diff --git a/secrules/DeviceScan.py b/secrules/DeviceScan.py
deleted file mode 100644
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvRGV2aWNlU2Nhbi5weQ==..0000000000000000000000000000000000000000
--- a/secrules/DeviceScan.py
+++ /dev/null
@@ -1,51 +0,0 @@
-from vms import starlet, ssdef
-from vms import dvsdef
-from vms import itemList
-
-
-class DeviceScan(object):
- def __init__(self, search_devnam=None, devclass=None, devtype=None):
- self.search_devnam = search_devnam
- if devclass:
- self.itmlst = [itemList.itemList(code=dvsdef.DVS__DEVCLASS,
- value=devclass),]
- if devtype:
- self.itmlst.append(itemList.itemList(code=dvsdef.DVS__DEVTYPE,
- value=devtype))
- elif devtype:
- self.itmlst = [itemList.itemList(code=dvsdef.DVS__DEVTYPE,
- value=devtype),]
- else:
- self.itmlst = None
- self.contxt = 0
-
- def __enter__(self):
- return self
-
- def __exit__(self, exc_type, exc_value, traceback):
- return
-
- def __iter__(self):
- return self
-
- def __next__(self):
- try:
- s, devnam, self.contxt = \
- starlet.device_scan(self.search_devnam, self.itmlst,
- self.contxt)
- except VMSError, e:
- raise StopIteration if e.errno == ssdef.SS__NOMOREDEV else e
- return devnam
-
- def next(self):
- return self.__next__()
-
-if __name__ == '__main__':
- import sys
- from vms.dcdef import DC__DISK
- with DeviceScan(sys.argv[1]) as idev:
- for devnam in idev:
- print devnam
- print
- for devnam in DeviceScan(sys.argv[1], devclass=DC__DISK):
- print devnam
diff --git a/secrules/DisplayProxy.py b/secrules/DisplayProxy.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvRGlzcGxheVByb3h5LnB5..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvRGlzcGxheVByb3h5LnB5 100644
--- a/secrules/DisplayProxy.py
+++ b/secrules/DisplayProxy.py
@@ -1,4 +1,4 @@
-from vms import starlet, ssdef
+from ovms import starlet, ssdef
class DisplayProxy(object):
@@ -2,7 +2,7 @@
class DisplayProxy(object):
- def __init__(self, rem_node='*', rem_user='*', flags=0):
+ def __init__(self, rem_node=b'*', rem_user=b'*', flags=0):
self.rem_node = rem_node
self.rem_user = rem_user
self.flags = 0
@@ -31,5 +31,5 @@
if __name__ == '__main__':
with DisplayProxy() as idp:
for dp in idp:
- print dp
+ print(dp)
for dp in DisplayProxy():
@@ -35,2 +35,2 @@
for dp in DisplayProxy():
- print dp
+ print(dp)
diff --git a/secrules/FindFile.py b/secrules/FindFile.py
deleted file mode 100644
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvRmluZEZpbGUucHk=..0000000000000000000000000000000000000000
--- a/secrules/FindFile.py
+++ /dev/null
@@ -1,76 +0,0 @@
-from vms import descrip, rmsdef, dvidef, devdef
-from vms.rtl import lib
-import ctypes
-
-
-VMSLIBRTL = "/SYS$COMMON/SYSLIB/LIBRTL.EXE"
-LIBRTL = ctypes.CDLL(VMSLIBRTL)
-vms_find_file = getattr(LIBRTL,"LIB$FIND_FILE")
-vms_find_file_end = getattr(LIBRTL,"LIB$FIND_FILE_END")
-vms_trim_filespec = getattr(LIBRTL,"LIB$TRIM_FILESPEC")
-
-LIB_M_FIL_LONG_NAMES = 4
-NAML_C_MAXRSS = 4095
-
-class FindFile(object):
- def __init__(self, filespec, default_filespec=None,
- flags=LIB_M_FIL_LONG_NAMES):
- self.filespec = ctypes.create_string_buffer(filespec)
- self.default_filespec = None if default_filespec is None else \
- descrip.bydesc(ctypes.create_string_buffer(default_filespec))
- self.resultant_filespec = \
- ctypes.create_string_buffer(NAML_C_MAXRSS + 1)
- self.context = ctypes.c_uint32()
- self.nullArg = ctypes.c_voidp()
- self.flags = ctypes.c_uint(flags)
- self.new_filespec = ctypes.create_string_buffer(NAML_C_MAXRSS + 1)
- self.resultant_length = ctypes.c_uint16()
-
- def __enter__(self):
- return self
-
- def __exit__(self, exc_type, exc_value, traceback):
- s = vms_find_file_end(ctypes.byref(self.context))
-
- def __iter__(self):
- return self
-
- def __next__(self):
- s = vms_find_file(descrip.bydesc(self.filespec),
- descrip.bydesc(self.resultant_filespec),
- ctypes.byref(self.context),
- self.default_filespec,
- self.nullArg, self.nullArg, ctypes.byref(self.flags))
- if not (s & 1):
- raise StopIteration \
- if s in (rmsdef.RMS__NMF, rmsdef.RMS__FNF ) \
- else VMSError(s)
-
- s = vms_trim_filespec(descrip.bydesc(self.resultant_filespec),
- descrip.bydesc(self.new_filespec),
- self.nullArg,
- ctypes.byref(self.resultant_length))
- res = self.new_filespec[:self.resultant_length.value]
- # Check if the device is file oriented, lib$find_file return a file if
- # a device like NLA0: is used
- if (lib.getdvi(dvidef.DVI__DEVCHAR, device_name=res)[1] &
- devdef.DEV_M_FOD) == 0:
- raise StopIteration
- return res
-
- def next(self):
- return self.__next__()
-
-def file_exists(fn):
- try:
- with FindFile(fn) as ifn:
- ifn.__next__()
- return True
- except (VMSError, StopIteration), e:
- return False
-
-if __name__ == '__main__':
- import sys
- with FindFile(sys.argv[1]) as ifn:
- for fn in ifn:
- print fn
diff --git a/secrules/getMailObjectInfo.py b/secrules/getMailObjectInfo.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvZ2V0TWFpbE9iamVjdEluZm8ucHk=..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvZ2V0TWFpbE9iamVjdEluZm8ucHk= 100644
--- a/secrules/getMailObjectInfo.py
+++ b/secrules/getMailObjectInfo.py
@@ -1,1 +1,2 @@
+from typing import Tuple
import os
@@ -1,6 +2,6 @@
import os
-from vms import starlet, syidef
-from vms.rtl import lib
-from vms import user
-from FindFile import FindFile
+from ovms import starlet, syidef
+from ovms.rtl import lib
+from ovms import user
+from ovms.rtl.lib.FindFile import FindFile
@@ -6,5 +7,7 @@
-def getMailObjectInfo():
+VMSError = OSError
+
+def getMailObjectInfo() -> Tuple[bool, bool, user.User | None]:
all_users = user.all_users()
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
@@ -8,13 +11,5 @@
all_users = user.all_users()
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
- def file_exists(fn):
- try:
- with FindFile (fn) as ifn:
- ifn.__next__()
- return True
- except VMSError, e:
- return False
-
objectMailPresent = False
objectMailAccount = False
@@ -19,6 +14,6 @@
objectMailPresent = False
objectMailAccount = False
- objectMailUser = ''
+ objectMailUser = None
with os.popen('MCR NCL SHOW SESSION CONTROL APPLICATION MAIL') as p:
r = [x[:-1] for x in p]
@@ -27,8 +22,8 @@
objectMailPresent = True
if objectMailPresent:
- for u in all_users.values():
- if u.username == 'MAIL$SERVER':
+ for u in list(all_users.values()):
+ if u.username == b'MAIL$SERVER':
objectMailUser = u
objectMailAccount = True
diff --git a/secrules/get_mail_info.py b/secrules/get_mail_info.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvZ2V0X21haWxfaW5mby5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvZ2V0X21haWxfaW5mby5weQ== 100644
--- a/secrules/get_mail_info.py
+++ b/secrules/get_mail_info.py
@@ -1,8 +1,10 @@
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import user
-from FindFile import FindFile
+from ovms import syidef
+from ovms.rtl import lib
+from ovms import user
+from ovms.rtl.lib.FindFile import FindFile
+
+VMSError = OSError
def getMailObjectInfo():
all_users = user.all_users()
@@ -13,7 +15,7 @@
with FindFile (fn) as ifn:
ifn.__next__()
return True
- except VMSError, e:
+ except VMSError as e:
return False
objectMailPresent = False
@@ -27,7 +29,7 @@
objectMailPresent = True
if objectMailPresent:
- for u in all_users.values():
+ for u in list(all_users.values()):
if u.username == 'MAIL$SERVER':
objectMailUser = u
objectMailAccount = True
diff --git a/secrules/get_security.py b/secrules/get_security.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvZ2V0X3NlY3VyaXR5LnB5..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvZ2V0X3NlY3VyaXR5LnB5 100644
--- a/secrules/get_security.py
+++ b/secrules/get_security.py
@@ -1,4 +1,4 @@
-from vms import starlet
-from vms import itemList, ossdef, ssdef
-from vms.rtl import lib
+from ovms import starlet
+from ovms import itemList, ossdef, ssdef
+from ovms.rtl import lib
@@ -4,4 +4,4 @@
-def get_security(fn, clsnam='FILE'):
- itm = [itemList.itemList (code=ossdef.OSS__ACL_READ),
+def get_security(fn, clsnam=b'FILE'):
+ itm = (itemList.itemList (code=ossdef.OSS__ACL_READ),
itemList.itemList (code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord),
@@ -7,4 +7,4 @@
itemList.itemList (code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord),
- itemList.itemList (code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong)]
+ itemList.itemList (code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong))
accnam = lib.get_accnam(clsnam)[1]
@@ -9,4 +9,4 @@
accnam = lib.get_accnam(clsnam)[1]
- s,res = starlet.get_security (clsnam, fn, itmlst=itm)
+ s, ctxt, res = starlet.get_security(clsnam, fn, itmlst=itm)
try:
@@ -12,3 +12,3 @@
try:
- own = starlet.idtoasc(res[ossdef.OSS__OWNER])[1]
+ ownstr = starlet.idtoasc(res[ossdef.OSS__OWNER])[1] # type: ignore
except:
@@ -14,4 +14,4 @@
except:
- own = res[ossdef.OSS__OWNER]
+ own: int = res[ossdef.OSS__OWNER] # type: ignore
high_word = int(own / 65536)
low_word = int(own - (high_word *65536))
@@ -16,5 +16,5 @@
high_word = int(own / 65536)
low_word = int(own - (high_word *65536))
- own = "[%o,%o]" % (high_word, low_word)
- prot = lib.format_sogw_prot(res[ossdef.OSS__PROTECTION], access_names=accnam)[1]
+ ownstr = b"[%o,%o]" % (high_word, low_word)
+ prot = lib.format_sogw_prot(res[ossdef.OSS__PROTECTION], access_names=accnam)[1] # type: ignore
acl = []
@@ -20,11 +20,11 @@
acl = []
- v = res[ossdef.OSS__ACL_READ]
- while v != '':
- acl.append(starlet.format_acl(v[:ord(v[0]) - 1], accnam=accnam)[1])
- v = v[ord(v[0]):]
- return own, prot, acl
+ v: bytes = res[ossdef.OSS__ACL_READ] # type: ignore
+ while v != b'':
+ acl.append(starlet.format_acl(v[:v[0]], accnam=accnam)[1])
+ v = v[v[0]:]
+ return ownstr, prot, acl
if __name__ == '__main__':
import sys
filename = sys.argv[1]
clsnam = sys.argv[2]
@@ -26,10 +26,10 @@
if __name__ == '__main__':
import sys
filename = sys.argv[1]
clsnam = sys.argv[2]
- owner, protection, acl = get_security(filename, clsnam)
- print ' Owner:', owner
- print ' Protection:', protection
- print ' Access control list:'
+ owner, protection, acl = get_security(filename, clsnam.encode())
+ print(' Owner:', owner)
+ print(' Protection:', protection)
+ print(' Access control list:')
for e in acl:
@@ -35,2 +35,2 @@
for e in acl:
- print 9*' ', e
+ print(9*' ', e)
diff --git a/secrules/rules01.py b/secrules/rules01.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwMS5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwMS5weQ== 100644
--- a/secrules/rules01.py
+++ b/secrules/rules01.py
@@ -2,13 +2,13 @@
__version__ = '1.0'
#__all__ = ['rule1201', 'rule1202', 'rule1203']
-from common import level_rule
-from vms.rtl import lib
-from vms import syidef, uaidef, prvdef, dvidef, ossdef
-from vms import user
-from vms import starlet
-from vms import itemList
-from vms import crtl
+from .common import level_rule
+from ovms.rtl import lib
+from ovms import syidef, uaidef, prvdef, dvidef, ossdef
+from ovms import user
+from ovms import starlet
+from ovms import itemList
+from ovms import crtl
@level_rule(1)
def rule0101(fo, ftm):
@@ -21,8 +21,8 @@
all_users = user.all_users()
if not ftm:
- print >>fo, 'Rule 0101'
- print >>fo, '========='
- for u in all_users.values():
+ print('Rule 0101', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
if (u.uic_group <= maxsysgroup) and (u.dialup_access_p != '\xff\xff\xff'):
if ftm:
@@ -27,4 +27,4 @@
if (u.uic_group <= maxsysgroup) and (u.dialup_access_p != '\xff\xff\xff'):
if ftm:
- print >>fo, '0101"1" %-12s [%o,%o]' % (u.username, u.uic_group, u.uic_member)
+ print('0101"1" %-12s [%o,%o]' % (u.username.decode(), u.uic_group, u.uic_member), file=fo)
else:
@@ -30,5 +30,5 @@
else:
- print >>fo, '%-12s [%o,%o]' % (u.username, u.uic_group, u.uic_member)
+ print('%-12s [%o,%o]' % (u.username.decode(), u.uic_group, u.uic_member), file=fo)
@level_rule(2)
def rule0102(fo, ftm):
@@ -39,7 +39,7 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0102'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0102', file=fo)
+ print('=========', file=fo)
uics = {}
@@ -45,5 +45,5 @@
uics = {}
- for u in all_users.values():
+ for u in list(all_users.values()):
uic = '[%o,%o]' % (u.uic_group, u.uic_member)
if uic in uics:
uics[uic].append(u.username)
@@ -53,5 +53,5 @@
for uic in uics:
if len(uics[uic]) > 1:
if ftm:
- print >>fo, '0102"2"', uic, uics[uic]
+ print('0102"2"', uic, uics[uic], file=fo)
else:
@@ -57,5 +57,5 @@
else:
- print >>fo, uic, uics[uic]
+ print(uic, uics[uic], file=fo)
@level_rule(3)
def rule0103(fo, ftm):
@@ -66,10 +66,10 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0103'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0103', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
if (u.uic_group <= maxsysgroup):
if (u.priv | u.def_priv) & (prvdef.PRV_M_GROUP | prvdef.PRV_M_GRPPRV):
if ftm:
@@ -73,5 +73,5 @@
if (u.uic_group <= maxsysgroup):
if (u.priv | u.def_priv) & (prvdef.PRV_M_GROUP | prvdef.PRV_M_GRPPRV):
if ftm:
- print >>fo, '0103"3"', u.username
+ print('0103"3"', u.username.decode(), file=fo)
else:
@@ -77,5 +77,5 @@
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0104(fo, ftm):
@@ -90,9 +90,9 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0104'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0104', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
if (u.uic_group <= maxsysgroup) and (u.username != 'SYSTEM'):
if ftm:
@@ -97,4 +97,4 @@
if (u.uic_group <= maxsysgroup) and (u.username != 'SYSTEM'):
if ftm:
- print >>fo, '0104"3"', u.username
+ print('0104"3"', u.username.decode(), file=fo)
else:
@@ -100,5 +100,5 @@
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0105(fo, ftm):
@@ -111,9 +111,9 @@
all_users = user.all_users()
if ftm:
- print >>fo
- print >>fo, 'Rule 0105'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0105', file=fo)
+ print('=========', file=fo)
privs = (prvdef.PRV_M_CMKRNL |
prvdef.PRV_M_CMEXEC |
@@ -153,7 +153,7 @@
prvdef.PRV_M_AUDIT |
prvdef.PRV_M_SECURITY)
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.uic_group > maxsysgroup):
if (u.priv | u.def_priv) & privs:
if ftm:
@@ -157,5 +157,5 @@
if (u.uic_group > maxsysgroup):
if (u.priv | u.def_priv) & privs:
if ftm:
- print >>fo, '0105"3"', u.username
+ print('0105"3"', u.username.decode(), file=fo)
else:
@@ -161,5 +161,5 @@
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0106(fo, ftm):
@@ -169,11 +169,11 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0106'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0106', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
try:
lib.getdvi(dvidef.DVI__DEVNAM, None, u.defdev)
except:
if ftm:
@@ -176,6 +176,6 @@
try:
lib.getdvi(dvidef.DVI__DEVNAM, None, u.defdev)
except:
if ftm:
- print >>fo, '0106"3"', u.username
+ print('0106"3"', u.username.decode(), file=fo)
else:
@@ -181,5 +181,5 @@
else:
- print >>fo, u.username, u.defdev
+ print(u.username.decode(), u.defdev.decode(), file=fo)
@level_rule(3)
def rule0107(fo, ftm):
@@ -189,11 +189,11 @@
all_users = user.all_users()
if ftm:
- print >>fo
- print >>fo, 'Rule 0107'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0107', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
try:
lib.getdvi(dvidef.DVI__AVL, None, u.defdev)
except:
if ftm:
@@ -196,6 +196,6 @@
try:
lib.getdvi(dvidef.DVI__AVL, None, u.defdev)
except:
if ftm:
- print >>fo, '0107"3"', u.username
+ print('0107"3"', u.username.decode(), file=fo)
else:
@@ -201,5 +201,5 @@
else:
- print >>fo, u.username, u.defdev
+ print(u.username.decode(), u.defdev.decode(), file=fo)
@level_rule(2)
def rule0108(fo, ftm):
@@ -211,9 +211,9 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0108'
- print >>fo, '========='
- for u in all_users.values():
- if (u.defdir == '') and (u.defdev == ''):
+ print(file=fo)
+ print('Rule 0108', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
+ if (u.defdir == b'') and (u.defdev == b''):
if ftm:
@@ -219,3 +219,3 @@
if ftm:
- print >>fo, '0108"2"', u.username
+ print('0108"2"', u.username.decode(), file=fo)
else:
@@ -221,5 +221,5 @@
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0109(fo, ftm):
@@ -230,8 +230,8 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0109'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0109', file=fo)
+ print('=========', file=fo)
privs = prvdef.PRV_M_TMPMBX | prvdef.PRV_M_NETMBX
@@ -236,5 +236,5 @@
privs = prvdef.PRV_M_TMPMBX | prvdef.PRV_M_NETMBX
- u = all_users['DEFAULT']
+ u = all_users[b'DEFAULT']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
@@ -239,4 +239,4 @@
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username.decode(), file=fo)
else:
@@ -242,5 +242,5 @@
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
privs = (prvdef.PRV_M_TMPMBX |
prvdef.PRV_M_NETMBX |
@@ -253,7 +253,7 @@
prvdef.PRV_M_PRMMBX |
prvdef.PRV_M_LOG_IO |
prvdef.PRV_M_SETPRV)
- if 'FIELD' in all_users:
- u = all_users['FIELD']
+ if b'FIELD' in all_users:
+ u = all_users[b'FIELD']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
@@ -258,4 +258,4 @@
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username.decode(), file=fo)
else:
@@ -261,5 +261,5 @@
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
privs = (prvdef.PRV_M_CMEXEC |
prvdef.PRV_M_IMPERSONATE |
@@ -278,7 +278,7 @@
prvdef.PRV_M_PRMCEB |
prvdef.PRV_M_TMPMBX)
- if 'SYSTEST' in all_users:
- u = all_users['SYSTEST']
+ if b'SYSTEST' in all_users:
+ u = all_users[b'SYSTEST']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
@@ -283,4 +283,4 @@
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username, file=fo)
else:
@@ -286,3 +286,3 @@
else:
- print >>fo, u.username
+ print(u.username, file=fo)
@@ -288,5 +288,5 @@
- if 'SYSTEST_CLIG' in all_users:
- u = all_users['SYSTEST_CLIG']
+ if b'SYSTEST_CLIG' in all_users:
+ u = all_users[b'SYSTEST_CLIG']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
@@ -291,4 +291,4 @@
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username.decode(), file=fo)
else:
@@ -294,5 +294,5 @@
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0110(fo, ftm):
@@ -303,12 +303,12 @@
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
if not ftm:
- print >>fo
- print >>fo, 'Rule 0110'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0110', file=fo)
+ print('=========', file=fo)
load_pwd_policy = lib.getsyi(syidef.SYI__LOAD_PWD_POLICY)[1]
rms_fileprot = lib.getsyi(syidef.SYI__RMS_FILEPROT)[1]
if (load_pwd_policy != 0):
if ftm:
@@ -309,8 +309,8 @@
load_pwd_policy = lib.getsyi(syidef.SYI__LOAD_PWD_POLICY)[1]
rms_fileprot = lib.getsyi(syidef.SYI__RMS_FILEPROT)[1]
if (load_pwd_policy != 0):
if ftm:
- print >>fo, '0110"3"LOAD_PWD_POLICY', load_pwd_policy
+ print('0110"3"LOAD_PWD_POLICY', load_pwd_policy, file=fo)
else:
@@ -316,4 +316,4 @@
else:
- print >>fo, 'LOAD_PWD_POLICY invalid', load_pwd_policy
+ print('LOAD_PWD_POLICY invalid', load_pwd_policy, file=fo)
if (maxsysgroup > 8):
if ftm:
@@ -318,4 +318,4 @@
if (maxsysgroup > 8):
if ftm:
- print >>fo, '0110"3"MAXSYSGROUP', maxsysgroup
+ print('0110"3"MAXSYSGROUP', maxsysgroup, file=fo)
else:
@@ -321,4 +321,4 @@
else:
- print >>fo, 'MAXSYSGROUP invalid' , maxsysgroup
- if (rms_fileprot != 65280):
+ print('MAXSYSGROUP invalid' , maxsysgroup, file=fo)
+ if (rms_fileprot not in (64000, 65280)):
if ftm:
@@ -324,3 +324,3 @@
if ftm:
- print >>fo, '0110"3"RMS_FILEPROT', lib.format_sogw_prot (rms_fileprot)[1]
+ print('0110"3"RMS_FILEPROT', lib.format_sogw_prot(rms_fileprot)[1], file=fo)
else:
@@ -326,6 +326,6 @@
else:
- print >>fo, 'RMS_FILEPROT invalid found', lib.format_sogw_prot (rms_fileprot)[1]
- print >>fo, ' waiting', lib.format_sogw_prot (65280)[1]
+ print('RMS_FILEPROT invalid found', lib.format_sogw_prot(rms_fileprot)[1].decode(), file=fo)
+ print(' waiting', lib.format_sogw_prot(65280)[1].decode(), file=fo)
if __name__ == '__main__':
diff --git a/secrules/rules02.py b/secrules/rules02.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwMi5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwMi5weQ== 100644
--- a/secrules/rules02.py
+++ b/secrules/rules02.py
@@ -1,5 +1,5 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os, os.path
@@ -5,9 +5,9 @@
import os, os.path
-from vms.rtl import lib
-from vms import syidef, uaidef, prvdef, dvidef, ossdef, ssdef
-from vms import user
-from vms import starlet
-from vms import itemList
-from vms import crtl
-from FindFile import FindFile
+from ovms.rtl import lib
+from ovms import syidef, uaidef, prvdef, dvidef, ossdef, ssdef
+from ovms import user
+from ovms import starlet
+from ovms import itemList
+from ovms import crtl
+from ovms.rtl.lib.FindFile import FindFile
@@ -13,4 +13,5 @@
+VMSError = OSError
@level_rule(2)
def rule0201(fo, fmt):
@@ -22,7 +23,7 @@
to the user, the privilege of the user, or the UIC protection on the file."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0201'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0201', file=fo)
+ print('=========', file=fo)
@@ -28,3 +29,3 @@
- with FindFile('SYS$SYSROOT:[000000...]*.*') as fi:
+ with FindFile(b'SYS$SYSROOT:[000000...]*.*') as fi:
for fn in fi:
@@ -30,3 +31,3 @@
for fn in fi:
- it = [itemList.itemList(code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
+ it = (itemList.itemList(code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
try:
@@ -32,5 +33,5 @@
try:
- sec = starlet.get_security(objnam=fn, clsnam='FILE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ sec: int = starlet.get_security(objnam=fn, clsnam='FILE', # type:ignore
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type:ignore
if not ((sec & 0x8000) and (sec & 0x2000)):
if fmt:
@@ -35,4 +36,4 @@
if not ((sec & 0x8000) and (sec & 0x2000)):
if fmt:
- print>>fo, '0201"2"', fn
+ print('0201"2"', fn, file=fo)
else:
@@ -38,7 +39,7 @@
else:
- print>>fo, fn
- print>>fo, ' ' * 10, lib.format_sogw_prot (sec)[1]
- except VMSError, e:
+ print(fn.decode(), file=fo) # type:ignore
+ print(' ' * 10, lib.format_sogw_prot (sec)[1].decode(), file=fo)
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHFILE:
raise
@@ -52,7 +53,7 @@
user, or the UIC protection on the file."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0202'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0202', file=fo)
+ print('=========', file=fo)
@@ -58,7 +59,8 @@
- with FindFile('SYS$SYSROOT:[000000...]*.*') as fi:
- for fn in fi:
- it = [itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
- sec = starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)[1][ossdef.OSS__PROTECTION]
+ with FindFile(b'SYS$SYSROOT:[000000...]*.*') as fi:
+ for fn in fi: # type:ignore
+ fn: bytes
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ sec: int = starlet.get_security(objnam=fn, clsnam='FILE',itmlst=it)[2][ossdef.OSS__PROTECTION] # type:ignore
if not ((sec & 0x800) and (sec & 0x200)):
if fmt:
@@ -63,4 +65,4 @@
if not ((sec & 0x800) and (sec & 0x200)):
if fmt:
- print>>fo, '0202"3"', fn
+ print('0202"3"', fn.decode(), file=fo) # type:ignore
else:
@@ -66,6 +68,6 @@
else:
- print>>fo, fn
- print>>fo, ' ' * 10, lib.format_sogw_prot (sec)[1]
+ print(fn.decode(), file=fo) # type:ignore
+ print(' ' * 10, lib.format_sogw_prot(sec)[1].decode(), file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules03.py b/secrules/rules03.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwMy5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwMy5weQ== 100644
--- a/secrules/rules03.py
+++ b/secrules/rules03.py
@@ -1,9 +1,9 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from FindFile import FindFile
-from get_security import get_security
+from .common import level_rule
+from ovms.rtl.lib.FindFile import FindFile
+from .get_security import get_security
@level_rule(2)
def rule0302(fo, fmt):
@@ -12,7 +12,7 @@
of vulnerability with regards to protection of critical files."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0302'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0302', file=fo)
+ print('=========', file=fo)
@@ -18,7 +18,8 @@
- with FindFile('SYS$SYSROOT:[000000...]*.*') as fi:
- for fn in fi:
- id = get_security (fn)[0]
- if (id != 'SYSTEM') and (id != '[1,1]'):
- if (fn != 'MOM$SYSTEM') and (id != '[376,375]'):
+ with FindFile(b'SYS$SYSROOT:[000000...]*.*') as fi:
+ for fn in fi: # type: ignore
+ fn: bytes
+ id = get_security(fn)[0]
+ if (id != b'SYSTEM') and (id != b'[1,1]'):
+ if (fn != b'MOM$SYSTEM') and (id != b'[376,375]'):
if fmt:
@@ -24,3 +25,3 @@
if fmt:
- print>>fo, '0302"2"', fn
+ print('0302"2"', fn.decode(), file=fo)
else:
@@ -26,6 +27,6 @@
else:
- print>>fo, fn
- print>>fo, ' ' * 10, id
+ print(fn.decode(), file=fo)
+ print(' ' * 10, id.decode(), file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules04.py b/secrules/rules04.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwNC5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwNC5weQ== 100644
--- a/secrules/rules04.py
+++ b/secrules/rules04.py
@@ -1,5 +1,5 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os, os.path
@@ -5,8 +5,8 @@
import os, os.path
-from vms.rtl import lib
-from vms import starlet
-from vms import ossdef, ssdef, rmsdef, dvsdef, dcdef, dvidef, itemList
-from vms import user
-from vms import crtl
-from FindFile import FindFile
+from ovms.rtl import lib
+from ovms import starlet
+from ovms import ossdef, ssdef, rmsdef, dvsdef, dcdef, dvidef, itemList
+from ovms import user
+from ovms import crtl
+from ovms.rtl.lib.FindFile import FindFile
from secrules import get_security
@@ -12,5 +12,7 @@
from secrules import get_security
-from DeviceScan import DeviceScan
+from ovms.starlet.DeviceScan import DeviceScan
+
+VMSError = OSError
@level_rule(2)
def rule0401(fo, fmt):
@@ -21,8 +23,8 @@
data."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0401'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0401', file=fo)
+ print('=========', file=fo)
def fileACL(root):
@@ -27,4 +29,4 @@
def fileACL(root):
- it = [itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),]
+ it = (itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),)
with FindFile(root) as ifn:
@@ -30,3 +32,4 @@
with FindFile(root) as ifn:
- for fn in ifn:
+ for fn in ifn: # type:ignore
+ fn: bytes
try:
@@ -32,5 +35,5 @@
try:
- retacl = starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)
- acllen = int(retacl[1][ossdef.OSS__ACL_LENGTH])
+ retacl = starlet.get_security(objnam=fn, clsnam='FILE',itmlst=it)
+ acllen = int(retacl[2][ossdef.OSS__ACL_LENGTH])
if (acllen != 0):
if fmt:
@@ -35,4 +38,4 @@
if (acllen != 0):
if fmt:
- print>>fo, '0401"2"', fn
+ print('0401"2"', fn.decode(), file=fo)
else:
@@ -38,3 +41,3 @@
else:
- print>>fo, fn
+ print(fn.decode(), file=fo)
for e in get_security.get_security (fn)[2]:
@@ -40,2 +43,3 @@
for e in get_security.get_security (fn)[2]:
+ e: bytes
if not fmt:
@@ -41,6 +45,6 @@
if not fmt:
- print>>fo, ' '*9, e
- except VMSError, e:
- if e.errno != rmsdef.RMS__FNF:
+ print(' '*9, e.decode(), file=fo)
+ except VMSError as err:
+ if err.errno not in (rmsdef.RMS__FNF, ssdef.SS__NOSUCHFILE):
raise
@@ -45,7 +49,7 @@
raise
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
@@ -48,8 +52,8 @@
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileACL(device + '[000000...]*.*')
+ fileACL(device + b'[000000...]*.*')
@level_rule(2)
def rule0403(fo, fmt):
@@ -58,9 +62,9 @@
files can be corrupted or deleted."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0403'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0403', file=fo)
+ print('=========', file=fo)
def fileSYS(root):
with FindFile(root) as fi:
@@ -64,7 +68,8 @@
def fileSYS(root):
with FindFile(root) as fi:
- for fn in fi:
+ for fn in fi: # type: ignore
+ fn: bytes
own = get_security.get_security(fn)[0]
if own not in ('SYSTEM', '[1,1]'):
if fmt:
@@ -68,5 +73,5 @@
own = get_security.get_security(fn)[0]
if own not in ('SYSTEM', '[1,1]'):
if fmt:
- print>>fo, '0403"2"', fn
+ print('0403"2"', fn.decode(), file=fo)
else:
@@ -72,4 +77,4 @@
else:
- print>>fo, fn, own
+ print(fn.decode(), own.decode(), file=fo)
devCtx = 0
@@ -74,6 +79,6 @@
devCtx = 0
- devItm = [itemList.itemList (code=dvsdef.DVS__DEVCLASS, value=dcdef.DC__DISK),]
+ devItm = (itemList.itemList (code=dvsdef.DVS__DEVCLASS, value=dcdef.DC__DISK),)
while(True):
try:
@@ -77,10 +82,10 @@
while(True):
try:
- sts,device,devCtx = starlet.device_scan('*', devItm, devCtx)
