def encodeInvoker(self, invoker): ''' Create an encode exploit for the invoker. @param invoker: Invoker The invoker to create a parameters encoder for. @return: callable(**data) The exploit that provides the invoker encoding. ''' assert isinstance(invoker, Invoker), 'Invalid invoker %s' % invoker children, ordered = OrderedDict(), OrderedDict() for inp in invoker.inputs: assert isinstance(inp, Input) typeInp = inp.type assert isinstance(typeInp, Type) if typeInp.isPrimitive: children[inp.name] = self.encodePrimitive(typeInp, getterOnDict(inp.name)) elif isinstance(typeInp, TypeQuery): assert isinstance(typeInp, TypeQuery) childrenQuery, orderedQuery, getterQuery = OrderedDict(), OrderedDict(), getterOnDict(inp.name) for nameEntry, classCriteria in typeInp.query.criterias.items(): getter = getterChain(getterQuery, getterOnObjIfIn(nameEntry, typeInp.childTypeFor(nameEntry))) childrenQuery[nameEntry] = self.encodeCriteria(typeFor(classCriteria), getter) if issubclass(classCriteria, AsOrdered): orderedQuery[nameEntry] = self.encodeGetOrder(typeInp.childTypeFor(nameEntry), getterQuery) isUpdated = False if invoker.output.isOf(typeInp.owner): # If the query is a main query and also there is no name conflict then add the query children to # the main children if set(childrenQuery.keys()).isdisjoint(children.keys()) and set(orderedQuery).isdisjoint(ordered): isUpdated = True children.update(childrenQuery) ordered.update(orderedQuery) if not isUpdated: children[inp.name] = self.encodePath(childrenQuery) ordered[inp.name] = self.encodePath(orderedQuery) exploitOrder = None if ordered: if self.nameOrderAsc in children: log.error('Name conflict for \'%s\' in %s', self.nameOrderAsc, invoker) elif self.nameOrderDesc in children: log.error('Name conflict for \'%s\' in %s', self.nameOrderDesc, invoker) else: exploitOrder = self.encodeOrder(self.encodePath(ordered)) exploitPath = self.encodePath(children) def exploit(**data): target = deque() data.update(target=target) exploitPath(**data) if exploitOrder: exploitOrder(**data) return target return exploit
def decodeInvoker(self, invoker): """ Create a decode exploit for the invoker. @param invoker: Invoker The invoker to create a parameters decoder for. @return: callable(**data) -> boolean The exploit that provides the invoker decoding. """ assert isinstance(invoker, Invoker), "Invalid invoker %s" % invoker children, ordered = {}, {} for inp in invoker.inputs: assert isinstance(inp, Input) typeInp = inp.type assert isinstance(typeInp, Type) if typeInp.isPrimitive: if isinstance(typeInp, Iter): assert isinstance(typeInp, Iter) setter = setterWithGetter(obtainOnDict(inp.name, list), list.append) inpDecode = self.decodePrimitiveList(setter, typeInp.itemType) else: inpDecode = self.decodePrimitive(setterOnDict(inp.name), typeInp) children[inp.name] = inpDecode elif isinstance(typeInp, TypeQuery): assert isinstance(typeInp, TypeQuery) assert isinstance(typeInp.query, Query) childrenQuery, orderedQuery, getterQuery = {}, {}, obtainOnDict(inp.name, inp.type.clazz) for nameEntry, classCriteria in typeInp.query.criterias.items(): getter = getterChain(getterQuery, getterOnObj(nameEntry)) childrenQuery[nameEntry] = self.decodeCriteria(typeFor(classCriteria), getter) if issubclass(classCriteria, AsOrdered): orderedQuery[nameEntry] = self.decodeSetOrder( typeInp.criteriaEntryTypeFor(nameEntry), getterQuery ) isUpdated = False if invoker.output.isOf(typeInp.owner): # If the query is a main query and also there is no name conflict then add the query children to # the main children if set(childrenQuery.keys()).isdisjoint(children.keys()) and set(orderedQuery).isdisjoint(ordered): isUpdated = True children.update(childrenQuery) ordered.update(orderedQuery) if not isUpdated: children[inp.name] = self.decodePath(childrenQuery) ordered[inp.name] = self.decodePath(orderedQuery) if self.nameOrderAsc in children: log.error("Name conflict for '%s' in %s", self.nameOrderAsc, invoker) elif self.nameOrderDesc in children: log.error("Name conflict for '%s' in %s", self.nameOrderDesc, invoker) else: exploitOrder = self.decodePath(ordered) children[self.nameOrderAsc] = self.decodeOrder(True, exploitOrder) children[self.nameOrderDesc] = self.decodeOrder(False, exploitOrder) exploitPath = self.decodePath(children) def exploit(path, **data): assert isinstance(path, str), "Invalid path %s" % path path = deque(path.split(self.separatorName)) return exploitPath(path=path, **data) return exploit
