Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def bitwiseAND(args, context):
"""
A function which evaluates the each expression and returns the bitwise AND of
all the expressions given as arguments
"""
if len(args) < 2:
return None
result = int(args[0])
for arg in args:
value = GraphNodeExpression.evaluate(arg, context)
if value is None:
return None
result &= int(value)
return result
def basename(args, context):
"""
This function returns the basename from a pathname.
If no pathname is supplied, then the executable name is assumed.
"""
if isinstance(args, six.string_types):
args = (args,)
if len(args) == 0:
args = ("$pathname",) # Default to the name of the executable
for arg in args:
pathname = GraphNodeExpression.evaluate(arg, context)
if pathname is None:
continue
# print('BASENAME(%s) => %s' % ( pathname, file=sys.stderr)
# , os.path.basename(pathname))
return os.path.basename(pathname)
return None
If the regex contains a parenthesized groups, then the value of the first such group
is returned, otherwise the part of the argument that matches the regex is returned.
Note that this regular expression is 'anchored' that is, it starts with the first character
in the argument. If you want it to be floating, then you may want to start your regex
with '.*' and possibly parenthesize the part you want to return.
"""
# print('ARGMATCH(%s)' % (str(args)), file=sys.stderr)
# print('ARGMATCHCONTEXT(%s)' % (str(context)), file=sys.stderr)
if len(args) > 3 or len(args) < 1:
return None
regexstr = args[0]
argname = args[1] if len(args) >= 2 else "$argv"
flags = args[2] if len(args) >= 3 else None
listtosearch = GraphNodeExpression.evaluate(argname, context)
if listtosearch is None:
return None
# W0702: No exception type specified for except statement
# pylint: disable=W0702
try:
# print(regex: /%s/' % regexstr, file=sys.stderr)
regex = _compile_and_cache_regex(regexstr, flags)
# print('Matching against list %s' % (str(listtosearch)), file=sys.stderr)
for elem in listtosearch:
# print('Matching %s against %s' % (regexstr, elem), file=sys.stderr)
matchobj = regex.match(elem)
if matchobj:
# Did they specify any parenthesized groups?
if len(matchobj.groups()) > 0:
# yes - return the (first) parenthesized match
prevwasquoted = True
else:
arg += char
elif nestcount == 0 and char == '"':
instring = True
elif nestcount == 0 and char == ",":
if prevwasquoted:
prevwasquoted = False
args.append(arg)
argstrings.append(arg)
else:
arg = arg.strip()
if arg == "":
continue
# print("EVALUATING [%s]" % arg, file=sys.stderr)
args.append(GraphNodeExpression.evaluate(arg, context))
argstrings.append(arg)
arg = ""
elif char == "(":
nestcount += 1
# print("++nesting: %d" % (nestcount), file=sys.stderr)
arg += char
elif char == ")":
arg += char
nestcount -= 1
# print("--nesting: %d" % (nestcount), file=sys.stderr)
if nestcount < 0:
return (None, None)
if nestcount == 0:
if prevwasquoted:
# print('_compute_function_args: QUOTED argument: "%s"' % arg, file=sys.stderr)
args.append(arg)
def dirname(args, context):
"""
This function returns the directory name from a pathname.
If no pathname is supplied, then the discovered service executable name is assumed.
"""
if isinstance(args, six.string_types):
args = (args,)
if len(args) == 0:
args = ("$pathname",) # Default to the name of the executable
for arg in args:
pathname = GraphNodeExpression.evaluate(arg, context)
if pathname is None:
continue
return os.path.dirname(pathname)
return None
def serviceport(args, context):
"""
This function searches discovery information for a suitable port for a service.
The argument to this function tells it an expression that will give
it the hash table (map) of IP/port combinations for this service.
"""
if len(args) == 0:
args = ("$procinfo.listenaddrs",)
# print('SERVICEPORT ARGS are %s' % (str(args)), file=sys.stderr)
for arg in args:
nmap = GraphNodeExpression.evaluate(arg, context)
if nmap is None:
continue
port = selectanipport(nmap, context).port()
if port is None:
continue
return str(port)
return None
def argequals(args, context):
"""
usage: argequals name-to-search-for [list-to-search]
A function which searches a list for an argument of the form name=value.
The value '$argv' is the default name of the list to search.
If there is a second argument, then that second argument is an expression
expected to yield an iterable to search in for the name=value string instead of '$argv'
"""
# print('ARGEQUALS(%s)' % (str(args)), file=sys.stderr)
if len(args) > 2 or len(args) < 1:
return None
definename = args[0]
argname = args[1] if len(args) >= 2 else "$argv"
listtosearch = GraphNodeExpression.evaluate(argname, context)
# print('SEARCHING in %s FOR %s in %s' % (argname, definename, listtosearch), file=sys.stderr)
if listtosearch is None:
return None
prefix = "%s=" % definename
# W0702: No exception type specified for except statement
# pylint: disable=W0702
try:
for elem in listtosearch:
if elem.startswith(prefix):
return elem[len(prefix) :]
except: # No matter the cause of failure, return None...
pass
return None
portion of a discovery object. So, for example, if each of the top level keys
is a file name and the values are file properties, then it will evaluate the
expression on the properties of every file in the object.
If you need to evaluate this across all the elements of a sub-object named
"filenames" in the top level "data" object then you give "$filenames" as the
context argument, and your predicate as the expression like this:
["$filenames", ""].
The code to do this is simpler than the explanation ;-)
"""
anynone = False
if len(args) == 1:
objectlist = context.objects
else:
objectlist = [GraphNodeExpression.evaluate(obj, context) for obj in args[:-1]]
expressionstring = args[-1]
if not isinstance(expressionstring, six.string_types):
print(
"FOREACH expression must be a string, not %s" % type(expressionstring), file=sys.stderr
)
return False
# print('OBJECTLIST is:', objectlist, file=sys.stderr)
for obj in objectlist:
# print('OBJ is:', obj, file=sys.stderr)
for key in obj:
item = obj[key]
if not hasattr(item, "__contains__") or not hasattr(item, "__iter__"):
print("UNSUITABLE FOREACH CONTEXT[%s]: %s" % (key, item), file=sys.stderr)
continue
# print(sys.stderr, 'CREATING CONTEXT[%s]: %s' % (key, item), file=sys.stderr)
def bitwiseOR(args, context):
"""
A function which evaluates the each expression and returns the bitwise OR of
all the expressions given as arguments
"""
if len(args) < 2:
return None
result = 0
for arg in args:
value = GraphNodeExpression.evaluate(arg, context)
if value is None:
return None
result |= int(value)
return result
def serviceip(args, context):
"""
This function searches discovery information for a suitable concrete IP
address for a service.
The argument to this function tells it an expression that will give
it the hash table (map) of IP/port combinations for this service.
"""
if len(args) == 0:
args = ("$procinfo.listenaddrs",)
# print('SERVICEIP(%s)' % str(args), file=sys.stderr)
for arg in args:
nmap = GraphNodeExpression.evaluate(arg, context)
if nmap is None:
continue
# print('serviceip.SELECTANIPPORT(%s)' % (nmap), file=sys.stderr)
ipport = selectanipport(nmap, context)
if ipport is None:
continue
ipport.setport(0) # Make sure return value doesn't include the port
# print('IPPORT(%s)' % str(ipport), file=sys.stderr)
return str(ipport)
return None