+ sts,device,devCtx = starlet.device_scan(b'*', devItm, devCtx)
except:
break
if not lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]:
continue
if lib.getdvi(dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
@@ -81,10 +86,10 @@
except:
break
if not lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]:
continue
if lib.getdvi(dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileSYS(device + '[000000]*.SYS')
+ fileSYS(device + b'[000000]*.SYS')
@level_rule(2)
def rule0404(fo, fmt):
@@ -93,9 +98,9 @@
system inoperable."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0404'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0404', file=fo)
+ print('=========', file=fo)
def fileSYSProt(root):
with FindFile(root) as fi:
@@ -99,7 +104,8 @@
def fileSYSProt(root):
with FindFile(root) as fi:
- for fn in fi:
+ for fn in fi: # type: ignore
+ fn: bytes
prot = get_security.get_security(fn)[1]
if not (prot == 'System: RWED, Owner: RWED, Group: RE, World'):
if fmt:
@@ -103,5 +109,5 @@
prot = get_security.get_security(fn)[1]
if not (prot == 'System: RWED, Owner: RWED, Group: RE, World'):
if fmt:
- print>>fo, '0404"2"', fn
+ print('0404"2"', fn.decode(), file=fo)
else:
@@ -107,8 +113,8 @@
else:
- print>>fo, fn, prot
+ print(fn.decode(), prot.decode(), file=fo)
devCtx = 0
devItm = [itemList.itemList (code=dvsdef.DVS__DEVCLASS, value=dcdef.DC__DISK),]
while(True):
try:
@@ -109,13 +115,13 @@
devCtx = 0
devItm = [itemList.itemList (code=dvsdef.DVS__DEVCLASS, value=dcdef.DC__DISK),]
while(True):
try:
- sts,device,devCtx = starlet.device_scan('*', devItm, devCtx)
+ sts,device,devCtx = starlet.device_scan(b'*', devItm, devCtx)
except:
break
if not lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]:
continue
if lib.getdvi(dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
@@ -116,10 +122,10 @@
except:
break
if not lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]:
continue
if lib.getdvi(dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileSYSProt(device + '[000000]*.SYS')
+ fileSYSProt(device + b'[000000]*.SYS')
@level_rule(2)
def rule0405(fo, fmt):
@@ -129,8 +135,8 @@
them."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0405'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0405', file=fo)
+ print('=========', file=fo)
def fileACLrf(fs):
@@ -135,4 +141,4 @@
def fileACLrf(fs):
- it = [itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),]
+ it = (itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),)
with FindFile (fs) as ifn:
@@ -138,5 +144,6 @@
with FindFile (fs) as ifn:
- for fn in ifn:
- acllen = int (starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)[1][ossdef.OSS__ACL_LENGTH])
+ for fn in ifn: # type:ignore
+ fn: bytes
+ acllen = int (starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)[2][ossdef.OSS__ACL_LENGTH])
if (acllen != 0):
if fmt:
@@ -141,4 +148,4 @@
if (acllen != 0):
if fmt:
- print>>fo, '0405"2"', fn
+ print('0405"2"', fn.decode(), file=fo)
else:
@@ -144,4 +151,4 @@
else:
- print>>fo, fn
+ print(fn, file=fo)
for e in get_security.get_security (fn)[2]:
if not fmt:
@@ -146,4 +153,4 @@
for e in get_security.get_security (fn)[2]:
if not fmt:
- print>>fo, ' '*9, e
+ print(' '*9, e.decode(), file=fo)
@@ -149,6 +156,6 @@
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
@@ -151,8 +158,8 @@
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileACLrf(device + '[000000]*.SYS')
+ fileACLrf(device + b'[000000]*.SYS')
if __name__ == '__main__':
import sys
diff --git a/secrules/rules05.py b/secrules/rules05.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwNS5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwNS5weQ== 100644
--- a/secrules/rules05.py
+++ b/secrules/rules05.py
@@ -1,5 +1,5 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os, os.path
@@ -5,11 +5,11 @@
import os, os.path
-from vms.rtl import lib
-from vms import syidef, uaidef, prvdef, dvidef, ossdef
-from vms import user
-from vms import starlet
-from vms import itemList
-from vms import crtl
+from ovms.rtl import lib
+from ovms import syidef, uaidef, prvdef, dvidef, ossdef
+from ovms import user
+from ovms import starlet
+from ovms import itemList
+from ovms import crtl
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
all_users = user.all_users()
@@ -12,7 +12,10 @@
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
all_users = user.all_users()
+def cmp(a, b):
+ return (a > b) - (a < b)
+
@level_rule(3)
def rule0501(fo, fmt):
""" Not having the DISCTLY flag not set allows these accounts to
@@ -21,6 +24,6 @@
site."""
if not fmt:
- print>>fo, 'Rule 0501'
- print>>fo, '========='
+ print('Rule 0501', file=fo)
+ print('=========', file=fo)
@@ -26,4 +29,4 @@
- for u in all_users.values():
+ for u in list(all_users.values()):
if not (u.flags & uaidef.UAI_M_DISCTLY):
if fmt:
@@ -28,4 +31,4 @@
if not (u.flags & uaidef.UAI_M_DISCTLY):
if fmt:
- print>>fo, '0501"3"', u.username
+ print('0501"3"', u.username.decode(), file=fo)
else:
@@ -31,8 +34,8 @@
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0502(fo, fmt):
"""Ensure the DISCTLY flag is set on all accounts."""
if not fmt:
@@ -33,10 +36,10 @@
@level_rule(3)
def rule0502(fo, fmt):
"""Ensure the DISCTLY flag is set on all accounts."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0502'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0502', file=fo)
+ print('=========', file=fo)
@@ -42,4 +45,4 @@
- for u in all_users.values():
+ for u in list(all_users.values()):
if not (u.flags & uaidef.UAI_M_DEFCLI):
if fmt:
@@ -44,4 +47,4 @@
if not (u.flags & uaidef.UAI_M_DEFCLI):
if fmt:
- print>>fo, '0502"3"', u.username
+ print('0502"3"', u.username.decode(), file=fo)
else:
@@ -47,5 +50,5 @@
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(2)
def rule0503(fo, fmt):
@@ -55,7 +58,7 @@
account -- The LOCKPWD flag should be set."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0503'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0503', file=fo)
+ print('=========', file=fo)
@@ -61,5 +64,5 @@
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_CAPTIVE):
if (u.flags & uaidef.UAI_M_LOCKPWD) or (u.uic_group <= maxsysgroup):
if fmt:
@@ -63,5 +66,5 @@
if (u.flags & uaidef.UAI_M_CAPTIVE):
if (u.flags & uaidef.UAI_M_LOCKPWD) or (u.uic_group <= maxsysgroup):
if fmt:
- print>>fo, '0503"2"', u.username
+ print('0503"2"', u.username.decode(), file=fo)
else:
@@ -67,5 +70,5 @@
else:
- print>>fo, u.username, u.uic_group
+ print(u.username.decode(), u.uic_group, file=fo)
@level_rule(2)
def rule0504(fo, fmt):
@@ -75,7 +78,7 @@
environment."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0504'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0504', file=fo)
+ print('=========', file=fo)
@@ -81,4 +84,4 @@
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_CAPTIVE) and ((u.uic_group <= maxsysgroup) or (u.prccnt != 0)):
if fmt:
@@ -83,4 +86,4 @@
if (u.flags & uaidef.UAI_M_CAPTIVE) and ((u.uic_group <= maxsysgroup) or (u.prccnt != 0)):
if fmt:
- print>>fo, '0504"2"', u.username
+ print('0504"2"', u.username.decode(), file=fo)
else:
@@ -86,5 +89,5 @@
else:
- print>>fo, u.username, u.uic_group, u.prccnt
+ print(u.username.decode(), u.uic_group, u.prccnt, file=fo)
@level_rule(2)
def rule0506(fo, fmt):
@@ -95,7 +98,7 @@
gain access to the system using these accounts."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0506'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0506', file=fo)
+ print('=========', file=fo)
@@ -101,4 +104,4 @@
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.lastlogin_i == 0) and (u.lastlogin_n == 0) and not (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
@@ -103,4 +106,4 @@
if (u.lastlogin_i == 0) and (u.lastlogin_n == 0) and not (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
- print>>fo, '0506"2"', u.username
+ print('0506"2"', u.username.decode(), file=fo)
else:
@@ -106,5 +109,5 @@
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(2)
def rule0507(fo, fmt):
@@ -113,10 +116,10 @@
utilized as a means to gain unauthorized access to the system."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0507'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0507', file=fo)
+ print('=========', file=fo)
delta_time = starlet.bintim("90 00:00:00.00")[1]
current_time = starlet.bintim(starlet.asctim()[1])[1]
limit_time = current_time + delta_time
@@ -119,7 +122,7 @@
delta_time = starlet.bintim("90 00:00:00.00")[1]
current_time = starlet.bintim(starlet.asctim()[1])[1]
limit_time = current_time + delta_time
- for u in all_users.values():
+ for u in list(all_users.values()):
if ((u.lastlogin_i < limit_time) and (u.lastlogin_n < limit_time )) and not (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
@@ -124,4 +127,4 @@
if ((u.lastlogin_i < limit_time) and (u.lastlogin_n < limit_time )) and not (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
- print>>fo, '0507"2"', u.username
+ print('0507"2"', u.username.decode(), file=fo)
else:
@@ -127,5 +130,5 @@
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0508(fo, fmt):
@@ -134,7 +137,7 @@
resources."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0508'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0508', file=fo)
+ print('=========', file=fo)
@@ -140,4 +143,4 @@
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
@@ -142,4 +145,4 @@
if (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
- print>>fo, '0508"3"', u.username
+ print('0508"3"', u.username.decode(), file=fo)
else:
@@ -145,5 +148,5 @@
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0509(fo, fmt):
@@ -152,9 +155,9 @@
resources."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0509'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0509', file=fo)
+ print('=========', file=fo)
current_time = starlet.bintim(starlet.asctim()[1])[1]
@@ -158,6 +161,6 @@
current_time = starlet.bintim(starlet.asctim()[1])[1]
- for u in all_users.values():
+ for u in list(all_users.values()):
if (0 < u.expiration < current_time):
if fmt:
@@ -162,4 +165,4 @@
if (0 < u.expiration < current_time):
if fmt:
- print>>fo, '0509"3"', u.username
+ print('0509"3"', u.username.decode(), file=fo)
else:
@@ -165,5 +168,5 @@
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(2)
def rule0510(fo, fmt):
@@ -173,9 +176,9 @@
confidentiality of customer data."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0510'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0510', file=fo)
+ print('=========', file=fo)
lst = (("LGI_BRK_TERM", syidef.SYI__LGI_BRK_TERM, 0, 0),
("LGI_BRK_DISUSER", syidef.SYI__LGI_BRK_DISUSER, 0, -1, 1),
@@ -192,5 +195,5 @@
r = lib.getsyi(p[1])[1]
if cmp(r, p[2]) not in p[3:]:
if fmt:
- print>>fo, '0510"2"', p[0]
+ print('0510"2"', p[0], file=fo)
else:
@@ -196,5 +199,5 @@
else:
- print>>fo, p[0]
+ print(p[0], file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules06.py b/secrules/rules06.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwNi5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwNi5weQ== 100644
--- a/secrules/rules06.py
+++ b/secrules/rules06.py
@@ -1,5 +1,5 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
@@ -5,10 +5,10 @@
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import syidef
-from DisplayProxy import DisplayProxy
-from user_exists import user_exists
-from FindFile import FindFile, file_exists
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import syidef
+from .DisplayProxy import DisplayProxy
+from .user_exists import user_exists
+from ovms.rtl.lib.FindFile import FindFile, file_exists
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
@@ -20,10 +20,10 @@
allows access from nodes not currently added to the network."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0601'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0601', file=fo)
+ print('=========', file=fo)
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
if '*' in (proxy_node, proxy_user):
if fmt:
@@ -26,6 +26,6 @@
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
if '*' in (proxy_node, proxy_user):
if fmt:
- print>>fo, '0601"2"', proxy_node, proxy_user
+ print('0601"2"', proxy_node, proxy_user, file=fo)
else:
@@ -31,5 +31,5 @@
else:
- print>>fo, proxy_node, proxy_user, default_user, local_users
+ print(proxy_node, proxy_user, default_user, local_users, file=fo)
@level_rule(2)
def rule0602(fo, fmt):
@@ -39,8 +39,8 @@
user."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0602'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0602', file=fo)
+ print('=========', file=fo)
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
@@ -45,5 +45,6 @@
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
- if (default_user != '*') and (default_user != ''):
+ local_users_str = tuple([us.decode() for us in local_users])
+ if (default_user != b'*') and (default_user != b''):
if user_exists(default_user)[0] is None:
if fmt:
@@ -48,4 +49,4 @@
if user_exists(default_user)[0] is None:
if fmt:
- print>>fo, '0602"2"', proxy_node, proxy_user
+ print('0602"2"', proxy_node, proxy_user, file=fo)
else:
@@ -51,4 +52,4 @@
else:
- print>>fo, '1', proxy_node, proxy_user, default_user
- print>>fo, proxy_node, proxy_user, default_user, local_users
+ print('1', proxy_node.decode(), proxy_user.decode(), default_user.decode(), file=fo)
+ print(proxy_node.decode(), proxy_user.decode(), default_user.decode(), local_users_str, file=fo)
for l in local_users:
@@ -54,4 +55,4 @@
for l in local_users:
- if (l != '*') and (l != ''):
+ if (l != b'*') and (l != b''):
if user_exists(l)[0] is None:
if fmt:
@@ -56,4 +57,4 @@
if user_exists(l)[0] is None:
if fmt:
- print>>fo, '0602', proxy_node, proxy_user
+ print('0602', proxy_node.decode(), proxy_user.decode(), file=fo)
else:
@@ -59,6 +60,6 @@
else:
- print>>fo, '2', proxy_node, proxy_user, l
- print>>fo, proxy_node, proxy_user, default_user, local_users
+ print('2', proxy_node.decode(), proxy_user.decode(), l.decode(), file=fo)
+ print(proxy_node.decode(), proxy_user.decode(), default_user.decode(), local_users_str, file=fo)
@level_rule(2)
def rule0603(fo, fmt):
@@ -66,8 +67,8 @@
to occur remotely without the user even logging in."""