def encodeInvoker(self, invoker): ''' Create an encode exploit for the invoker. @param invoker: Invoker The invoker to create a parameters encoder for. @return: callable(**data) The exploit that provides the invoker encoding. ''' assert isinstance(invoker, Invoker), 'Invalid invoker %s' % invoker children, ordered = OrderedDict(), OrderedDict() for inp in invoker.inputs: assert isinstance(inp, Input) typeInp = inp.type assert isinstance(typeInp, Type) if typeInp.isPrimitive: children[inp.name] = self.encodePrimitive( typeInp, getterOnDict(inp.name)) elif isinstance(typeInp, TypeQuery): assert isinstance(typeInp, TypeQuery) childrenQuery, orderedQuery, getterQuery = OrderedDict( ), OrderedDict(), getterOnDict(inp.name) for nameEntry, classCriteria in typeInp.query.criterias.items( ): getter = getterChain( getterQuery, getterOnObjIfIn( nameEntry, typeInp.criteriaEntryTypeFor(nameEntry))) childrenQuery[nameEntry] = self.encodeCriteria( typeFor(classCriteria), getter) if issubclass(classCriteria, AsOrdered): orderedQuery[nameEntry] = self.encodeGetOrder( typeInp.criteriaEntryTypeFor(nameEntry), getterQuery) isUpdated = False if invoker.output.isOf(typeInp.owner): # If the query is a main query and also there is no name conflict then add the query children to # the main children if set(childrenQuery.keys()).isdisjoint(children.keys( )) and set(orderedQuery).isdisjoint(ordered): isUpdated = True children.update(childrenQuery) ordered.update(orderedQuery) if not isUpdated: children[inp.name] = self.encodePath(childrenQuery) ordered[inp.name] = self.encodePath(orderedQuery) exploitOrder = None if ordered: if self.nameOrderAsc in children: log.error('Name conflict for \'%s\' in %s', self.nameOrderAsc, invoker) elif self.nameOrderDesc in children: log.error('Name conflict for \'%s\' in %s', self.nameOrderDesc, invoker) else: exploitOrder = self.encodeOrder(self.encodePath(ordered)) exploitPath = self.encodePath(children) def exploit(**data): target = deque() data.update(target=target) exploitPath(**data) if exploitOrder: exploitOrder(**data) return target return exploit
def decodeInvoker(self, invoker): ''' Create a decode exploit for the invoker. @param invoker: Invoker The invoker to create a parameters decoder for. @return: callable(**data) -> boolean The exploit that provides the invoker decoding. ''' assert isinstance(invoker, Invoker), 'Invalid invoker %s' % invoker children, ordered = {}, {} for inp in invoker.inputs: assert isinstance(inp, Input) typeInp = inp.type assert isinstance(typeInp, Type) if typeInp.isPrimitive: if isinstance(typeInp, Iter): assert isinstance(typeInp, Iter) setter = setterWithGetter(obtainOnDict(inp.name, list), list.append) inpDecode = self.decodePrimitiveList( setter, typeInp.itemType) else: inpDecode = self.decodePrimitive(setterOnDict(inp.name), typeInp) children[inp.name] = inpDecode elif isinstance(typeInp, TypeQuery): assert isinstance(typeInp, TypeQuery) assert isinstance(typeInp.query, Query) childrenQuery, orderedQuery, getterQuery = {}, {}, obtainOnDict( inp.name, inp.type.clazz) for nameEntry, classCriteria in typeInp.query.criterias.items( ): getter = getterChain(getterQuery, getterOnObj(nameEntry)) childrenQuery[nameEntry] = self.decodeCriteria( typeFor(classCriteria), getter) if issubclass(classCriteria, AsOrdered): orderedQuery[nameEntry] = self.decodeSetOrder( typeInp.criteriaEntryTypeFor(nameEntry), getterQuery) isUpdated = False if invoker.output.isOf(typeInp.owner): # If the query is a main query and also there is no name conflict then add the query children to # the main children if set(childrenQuery.keys()).isdisjoint(children.keys( )) and set(orderedQuery).isdisjoint(ordered): isUpdated = True children.update(childrenQuery) ordered.update(orderedQuery) if not isUpdated: children[inp.name] = self.decodePath(childrenQuery) ordered[inp.name] = self.decodePath(orderedQuery) if self.nameOrderAsc in children: log.error('Name conflict for \'%s\' in %s', self.nameOrderAsc, invoker) elif self.nameOrderDesc in children: log.error('Name conflict for \'%s\' in %s', self.nameOrderDesc, invoker) else: exploitOrder = self.decodePath(ordered) children[self.nameOrderAsc] = self.decodeOrder(True, exploitOrder) children[self.nameOrderDesc] = self.decodeOrder( False, exploitOrder) exploitPath = self.decodePath(children) def exploit(path, **data): assert isinstance(path, str), 'Invalid path %s' % path path = deque(path.split(self.separatorName)) return exploitPath(path=path, **data) return exploit