예제 #1
0
def parse_apps(apps_xml):
    obj = xmltodict.parse(apps_xml)
    try:
        apps = obj['response']['result']['application']['entry']
    except KeyError as e:
        logger.error("Unable to parse app xml from firewall")
        raise e
    csv_apps = []
    for app in apps:
        a = OrderedDict()
        try:
            a['app'] = app['@name']
            a['app:category'] = app.get('category', "")
            a['app:subcategory'] = app.get('subcategory', "")
            a['app:technology'] = app.get('technology', "")
            a['app:risk'] = app['risk']
            a['app:evasive'] = app['evasive-behavior']
            a['app:excessive_bandwidth'] = app['consume-big-bandwidth']
            a['app:used_by_malware'] = app['used-by-malware']
            a['app:able_to_transfer_file'] = app['able-to-transfer-file']
            a['app:has_known_vulnerability'] = app['has-known-vulnerability']
            a['app:tunnels_other_application'] = app[
                'tunnel-other-application']
            if a['app:tunnels_other_application'] != "yes" and a[
                    'app:tunnels_other_application'] != "no":
                a['app:tunnels_other_application'] = a[
                    'app:tunnels_other_application']['#text']
            a['app:prone_to_misuse'] = app['prone-to-misuse']
            a['app:pervasive_use'] = app['pervasive-use']
            a['app:is_saas'] = app.get('is-saas', "no")
            a['app:default_ports'] = ""
            try:
                # Sometimes there are more than one default tag
                # so make it a list and iterate over the default tags.
                default = app['default']
                if isinstance(default, list):
                    for d in default:
                        a['app:default_ports'] = d['port']['member']
                        break
                else:
                    a['app:default_ports'] = default['port']['member']
            except KeyError:
                pass
            else:
                if not isinstance(a['app:default_ports'], string_types):
                    a['app:default_ports'] = "|".join(a['app:default_ports'])
        except Exception as e:
            logger.error("Error parsing app: %s" % app['@name'])
            logger.error(traceback.format_exc())
            common.exit_with_error(string_types(e))
        # convert all out of unicode
        for key in a:
            a[key] = string_types(a[key])
        csv_apps.append(a)
    logger.info("Found %s apps" % len(csv_apps))
    return csv_apps
예제 #2
0
def parse_threats(threats_xml):
    obj = xmltodict.parse(threats_xml)
    try:
        phone_home = obj['response']['result']['threats']['phone-home'][
            'entry']
        vulnerability = obj['response']['result']['threats']['vulnerability'][
            'entry']
        threats = phone_home + vulnerability
    except KeyError as e:
        logger.error("Unable to parse threat xml from firewall")
        raise e
    csv_threats = []
    for threat in threats:
        a = OrderedDict()
        try:
            a['threat_id'] = threat['@name']
            a['threat:name'] = threat['threatname']
            a['threat:category'] = threat['category']
            a['threat:severity'] = threat['severity']
            a['threat:cve'] = threat.get('cve', None)
            if a['threat:cve'] is not None:
                a['threat:cve'] = threat['cve']['member']
                if not isinstance(a['threat:cve'], string_types):
                    a['threat:cve'] = ", ".join(a['threat:cve'])
            else:
                a['threat:cve'] = ""
        except KeyError as e:
            logger.error("Error parsing app: %s" % threat['@name'])
            raise e
        # convert all out of unicode
        for key in a:
            a[key] = string_types(a[key])
        csv_threats.append(a)
    logger.info("Found %s threats" % len(csv_threats))
    return csv_threats
예제 #3
0
 def _get_fc_channel(self):
     """return :
             fcInfos[uuid]
                 fcInfo[uuid]['display_name']
                 fcInfo[uuid]['display_description']
                 fcInfo[uuid]['hardware_address']
                 fcInfo[uuid]['type']
                 fcInfo[uuid]['speed']
                 fcInfo[uuid]['state']
     """
     output = None
     fcInfos = {}
     try:
         retCode, output = self.dpl.get_server_info()