if not fmt:
- print
- print>>fo, 'Rule 0603'
- print>>fo, '========='
+ print()
+ print('Rule 0603', file=fo)
+ print('=========', file=fo)
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
@@ -72,6 +73,6 @@
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
- if (default_user != '*') and (default_user != ''):
+ if (default_user != b'*') and (default_user != b''):
g, m = user_exists(default_user)
if (g is not None) and (g <= maxsysgroup):
if fmt:
@@ -75,5 +76,5 @@
g, m = user_exists(default_user)
if (g is not None) and (g <= maxsysgroup):
if fmt:
- print>>fo, '0603"2"', proxy_node, proxy_user
+ print('0603"2"', proxy_node.decode(), proxy_user.decode(), file=fo)
else:
@@ -79,3 +80,3 @@
else:
- print>>fo, proxy_node, proxy_user, default_user
+ print(proxy_node.decode(), proxy_user.decode(), default_user.decode(), file=fo)
for l in local_users:
@@ -81,5 +82,5 @@
for l in local_users:
- if (l != '*') and (l != ''):
+ if (l != b'*') and (l != b''):
g, m = user_exists(local_users)
if (g is not None) and (g <= maxsysgroup):
if fmt:
@@ -83,5 +84,5 @@
g, m = user_exists(local_users)
if (g is not None) and (g <= maxsysgroup):
if fmt:
- print>>fo, proxy_node, proxy_user
+ print(proxy_node.decode(), proxy_user.decode(), file=fo)
else:
@@ -87,5 +88,5 @@
else:
- print>>fo, proxy_node, proxy_user, l
+ print(proxy_node.decode(), proxy_user.decode(), l.decode(), file=fo)
@level_rule(2)
def rule0604(fo, fmt):
@@ -93,9 +94,9 @@
attack, or a potential for unintended enabling of the object in the future."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0604'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0604', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
@@ -103,5 +104,5 @@
for t, u, i in r:
if user_exists(u)[0] is None:
if fmt:
- print>>fo, '0604"2"', t, u
+ print('0604"2"', t, u, file=fo)
else:
@@ -107,5 +108,5 @@
else:
- print>>fo, t, u
+ print(t, u, file=fo)
@level_rule(2)
def rule0605(fo, fmt):
@@ -113,9 +114,9 @@
operations to occur remotely without the user even logging in."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0605'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0605', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
@@ -124,5 +125,5 @@
g, m = user_exists(u)
if (g is not None) and (g <= maxsysgroup):
if fmt:
- print>>fo, '0605"2"', t, u
+ print('0605"2"', t, u, file=fo)
else:
@@ -128,5 +129,5 @@
else:
- print>>fo, t, u
+ print(t, u, file=fo)
@level_rule(3)
def rule0606(fo,fmt):
@@ -134,11 +135,11 @@
object from being used."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0606'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0606', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
for t, u, i in r:
@@ -140,7 +141,7 @@
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
for t, u, i in r:
- if not file_exists(i):
+ if not file_exists(i.encode()):
if fmt:
@@ -146,3 +147,3 @@
if fmt:
- print>>fo, '0606"3"', t, u, i
+ print('0606"3"', t, u, i, file=fo)
else:
@@ -148,5 +149,5 @@
else:
- print>>fo, t, u, i
+ print(t, u, i, file=fo)
@level_rule(3)
def rule0607(fo, fmt):
@@ -157,9 +158,9 @@
object."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0607'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0607', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
@@ -167,5 +168,5 @@
for t, u, i in r:
if (t == 'TASK'):
if fmt:
- print>>fo, '0607"3"', t, u, i
+ print('0607"3"', t, u, i, file=fo)
else:
@@ -171,6 +172,6 @@
else:
- print>>fo, t, u, i
+ print(t, u, i, file=fo)
if __name__ == '__main__':
import sys
fo = open(sys.argv[1], 'w') if len(sys.argv) > 1 else sys.stdout
@@ -173,11 +174,11 @@
if __name__ == '__main__':
import sys
fo = open(sys.argv[1], 'w') if len(sys.argv) > 1 else sys.stdout
- rule601(fo, len(sys.argv) > 2)
- rule602(fo, len(sys.argv) > 2)
- rule603(fo, len(sys.argv) > 2)
- rule604(fo, len(sys.argv) > 2)
- rule605(fo, len(sys.argv) > 2)
- rule606(fo, len(sys.argv) > 2)
- rule607(fo, len(sys.argv) > 2)
+ rule0601(fo, len(sys.argv) > 2)
+ rule0602(fo, len(sys.argv) > 2)
+ rule0603(fo, len(sys.argv) > 2)
+ rule0604(fo, len(sys.argv) > 2)
+ rule0605(fo, len(sys.argv) > 2)
+ rule0606(fo, len(sys.argv) > 2)
+ rule0607(fo, len(sys.argv) > 2)
diff --git a/secrules/rules07.py b/secrules/rules07.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwNy5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwNy5weQ== 100644
--- a/secrules/rules07.py
+++ b/secrules/rules07.py
@@ -1,10 +1,10 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms.rtl import lib
-from vms import ssdef, kgbdef, ossdef, dcdef, dvidef
-from vms import itemList
+from .common import level_rule
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import ssdef, kgbdef, ossdef, dcdef, dvidef
+from ovms import itemList
from secrules import get_security
from secrules import user_exists
@@ -9,6 +9,8 @@
from secrules import get_security
from secrules import user_exists
-from DeviceScan import DeviceScan
+from ovms.starlet.DeviceScan import DeviceScan
+
+VMSError = OSError
ids = (('BATCH',0x80000001),
('DIALUP',0x80000002),
@@ -24,9 +26,9 @@
with system resources."""
if not fmt:
- print>>fo
- print>>fo, "RULE 0701"
- print>>fo, "---------"
+ print(file=fo)
+ print("RULE 0701", file=fo)
+ print("---------", file=fo)
for n, v in ids:
try:
@@ -30,6 +32,6 @@
for n, v in ids:
try:
- s, idn, idv, ida = starlet.idtoasc(v)
+ s, idn, idv, ida, ctxt = starlet.idtoasc(v)
if idn != n:
if fmt:
@@ -34,4 +36,4 @@
if idn != n:
if fmt:
- print>>fo, '0701"2"', '%s %x' % (n, v)
+ print('0701"2"', '%s %x' % (n, v), file=fo)
else:
@@ -37,4 +39,4 @@
else:
- print>>fo, '%s %x' % (n, v)
- except VMSError, e:
+ print('%s %x' % (n, v), file=fo)
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHID:
@@ -40,3 +42,3 @@
if e.errno != ssdef.SS__NOSUCHID:
- print>>fo, e
+ print(e, file=fo)
if fmt:
@@ -42,3 +44,3 @@
if fmt:
- print>>fo, '0701"2"', '%s %x' % (n, v)
+ print('0701"2"', '%s %x' % (n, v), file=fo)
else:
@@ -44,5 +46,5 @@
else:
- print>>fo, '%s %x' % (n, v)
+ print('%s %x' % (n, v), file=fo)
@level_rule(2)
def rule0702(fo, fmt):
@@ -51,9 +53,9 @@
(e.g., critical files, directories, etc.)."""
