wo4hi pddlZddlZddlZddlZddlmZmZmZddlm Z ddl m Z m Z ddl mZmZddlmZejeZGddeZGd d eeZGd d eeZGd deeZGddZGddeeeZdddZeZdZdZ dS)N)ABCABCMetaabstractmethod)suppress) lru_cachewraps)Message MessageType)ScopecZeZdZejZdZdZgZfdZ e dZ dZ dZ xZS) BasePlugindTc ntjdi||j|dS)N)super__init_subclass__ _subclassesappend)clskwargs __class__s V/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts/plugins.pyrzBasePlugin.__init_subclass__s<!!++F+++ s#####c$d|jDS)Nc:g|]}tj||Sr)inspect isabstract).0plugins r z1BasePlugin.get_active_plugins..s9   %f--    r)r)rs rget_active_pluginszBasePlugin.get_active_pluginss%  /    rc KdS)aZShutdown plugin's subsystems, cancel running tasks, clean iptables (if plugin is protector). It should be safe to assume that it is called after corresponding create_source if applicable. It is called only from the shutdown task that runs at most once, meaning shutdown() is never called twice. Nrselfs rshutdownzBasePlugin.shutdown"s  rc8|jjd|jjS)N.)r __module____name__r#s r__repr__zBasePlugin.__repr__/s .333T^5L5LMMr)r)r( __qualname__r AV_IM360SCOPESHUTDOWN_PRIORITYAVAILABLE_ON_FREEMIUMrr classmethodr!r%r* __classcell__)rs@rr r s NE K$$$$$  [     NNNNNNNrr c$eZdZedZdS) MessageSourcecdSThis method is a coroutine.Nrr$loopsinks r create_sourcezMessageSource.create_source4rN)r)r(r+rr:rrrr3r33s-**^***rr3c.eZdZdZdZedZdS)Sensorz+ Sensor is alias to MessageSource. c.|||S)r6) create_sensorr7s rr:zSensor.create_source>s!!$---rcdSr5rr7s rr?zSensor.create_sensorBr;rN)r)r(r+__doc__r:rr?rrrr=r=9sH...**^***rr=c<eZdZdZdZdZdZdZedZ dS)LogStreamReaderNic \K||_||_d|_|jsdSdddd|jf|_t j|jt jt jt jd|j dd{V|_ | | |j j dS)Nz /usr/bin/tailz --follow=namez-n0z--retryr)stdinstdoutstderrbufsizelimit)_loop_sink_cmd source_fileasynciocreate_subprocess_exec subprocessDEVNULLPIPE_LIMIT_child_process create_task_infinite_read_and_proceedrFr7s rr?zLogStreamReader.create_sensorOs     F        %,$B Y$?%+ % % %          + +D,?,F G G     rcpK|j|jdc}|_td|tt5|jdddn #1swxYwY|jd{V}td||dSdS)NzTerminating child process [%s]z,Terminated child process [%s] with code [%d])rLloggerdebugrProcessLookupErrorrTkillwait)r$cmdrcs rr%zLogStreamReader.shutdownns 9 !YNC LL93 ? ? ?,-- + +#((*** + + + + + + + + + + + + + + +*//11111111B LL>R      ! sA..A25A2cKtN)NotImplementedError)r$ stream_readers rrVz*LogStreamReader._infinite_read_and_proceed}s !!r) r)r(r+rMrSrLr?r%rrVrrrrCrCGs^KF D   >   ""^"""rrC) metaclassc>eZdZeddZdZdS)BaseMessageProcessor)maxsizecg}t|D]\}|drt||}t|r%t |dr||]|S)N__decorated_for_process_message)dir startswithgetattrcallablehasattrr)r$rvattr_strfuncs r_message_processorsz(BaseMessageProcessor._message_processorss D   H""3'' 4**D~~ '6##  $ rcKtd|||D],}||d{V}t|tr|cS-dS)NzDispatching %r through %r...)rXrYrs isinstancer )r$messagecororesults rprocess_messagez$BaseMessageProcessor.process_messages 3WdCCC,,..  