Skip to content
Snippets Groups Projects
Commit 732844bade8b authored by Jean-Francois Pieronne's avatar Jean-Francois Pieronne
Browse files

securityrules.py initial version

parent cf584474cb94
No related branches found
No related tags found
No related merge requests found
import sys
import os
import re
import argparse
all_rules = {}
def rules_exec(seclass, numrule=None, info=False, fo=None, export=None):
global all_rules, args
rules = all_rules[seclass][1]
m = all_rules[seclass][0]
if numrule is None:
for r in rules:
if info:
print getattr(m, r).__name__
print getattr(m, r).__doc__
print
else:
getattr(m, r)(fo, export)
else:
for n in numrule:
rname = 'rule%s%02d' % (seclass[-2:], n)
if rname in rules:
if info:
print getattr(m, rname).__name__
print getattr(m, rname).__doc__
print
else:
getattr(m, rname)(fo, export)
class InflateRange(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
lst = []
for string in values:
string = string.replace('(', '')
string = string.replace(')', '')
if '-' in string or ':' in string:
string = string.replace(':', '-')
m = re.match(r'(\d+)(?:-(\d+))?$', string)
# ^ (or use .split('-'). anyway you like.)
if not m:
raise argparse.ArgumentTypeError("'" + string + "' is not a range of number. Expected forms like '0-5' or '2'.")
start = m.group(1)
end = m.group(2) or start
lst.extend(list(range(int(start,10), int(end,10)+1)))
else:
string = string.replace(',', ' ')
for string in string.split(' '):
if string:
lst.append(int(string))
setattr(namespace, self.dest, lst)
def load_rules(levels):
global all_rules
mods = [fn[:-3] for fn in os.listdir('./secrules')
if fn.startswith('rule') and fn[-1:].lower() == 'y']
all_rules = {}
for modn in mods:
m = __import__('secrules.' + modn, globals(), locals(), ['*'], -1)
lst = [m,[]]
for r in dir(m):
if r.startswith('rule'):
if (levels is None or
not hasattr(getattr(m, r), 'rule_level') or
getattr(m, r).rule_level in levels):
lst[1].append(r)
all_rules[modn] = lst
# all_rules[modn] = (m, [r for r in dir(m) if r.startswith('rule')])
def main():
global args
parser = argparse.ArgumentParser(description='security checker')
parser.add_argument('--output', type=argparse.FileType('w'), dest='fo',
metavar='out-file', help='output file', default=sys.stdout)
parser.add_argument('--class', type=int, dest='seclass', help='security class')
parser.add_argument('--rule', action=InflateRange, nargs='*', dest='numrule', help='rule number')
parser.add_argument('--export', action='store_true', dest='export',
default=False, help='export format')
parser.add_argument('--info', action='store_true', dest='info',
default=False, help='Rules info')
parser.add_argument('--level', action=InflateRange, nargs='*', dest='levels', help='rule levels')
args = parser.parse_args()
load_rules(args.levels)
if args.seclass is None:
if args.numrule is not None:
raise argparse.ArgumentTypeError("missing seclass argument")
lst = all_rules.keys()
lst.sort()
for seclass in lst:
# seclass = 'rules%02d' % args.seclass
rules_exec(seclass, args.numrule, args.info, args.fo, args.export)
else:
seclass = 'rules%02d' % args.seclass
rules_exec(seclass, args.numrule, args.info, args.fo, args.export)
if __name__ == '__main__':
main()
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment