h.dZddlZddlZddlZddlmZddlmZmZddl m Z m Z m Z ddl mZmZmZmZmZddlmZmZGd d e ZeGd d ZeGd dZeGddZGddejZGddeZGddeZGddZdS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N) defaultdict) dataclassfield)List NamedTupleOptional)DBPatchDependencyMatch VersionMatch HashStateDefinitionType)HashCalculator get_base_dircXeZdZUeed<eed<dZeeed<dZeeed<dS)FileIdentifierrel_pathhashNvuln_id vuln_type) __name__ __module__ __qualname__str__annotations__rrintrU/opt/imunify360/venv/lib/python3.11/site-packages/imav/patchman/fs_scanner/matcher.pyrr'sLMMM III!GXc]!!!#Ix}#####rrc\eZdZUeed<eed<eeed<ee Z e ed<dS)VersionIdentifieridrfile_identifiers)default_factorymatched_base_dirsN) rrrrrrlistrrsetr%rrrr!r!.sS GGG III>****"U3777s77777rr!c&eZdZUeeed<dS)PatchDependencyfilesN)rrrr&rrrrrr)r)7s#  rr)c8eZdZUeed<eed<eed<eed<dS)HashDefinitiontyper"rstateN)rrrrrrrr rrrr,r,<s<  GGG III rr,c`eZdZdefdZejdedeeee ffdZ dS)Matcher input_filec:|||_dSN) _parse_inputdict_of_identifiers)selfr1s r__init__zMatcher.__init__Es#'#4#4Z#@#@   r file_pathreturncdSr3r)r6r8s rr4zMatcher._parse_inputHs rN) rrrrr7abcabstractmethoddictr&tupler4rrrr0r0DstA3AAAA  c d3U 3C.D      rr0ceZdZededeefdZdedee fdZ dede eee ffdZ de d ed e defd Zd ed eded e fdZdS)VersionsMatcher file_hashesr9c|d}dt|ddd|dddDS)N|c4g|]\}}t||Srr).0rhash_s r z:VersionsMatcher._parse_path_hash_pairs..Ss6   % 8U + +   rr )stripsplitzip)rApartss r_parse_path_hash_pairsz&VersionsMatcher._parse_path_hash_pairsNsb!!##))#..  #&uQTT{E##A#J#?#?    rlinec|d\}}}}|dkrdSt||||S)N:+)rJrKr!rN)r6rOr.id_rGrAs r _parse_linezVersionsMatcher._parse_lineXs]*.););C)@)@&sE; C<<4 33K@@   rr8ctt}t|d5}|D]D}||x}r+||jdj|E dddn #1swxYwY|S)Nrr)rr&openrTr#rappend)r6r8plugins_identifiers_by_pathfilerOnew_identifiers rr4zVersionsMatcher._parse_inputbs    $)S ! ! -T - -%)%5%5d%;%;;>-/&7:Cf^,,,  - - - - - - - - - - - - - - - - +*sAA::A>A>plugin_identifierbase_dirhash_calculatorcD|jD]G}tjtj||jsdSH|jD]H}|tj||jd|jkrdSIdS)NFT)apply_normalization)r#ospathisfilejoinr calc_hashr)r6r\r]r^file_identifiers rhas_full_matchzVersionsMatcher.has_full_matchrs 1A  O7>> X'?@@ uu  1A  O))GLL?+CDD(,*#' (( uu (tr full_path relative_pathdbcFd}|j|gD]}t||}||jvrg||||rP|j||jt|j ||j d}|S)NF)r"rbrT) r5getrr%rgaddversions_matchesbuffered_insertr r"r)r6rhrirjr^ is_matchedr\r]s rmatch_and_savezVersionsMatcher.match_and_saves !%!9!=!