if not fmt:
- print>>fo
- print>>fo, "RULE 0702"
- print>>fo, "---------"
+ print(file=fo)
+ print("RULE 0702", file=fo)
+ print("---------", file=fo)
id = 0xFFFFFFFF # do a wildcard lookup
context = 0
@@ -61,5 +63,5 @@
while (cont):
try:
s, idn, idv, ida, context = starlet.idtoasc(id, context)
- if (idv < 0x80000000L):
+ if (idv < 0x80000000):
continue
@@ -65,4 +67,4 @@
continue
- if idn in ('BATCH', 'DIALUP', 'INTERACTIVE', 'LOCAL', 'REMOTE',
- 'NETWORK', 'DECWINDOWS'):
+ if idn in (b'BATCH', b'DIALUP', b'INTERACTIVE', b'LOCAL', b'REMOTE',
+ b'NETWORK', b'DECWINDOWS'):
continue
@@ -68,5 +70,5 @@
continue
- if idn.split('$')[0] in ('NET', 'SYS', 'SECSRV', 'VMS'):
+ if idn.split(b'$')[0] in (b'NET', b'SYS', b'SECSRV', b'VMS'):
continue
try:
s, holder, attrib = starlet.find_holder(idv)
@@ -70,8 +72,8 @@
continue
try:
s, holder, attrib = starlet.find_holder(idv)
- except VMSError, e:
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHID:
raise e
idvs = "%%X%X" % idv
if fmt:
@@ -74,6 +76,6 @@
if e.errno != ssdef.SS__NOSUCHID:
raise e
idvs = "%%X%X" % idv
if fmt:
- print>>fo, '0702"2"', "id = %s idn = %s" % (idvs, idn)
+ print('0702"2"', "id = %s idn = %s" % (idvs, idn.decode()), file=fo)
else:
@@ -79,6 +81,6 @@
else:
- print>>fo, "id = %s idn = %s" % (idvs, idn)
- except VMSError, e:
+ print("id = %s idn = %s" % (idvs, idn.decode()), file=fo)
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHID:
raise e
cont = False
@@ -92,9 +94,9 @@
and delete entries in the table."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0703'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0703', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
@@ -98,8 +100,8 @@
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- own = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security(objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(own / 65536)
low_word = int(own - (high_word *65536))
@@ -103,6 +105,6 @@
high_word = int(own / 65536)
low_word = int(own - (high_word *65536))
- own = "[%o,%o]" % (high_word, low_word)
- if own != '[1,4]':
+ own_str = "[%o,%o]" % (high_word, low_word)
+ if own_str != '[1,4]':
if fmt:
@@ -108,3 +110,3 @@
if fmt:
- print>>fo, '0703"2"', own
+ print('0703"2"', own_str, file=fo)
else:
@@ -110,5 +112,5 @@
else:
- print>>fo, own
+ print(own_str, file=fo)
@level_rule(2)
def rule0704(fo, fmt):
@@ -117,8 +119,8 @@
circumvent certain system security measures or override safeguards."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0704'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0704', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
@@ -123,7 +125,7 @@
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security(objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not ((prot & 0x8000) and (prot & 0x4000) and (prot & 0x2000)):
if fmt:
@@ -127,5 +129,5 @@
if not ((prot & 0x8000) and (prot & 0x4000) and (prot & 0x2000)):
if fmt:
- print>>fo, '0704"2" LNM$SYSTEM_TABLE'
+ print('0704"2" LNM$SYSTEM_TABLE', file=fo)
else:
@@ -131,5 +133,5 @@
else:
- print>>fo, 'LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1]
+ print('LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule0705(fo, fmt):
@@ -138,8 +140,8 @@
a user to circumvent certain system security measures or override safeguards."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0705'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0705', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
@@ -144,7 +146,7 @@
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not ((prot & 0x800) and (prot & 0x400) and (prot & 0x200)):
if fmt:
@@ -148,5 +150,5 @@
if not ((prot & 0x800) and (prot & 0x400) and (prot & 0x200)):
if fmt:
- print>>fo, '0705"2" LNM$SYSTEM_TABLE'
+ print('0705"2" LNM$SYSTEM_TABLE', file=fo)
else:
@@ -152,5 +154,5 @@
else:
- print>>fo, 'LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1]
+ print('LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule0706(fo, fmt):
@@ -158,8 +160,8 @@
identifiers granted to them."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0706'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0706', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),]
@@ -164,7 +166,7 @@
it = [itemList.itemList(code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),]
- acllen = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__ACL_LENGTH]
+ acllen:int = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__ACL_LENGTH] # type:ignore
if (acllen != 0):
if fmt:
@@ -168,5 +170,5 @@
if (acllen != 0):
if fmt:
- print>>fo, '0706"2" LNM$SYSTEM_TABLE'
+ print('0706"2" LNM$SYSTEM_TABLE', file=fo)
else:
@@ -172,5 +174,5 @@
else:
- print>>fo, get_security.get_security('LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE')
+ print(get_security.get_security(b'LNM$SYSTEM_TABLE', clsnam=b'LOGICAL_NAME_TABLE'), file=fo)
@level_rule(1)
def rule0707(fo, fmt):
@@ -178,9 +180,9 @@
and compromise system integrity."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0707'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0707', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
@@ -184,11 +186,11 @@
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
if (own != '[1,4]') and (own != '[1,1]'):
if fmt:
@@ -189,8 +191,8 @@
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
if (own != '[1,4]') and (own != '[1,1]'):
if fmt:
- print>>fo, '0707"1" SYS$SYSDEVICE:'
+ print('0707"1" SYS$SYSDEVICE:', file=fo)
else:
@@ -196,5 +198,5 @@
else:
- print>>fo, 'SYS$SYSDEVICE:', own
+ print('SYS$SYSDEVICE:', own, file=fo)
@level_rule(2)
def rule0708(fo, fmt):
@@ -202,9 +204,9 @@
A privately mounted disk should be owned by a valid user in the SYSUAF."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0708'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0708', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
@@ -208,8 +210,8 @@
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
@@ -219,5 +221,5 @@
g, m =user_exists.user_exists(r[1])
if g is None:
if fmt:
- print>>fo, '0708"2" SYS$SYSDEVICE:', r[1]
+ print('0708"2" SYS$SYSDEVICE:', r[1], file=fo)
else:
@@ -223,5 +225,5 @@
else:
- print>>fo, 'SYS$SYSDEVICE:', r[1], own
- except VMSError, e:
+ print('SYS$SYSDEVICE:', r[1], own, file=fo)
+ except VMSError as e:
if e == ssdef.SS__NOSUCHID:
if fmt:
@@ -226,4 +228,4 @@
if e == ssdef.SS__NOSUCHID:
if fmt:
- print>>fo, '0708"2" SYS$SYSDEVICE:'
+ print('0708"2" SYS$SYSDEVICE:', file=fo)
else:
@@ -229,5 +231,5 @@
else:
- print>>fo, 'SYS$SYSDEVICE:', own
+ print('SYS$SYSDEVICE:', own, file=fo)
else:
raise e
@@ -237,9 +239,9 @@
data or files to unauthorized users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0709'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0709', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
@@ -243,8 +245,8 @@
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not (prot & 0xFE00):
if fmt:
@@ -248,5 +250,5 @@
if not (prot & 0xFE00):
if fmt:
- print>>fo, '0709"2" SYS$SYSDEVICE:'
+ print('0709"2" SYS$SYSDEVICE:', file=fo)
else:
@@ -252,5 +254,5 @@
else:
- print>>fo, 'SYS$SYSDEVICE:', lib.format_sogw_prot (prot)[1]
+ print('SYS$SYSDEVICE:', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule0710(fo, fmt):
@@ -259,7 +261,7 @@
scavenging."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0710'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0710', file=fo)
+ print('=========', file=fo)
@@ -265,8 +267,8 @@
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
if lib.getdvi (dvidef.DVI__NOHIGHWATER, device_name=device)[1]:
if fmt:
@@ -267,8 +269,8 @@
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
if lib.getdvi (dvidef.DVI__NOHIGHWATER, device_name=device)[1]:
if fmt:
- print>>fo, '0710"2"', device
+ print('0710"2"', device, file=fo)
else:
@@ -274,5 +276,5 @@
else:
- print>>fo, device, 'NOHIGHWATER'
+ print(device, 'NOHIGHWATER', file=fo)
@level_rule(2)
def rule0711(fo, fmt):
@@ -282,7 +284,7 @@
users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0711'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0711', file=fo)
+ print('=========', file=fo)
@@ -288,8 +290,8 @@
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
if not lib.getdvi (dvidef.DVI__ERASE_ON_DELETE, device_name=device)[1]:
if fmt:
@@ -290,8 +292,8 @@
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
if not lib.getdvi (dvidef.DVI__ERASE_ON_DELETE, device_name=device)[1]:
if fmt:
- print>>fo, '0711"2"', device
+ print('0711"2"', device.decode(), file=fo)
else:
@@ -297,5 +299,5 @@
else:
- print>>fo, device, 'NO ERASE_ON_DELETE'
+ print(device.decode(), 'NO ERASE_ON_DELETE', file=fo)
@level_rule(2)
def rule0712(fo, fmt):
@@ -303,9 +305,9 @@
security risk."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0712'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0712', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
@@ -309,11 +311,11 @@
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam=b'DEVICE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
if (own != '[1,4]') and (own != '[1,1]'):
if fmt:
@@ -314,8 +316,8 @@
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
if (own != '[1,4]') and (own != '[1,1]'):
if fmt:
- print>>fo, '0712"2" Device SYS$SYSDEVICE:'
+ print('0712"2" Device SYS$SYSDEVICE:', file=fo)
else:
@@ -321,5 +323,5 @@
else:
- print>>fo, 'Device SYS$SYSDEVICE:', own
+ print('Device SYS$SYSDEVICE:', own, file=fo)
@level_rule(2)
def rule0713(fo, fmt):
@@ -329,9 +331,9 @@
privileges on the volume."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0713'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0713', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
@@ -335,8 +337,8 @@
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
@@ -346,5 +348,5 @@
g, m =user_exists.user_exists(r[1])
if g is None:
if fmt:
- print>>fo, '0713"2" Volume SYS$SYSDEVICE:'
+ print('0713"2" Volume SYS$SYSDEVICE:', file=fo)
else:
@@ -350,5 +352,5 @@
else:
- print>>fo, 'SYS$SYSDEVICE:', r[1], own
- except VMSError, e:
+ print('SYS$SYSDEVICE:', r[1].decode(), own, file=fo)
+ except VMSError as e:
if e == ssdef.SS__NOSUCHID:
if fmt:
@@ -353,4 +355,4 @@
if e == ssdef.SS__NOSUCHID:
if fmt:
- print>>fo, '0713"2" Volume SYS$SYSDEVICE:'
+ print('0713"2" Volume SYS$SYSDEVICE:', file=fo)
else:
@@ -356,5 +358,5 @@
else:
- print>>fo, 'SYS$SYSDEVICE:', own
+ print('SYS$SYSDEVICE:', own, file=fo)
else:
raise e
@@ -364,9 +366,9 @@
disks. By default, all users should be granted RWCD access to the volume."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0714'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0714', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
@@ -370,6 +372,6 @@
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
accnam = lib.get_accnam('VOLUME')[1]
@@ -375,4 +377,4 @@
accnam = lib.get_accnam('VOLUME')[1]
- pvw = lib.format_sogw_prot (prot,access_names=accnam)[1].split(',')[3]
+ pvw = lib.format_sogw_prot (prot,access_names=accnam)[1].split(b',')[3].decode()
if pvw[8:] != 'RWCD':
if fmt:
@@ -377,4 +379,4 @@
if pvw[8:] != 'RWCD':
if fmt:
- print >>fo, '0714"2"SYS$SYSDEVICE:', pvw
+ print('0714"2"SYS$SYSDEVICE:', pvw, file=fo)
else:
@@ -380,5 +382,5 @@
else:
- print >>fo, 'SYS$SYSDEVICE: bad World protection', pvw
+ print('SYS$SYSDEVICE: bad World protection', pvw, file=fo)
if __name__ == '__main__':
diff --git a/secrules/rules08.py b/secrules/rules08.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwOC5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwOC5weQ== 100644
--- a/secrules/rules08.py
+++ b/secrules/rules08.py
@@ -1,10 +1,10 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms import user
-from vms import uaidef
+from .common import level_rule
+from ovms import starlet
+from ovms import user
+from ovms import uaidef
@level_rule(1)
def rule0801(fo, fmt):
@@ -14,9 +14,9 @@
unintentional tampering with critical system resources."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0801'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0801', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -20,9 +20,9 @@
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.pwd_length == 0):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
@@ -24,7 +24,7 @@
if (u.pwd_length == 0):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0801"1"', u.username, du
+ print('0801"1"', u.username.decode(), du, file=fo)
else:
@@ -30,5 +30,5 @@
else:
- print>>fo, u.username, u.pwd_length, du
+ print(u.username.decode(), u.pwd_length, du, file=fo)
@level_rule(2)
def rule0802(fo, fmt):
@@ -42,9 +42,9 @@
and thus gaining access to the system."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0802'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0802', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -48,9 +48,9 @@
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_DISPWDDIC):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
@@ -52,7 +52,7 @@
if (u.flags & uaidef.UAI_M_DISPWDDIC):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0802"2"', u.username, du
+ print('0802"2"', u.username.decode(), du, file=fo)
else:
@@ -58,5 +58,5 @@
else:
- print>>fo, u.username, du
+ print(u.username.decode(), du, file=fo)
@level_rule(2)
def rule0803(fo, fmt):
@@ -70,9 +70,9 @@
system."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0803'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0803', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -76,9 +76,9 @@
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_DISPWDHIS):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
@@ -80,7 +80,7 @@
if (u.flags & uaidef.UAI_M_DISPWDHIS):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0803"2"', u.username, du
+ print('0803"2"', u.username.decode(), du, file=fo)
else:
@@ -86,5 +86,5 @@
else:
- print>>fo, u.username, du
+ print(u.username.decode(), du, file=fo)
@level_rule(2)
def rule0804(fo, fmt):
@@ -96,9 +96,9 @@
may be guessed thus allowing potential unauthorized access to the system."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0804'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0804', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -102,9 +102,9 @@
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.pwd_length < 8):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
@@ -106,7 +106,7 @@
if (u.pwd_length < 8):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0804"2"', u.username, du
+ print('0804"2"', u.username.decode(), du, file=fo)
else:
@@ -112,5 +112,5 @@
else:
- print>>fo, u.username, u.pwd_length, du
+ print(u.username.decode(), u.pwd_length, du, file=fo)
@level_rule(2)
def rule0805(fo, fmt):
@@ -124,9 +124,9 @@
password within 90 days."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0805'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0805', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -130,9 +130,9 @@
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.pwd_lifetime > 90) or (u.pwd_lifetime == 0):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
@@ -134,7 +134,7 @@
if (u.pwd_lifetime > 90) or (u.pwd_lifetime == 0):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0805"2"', u.username, du
+ print('0805"2"', u.username.decode(), du, file=fo)
else:
@@ -140,5 +140,5 @@
else:
- print>>fo, u.username, u.pwd_lifetime, du
+ print(u.username.decode(), u.pwd_lifetime, du, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules09.py b/secrules/rules09.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMwOS5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMwOS5weQ== 100644
--- a/secrules/rules09.py
+++ b/secrules/rules09.py
@@ -1,5 +1,5 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
@@ -5,9 +5,9 @@
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import itemList
-from vms import ossdef
-from FindFile import FindFile, file_exists
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import itemList
+from ovms import ossdef
+from ovms.rtl.lib.FindFile import FindFile, file_exists
@level_rule(2)
def rule0901(fo, fmt):
@@ -17,8 +17,8 @@
environment."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0901'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0901', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList (code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord),]
@@ -23,10 +23,11 @@
it = [itemList.itemList (code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord),]
- with FindFile ('Sys$Startup:*.*','') as ifn:
- for fn in ifn:
- prot = starlet.get_security (objnam=fn, clsnam='FILE', itmlst=it)[1][ossdef.OSS__PROTECTION]
+ with FindFile (b'SYS$STARTUP:*.*', b'') as ifn:
+ for fn in ifn: # type: ignore
+ fn: bytes
+ prot: int = starlet.get_security (objnam=fn, clsnam='FILE', itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not ((prot & 0x8000) and
(prot & 0x4000) and
(prot & 0x2000) and
(prot & 0x1000)):
if fmt:
@@ -28,7 +29,7 @@
if not ((prot & 0x8000) and
(prot & 0x4000) and
(prot & 0x2000) and
(prot & 0x1000)):
if fmt:
- print>>fo, '0901"2"', fn
+ print('0901"2"', fn, file=fo)
else:
@@ -34,6 +35,6 @@
else:
- print>>fo, fn
- print>>fo, ' ' * 10, lib.format_sogw_prot (prot)[1]
+ print(fn.decode(), file=fo)
+ print(' ' * 10, lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(3)
def rule0902(fo, fmt):
@@ -45,11 +46,11 @@
privileged access allowing a user to gain unauthorized system access."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0902'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0902', file=fo)
+ print('=========', file=fo)
pok = True
with os.popen('Search Sys$System:Startup.Log -FNF/Win=(1,0) /noHead') as p:
for pi in p:
if pok:
if fmt:
@@ -51,7 +52,7 @@
pok = True
with os.popen('Search Sys$System:Startup.Log -FNF/Win=(1,0) /noHead') as p:
for pi in p:
if pok:
if fmt:
- print >>fo, '0902"3"', pi,
+ print('0902"3"', pi, end=' ', file=fo)
else:
@@ -57,5 +58,5 @@
else:
- print >>fo, pi,
+ print(pi, end=' ', file=fo)
pok = not pok
@level_rule(2)
@@ -64,7 +65,7 @@
inconsistency in the review criteria."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0903'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0903', file=fo)
+ print('=========', file=fo)
@@ -70,8 +71,8 @@
- lsf = ('SYS$SYSTEM:STARTUP.COM',
- 'SYS$MANAGER:SYSTARTUP_VMS.COM',
- 'SYS$SYSTEM:IA64VMSSYS.PAR')
+ lsf = (b'SYS$SYSTEM:STARTUP.COM',
+ b'SYS$MANAGER:SYSTARTUP_VMS.COM',
+ b'SYS$SYSTEM:IA64VMSSYS.PAR')
for fn in lsf:
if not file_exists(fn):
if fmt:
@@ -74,6 +75,6 @@
for fn in lsf:
if not file_exists(fn):
if fmt:
- print>>fo, '0903"2"', fn
+ print('0903"2"', fn, file=fo)
else:
@@ -79,5 +80,5 @@
else:
- print>>fo, fn
+ print(fn, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules10.py b/secrules/rules10.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMxMC5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMxMC5weQ== 100644
--- a/secrules/rules10.py
+++ b/secrules/rules10.py
@@ -1,7 +1,7 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
@level_rule(2)
@@ -9,8 +9,8 @@
""" This prevents accounting history from being recorded."""