         if retCode == 0 and output:
             fcUuids = output.get('metadata',
                                  {}).get('storage_adapter', {}).keys()
             for fcUuid in fcUuids:
                 fcInfo = output.get('metadata',
                                     {}).get('storage_adapter',
                                             {}).get(fcUuid)
                 if fcInfo['type'] == 'fc':
                     fcInfos[fcUuid] = fcInfo
     except Exception as e:
         msg = _("Failed to get fiber channel info from storage due "
                 "to %(stat)s") % {
                     'stat': six.string_types(e)
                 }
         LOG.error(msg)
     return fcInfos
예제 #4
0
파일: dpl_fc.py 프로젝트: AsherBond/cinder
 def _get_fc_channel(self):
     """return :
             fcInfos[uuid]
                 fcInfo[uuid]['display_name']
                 fcInfo[uuid]['display_description']
                 fcInfo[uuid]['hardware_address']
                 fcInfo[uuid]['type']
                 fcInfo[uuid]['speed']
                 fcInfo[uuid]['state']
     """
     output = None
     fcInfos = {}
     try:
         retCode, output = self.dpl.get_server_info()
         if retCode == 0 and output:
             fcUuids = output.get('metadata',
                                  {}).get('storage_adapter', {}).keys()
             for fcUuid in fcUuids:
                 fcInfo = output.get('metadata',
                                     {}).get('storage_adapter',
                                             {}).get(fcUuid)
                 if fcInfo['type'] == 'fc':
                     fcInfos[fcUuid] = fcInfo
     except Exception as e:
         msg = _("Failed to get fiber channel info from storage due "
                 "to %(stat)s") % {'stat': six.string_types(e)}
         LOG.error(msg)
     return fcInfos
예제 #5
0
def get_token_generator():
    token_generator_class = django_settings.DJOSER.get('TOKEN_GENERATOR')
    if not token_generator_class:
        return PasswordResetTokenGenerator()
    elif not isinstance(token_generator_class, six.string_types):
        raise Exception(
            "%s is not valid password reset token generator class" %
            six.string_types(token_generator_class))
    return import_string(token_generator_class)()
예제 #6
0
파일: utils.py 프로젝트: vooydzig/djoser
def get_token_generator():
    token_generator_class = django_settings.DJOSER.get('TOKEN_GENERATOR')
    if not token_generator_class:
        return PasswordResetTokenGenerator()
    elif not isinstance(token_generator_class, six.string_types):
        raise Exception("%s is not valid password reset token generator class" %
            six.string_types(token_generator_class)
        )
    return import_string(token_generator_class)()
예제 #7
0
 def categories(self, value):
     if isinstance(value, list):
         self._categories.purge()
         self._categories.extend([(six.string_types(
             x, self._base) if not isinstance(x, six.string_types) else x)
                                  for x in value])
     elif isinstance(value, TypedList):
         self._categories.purge()
         self._categories = value.to_list()
     elif isinstance(value, six.string_types):
         self._categories.purge()
         self._categories.append(value)
 def events(self, value):
     if isinstance(value, list):
         self._events.purge()
         self._events.extend([
             (six.string_types(x, self._base)
              if not isinstance(x, six.string_types) else x) for x in value
          ])
     elif isinstance(value, TypedList):
         self._events.purge()
         self._events = value.to_list()
     elif isinstance(value, six.string_types):
         self._events.purge()
         self._events.append(value)
예제 #9
0
 def default(self, o):
     if isinstance(o, float):
         if o % 1 > 0:
             return decimal.Decimal(o)
         else:
             return int(o)
     elif isinstance(o, set):
         return list(o)
     elif isinstance(o, datetime.datetime):
         return string_types(o)
     elif isinstance(o, botocore.response.StreamingBody):
         return str(o)
     return super(DynamoDbEncoder, self).default(o)
예제 #10
0
    def get(self, type_name, ref):
        e = self._aliased_objects.get(type_name, {}).get(ref, None) \
            or self._objects.get(type_name, {}).get(ref, None)

