← Back to branch summary

~ubuntu-branches/ubuntu/natty/prelude-correlator/natty

« back to all changes in this revision

Viewing changes to PreludeCorrelator/idmef.py

  • Committer: Bazaar Package Importer
  • Author(s): Pierre Chifflier
  • Date: 2009-06-19 14:30:51 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20090619143051-m68mjtjcye0ei0e3
Tags: 0.9.0~beta5-1
* New upstream release
  - Prelude Correlator has switched to Python, see
  http://lists.prelude-ids.org/pipermail/prelude-user/2009-April/005163.html
  for the explanation.
  - Support DShield <http://www.dshield.org/> correlation
* Switch package to architecture-independant
* Use python-support
* Bump standards version to 3.8.2 (no changes)

Show diffs side-by-side

added added

removed removed

Lines of Context:
PreludeCorrelator/idmef.py
 
1
# Copyright (C) 2009 PreludeIDS Technologies. All Rights Reserved.
 
2
# Author: Yoann Vandoorselaere <yoann.v@prelude-ids.com>
 
3
#
 
4
# This file is part of the Prelude-Correlator program.
 
5
#
 
6
# This program is free software; you can redistribute it and/or modify
 
7
# it under the terms of the GNU General Public License as published by
 
8
# the Free Software Foundation; either version 2, or (at your option)
 
9
# any later version.
 
10
#
 
11
# This program is distributed in the hope that it will be useful,
 
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
14
# GNU General Public License for more details.
 
15
#
 
16
# You should have received a copy of the GNU General Public License
 
17
# along with this program; see the file COPYING.  If not, write to
 
18
# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
 
19
 
 
20
import tempfile, re
 
21
import PreludeEasy
 
22
from PreludeCorrelator import utils
 
23
 
 
24
_RegexType = type(re.compile(""))
 
25
 
 
26
class IDMEF(PreludeEasy.IDMEF):
 
27
        def __setstate__(self, dict):
 
28
                fd = tempfile.TemporaryFile("r+")
 
29
                fd.write(dict["idmef_encoded"])
 
30
                fd.seek(0)
 
31
 
 
32
                PreludeEasy.IDMEF.__init__(self)
 
33
                self.Read(fd)
 
34
 
 
35
                del(dict["idmef_encoded"])
 
36
                self.__dict__.update(dict)
 
37
 
 
38
        def __getstate__(self):
 
39
                fd = tempfile.TemporaryFile("r+")
 
40
                self.Write(fd)
 
41
                fd.seek(0)
 
42
 
 
43
                odict = self.__dict__.copy()
 
44
                odict["idmef_encoded"] = fd.read()
 
45
                del(odict["this"])
 
46
 
 
47
                return odict
 
48
 
 
49
        def Get(self, path, flatten=True, replacement=None):
 
50
                path = PreludeEasy.IDMEFPath(path)
 
51
 
 
52
                value = path.Get(self)
 
53
                if not value:
 
54
                        if path.IsAmbiguous() and flatten:
 
55
                                return replacement or []
 
56
 
 
57
                        return replacement
 
58
 
 
59
                if flatten and type(value) is tuple:
 
60
                        value = utils.flatten(value)
 
61
 
 
62
                return value
 
63
 
 
64
        def Set(self, path, value):
 
65
                if type(value) == PreludeEasy.IDMEFValue:
 
66
                        cur = self.Get(path)
 
67
                        if cur and value.Match(cur, PreludeEasy.IDMEFCriterion.OPERATOR_EQUAL) > 0:
 
68
                                return
 
69
 
 
70
                PreludeEasy.IDMEF.Set(self, path, value)
 
71
 
 
72
        def _match(self, path, needle):
 
73
                value = self.Get(path)
 
74
 
 
75
                if not isinstance(needle, _RegexType):
 
76
                        ret = value == needle
 
77
                else:
 
78
                        m = needle.search(value or "")
 
79
                        if not m:
 
80
                                return False
 
81
 
 
82
                        ret = m.groups()
 
83
 
 
84
                return ret
 
85
 
 
86
        def match(self, *args):
 
87
                if (len(args) % 2) != 0:
 
88
                        raise("Invalid number of arguments.")
 
89
 
 
90
                ret = []
 
91
 
 
92
                i = 0
 
93
                while i < len(args):
 
94
                        r = self._match(args[i], args[i + 1])
 
95
                        if r is False:
 
96
                                return None
 
97
 
 
98
                        elif isinstance(r, tuple):
 
99
                                ret.extend(r)
 
100
 
 
101
                        i += 2
 
102
 
 
103
                if ret:
 
104
                        return ret
 
105
 
 
106
                return True
 
107
 
 
108
        def reset(self):
 
109
                return
 
110
 
 
111
        def alert(self):
 
112
                global prelude_client
 
113
                prelude_client.correlationAlert(self)
 
114
 
 
115
        def addAlertReference(self, idmef):
 
116
                self.Set("alert.source(>>)", idmef.Get("alert.source"))
 
117
                self.Set("alert.target(>>)", idmef.Get("alert.target"))
 
118
                self.Set("alert.correlation_alert.alertident(>>).alertident", idmef.Get("alert.messageid"))
 
119
                self.Set("alert.correlation_alert.alertident(-1).analyzerid", idmef.Get("alert.analyzer(*).analyzerid")[-1])
 
120
 
 
121
 
 
122
 
 
123
def set_prelude_client(client):
 
124
        global prelude_client
 
125
        prelude_client = client