if not fmt:
- print >>fo, 'RULE 1001'
- print >>fo, '========='
+ print('RULE 1001', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW ACCOUNTING') as p:
r = [x[:-1] for x in p]
@@ -19,5 +19,5 @@
break
if 'disable' in a:
if fmt:
- print >>fo, '1001"2" Accounting is disable'
+ print('1001"2" Accounting is disable', file=fo)
else:
@@ -23,5 +23,5 @@
else:
- print >>fo, 'Accounting is disable'
+ print('Accounting is disable', file=fo)
break
@level_rule(2)
@@ -31,8 +31,8 @@
made to gain unauthorized access to the system."""
if not fmt:
- print >>fo, 'RULE 1002'
- print >>fo, '========='
+ print('RULE 1002', file=fo)
+ print('=========', file=fo)
f = False
with os.popen('SHOW ACCOUNTING') as p:
r = [x[:-1] for x in p]
@@ -42,5 +42,5 @@
f = True
if not f:
if fmt:
- print >>fo, '1002"2" LOGIN_FAILURE not accounted'
+ print('1002"2" LOGIN_FAILURE not accounted', file=fo)
else:
@@ -46,8 +46,8 @@
else:
- print >>fo, 'LOGIN_FAILURE not accounted'
+ print('LOGIN_FAILURE not accounted', file=fo)
@level_rule(1)
def rule1003(fo, fmt):
""" All system security alarms are currently disabled."""
if not fmt:
@@ -48,11 +48,11 @@
@level_rule(1)
def rule1003(fo, fmt):
""" All system security alarms are currently disabled."""
if not fmt:
- print >>fo, 'RULE 1003'
- print >>fo, '========='
+ print('RULE 1003', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW AUDIT/ALARM') as p:
r = [x[:-1] for x in p]
@@ -61,5 +61,5 @@
break
if 'disable' in a:
if fmt:
- print >>fo, '1003"1" Alarms auditing is disable'
+ print('1003"1" Alarms auditing is disable', file=fo)
else:
@@ -65,5 +65,5 @@
else:
- print >>fo, 'Alarms auditing is disable'
+ print('Alarms auditing is disable', file=fo)
break
@level_rule(2)
@@ -71,8 +71,8 @@
""" Some security alarms are not being reported."""
if not fmt:
- print >>fo, 'RULE 1004'
- print >>fo, '========='
+ print('RULE 1004', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW AUDIT/ALARM') as p:
r = [x[:-1] for x in p]
brk = False
@@ -84,5 +84,5 @@
acl = True
if not brk:
if fmt:
- print >>fo, '1004"2" Breakin not audited (alarm)'
+ print('1004"2" Breakin not audited (alarm)', file=fo)
else:
@@ -88,4 +88,4 @@
else:
- print >>fo, 'Breakin not audited (alarm)'
+ print('Breakin not audited (alarm)', file=fo)
if not acl:
if fmt:
@@ -90,4 +90,4 @@
if not acl:
if fmt:
- print >>fo, '1004"2" ACL not audited (alarm)'
+ print('1004"2" ACL not audited (alarm)', file=fo)
else:
@@ -93,5 +93,5 @@
else:
- print >>fo, 'ACL not audited (alarm)'
+ print('ACL not audited (alarm)', file=fo)
@level_rule(1)
def rule1006(fo, fmt):
@@ -99,8 +99,8 @@
being recorded."""
if not fmt:
- print >>fo, 'RULE 1006'
- print >>fo, '========='
+ print('RULE 1006', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW AUDIT/AUDIT') as p:
r = [x[:-1] for x in p]
@@ -109,5 +109,5 @@
break
if 'disable' in a:
if fmt:
- print >>fo, '1006"1" Report auditing is disable'
+ print('1006"1" Report auditing is disable', file=fo)
else:
@@ -113,5 +113,5 @@
else:
- print >>fo, 'Report auditing is disable'
+ print('Report auditing is disable', file=fo)
break
@level_rule(2)
@@ -119,8 +119,8 @@
""" Some security infractions are not being recorded."""
if not fmt:
- print >>fo, 'RULE 1007'
- print >>fo, '=============='
+ print('RULE 1007', file=fo)
+ print('==============', file=fo)
with os.popen('SHOW AUDIT/AUDIT') as p:
r = [x[:-1] for x in p]
@@ -146,5 +146,5 @@
lgf = True
if not brk:
if fmt:
- print >>fo, '1007"2"', brk_lst
+ print('1007"2"', brk_lst, file=fo)
else:
@@ -150,4 +150,4 @@
else:
- print >>fo, brk_lst
+ print(brk_lst, file=fo)
if not acl:
if fmt:
@@ -152,4 +152,4 @@
if not acl:
if fmt:
- print >>fo, '1007"2" ACL not audited'
+ print('1007"2" ACL not audited', file=fo)
else:
@@ -155,4 +155,4 @@
else:
- print >>fo, 'ACL not audited'
+ print('ACL not audited', file=fo)
if not aut:
if fmt:
@@ -157,4 +157,4 @@
if not aut:
if fmt:
- print >>fo, '1007"2" Authorization not audited'
+ print('1007"2" Authorization not audited', file=fo)
else:
@@ -160,4 +160,4 @@
else:
- print >>fo, 'Authorization not audited'
+ print('Authorization not audited', file=fo)
if not lgf:
if fmt:
@@ -162,4 +162,4 @@
if not lgf:
if fmt:
- print >>fo, '1007"2"', lgf_list
+ print('1007"2"', lgf_list, file=fo)
else:
@@ -165,5 +165,5 @@
else:
- print lgf_list
+ print(lgf_list)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules11.py b/secrules/rules11.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMxMS5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMxMS5weQ== 100644
--- a/secrules/rules11.py
+++ b/secrules/rules11.py
@@ -1,5 +1,5 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
@@ -5,12 +5,12 @@
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import user
-from vms import ossdef, uaidef, syidef, prvdef
-from vms import itemList
-from FindFile import FindFile
-from FindFile import file_exists
-from getMailObjectInfo import getMailObjectInfo
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import user
+from ovms import ossdef, uaidef, syidef, prvdef
+from ovms import itemList
+from ovms.rtl.lib.FindFile import FindFile
+from ovms.rtl.lib.FindFile import file_exists
+from .getMailObjectInfo import getMailObjectInfo
@level_rule(2)
def rule1101(fo, fmt):
@@ -18,8 +18,8 @@
This prevents analysis of the mail files associated with these users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1101'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1101', file=fo)
+ print('=========', file=fo)
with os.popen('@MAIL_FORWARD.COM') as p:
@@ -24,6 +24,6 @@
with os.popen('@MAIL_FORWARD.COM') as p:
- r = [x[1:-1] for x in p]
+ r = [x[:-1] for x in p]
for e in r:
if not (e == ''):
if fmt:
@@ -27,5 +27,5 @@
for e in r:
if not (e == ''):
if fmt:
- print>>fo, '1101"2"', e
+ print('1101"2"', e, file=fo)
else:
@@ -31,5 +31,5 @@
else:
- print>>fo, e
+ print(e, file=fo)
@level_rule(2)
def rule1102(fo, fmt):
@@ -38,9 +38,9 @@
The listed files should have their protection changed to (RW,RW,,)."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1102'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1102', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -44,7 +44,7 @@
all_users = user.all_users()
- it = [itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
- for u in all_users.values():
- df = u.defdev + u.defdir + 'MAIL.MAI'
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ for u in list(all_users.values()):
+ df: bytes = u.defdev + u.defdir + b'MAIL.MAI'
if file_exists(df):
@@ -50,4 +50,4 @@
if file_exists(df):
- prot = starlet.get_security(objnam=df, clsnam='FILE',itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security(objnam=df, clsnam=b'FILE',itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if (prot != 0xFFCC):
if fmt:
@@ -52,4 +52,4 @@
if (prot != 0xFFCC):
if fmt:
- print>>fo, '1102"2"', df
+ print('1102"2"', df.decode(), file=fo)
else:
@@ -55,6 +55,6 @@
else:
- print>>fo, df
- print>>fo, ' ' * 10, lib.format_sogw_prot (prot)[1]
+ print(df.decode(), file=fo)
+ print(' ' * 10, lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule1103(fo, fmt):
@@ -63,10 +63,10 @@
on that file. These files should be changed to specify the proper owner."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1103'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1103', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
@@ -69,7 +69,7 @@
all_users = user.all_users()
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
- for u in all_users.values():
- df = u.defdev+ u.defdir+'MAIL.MAI'
+ for u in list(all_users.values()):
+ df: bytes = u.defdev+ u.defdir + b'MAIL.MAI'
if file_exists(df):
@@ -75,6 +75,6 @@
if file_exists(df):
- own = starlet.get_security (objnam=df, clsnam='FILE',itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security (objnam=df, clsnam='FILE',itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
g = int(own / 65536)
m = int(own - (g *65536))
if (u.uic_group != g) or (u.uic_member != m):
if fmt:
@@ -77,6 +77,6 @@
g = int(own / 65536)
m = int(own - (g *65536))
if (u.uic_group != g) or (u.uic_member != m):
if fmt:
- print>>fo, '1103"2"', u.username
+ print('1103"2"', u.username, file=fo)
else:
@@ -82,5 +82,5 @@
else:
- print>>fo, "%s [%o,%o] %s [%o,%o]" % (df, g, m, u.username, u.uic_group, u.uic_member)
+ print("%s [%o,%o] %s [%o,%o]" % (df, g, m, u.username, u.uic_group, u.uic_member), file=fo)
@level_rule(3)
def rule1104(fo, fmt):
@@ -92,11 +92,11 @@
that the last system upgrade (for openVMS) may have been incomplete."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1104'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1104', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if p:
if fmt:
@@ -98,7 +98,7 @@
p, a, u = getMailObjectInfo()
if p:
if fmt:
- print>>fo, '1104"3" MAIL object present'
+ print('1104"3" MAIL object present', file=fo)
else:
@@ -104,8 +104,8 @@
else:
- print>>fo, 'MAIL object present'
+ print('MAIL object present', file=fo)
@level_rule(4)
def rule1105(fo, fmt):
""" This prohibits mail transmissions across the network."""
if not fmt:
@@ -106,14 +106,14 @@
@level_rule(4)
def rule1105(fo, fmt):
""" This prohibits mail transmissions across the network."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1105'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1105', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a:
if fmt:
@@ -115,7 +115,7 @@
p, a, u = getMailObjectInfo()
if not a:
if fmt:
- print>>fo, '1105"4" Account MAIL$SERVER missing'
+ print('1105"4" Account MAIL$SERVER missing', file=fo)
else:
@@ -121,5 +121,5 @@
else:
- print>>fo, 'Account MAIL$SERVER missing'
+ print('Account MAIL$SERVER missing', file=fo)
@level_rule(2)
def rule1106(fo, fmt):
@@ -128,8 +128,8 @@
be set on this account."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1106'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1106', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
@@ -134,4 +134,4 @@
p, a, u = getMailObjectInfo()
- if a and not (u.flags & uaidef.UAI_M_RESTRICTED):
+ if a and u is not None and not (u.flags & uaidef.UAI_M_RESTRICTED):
if fmt:
@@ -137,3 +137,3 @@
if fmt:
- print>>fo, '1106"2" Account MAIL$SERVER not RESTRICTED'
+ print('1106"2" Account MAIL$SERVER not RESTRICTED', file=fo)
else:
@@ -139,5 +139,5 @@
else:
- print>>fo, 'Account MAIL$SERVER not RESTRICTED'
+ print('Account MAIL$SERVER not RESTRICTED', file=fo)
@level_rule(2)
def rule1107(fo, fmt):
@@ -147,10 +147,10 @@
is greater than that specified in the SYSGEN parameter MAXSYSGROUP."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1107'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1107', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
@@ -153,6 +153,6 @@
p, a, u = getMailObjectInfo()
if not a: return
- if (u.uic_group <= lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]):
+ if u is not None and (u.uic_group <= lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]):
if fmt:
@@ -158,3 +158,3 @@
if fmt:
- print>>fo, '1107"2" Account MAIL$SERVER have System Group'
+ print('1107"2" Account MAIL$SERVER have System Group', file=fo)
else:
@@ -160,5 +160,5 @@
else:
- print>>fo, "%s [%o,%o]" % ('Account MAIL$SERVER System Group', u.uic_group, u.uic_member)
+ print("%s [%o,%o]" % ('Account MAIL$SERVER System Group', u.uic_group, u.uic_member), file=fo)
@level_rule(4)
def rule1108(fo, fmt):
@@ -166,10 +166,10 @@
inhibits mail transmission across the network."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1108'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1108', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
@@ -172,6 +172,6 @@
p, a, u = getMailObjectInfo()
if not a: return
- if (u.flags & uaidef.UAI_M_DISACNT):
+ if u is not None and (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
@@ -177,3 +177,3 @@
if fmt:
- print>>fo, '1108"4" Account MAIL$SERVER is DISUSER'
+ print('1108"4" Account MAIL$SERVER is DISUSER', file=fo)
else:
@@ -179,5 +179,5 @@
else:
- print>>fo, 'Account MAIL$SERVER is DISUSER'
+ print('Account MAIL$SERVER is DISUSER', file=fo)
@level_rule(1)
def rule1109(fo, fmt):
@@ -186,10 +186,10 @@
processes, which could exploit this vulnerability."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1109'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1109', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
@@ -192,6 +192,6 @@
p, a, u = getMailObjectInfo()
if not a: return
- if (u.pwd_length < 8):
+ if u is not None and (u.pwd_length < 8):
if fmt:
@@ -197,3 +197,3 @@
if fmt:
- print>>fo, '1109"1" Account MAIL$SERVER Password Length'
+ print('1109"1" Account MAIL$SERVER Password Length', file=fo)
else:
@@ -199,8 +199,8 @@
else:
- print>>fo, 'Account MAIL$SERVER Password Length', u.pwd_length
+ print('Account MAIL$SERVER Password Length', u.pwd_length, file=fo)
@level_rule(4)
def rule1110(fo, fmt):
""" This prohibits mail transmissions across the network."""
