def get_path_lists(path=None,
offset=0,
limit=common.database_limit,
sort_by=None,
sort_ascending=True,
search_text=None,
complementary_search=False,
search_in_fields=None,
relative_dirname=None,
filename=None):
"""Get paths of all CDB lists
:param path: List of paths to read lists from
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort_by: Fields to sort the items by
:param sort_ascending: Sort in ascending (true) or descending (false) order
:param search_text: Text to search
:param complementary_search: Find items without the text to search
:param search_in_fields: Fields to search in
:param relative_dirname: Filters by relative dirname.
:param filename: List of filenames to filter by.
:return: AffectedItemsWazuhResult
"""
result = AffectedItemsWazuhResult(none_msg='No path was shown',
some_msg='Some paths could not be shown',
all_msg='All specified paths were shown')
lists = iterate_lists(only_names=True)
for item in list(lists):
if any([
relative_dirname is not None
and item['relative_dirname'] != relative_dirname,
filename is not None and item['filename'] not in filename,
os.path.join(item['relative_dirname'],
item['filename']) not in path
]):
lists.remove(item)
data = process_array(lists,
search_text=search_text,
search_in_fields=search_in_fields,
complementary_search=complementary_search,
sort_by=sort_by,
sort_ascending=sort_ascending,
offset=offset,
limit=limit)
result.affected_items = data['items']
result.total_affected_items = data['totalItems']
return result
def get_path_lists(filename=None, offset=0, limit=common.database_limit, sort_by=None, sort_ascending=True,
search_text=None, complementary_search=False, search_in_fields=None, relative_dirname=None):
"""Get paths of all CDB lists.
Parameters
----------
filename : list
List of filenames to filter by.
offset : int
First item to return.
limit : int
Maximum number of items to return.
sort_by : dict
Fields to sort the items by. Format: {"fields":["field1","field2"],"order":"asc|desc"}
sort_ascending : boolean
Sort in ascending (true) or descending (false) order.
search_text : str
Find items with the specified string.
complementary_search : bool
If True, only results NOT containing `search_text` will be returned. If False, only results that contains
`search_text` will be returned.
search_in_fields : str
Name of the field to search in for the `search_text`.
relative_dirname : str
Filter by relative dirname.
Returns
-------
result : AffectedItemsWazuhResult
Paths of all CDB lists.
"""
result = AffectedItemsWazuhResult(all_msg='All specified paths were returned',
some_msg='Some paths were not returned',
none_msg='No path was returned')
paths = get_filenames_paths(filename)
lists = iterate_lists(only_names=True)
for item in list(lists):
if any([relative_dirname is not None and item['relative_dirname'] != relative_dirname,
join(common.ossec_path, item['relative_dirname'], item['filename']) not in paths]):
lists.remove(item)
data = process_array(lists, search_text=search_text, search_in_fields=search_in_fields,
complementary_search=complementary_search, sort_by=sort_by, sort_ascending=sort_ascending,
offset=offset, limit=limit)
result.affected_items = data['items']
result.total_affected_items = data['totalItems']
return result
def test_iterate_lists(only_names, path):
"""Test `iterate_lists` core functionality.
`Iterate_list` must get the content of all CDB lists in a specified path skipping `.cdb` and `.swp` files. It will
return a list of dictionaries.
Parameters
----------
only_names : bool
If this parameter is true, only the name of all lists will be showed by `iterate_lists` instead of its content.
path : str
Path to iterate lists from.
"""
required_fields = ['relative_dirname', 'filename'] if only_names else ['relative_dirname', 'filename', 'items']
common.reset_context_cache()
result = iterate_lists(absolute_path=path, only_names=only_names)
assert isinstance(result, list)
assert len(result) != 0
for entry in result:
for field in required_fields:
assert field in entry
def _expand_resource(resource):
"""This function expand a specified resource depending of it type.
:param resource: Resource to be expanded
:return expanded_resource: Returns the result of the resource expansion
"""
name, attribute, value = resource.split(':')
resource_type = ':'.join([name, attribute])
# This is the special case, expand_group can receive * or the name of the group. That's why it' s always called
if resource_type == 'agent:group':
return expand_group(value)
# We need to transform the wildcard * to the resource of the system
if value == '*':
if resource_type == 'agent:id':
return get_agents_info()
elif resource_type == 'group:id':
return get_groups()
elif resource_type == 'role:id':
with RolesManager() as rm:
roles = rm.get_roles()
return {str(role_id.id) for role_id in roles}
elif resource_type == 'policy:id':
with PoliciesManager() as pm:
policies = pm.get_policies()
return {str(policy_id.id) for policy_id in policies}
elif resource_type == 'user:id':
users_system = set()
with AuthenticationManager() as auth:
users = auth.get_users()
for user in users:
users_system.add(user['user_id'])
return users_system
elif resource_type == 'rule:id':
with RulesManager() as rum:
rules = rum.get_rules()
return {str(rule_id.id) for rule_id in rules}
elif resource_type == 'rule:file':
tags = ['rule_include', 'rule_exclude', 'rule_dir']
format_rules = format_rule_decoder_file(
get_ossec_conf(section='ruleset')['ruleset'], {
'status': Status.S_ALL.value,
'relative_dirname': None,
'filename': None
}, tags)
return {rule['filename'] for rule in format_rules}
elif resource_type == 'decoder:file':
tags = ['decoder_include', 'decoder_exclude', 'decoder_dir']
format_decoders = format_rule_decoder_file(
get_ossec_conf(section='ruleset')['ruleset'], {
'status': Status.S_ALL.value,
'relative_dirname': None,
'filename': None
}, tags)
return {decoder['filename'] for decoder in format_decoders}
elif resource_type == 'list:path':
return {
os.path.join(cdb_list['relative_dirname'],
cdb_list['filename'])
for cdb_list in iterate_lists(only_names=True)
}
elif resource_type == 'node:id':
return set(cluster_nodes.get())
elif resource_type == 'file:path':
return get_files()
elif resource_type == '*:*': # Resourceless
return {'*'}
return set()
# We return the value casted to set
else:
return {value}