def __init__(self, xml_element, trace_dict, ruleset): ''' Constructor ''' self.name = None self.parms = RuleParms() GearActionable.__init__(self, GACT_TYPE_EXECUTE, xml_element, trace_dict, ruleset) # Construct the external class class_spec = self.ext_class.in_str if class_spec is None or class_spec == '': self.ruleset.parse_error(self.trace_id[0], 'execute element requires the \'ext_class\' attribute') try: module_name, class_name = class_spec.rsplit('.', 1) module = __import__(module_name, globals(), locals(), [class_name]) tmp_class = getattr(module, class_name) except ThreadKilled: raise except: self.ruleset.parse_error(self.trace_id[0], 'execute element was unable to load specified the class: {0}'.format(self.class_spec)) get_logger().exception('execute element exception') # Get parameters to pass to init try: self.parms.resolve_and_validate(self.ruleset, None, rule_part=GRUL_PART_EXTERNAL) except XMLParsingError as e: self.ruleset.parse_error(self.trace_id[0], 'execute element parm error: {0}'.format(e.msg)) get_logger().exception('execute element parm error exception') init_dict = self.parms.get_dict() init_dict['execute_name'] = self.name.in_str try: self.call_class = tmp_class(init_dict) except ThreadKilled: raise except: self.logger().exception('execute element with name {0} failed during initialization'.format(self.name.in_str)) raise if isinstance(self.call_class, ExtExecute) == False: self.ruleset.parse_error(self.trace_id[0], 'execute ext_class must be a subclass of ExtExecute') return
class GearActionableExecute(GearActionable): '''Execute the execute function on the specified class ''' def __init__(self, xml_element, trace_dict, ruleset): ''' Constructor ''' self.name = None self.parms = RuleParms() GearActionable.__init__(self, GACT_TYPE_EXECUTE, xml_element, trace_dict, ruleset) # Construct the external class class_spec = self.ext_class.in_str if class_spec is None or class_spec == '': self.ruleset.parse_error(self.trace_id[0], 'execute element requires the \'ext_class\' attribute') try: module_name, class_name = class_spec.rsplit('.', 1) module = __import__(module_name, globals(), locals(), [class_name]) tmp_class = getattr(module, class_name) except ThreadKilled: raise except: self.ruleset.parse_error(self.trace_id[0], 'execute element was unable to load specified the class: {0}'.format(self.class_spec)) get_logger().exception('execute element exception') # Get parameters to pass to init try: self.parms.resolve_and_validate(self.ruleset, None, rule_part=GRUL_PART_EXTERNAL) except XMLParsingError as e: self.ruleset.parse_error(self.trace_id[0], 'execute element parm error: {0}'.format(e.msg)) get_logger().exception('execute element parm error exception') init_dict = self.parms.get_dict() init_dict['execute_name'] = self.name.in_str try: self.call_class = tmp_class(init_dict) except ThreadKilled: raise except: self.logger().exception('execute element with name {0} failed during initialization'.format(self.name.in_str)) raise if isinstance(self.call_class, ExtExecute) == False: self.ruleset.parse_error(self.trace_id[0], 'execute ext_class must be a subclass of ExtExecute') return def _str_subelement_additions(self): ''' Add instance subelements to output ''' if self.parms is not None: return str(self.parms) return '' def _read_from_xml_other_subelements(self,xml_element, trace_dict): ''' Read in the instances attribute ''' try: self.parms.read_from_xml(xml_element) except XMLParsingError as e: self.ruleset.parse_error(self.trace_id[0], 'execute element parameter error: {0}'.format(e.msg)) return True # resolve_and_validate is not needed ... done in init def execute_accumulate_suppression_stage(self, truth_point, pool, rule): ''' Execute the suppression stage actions ''' try: self.call_class.execute_accumulate_suppression_stage(truth_point, pool, rule) except ThreadKilled: raise except ExtFatalError: get_logger().exception('FATAL ERROR raised --> kill analyzer') raise except: self.ruleset.trace_error(self.trace_id[1], 'execute {0} call failed with exception'.format(self.name)) get_logger().exception('') return def execute_finalize_suppression_stage(self, pool, rule): ''' Execute the suppression stage actions ''' try: self.call_class.execute_finalize_suppression_stage(pool, rule) except ThreadKilled: raise except ExtFatalError: get_logger().exception('FATAL ERROR raised --> kill analyzer') raise except: self.ruleset.trace_error(self.trace_id[1], 'execute {0} call failed with exception'.format(self.name)) get_logger().exception('') return def execute_accumulate_alert_stage(self, truth_point, pool, rule): ''' Execute the accumulate alert stage actions ''' try: self.call_class.execute_accumulate_alert_stage(truth_point, pool, rule) except ThreadKilled: raise except ExtFatalError: get_logger().exception('FATAL ERROR raised --> kill analyzer') raise except: self.ruleset.trace_error(self.trace_id[1], 'execute {0} call failed with exception'.format(self.name)) get_logger().exception('') return def execute_create_alert_stage(self, pool, rule): ''' Execute the create alert stage actions ''' new_alerts = [] try: # Extending because paranoid that won't get list back new_alerts.extend(self.call_class.execute_create_alert_stage(pool, rule)) except ThreadKilled: raise except ExtFatalError: get_logger().exception('FATAL ERROR raised --> kill analyzer') raise except: self.ruleset.trace_error(self.trace_id[1], 'execute {0} call failed with exception'.format(self.name)) get_logger().exception('') return new_alerts def reset(self): '''Reset the condition''' try: self.call_class.reset() except ThreadKilled: raise except: self.ruleset.trace_error(self.trace_id[1], 'execute {0} call failed with exception'.format(self.name)) get_logger().exception('') return