def filter_line(self, blob):
if 'chrome' != blob.get(
'osxcollector_section') or 'preferences' != blob.get(
'osxcollector_subsection'):
return blob
extensions_blob = DictUtils.get_deep(blob,
'contents.extensions.settings',
{})
for key in extensions_blob.keys():
setting = extensions_blob[key]
extension = {
'osxcollector_section': 'chrome',
'osxcollector_subsection': 'extensions',
'osxcollector_incident_id': 'osxcollector_incident_id',
'state': setting.get('state'),
'was_installed_by_default':
setting.get('was_installed_by_default'),
'name': DictUtils.get_deep(setting, 'manifest.name'),
'description': DictUtils.get_deep(setting,
'manifest.description'),
'path': setting.get('path')
}
if blob.get('osxcollector_username'):
extension['osxcollector_username'] = blob[
'osxcollector_username']
self._new_lines.append(extension)
return None
def filter_line(self, blob):
if 'firefox' != blob.get(
'osxcollector_section') and 'json_files' != blob.get(
'osxcollector_subsection'):
return blob
if blob.get('osxcollector_json_file') not in [
'addons.json', 'extensions.json'
]:
return blob
extensions_blobs = DictUtils.get_deep(blob, 'contents.addons', [])
for addon in extensions_blobs:
extension = {
'osxcollector_section':
'firefox',
'osxcollector_subsection':
'extensions',
'osxcollector_incident_id':
'osxcollector_incident_id',
'name':
DictUtils.get_deep(addon, 'defaultLocale.name',
addon.get('name')),
'description':
DictUtils.get_deep(addon, 'defaultLocale.description',
addon.get('description')),
'path':
addon.get('id')
}
if blob.get('osxcollector_username'):
extension['osxcollector_username'] = blob[
'osxcollector_username']
self._new_lines.append(extension)
def filter_line(self, line):
"""Find blacklisted values in a line."""
try:
blob = simplejson.loads(line)
except Exception:
return line
for config_chunk in self._blacklist_config:
for key in config_chunk['blacklist_keys']:
values = DictUtils.get_deep(blob, key)
if not values:
continue
if not isinstance(values, list):
values = [values]
found_match = False
for val in values:
if found_match:
break
if config_chunk['blacklist_is_regex']:
if any([regex_to_match.match(val) for regex_to_match in config_chunk['blacklist_values']]):
found_match = True
else:
if any([val_to_match == val for val_to_match in config_chunk['blacklist_values']]):
found_match = True
if found_match:
blob.setdefault('osxcollector_blacklist', [])
blob['osxcollector_blacklist'].append(config_chunk['blacklist_name'])
line = '{0}\n'.format(simplejson.dumps(blob))
break
return line
def filter_line(self, blob):
"""Find blacklisted values in a line.
Lines are never cached, every line in produces a line out.
"""
for config_chunk in self._blacklists:
for key in config_chunk['blacklist_keys']:
values = DictUtils.get_deep(blob, key)
if not values:
continue
if not isinstance(values, list):
values = [values]
found_match = False
for val in values:
if found_match:
break
if config_chunk['blacklist_is_regex']:
if any([regex_to_match.search(val) for regex_to_match in config_chunk['blacklist_values']]):
found_match = True
else:
if any([val_to_match == val for val_to_match in config_chunk['blacklist_values']]):
found_match = True
if found_match:
blob.setdefault('osxcollector_blacklist', [])
blob['osxcollector_blacklist'].append(config_chunk['blacklist_name'])
break
return blob
def config_get_deep(key, default=None):
"""Reads from the config.
Args:
key: Dictionary key to lookup in config
default: Value to return if key is not found
Returns:
Value from config or default if not found otherwise
"""
return DictUtils.get_deep(_read_config(), key, default)
def config_get_deep(key, default=None):
"""Reads from the config.
Args:
key: Dictionary key to lookup in config
default: Value to return if key is not found
Returns:
Value from config or default if not found otherwise
"""
return DictUtils.get_deep(_read_config(), key, default)
def filter_line(self, blob):
if 'firefox' != blob.get('osxcollector_section') and 'json_files' != blob.get('osxcollector_subsection'):
return blob
if blob.get('osxcollector_json_file') not in ['addons.json', 'extensions.json']:
return blob
extensions_blobs = DictUtils.get_deep(blob, 'contents.addons', [])
for addon in extensions_blobs:
extension = {
'osxcollector_section': 'firefox',
'osxcollector_subsection': 'extensions',
'osxcollector_incident_id': 'osxcollector_incident_id',
'name': DictUtils.get_deep(addon, 'defaultLocale.name', addon.get('name')),
'description': DictUtils.get_deep(addon, 'defaultLocale.description', addon.get('description')),
'path': addon.get('id')
}
if blob.get('osxcollector_username'):
extension['osxcollector_username'] = blob['osxcollector_username']
self._new_lines.append(extension)
def filter_line(self, blob):
self._all_blobs.append(blob)
if self._when(blob):
for key in self.FILE_NAME_KEYS:
val = DictUtils.get_deep(blob, key)
if val:
self._create_terms(val)
if 'osxcollector_username' in blob:
self._usernames.add(blob['osxcollector_username'].lower())
return None
def filter_line(self, blob):
if 'chrome' != blob.get('osxcollector_section') and 'preferences' != blob.get('osxcollector_subsection'):
return blob
extensions_blob = DictUtils.get_deep(blob, 'contents.extensions.settings', {})
for key in extensions_blob.keys():
setting = extensions_blob[key]
extension = {
'osxcollector_section': 'chrome',
'osxcollector_subsection': 'extensions',
'osxcollector_incident_id': 'osxcollector_incident_id',
'state': setting.get('state'),
'was_installed_by_default': setting.get('was_installed_by_default'),
'name': DictUtils.get_deep(setting, 'manifest.name'),
'description': DictUtils.get_deep(setting, 'manifest.description'),
'path': setting.get('path')
}
if blob.get('osxcollector_username'):
extension['osxcollector_username'] = blob['osxcollector_username']
self._new_lines.append(extension)
def filter_line(self, blob):
self._all_blobs.append(blob)
if self._when(blob):
for key in self.FILE_NAME_KEYS:
val = DictUtils.get_deep(blob, key)
if val:
self._create_terms(val)
if 'osxcollector_username' in blob:
self._usernames.add(blob['osxcollector_username'].lower())
return None
def get_config(self, key, default=None):
"""Reads config from a top level key with the same name as the filter class.
Arguments:
key - A string in the 'parentKey.subKey.andThenUnderThat' format.
default - A default value to return if the key does not exist.
Raises:
MissingConfigError - when key does not exist and no default is supplied.
"""
val = DictUtils.get_deep(self._config, key, default)
if not val:
raise MissingConfigError('Missing value[{0}]'.format(key))
return val
def match_line(self, blob):
"""Determines whether a line matches the blacklist.
Returns:
String of matched term is the value matches, None otherwise
"""
for key in self._blacklisted_keys:
values = DictUtils.get_deep(blob, key)
if not values:
continue
matching_term = self.match_values(values)
if matching_term:
return matching_term
return None
def match_line(self, blob):
"""Determines whether a line matches the blacklist.
Returns:
String of matched term is the value matches, None otherwise
"""
for key in self._blacklisted_keys:
values = DictUtils.get_deep(blob, key)
if not values:
continue
matching_term = self.match_values(values)
if matching_term:
return matching_term
return None