def __create_alert(self, element): source = element['_source'] index = element['_id'] timestamp = source['@timestamp'] uri = source['requestURI'] method = source['verb'] user = '' if 'username' in source['user']: user = source['user']['username'] response = 0 if 'responseStatus' in source: response = source['responseStatus']['code'] pod = 'N/A' if 'objectRef' in source: if 'name' in source['objectRef']: pod = source['objectRef']['name'] alert = None if regsearch(pods_limit, uri): alert = self.__find_pods_limit(timestamp, index, user) elif regsearch(namespaces_n_pods, uri): alert = self.__find_namespace_n_pods(timestamp, index, user, uri, method, response, pod) elif regsearch(pods_include, uri): alert = self.__find_pods_include(timestamp, index, user) elif regsearch(namespace_n_pods_include, uri): alert = self.__find_namespace_n_pods_include( timestamp, index, user, uri) elif regsearch(namespaces_n_pods_p, uri): alert = self.__find_namespaces_n_pods_p(timestamp, index, user, uri, method, response) elif regsearch(secrets_limit, uri): alert = self.__find_secrets_limit(timestamp, index, user, response) elif regsearch(namespaces_n_secrets_limit, uri): alert = self.__find_namespaces_n_secrets_limit( timestamp, index, user, uri, response) elif regsearch(namespaces_n_secrets_p, uri): alert = self.__find_namespaces_n_secrets_p(timestamp, index, user, uri, response) elif regsearch(namespaces_n_pods_p_exec, uri): alert = self.__find_namespaces_n_pods_p_exec( timestamp, index, user, uri) if alert: self.push_queue_dict[alert.a_type].put(alert)
def __find_container(self, uri): hit = regsearch(r'container=[\w\d_-]+', uri) if hit: substring = hit.group(0) tokens = substring.split('=') return tokens[1] else: return 'N/A'
def __find_secrets_pod(self, uri): hit = regsearch(r'secrets/[\w\d_-]+', uri) if hit: substring = hit.group(0) tokens = substring.split('/') return tokens[1] else: return 'N/A'
def __find_namespace(self, uri): hit = regsearch(r'namespaces/[\w\d_-]+', uri) if hit: substring = hit.group(0) tokens = substring.split('/') return tokens[1] else: return 'N/A'
def get_encoding(self): from re import search as regsearch encoding = regsearch("xml.*encoding=[\'\"]([0-9a-zA-Z-]+)[\"\']", self.xml).groups()[0] if encoding.lower() in ["windows-1251", "cp1251"]: return 'windows-1251' elif encoding.lower() in ["utf-8", "utf8"]: return "utf-8" else: return None
def dynmodloads(_path='.', subdef=False, pattern='.*', logger=None): loaded = {} _path = expanduser(_path) for mfile in listdir(_path): name, ext = splitext(mfile) # Ignore "." and "__init__.py" and everything not matched by "*.py" if name in ['.', '__init__'] or ext != '.py': continue logger.info("Load '{0}' ...".format(name)) try: module = load_source(name, joinpath(_path, mfile)) except ImportError as err: logger.error('Impossible to import {0}: {1}'.format(name, err)) else: loaded[name] = module if subdef: alldefs = dir(module) builtindefs = [ '__builtins__', '__doc__', '__file__', '__name__', '__package__' ] for mydef in alldefs: if mydef not in builtindefs and regsearch(pattern, mydef): logger.debug('from {0} import {1}'.format( name, mydef )) loaded[mydef] = getattr(module, mydef) return loaded
def getAutoCatg(self,ext): """""" catg = 'none' if regsearch('\.(jpg|jpeg|gif|png)',ext): catg = 'images' elif regsearch('\.(txt|doc|odt|csv|pdf)',ext): catg = 'doc' elif regsearch('\.(sh|py|c|cpp|h|php|bash)',ext): catg = 'code' elif regsearch('\.(mp4|avi|mpg|mpeg|flv|ogv)',ext): catg = 'films' elif regsearch('\.(mp3|ogg|flac)',ext): catg = 'music' elif regsearch('\.(zip|7z|tar|gz|rar|bz|xz|jar|bz2)',ext): catg = 'archives' return catg
def getHead(self): """Gets the user headers for future connections """ head = { "Accept": "application/json, text/plain, */*", "Accept-Encoding": "gzip, deflate, br", "Accept-Language": "en-GB,en;q=0.9", "Authorization": f"{self.auth['type'].title()} {self.auth['token']}", "Connection": "keep-alive", "Host": regsearch("(?<=https://).*(?=/)", self.site)[0], "Referer": f"{self.site}/apphost/TylerSis", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" } return head
def getByUser(self,user): """Get ids corresponding to category :Returns: `[uid]`|None matchIds """ l = None r = [ k for i,k in enumerate(self.dic) if not k.startswith(self.SEP_KEY_INTERN) and regsearch(user,self.getUser(self.dic[k][self.USER])) is not None ] l = [self.dic[k][self.UID] for k in r] return l
def getByCategory(self,category): """Get ids corresponding to category :Returns: `[uid]`|None matchIds """ l = None r = [ k for i,k in enumerate(self.dic) if not k.startswith(self.SEP_KEY_INTERN) and regsearch(category,self.dic[k][self.CATG]) is not None ] l = [self.dic[k][self.UID] for k in r] return l
def getByPattern(self,pattern): """Get ids corresponding to label matching the pattern in the index :Returns: `[uid]`|None matchIds """ l = None r = [ k for i,k in enumerate(self.dic) if not k.startswith(self.SEP_KEY_INTERN) and regsearch(pattern,self.dic[k][self.LABEL]) is not None ] l = [self.dic[k][self.UID] for k in r] return l