def testParse(self): filt = filters.ItemFilter() one = rdfvalue.AttributedDict(test1="1", test2=[2, 3]) foo = rdfvalue.AttributedDict(test1="foo", test2=["bar", "baz"]) fs = rdfvalue.Filesystem(device="/dev/sda1", mount_point="/root") objs = [one, foo, fs] results = filt.Parse(objs, "test1 is '1'") self.assertEqual(1, len(results)) self.assertEqual("test1", results[0].k) self.assertEqual("1", results[0].v) results = filt.Parse(objs, "test1 is '2'") self.assertFalse(results) results = filt.Parse(objs, "test2 contains 3") self.assertEqual(1, len(results)) self.assertEqual("test2", results[0].k) self.assertEqual([2, 3], results[0].v) results = filt.Parse(objs, "test1 is '1' or test1 contains 'foo'") self.assertEqual(2, len(results)) self.assertEqual("test1", results[0].k) self.assertEqual("1", results[0].v) self.assertEqual("test1", results[1].k) self.assertEqual("foo", results[1].v) results = filt.Parse(objs, "mount_point is '/root'") self.assertEqual(1, len(results)) self.assertEqual("mount_point", results[0].k) self.assertEqual("/root", results[0].v)
def testInitialize(self): arnie = {"target": "Sarah Connor", "mission": "Protect"} t800 = {"target": "Sarah Connor", "mission": "Terminate"} terminator = rdfvalue.AttributedDict(arnie) self.assertEquals(terminator.GetItem("target"), "Sarah Connor") self.assertEquals(terminator.GetItem("mission"), "Protect") terminator = rdfvalue.AttributedDict(t800) self.assertEquals(terminator.target, "Sarah Connor") self.assertEquals(terminator.mission, "Terminate") # We don't want a conflicted Terminator self.assertFalse(terminator.GetItem("happy_face")) self.assertRaises(AttributeError, terminator.happy_face)
def testParse(self): filt = filters.ObjectFilter() hit1 = rdfvalue.AttributedDict(test="hit1") hit2 = rdfvalue.AttributedDict(test="hit2") miss = rdfvalue.AttributedDict(test="miss") objs = [hit1, hit2, miss] results = filt.Parse(objs, "test is 'hit1'") self.assertItemsEqual([hit1], results) results = filt.Parse(objs, "test is 'hit2'") self.assertItemsEqual([hit2], results) results = filt.Parse(objs, "test inset 'hit1,hit2'") self.assertItemsEqual([hit1, hit2], results)
def _Load(self, expression): self._Flush() parser = config_file.KeyValueParser(kv_sep=":", sep=",", term=(r"\s+", r"\n")) parsed = {} for entry in parser.ParseEntries(expression): parsed.update(entry) self.cfg = rdfvalue.AttributedDict(parsed) return parsed
def ParseObjs(self, objs, expression): for key in self._Attrs(expression): # Key needs to be a string for rdfvalue.KeyValue key = utils.SmartStr(key) for obj in objs: val = self._GetVal(obj, key) if val: # Dict won't accept rdfvalue.RepeatedFieldHelper if isinstance(val, structs.RepeatedFieldHelper): val = list(val) yield rdfvalue.AttributedDict({"k": key, "v": val})
def testParse(self): filt = filters.RDFFilter() cfg = rdfvalue.AttributedDict() anom = rdfvalue.Anomaly() objs = [cfg, anom] results = filt.Parse(objs, "KnowledgeBase") self.assertFalse(results) results = filt.Parse(objs, "AttributedDict,KnowledgeBase") self.assertItemsEqual([cfg], results) results = filt.Parse(objs, "Anomaly,AttributedDict,KnowledgeBase") self.assertItemsEqual(objs, results)