        try:
            if not e and type(ref) in [int, float]:
                e = self._objects.get(type_name, {}).get(six.string_types(ref), None)

            if not e and isinstance(ref, six.string_types):
                e = self._objects.get(type_name, {}).get(int(ref), None)

        except:
            pass

        return e
예제 #11
0
def token_idx_map(context, context_tokens):
    acc = ''
    current_token_idx = 0
    token_map = dict()

    for char_idx, char in enumerate(context):
        if char != u' ':
            acc += char
            context_token = six.string_types(context_tokens[current_token_idx])
            if acc == context_token:
                syn_start = char_idx - len(acc) + 1
                token_map[syn_start] = [acc, current_token_idx]
                acc = ''
                current_token_idx += 1
    return token_map
예제 #12
0
    def adv_query(self, getargs, url_options, session_key):
        '''Issue a MORE complex KV store query. The query string is constructed
        from a valid JSON object. Additional parameters such as "limit" can be 
        included in the query_options dictionary.
        
        The allowable_params are: 'fields', 'limit', 'skip', 'sort', 'query'
        '''

        options = {}

        for k, v in iter(getargs.items()):
            if k == 'query':
                options['query'] = json.dumps(v)
            elif k == 'fields':
                if isinstance(v, string_types):
                    options['fields'] = v
                elif isinstance(v, list):
                    options['fields'] = ','.join(v)
                else:
                    raise ValueError(
                        'Invalid value for fields parameter in KV store query.'
                    )
            elif k in ['limit', 'skip']:
                # May raise ValueError
                options[k] = string_types(int(v))
            elif k == 'sort':
                # Since sort order can be a bit complex, we just expect the
                # consumer to construct their own sort string here.
                if isinstance(v, string_types):
                    options['sort'] = v
                else:
                    raise ValueError(
                        'Invalid value for sort parameter in KV store query.')
            else:
                # Invalid parameter is ignored.
                pass

        params = urlencode(options)
        uri = '/servicesNS/{owner}/{app}/storage/collections/data/{collection}?{params}'.format(
            params=params, **url_options)
        response, content = splunk.rest.simpleRequest(uri,
                                                      sessionKey=session_key)
        return response, content
예제 #13
0
def main():
    # Get arguments
    args, kwargs = splunk.Intersplunk.getKeywordsAndOptions()

    # Enable debugging by passing 'debug=yes' as an argument of
    # the command on the Splunk searchbar.

    debug = common.check_debug(kwargs)

    if len(args) < 2:
        logger.error(
            "pancontentpack: Wrong number of arguments: %s, expected 2.\n" %
            len(args))
        usage()

    if args[1] == "apps":
        logger.info(
            "Getting apps from content pack on Palo Alto Networks device at %s..."
            % args[0])
    elif args[1] == "threats":
        logger.info(
            "Getting threats from content pack on Palo Alto Networks device at %s..."
            % args[0])
    else:
        usage()

    # Results contains the data from the search results and settings
    # contains the sessionKey that we can use to talk to Splunk
    # Ignore the results
    results, unused1, settings = splunk.Intersplunk.getOrganizedResults()
    # Get the sessionKey
    sessionKey = settings['sessionKey']

    log(debug, "Begin get API key")
    # Get the API key from the Splunk store or from the device at hostname if no apikey is stored
    apikey = common.apikey(sessionKey, args[0], debug)

    device = pandevice.base.PanDevice(args[0], api_key=apikey)
    device.refresh_system_info()

    try:
        if args[1] == "apps":
            device.xapi.get("/config/predefined/application")
            app_xml = device.xapi.xml_document
            csv = parse_apps(app_xml)
        else:
            if device._version_info >= (8, 0, 0):
                threat_xml = device.op(
                    'show predefined xpath "/predefined/threats"',
                    xml=True,
                    cmd_xml=True,
                )
            else:
                device.xapi.get("/config/predefined/threats")
                threat_xml = device.xapi.xml_document
            csv = parse_threats(threat_xml)

    except pan.xapi.PanXapiError as e:
        common.exit_with_error(string_types(e))

    # output results
    splunk.Intersplunk.outputResults(csv)
예제 #14
0
파일: util.py 프로젝트: haijohn/rabix
def to_json(obj, fp=None):
    default = lambda o: getmethod(o, '__json__', lambda v: six.string_types(v)
                                  )()
    kwargs = dict(default=default, indent=2, sort_keys=True)
    return json.dump(obj, fp, **kwargs) if fp else json.dumps(obj, **kwargs)
예제 #15
0
파일: util.py 프로젝트: RitwikGupta/rabix
def to_json(obj, fp=None):
    default = lambda o: getmethod(o, "__json__", lambda v: six.string_types(v))()
    kwargs = dict(default=default, indent=2, sort_keys=True)
    return json.dump(obj, fp, **kwargs) if fp else json.dumps(obj, **kwargs)
예제 #16
0
def get_opened_file(output_file):
    if isinstance(output_file, string_types()):
        return open(output_file, 'wb')