if not fmt:
@@ -201,13 +201,13 @@
@level_rule(4)
def rule1110(fo, fmt):
""" This prohibits mail transmissions across the network."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1110'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1110', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
@@ -210,7 +210,7 @@
p, a, u = getMailObjectInfo()
if not a: return
- if ((u.network_access_p != '\x00\x00\x00') and
- (u.network_access_s != '\x00\x00\x00')):
+ if (u is not None and (u.network_access_p != b'\x00\x00\x00') and
+ (u.network_access_s != b'\x00\x00\x00')):
if fmt:
@@ -216,3 +216,3 @@
if fmt:
- print>>fo, '1110"4" MAIL$SERVER no Netwrok Access'
+ print('1110"4" MAIL$SERVER no Network Access', file=fo)
else:
@@ -218,5 +218,5 @@
else:
- print>>fo, 'Account MAIL$SERVER no Netwrok Access'
+ print('Account MAIL$SERVER no Network Access', file=fo)
@level_rule(2)
def rule1111(fo, fmt):
@@ -227,10 +227,10 @@
user. This account should have these accesses disabled."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1111'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1111', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
@@ -233,7 +233,7 @@
p, a, u = getMailObjectInfo()
if not a: return
- if ((u.batch_access_p != '\xff\xff\xff') and
- (u.batch_access_s != '\xff\xff\xff')):
+ if (u is not None and (u.batch_access_p != b'\xff\xff\xff') and
+ (u.batch_access_s != b'\xff\xff\xff')):
if fmt:
@@ -239,3 +239,3 @@
if fmt:
- print>>fo, '1111"2" MAIL$SERVER have REMOTE Access'
+ print('1111"2" MAIL$SERVER have REMOTE Access', file=fo)
else:
@@ -241,3 +241,3 @@
else:
- print>>fo, 'Account MAIL$SERVER have REMOTE Access'
+ print('Account MAIL$SERVER have REMOTE Access', file=fo)
@@ -243,4 +243,4 @@
- if ((u.remote_access_p != '\xff\xff\xff') and
- (u.remote_access_s != '\xff\xff\xff')):
+ if (u is not None and (u.remote_access_p != b'\xff\xff\xff') and
+ (u.remote_access_s != b'\xff\xff\xff')):
if fmt:
@@ -246,3 +246,3 @@
if fmt:
- print>>fo, '1111"2" MAIL$SERVER have REMOTE Access'
+ print('1111"2" MAIL$SERVER have REMOTE Access', file=fo)
else:
@@ -248,3 +248,3 @@
else:
- print>>fo, 'Account MAIL$SERVER have REMOTE Access'
+ print('Account MAIL$SERVER have REMOTE Access', file=fo)
@@ -250,4 +250,4 @@
- if ((u.dialup_access_p != '\xff\xff\xff') and
- (u.dialup_access_s != '\xff\xff\xff')):
+ if (u is not None and (u.dialup_access_p != b'\xff\xff\xff') and
+ (u.dialup_access_s != b'\xff\xff\xff')):
if fmt:
@@ -253,3 +253,3 @@
if fmt:
- print>>fo, '1111"2" MAIL$SERVER have DIALUP Access'
+ print('1111"2" MAIL$SERVER have DIALUP Access', file=fo)
else:
@@ -255,5 +255,5 @@
else:
- print>>fo, 'Account MAIL$SERVER have DIALUP Access'
+ print('Account MAIL$SERVER have DIALUP Access', file=fo)
@level_rule(4)
def rule1112(fo, fmt):
@@ -261,10 +261,10 @@
function. Lack of these privileges can impede mail transmissions."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1112'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1112', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
@@ -267,6 +267,6 @@
p, a, u = getMailObjectInfo()
if not a: return
- if not (u.priv & prvdef.PRV_M_NETMBX):
+ if u is not None and not (u.priv & prvdef.PRV_M_NETMBX):
if fmt:
@@ -272,3 +272,3 @@
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER privilege NETMBX missing'
+ print('1112"4" Account MAIL$SERVER privilege NETMBX missing', file=fo)
else:
@@ -274,4 +274,4 @@
else:
- print>>fo, 'Account MAIL$SERVER privilege NETMBX missing'
- if not (u.def_priv & prvdef.PRV_M_NETMBX):
+ print('Account MAIL$SERVER privilege NETMBX missing', file=fo)
+ if u is not None and not (u.def_priv & prvdef.PRV_M_NETMBX):
if fmt:
@@ -277,3 +277,3 @@
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER default privilege NETMBX missing'
+ print('1112"4" Account MAIL$SERVER default privilege NETMBX missing', file=fo)
else:
@@ -279,3 +279,3 @@
else:
- print>>fo, 'Account MAIL$SERVER default privilege NETMBX missing'
+ print('Account MAIL$SERVER default privilege NETMBX missing', file=fo)
@@ -281,3 +281,3 @@
- if not (u.priv & prvdef.PRV_M_TMPMBX):
+ if u is not None and not (u.priv & prvdef.PRV_M_TMPMBX):
if fmt:
@@ -283,3 +283,3 @@
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER privilege TMPMBX missing'
+ print('1112"4" Account MAIL$SERVER privilege TMPMBX missing', file=fo)
else:
@@ -285,4 +285,4 @@
else:
- print>>fo, 'Account MAIL$SERVER privilege TMPMBX missing'
- if not (u.def_priv & prvdef.PRV_M_TMPMBX):
+ print('Account MAIL$SERVER privilege TMPMBX missing', file=fo)
+ if u is not None and not (u.def_priv & prvdef.PRV_M_TMPMBX):
if fmt:
@@ -288,3 +288,3 @@
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER default privilege TMPMBX missing'
+ print('1112"4" Account MAIL$SERVER default privilege TMPMBX missing', file=fo)
else:
@@ -290,5 +290,5 @@
else:
- print>>fo, 'Account MAIL$SERVER default privilege TMPMBX missing'
+ print('Account MAIL$SERVER default privilege TMPMBX missing', file=fo)
@level_rule(2)
def rule1113(fo, fmt):
@@ -299,11 +299,11 @@
properly."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1113'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1113', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
msk_prv = prvdef.PRV_M_NETMBX | prvdef.PRV_M_TMPMBX
@@ -305,7 +305,7 @@
p, a, u = getMailObjectInfo()
if not a: return
msk_prv = prvdef.PRV_M_NETMBX | prvdef.PRV_M_TMPMBX
- if (u.def_priv ^msk_prv) != 0:
+ if u is not None and (u.def_priv ^msk_prv) != 0:
if fmt:
@@ -311,3 +311,3 @@
if fmt:
- print>>fo, '1113"2" Account MAIL$SERVER excessive default privileges'
+ print('1113"2" Account MAIL$SERVER excessive default privileges', file=fo)
else:
@@ -313,4 +313,4 @@
else:
- print>>fo, 'Account MAIL$SERVER excessive default privileges'
- if (u.priv ^msk_prv) != 0:
+ print('Account MAIL$SERVER excessive default privileges', file=fo)
+ if u is not None and (u.priv ^ msk_prv) != 0:
if fmt:
@@ -316,3 +316,3 @@
if fmt:
- print>>fo, '1113"2" Account MAIL$SERVER excessive privileges'
+ print('1113"2" Account MAIL$SERVER excessive privileges', file=fo)
else:
@@ -318,5 +318,5 @@
else:
- print>>fo, 'Account MAIL$SERVER excessive privileges'
+ print('Account MAIL$SERVER excessive privileges', file=fo)
@level_rule(2)
def rule1114(fo, fmt):
@@ -324,9 +324,9 @@
unauthorized user."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1114'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1114', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
@@ -330,8 +330,8 @@
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
- own = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
g = int(own / 65536)
m = int(own - (g *65536))
if (g != 1) or (m != 4):
if fmt:
@@ -334,6 +334,6 @@
g = int(own / 65536)
m = int(own - (g *65536))
if (g != 1) or (m != 4):
if fmt:
- print>>fo, '1114"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner'
+ print('1114"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner', file=fo)
else:
@@ -339,5 +339,5 @@
else:
- print>>fo, "%s [%o,%o]" % ('SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner', g, m,)
+ print("%s [%o,%o]" % ('SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner', g, m,), file=fo)
@level_rule(2)
def rule1115(fo, fmt):
@@ -345,7 +345,7 @@
users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1115'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1115', file=fo)
+ print('=========', file=fo)
@@ -351,6 +351,6 @@
- it = [ itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord)]
- prot = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[1][ossdef.OSS__PROTECTION]
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ prot: int = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if (prot != 0xFF88):
if fmt:
@@ -354,5 +354,5 @@
if (prot != 0xFF88):
if fmt:
- print>>fo, '1115"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad protection'
+ print('1115"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad protection', file=fo)
else:
@@ -358,5 +358,5 @@
else:
- print>>fo, 'SYS$SYSTEM:VMSMAIL_PROFILE.DATA', lib.format_sogw_prot (prot)[1]
+ print('SYS$SYSTEM:VMSMAIL_PROFILE.DATA', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule1116(fo, fmt):
@@ -364,7 +364,7 @@
indicate tampering with the operational environment."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1116'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1116', file=fo)
+ print('=========', file=fo)
@@ -370,3 +370,3 @@
- if not file_exists('SYS$SYSTEM:MAIL_SERVER.EXE'):
+ if not file_exists(b'SYS$SYSTEM:MAIL_SERVER.EXE'):
if fmt:
@@ -372,3 +372,3 @@
if fmt:
- print >>fo, '1116"2"SYS$SYSTEM:MAIL_SERVER.EXE not exists'
+ print('1116"2"SYS$SYSTEM:MAIL_SERVER.EXE not exists', file=fo)
else:
@@ -374,5 +374,5 @@
else:
- print >>fo, 'SYS$SYSTEM:MAIL_SERVER.EXE not exists'
+ print('SYS$SYSTEM:MAIL_SERVER.EXE not exists', file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules12.py b/secrules/rules12.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMxMi5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMxMi5weQ== 100644
--- a/secrules/rules12.py
+++ b/secrules/rules12.py
@@ -1,10 +1,10 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms.rtl import lib
-from vms import queues, quidef
+from .common import level_rule
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import queues, quidef
accname = lib.get_accnam('QUEUE')[1]
@@ -14,7 +14,7 @@
By default, the printer and batch queues should be owned by the SYSTEM account."""
if not fmt:
- print >>fo, 'RULE 1201'
- print >>fo, '========='
+ print('RULE 1201', file=fo)
+ print('=========', file=fo)
for q in queues.all_queues():
nam = q.queue_name
@@ -19,7 +19,7 @@
for q in queues.all_queues():
nam = q.queue_name
- own = q.owner_uic
+ own: int = q.owner_uic # type: ignore
g = int(own / 65536)
m = int(own - (g *65536))
if (g != 1) or (m != 4):
if fmt:
@@ -22,6 +22,6 @@
g = int(own / 65536)
m = int(own - (g *65536))
if (g != 1) or (m != 4):
if fmt:
- print >>fo, '1201"2"', nam
+ print('1201"2"', nam.decode(), file=fo)
else:
@@ -27,5 +27,5 @@
else:
- print >>fo, "%s [%o,%o]" % (nam, g, m)
+ print("%s [%o,%o]" % (nam.decode(), g, m), file=fo)
@level_rule(2)
def rule1202(fo, fmt):
@@ -33,7 +33,7 @@
compromised. Queues should retain their default protection values as specified when initialized."""
if not fmt:
- print >>fo, 'RULE 1202'
- print >>fo, '========='
+ print('RULE 1202', file=fo)
+ print('=========', file=fo)
for q in queues.all_queues():
nam = q.queue_name
@@ -38,5 +38,5 @@
for q in queues.all_queues():
nam = q.queue_name
- prot = q.protection
+ prot: int = q.protection # type: ignore
if (prot != 0xDE7B):
if fmt:
@@ -41,5 +41,5 @@
if (prot != 0xDE7B):
if fmt:
- print >>fo, '1202"2"', nam
+ print('1202"2"', nam, file=fo)
else:
prt = lib.format_sogw_prot(prot, access_names=accname)[1]
@@ -44,8 +44,8 @@
else:
prt = lib.format_sogw_prot(prot, access_names=accname)[1]
- print >>fo, nam, prt
+ print(nam, prt.decode(), file=fo)
@level_rule(3)
def rule1203(fo, fmt):
""" This denies print/batch service to users via these queues."""
if not fmt:
@@ -47,8 +47,8 @@
@level_rule(3)
def rule1203(fo, fmt):
""" This denies print/batch service to users via these queues."""
if not fmt:
- print >>fo, 'RULE 1203'
- print >>fo, '========='
+ print('RULE 1203', file=fo)
+ print('=========', file=fo)
for q in queues.all_queues():
@@ -54,5 +54,5 @@
for q in queues.all_queues():
- nam = q.queue_name
+ nam: bytes = q.queue_name
qsts = q.queue_status
if (qsts & quidef.QUI_M_QUEUE_STOPPED):
if fmt:
@@ -56,5 +56,5 @@
qsts = q.queue_status
if (qsts & quidef.QUI_M_QUEUE_STOPPED):
if fmt:
- print >>fo, '1203"3"', nam
+ print('1203"3"', nam.decode(), file=fo)
else:
@@ -60,5 +60,5 @@
else:
- print >>fo, nam, 'Stopped'
+ print(nam.decode(), 'Stopped', file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules13.py b/secrules/rules13.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMxMy5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMxMy5weQ== 100644
--- a/secrules/rules13.py
+++ b/secrules/rules13.py
@@ -1,13 +1,15 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms.rtl import lib
-from vms import user
-from vms import rmsdef, ossdef
-from vms import itemList
-from FindFile import FindFile, file_exists
+from .common import level_rule
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import user
+from ovms import rmsdef, ossdef, ssdef
+from ovms import itemList
+from ovms.rtl.lib.FindFile import FindFile, file_exists
+
+VMSError = OSError
def path_exists(fn):
try:
@@ -11,6 +13,6 @@
def path_exists(fn):
try:
- with FindFile (fn, '') as ifn:
+ with FindFile (fn, b'') as ifn:
ifn.__next__()
return 1
@@ -15,4 +17,4 @@
ifn.__next__()
return 1
- except StopIteration, e:
+ except StopIteration as e:
return 3
@@ -18,5 +20,5 @@
return 3
- except VMSError, e:
+ except VMSError as e:
return 2
@level_rule(3)
@@ -26,6 +28,6 @@
are no longer in use."""
