerate(context): if char != u' ': acc += char context_token = six.string_types(context_tokens[current_token_idx]) if acc == context_token: syn_start = char_idx - len(acc) + 1 token_map[syn_start] = [acc, current_token_idx] acc = '' current_token_idx += 1 return token_map
def adv_query(self, getargs, url_options, session_key): '''Issue a MORE complex KV store query. The query string is constructed from a valid JSON object. Additional parameters such as "limit" can be included in the query_options dictionary. The allowable_params are: 'fields', 'limit', 'skip', 'sort', 'query' ''' options = {} for k, v in iter(getargs.items()): if k == 'query': options['query'] = json.dumps(v) elif k == 'fields': if isinstance(v, string_types): options['fields'] = v elif isinstance(v, list): options['fields'] = ','.join(v) else: raise ValueError( 'Invalid value for fields parameter in KV store query.' ) elif k in ['limit', 'skip']: # May raise ValueError options[k] = string_types(int(v)) elif k == 'sort': # Since sort order can be a bit complex, we just expect the # consumer to construct their own sort string here. if isinstance(v, string_types): options['sort'] = v else: raise ValueError( 'Invalid value for sort parameter in KV store query.') else: # Invalid parameter is ignored. pass params = urlencode(options) uri = '/servicesNS/{owner}/{app}/storage/collections/data/{collection}?{params}'.format( params=params, **url_options) response, content = splunk.rest.simpleRequest(uri, sessionKey=session_key) return response, content
def main(): # Get arguments args, kwargs = splunk.Intersplunk.getKeywordsAndOptions() # Enable debugging by passing 'debug=yes' as an argument of # the command on the Splunk searchbar. debug = common.check_debug(kwargs) if len(args) < 2: logger.error( "pancontentpack: Wrong number of arguments: %s, expected 2.\n" % len(args)) usage() if args[1] == "apps": logger.info( "Getting apps from content pack on Palo Alto Networks device at %s..." % args[0]) elif args[1] == "threats": logger.info( "Getting threats from content pack on Palo Alto Networks device at %s..." % args[0]) else: usage() # Results contains the data from the search results and settings # contains the sessionKey that we can use to talk to Splunk # Ignore the results results, unused1, settings = splunk.Intersplunk.getOrganizedResults() # Get the sessionKey sessionKey = settings['sessionKey'] log(debug, "Begin get API key") # Get the API key from the Splunk store or from the device at hostname if no apikey is stored apikey = common.apikey(sessionKey, args[0], debug) device = pandevice.base.PanDevice(args[0], api_key=apikey) device.refresh_system_info() try: if args[1] == "apps": device.xapi.get("/config/predefined/application") app_xml = device.xapi.xml_document csv = parse_apps(app_xml) else: if device._version_info >= (8, 0, 0): threat_xml = device.op( 'show predefined xpath "/predefined/threats"', xml=True, cmd_xml=True, ) else: device.xapi.get("/config/predefined/threats") threat_xml = device.xapi.xml_document csv = parse_threats(threat_xml) except pan.xapi.PanXapiError as e: common.exit_with_error(string_types(e)) # output results splunk.Intersplunk.outputResults(csv)
def to_json(obj, fp=None): default = lambda o: getmethod(o, '__json__', lambda v: six.string_types(v) )() kwargs = dict(default=default, indent=2, sort_keys=True) return json.dump(obj, fp, **kwargs) if fp else json.dumps(obj, **kwargs)
def to_json(obj, fp=None): default = lambda o: getmethod(o, "__json__", lambda v: six.string_types(v))() kwargs = dict(default=default, indent=2, sort_keys=True) return json.dump(obj, fp, **kwargs) if fp else json.dumps(obj, **kwargs)
def get_opened_file(output_file): if isinstance(output_file, string_types()): return open(output_file, 'wb')