def testParse(self): filt = filters.AttrFilter() hit1 = rdfvalue.AttributedDict(k1="hit1", k2="found1", k3=[3, 4]) hit2 = rdfvalue.AttributedDict(k1="hit2", k2="found2") meta = rdfvalue.AttributedDict(one=hit1, two=hit2) objs = [hit1, hit2, meta] results = filt.Parse(objs, "k1 k2 one.k3") self.assertEqual(5, len(results)) r1, r2, r3, r4, r5 = results self.assertEqual("k1", r1.k) self.assertEqual("hit1", r1.v) self.assertEqual("k1", r2.k) self.assertEqual("hit2", r2.v) self.assertEqual("k2", r3.k) self.assertEqual("found1", r3.v) self.assertEqual("k2", r4.k) self.assertEqual("found2", r4.v) self.assertEqual("one.k3", r5.k) self.assertEqual([3, 4], r5.v)
def _GenConfig(self, cfg): """Interpolate configurations with defaults to generate actual configs.""" # Some setting names may have a + or - suffix. These indicate that the # settings modify the default values. merged = self.default.copy() for setting, vals in cfg.iteritems(): option, operator = (setting.split(None, 1) + [None])[:2] vals = set(vals) default = set(self.default.get(option, [])) # If there is an operator, updated values accordingly. if operator == "+": vals = default.union(vals) elif operator == "-": vals = default.difference(vals) merged[option] = list(vals) return rdfvalue.AttributedDict(**merged)
def Parse(self, unused_stat, file_obj, unused_knowledge_base): self.ParseEntries(file_obj.read()) for entry in self.entries: if not entry: continue result = rdfvalue.Filesystem() result.device = entry[0] result.mount_point = entry[1] result.type = entry[2] options = KeyValueParser(term=",").ParseToOrderedDict(entry[3]) # Keys without values get assigned [] by default. Because these keys are # actually true, if declared, change any [] values to True. for k, v in options.iteritems(): options[k] = v or [True] result.options = rdfvalue.AttributedDict(**options) yield result
def testParseFileObjs(self): """Multiple file types are parsed successfully.""" filt = filters.StatFilter() ok = self._GenStat( path="/etc/shadow", st_uid=0, st_gid=0, st_mode=0100640) link = self._GenStat( path="/etc/shadow", st_uid=0, st_gid=0, st_mode=0120640) user = self._GenStat( path="/etc/shadow", st_uid=1000, st_gid=1000, st_mode=0100640) writable = self._GenStat( path="/etc/shadow", st_uid=0, st_gid=0, st_mode=0100666) cfg = {"path": "/etc/shadow", "st_uid": 0, "st_gid": 0, "st_mode": 0100640} invalid = rdfvalue.AttributedDict(**cfg) objs = [ok, link, user, writable, invalid] results = filt.Parse(objs, "uid:>=0 gid:>=0") self.assertItemsEqual([ok, link, user, writable], results) results = filt.Parse(objs, "uid:=0 mode:0440 mask:0440") self.assertItemsEqual([ok, link, writable], results) results = filt.Parse(objs, "uid:=0 mode:0440 mask:0444") self.assertItemsEqual([ok, link], results) results = list( filt.Parse(objs, "uid:=0 mode:0440 mask:0444 file_type:regular")) self.assertItemsEqual([ok], results)
def testAttributedDictSettingsAreAttr(self): t800 = {"target": "Sarah Connor", "mission": "Terminate"} terminator = rdfvalue.AttributedDict(t800) self.assertEquals(terminator.target, "Sarah Connor") self.assertEquals(terminator.mission, "Terminate")
def GenerateSample(self, number=0): return rdfvalue.AttributedDict({"number": number})
def ParseObjs(self, objs, expression): filt = self._Compile(expression) key = expression.split(None, 1)[0] for result in filt.Filter(objs): val = getattr(result, key) yield rdfvalue.AttributedDict({"k": key, "v": val})
def ParseMultiple(self, stats, file_objs, _): config = {} for stat, file_obj in zip(stats, file_objs): k, v = self._Parse(stat, file_obj) config[k] = v return rdfvalue.AttributedDict(config)