D4==((((((F&'**     rN)r)r(r+rrsryrrrreresJYq   rrecLeZdZGddZejZedZdS) MessageSinkcVeZdZdZdZdZdZdZdZdZ dZ d Z d Z e Z d Zd Zd ZdZdZdZdZdS)MessageSink.ProcessingOrder (27<FPQZrxiN)r)r(r+PRE_PROCESS_MESSAGELFDIGNORE_MESSAGEUNBLOCK_FROM_SUBNETCHECK_IP_IN_GRAYLISTGRAYLIST_TIMEOUTGRAYLIST_DB_FIXUPIMPORT_EXPORT_WBLIST ML_PREDICTIONDEFAULTIPSET_PROTECTORWEBSHIELD_PROTECTORWHITELIST_UNBLOCKEDSYNCLIST_UPDATE POST_ACTION EVENT_HOOK ICONTACT_SENTPOST_PROCESS_MESSAGErrrProcessingOrderr}ss  !! !     "rrc KdSr`r)r$r8s r create_sinkzMessageSink.create_sinks  rN)r)r(r+rrPROCESSING_ORDERrrrrrr{r{sa"#"#"#"#"#"#"#"#J'.  ^   rr{) async_lockcfd}|S)a @expect decorator for MessageSink.dosmth(message) async methods. MessageSink method will be called by MessageSink.process_message() if message_type and expect_fields match the message ones. @expect's can be stacked together and decision whether to call decorated coro is made by evaluating stacked @expect's with logical OR: @expect(MessageType.SensorAlert) # -- OR -- @expect(MessageType.SensorIncident, plugin_id='ossec') def protect(message): ... ctdddr#tdt fd}|_|S)Nr)riz{coro} is not publicrwc2K  fd}dfd|rىdurd{V |d{V}durBttjr(rnV#t $rI}ttjr(r|d}~wwxYw|Sr|d{VSdS)Nc~to,tfdDS)Nc3PK|] \}}||kV!dSr`)get)rkvrvs r zMexpect..decorate..decorated..match..sOAA,0AqGKKNNa'AAAAAAr)ruallitems) expect_fieldsrv message_typesrmatchz:expect..decorate..decorated..matchs_!'<88SAAAA4A4G4G4I4IAAA>>rc"t|dS)Nrj)rors r is_stackedz?expect..decorate..decorated..is_stackedst%EFFFrc>|r|jS|Sr`)rj)rwrterminals rrz=expect..decorate..decorated..terminals.:d##I#8D$GHHH rTF)acquirerur Lockablelockedrelease Exception) r$rvrrxexcrrrrwrrs ` @@r decoratedz+expect..decorate..decorateds         G G G       uww %%!//+++++++++*#188D>>$#@#@@@@@@@F#e++&w 0DEE,#NN,,, )))!"7K,@AA*#NN,,* )))I  z$ 1!T$0000000004sB"" C5,AC00C5)rmrl TypeErrorformatrrj)rwrrrrs` rdecoratezexpect..decorates 4R ( ( 3 3C 8 8 F299t9DDEE E t& & & & & & &  & P48 0rr)rrrrs``` rexpectrs0.......` Orc:t||S)zlRegister class as a plugin. >>> @thisguy >>> class ConcreteSink (MessageSink): >>> ... )_plugin_registryadd) pluginclss rthisguyr s### rctS)z*Enumerate classobj for registered plugins.)rrrr theseguysrs r)!rNrloggingrPabcrrr contextlibr functoolsrr"defence360agent.contracts.messagesr r defence360agent.utilsr getLoggerr)rXobjectr r3r=rCrer{rsetrrrrrrrs,,,,,,,,,,&&&&&&&&CCCCCCCC''''''  8 $ $!N!N!N!N!N!N!N!NH*****J*** * * * * *]C * * *8"8"8"8"8"f8"8"8"8"v,* * * * * *2C* * * Z&*?????D355r