if not fmt:
- print >>fo, 'RULE 1301'
- print >>fo, '========='
+ print('RULE 1301', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -31,4 +33,4 @@
all_users = user.all_users()
- for u in all_users.values():
- if u.username == 'DEFAULT':
+ for u in list(all_users.values()):
+ if u.username == b'DEFAULT':
if not fmt:
@@ -34,3 +36,3 @@
if not fmt:
- print >>fo, 'skip default account'
+ print('skip default account', file=fo)
continue
@@ -36,4 +38,4 @@
continue
- fn = u.defdev + u.defdir + '*.*'
+ fn: bytes = u.defdev + u.defdir + b'*.*'
if (path_exists(fn) == 2):
if fmt:
@@ -38,4 +40,4 @@
if (path_exists(fn) == 2):
if fmt:
- print >>fo, '1301"3"', fn
+ print('1301"3"', fn.decode(), file=fo)
else:
@@ -41,5 +43,5 @@
else:
- print >>fo, fn, 'not exists', u.username
+ print(fn.decode(), 'not exists', u.username.decode(), file=fo)
@level_rule(2)
def rule1303(fo, fmt):
@@ -49,6 +51,6 @@
listed accesses to the file."""
if not fmt:
- print >>fo, 'RULE 1303'
- print >>fo, '========='
+ print('RULE 1303', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -54,6 +56,6 @@
all_users = user.all_users()
- it = [itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
- for u in all_users.values():
- fn = u.defdev+u.defdir+'*.*'
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ for u in list(all_users.values()):
+ fn = u.defdev + u.defdir + b'*.*'
if (path_exists(fn)== 1):
sep = (u.defdev+u.defdir)[-1:]
@@ -58,7 +60,8 @@
if (path_exists(fn)== 1):
sep = (u.defdev+u.defdir)[-1:]
- arbo = (u.defdev+u.defdir)[:-1]+'...' + sep + '*.*'
- with FindFile(arbo, '')as ifn:
- for f in ifn:
+ arbo = (u.defdev+u.defdir)[:-1] + b'...' + sep + b'*.*'
+ with FindFile(arbo, b'')as ifn:
+ for f in ifn: # type: ignore
+ f: bytes
try:
retsec = starlet.get_security(objnam=f, clsnam='FILE',itmlst=it)
@@ -63,6 +66,6 @@
try:
retsec = starlet.get_security(objnam=f, clsnam='FILE',itmlst=it)
- prot = retsec[1][ossdef.OSS__PROTECTION]
+ prot: int = retsec[2][ossdef.OSS__PROTECTION] # type: ignore
if ((prot & 0x8000) or
(prot & 0x4000) or
(prot & 0x2000) or
@@ -72,5 +75,5 @@
(prot & 0x200) or
(prot & 0x100)):
if fmt:
- print >>fo, '1303"2"', f
+ print('1303"2"', f, file=fo)
else:
@@ -76,8 +79,8 @@
else:
- print >>fo, f
- print >>fo, ' ' * 10, lib.format_sogw_prot (prot)[1]
- except VMSError, e:
- if e.errno != rmsdef.RMS__FNF:
+ print(f.decode(), file=fo)
+ print(' ' * 10, lib.format_sogw_prot (prot)[1].decode(), file=fo)
+ except VMSError as e:
+ if e.errno not in (rmsdef.RMS__FNF, ssdef.SS__NOSUCHFILE):
raise
@level_rule(2)
@@ -86,7 +89,7 @@
the files in the directory, and possibly all files in the directory tree."""
if not fmt:
- print >>fo, 'RULE 1304'
- print >>fo, '========='
+ print('RULE 1304', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
all_users = user.all_users()
@@ -91,9 +94,9 @@
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
all_users = user.all_users()
- for u in all_users.values():
- fn = u.defdev + u.defdir
- fn = fn[:-1].replace('<','[')
- d = fn.split('[')[1]
- fu = fn + '.-]' + d + '.DIR'
+ for u in list(all_users.values()):
+ fn: bytes = u.defdev + u.defdir
+ fn = fn[:-1].replace(b'<', b'[')
+ d = fn.split(b'[')[1]
+ fu = fn + b'.-]' + d + b'.DIR'
if not file_exists(fu):
continue
@@ -98,8 +101,8 @@
if not file_exists(fu):
continue
- own = starlet.get_security(objnam=fu, clsnam='FILE', itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security(objnam=fu, clsnam='FILE', itmlst=it)[2][ossdef.OSS__OWNER] # type:ignore
high = int(own / 65536)
low = int(own - high * 65536)
if high != u.uic_group or low != u.uic_member:
mark = '*' if high == 1 and low in (1, 4) else ''
if fmt:
@@ -101,7 +104,7 @@
high = int(own / 65536)
low = int(own - high * 65536)
if high != u.uic_group or low != u.uic_member:
mark = '*' if high == 1 and low in (1, 4) else ''
if fmt:
- print >>fo, '1304"2"', mark, u.username
+ print('1304"2"', mark, u.username.decode(), file=fo)
else:
@@ -107,8 +110,8 @@
else:
- print >>fo, mark, u.username
+ print(mark, u.username.decode(), file=fo)
@level_rule(3)
def rule1310(fo, fmt):
""" This could prevent the user accounts from functioning properly. It could indicate a denial of service situation."""
if not fmt:
@@ -109,9 +112,9 @@
@level_rule(3)
def rule1310(fo, fmt):
""" This could prevent the user accounts from functioning properly. It could indicate a denial of service situation."""
if not fmt:
- print >>fo, 'RULE 1310'
- print >>fo, '========='
+ print('RULE 1310', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
@@ -117,5 +120,5 @@
all_users = user.all_users()
- for u in all_users.values():
- df = u.defdev + u.defdir + '*.*'
- lgicmd = ''
+ for u in list(all_users.values()):
+ df = u.defdev + u.defdir + b'*.*'
+ lgicmd:bytes = b''
try:
@@ -121,5 +124,6 @@
try:
- with FindFile (u.lgicmd if u.lgicmd != '' else 'LOGIN.COM', df) as fi:
- for f in fi:
+ with FindFile (u.lgicmd if u.lgicmd != b'' else b'LOGIN.COM', df) as fi:
+ for f in fi: # type: ignore
+ f: bytes
lgicmd = f
break
@@ -124,4 +128,4 @@
lgicmd = f
break
- except VMSError, e:
+ except VMSError as e:
continue
@@ -127,3 +131,3 @@
continue
- if lgicmd == '' or not file_exists(lgicmd):
+ if lgicmd == b'' or not file_exists(lgicmd):
if fmt:
@@ -129,3 +133,3 @@
if fmt:
- print >>fo, '1310"3"', u.username
+ print('1310"3"', u.username.decode(), file=fo)
else:
@@ -131,5 +135,5 @@
else:
- print >>fo, u.username,lgicmd
+ print(u.username.decode(), lgicmd.decode(), file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules14.py b/secrules/rules14.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMxNC5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMxNC5weQ== 100644
--- a/secrules/rules14.py
+++ b/secrules/rules14.py
@@ -1,4 +1,4 @@
# -*- coding: iso-8859-1 -*-
-from common import level_rule
+from .common import level_rule
import os
@@ -4,8 +4,8 @@
import os
-from secrules import FindFile
+from ovms.rtl.lib import FindFile
__version__ = '1.0'
@level_rule(2)
def rule1401(fo, fmt):
if not fmt:
@@ -6,11 +6,11 @@
__version__ = '1.0'
@level_rule(2)
def rule1401(fo, fmt):
if not fmt:
- print >>fo, 'RULE 1401'
- print >>fo, '========='
+ print('RULE 1401', file=fo)
+ print('=========', file=fo)
with os.popen('install list/full') as p:
r = [x[:-1].rstrip() for x in p]
@@ -45,7 +45,8 @@
priv = l
elif 'Authorized = ' in l:
auth = l
- with FindFile.FindFile(fspec, dspec) as fi:
- for f in fi:
+ with FindFile.FindFile(fspec.encode(), dspec.encode()) as fi: #type: ignore
+ for f in fi: # type: ignore
+ f: bytes
if hasPriv:
if fmt:
@@ -50,4 +51,4 @@
if hasPriv:
if fmt:
- print >>fo, '1401"2"', f
+ print('1401"2"', f.decode(), file=fo)
else:
@@ -53,7 +54,7 @@
else:
- print >>fo, f
- if priv: print >>fo, priv
- if auth: print >>fo, auth
+ print(f.decode(), file=fo)
+ if priv: print(priv, file=fo)
+ if auth: print(auth, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules15.py b/secrules/rules15.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvcnVsZXMxNS5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvcnVsZXMxNS5weQ== 100644
--- a/secrules/rules15.py
+++ b/secrules/rules15.py
@@ -1,4 +1,4 @@
# -*- coding: iso-8859-1 -*-
-from common import level_rule
+from .common import level_rule
import os
@@ -4,8 +4,8 @@
import os
-from secrules import FindFile
+from ovms.rtl.lib import FindFile
__version__ = '1.0'
@level_rule(1)
def rule1501(fo, fmt):
if not fmt:
@@ -6,11 +6,11 @@
__version__ = '1.0'
@level_rule(1)
def rule1501(fo, fmt):
if not fmt:
- print >>fo, 'RULE 1501'
- print >>fo, '========='
+ print('RULE 1501', file=fo)
+ print('=========', file=fo)
with os.popen('TCPIP SHOW SERVICES') as p:
r = [x[:-1].rstrip() for x in p]
@@ -27,5 +27,5 @@
else:
v = '%s %s' % (s[0], s[5])
if fmt:
- print >>fo, '1501"1"', v
+ print('1501"1"', v, file=fo)
else:
@@ -31,5 +31,5 @@
else:
- print >>fo, v
+ print(v, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/user_exists.py b/secrules/user_exists.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjcnVsZXMvdXNlcl9leGlzdHMucHk=..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjcnVsZXMvdXNlcl9leGlzdHMucHk= 100644
--- a/secrules/user_exists.py
+++ b/secrules/user_exists.py
@@ -1,4 +1,4 @@
-from vms import starlet
-from vms import itemList, uaidef
+from ovms import starlet
+from ovms import itemList, uaidef
def user_exists(u):
@@ -3,4 +3,4 @@
def user_exists(u):
- itm = [itemList.itemList (code=uaidef.UAI__UIC, dtype=itemList.il_unsignedLong),]
+ itm = (itemList.itemList (code=uaidef.UAI__UIC, dtype=itemList.il_unsignedLong),)
try:
@@ -6,7 +6,7 @@
try:
- s, uic = starlet.getuai (usrnam=u, itmlst=itm)
- uic_g = uic.values()[0] / 65536
- uic_m = uic.values()[0] - (uic_g * 65536)
+ s, ctxt, uic = starlet.getuai (usrnam=u, itmlst=itm)
+ uic_g = list(uic.values())[0] / 65536
+ uic_m = list(uic.values())[0] - (uic_g * 65536)
return uic_g, uic_m
except:
return None, None
diff --git a/securityrules.py b/securityrules.py
index 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670_c2VjdXJpdHlydWxlcy5weQ==..741ad6f3b6210535e0063495cd46f5216b78ee3c_c2VjdXJpdHlydWxlcy5weQ== 100644
--- a/securityrules.py
+++ b/securityrules.py
@@ -4,6 +4,22 @@
import os
import re
import argparse
+import importlib
+
+DEBUG = False
+if DEBUG:
+ import debugpy
+
+ # 5678 is the default attach port in the VS Code debug configurations.
+ # Unless a host and port are specified, host defaults to 127.0.0.1
+ debugpy.configure(subProcess=False)
+
+ debugpy.listen(('0.0.0.0', 5678), in_process_debug_adapter=True)
+ print("Waiting for debugger attach")
+ debugpy.wait_for_client()
+ debugpy.breakpoint()
+ print('break on this line')
+
all_rules = {}
args = None
@@ -15,9 +31,9 @@
if numrule is None:
for r in rules:
if info:
- print getattr(m, r).__name__
- print getattr(m, r).__doc__
- print
+ print(getattr(m, r).__name__)
+ print(getattr(m, r).__doc__)
+ print()
else:
getattr(m, r)(fo, export)
else:
@@ -25,12 +41,12 @@
rname = 'rule%s%02d' % (seclass[-2:], n)
if rname in rules:
if info:
- print getattr(m, rname).__name__
- print getattr(m, rname).__doc__
- print
+ print(getattr(m, rname).__name__)
+ print(getattr(m, rname).__doc__)
+ print()
else:
getattr(m, rname)(fo, export)
class InflateRange(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
lst = []
@@ -31,10 +47,10 @@
else:
getattr(m, rname)(fo, export)
class InflateRange(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
lst = []
- for string in values:
+ for string in values: # type: ignore
string = string.replace('(', '')
string = string.replace(')', '')
if '-' in string or ':' in string:
@@ -59,7 +75,8 @@
if fn.startswith('rule') and fn[-1:].lower() == 'y']
all_rules = {}
for modn in mods:
- m = __import__('secrules.' + modn, globals(), locals(), ['*'], -1)
+ m = importlib.import_module('.' + modn, 'secrules')
+ # m = __import__('secrules.' + modn, globals(), locals(), ['*'], -1)
lst = [m,[]]
for r in dir(m):
if r.startswith('rule'):
@@ -91,7 +108,7 @@
if args.seclass is None:
if args.numrule is not None:
raise argparse.ArgumentTypeError("missing seclass argument")
- lst = all_rules.keys()
+ lst = list(all_rules.keys())
lst.sort()
for seclass in lst:
# seclass = 'rules%02d' % args.seclass