= 2" "  " " $I}==H 1 CCC''%xD "377AAA#33 ,/%.3" rN)rrr staticmethodrr&rrNrr!rTr=r4rboolrgr rqrrrr@r@Ms C D4H   \   1B(C    ++ c4)** +++++ ,(   0   ( rr@cReZdZdedeeeeffdZdededede fdZ d S) PatchDependenciesMatcherr8r9chtt}t|d5}|D]q}|d|dd}}|dkrtdt j|D}|jD]"}||j|#r dddn #1swxYwY|S)NrVrr rRc dg|]-}t|d|d|d|d.S)filenamervulnerability_idvulnerability_type)rrrrrE)rF_s rrHz9PatchDependenciesMatcher._parse_input..sY '%&z]!"6$%&8$9&'(<&= r)r*) rr&rWr)jsonloadsr*rrX) r6r8 patch_depsrZrOr.datapatch_dependencyrfs rr4z%PatchDependenciesMatcher._parse_inputs/8C47H7H )S ! ! T  "1gtABBxtC<<#2"&D!1!1 $ $ $ (8'=O78??(                (sA5B''B+.B+rhrirjr^c d}|j|gD]Ԋ t||}g jD]}|j|kr|t j||j|j krM t j||j|j |j |j fd} fdDfdD|S)NFTc ng|]1}t|dttjki2S)dependencies_met)r lenr*)rFrowmatches_to_insertrs rrHz;PatchDependenciesMatcher.match_and_save..s\!!! %-..#6F6L2M2MM!!!rcDg|]}j|Sr)patch_dependenciesro)rFmatchrjs rrHz;PatchDependenciesMatcher.match_and_save..s:   %55e<<   r) r5rlrr*rrerarbrdrrXrr) r6rhrirjr^rpr]rfrrs ` @@rrqz'PatchDependenciesMatcher.match_and_saves_ $ 8 < < 2! ! ' '  $I}==H!# #3#9 & &#, =='11 X/GHH'+,,&,,GLL?3KLL+0+3+5 "&J!!!!!-!!!     .     rN) rrrrr=r&r)r4r rrqrrrruruscd3_8M3M.N>000  0 ( 000000rrucLeZdZdefdZededeefdZdZ dS) HashesMatcher hashes_filec`|||_t|_dSr3)r4 hash_recordsr'_seen)r6rs rr7zHashesMatcher.__init__s.262C2C 3 3 UU r hashes_pathr9c Xtjjtjjtjjh}g}t |d5}|D]}|d}t|dkr=|\}}}} t|} t| } | |vs| tj jkr|| tt| t||t|  dddn #1swxYwY|S)a Parses the hashes file and returns a list of HashDefinition, filtering out malware-related types and state==2. The lines look like ::: Example: 2:675:ab43f2f7ad32404e1b923a8387f1a167:2 Where :code:`type` can be one of the following: * DEFINITION_TYPE_MALWARE = 1 * DEFINITION_TYPE_VULNERABILITY = 2 * DEFINITION_TYPE_APPLICATION = 3 * DEFINITION_TYPE_DRYRUN = 4 * DEFINITION_TYPE_MALWARE_RULE = 7 * DEFINITION_TYPE_MALWARE_RULE_DRYRUN = 8 * DEFINITION_TYPE_VULNERABILITY_ECOMMERCE = 9 * DEFINITION_TYPE_VULNERABILITY_PLUGIN = 10 rVrQ)r-r"rr.N)rMALWAREvalue MALWARE_RULEMALWARE_RULE_DRYRUNrWrJrKrrr SUPERSEDEDrXr,) r MALWARE_TYPESresultfrOrMtyprSrGr.typ_int state_ints rr4zHashesMatcher._parse_inputsi$  " (  ' -  . 4  +s # # q   **3//u::??).&S%c((JJ },, I$8$>>> "+G44s88"' 22                 * sC DD#&D#c||}|jD]m}|||jj|j|jjf}||jkr@||jvr7|j ||j |dSndS)NTF) rerr-rr"r.rrhashes_matchesrorm)r6r8rirjr^ file_hashrecordkeys rrqzHashesMatcher.match_and_save2s#--i88 '  F !  " CFK''Ctz,A,A!11#666 s###tturN) rrrrr7rrrr,r4rqrrrrrsrC +#+$~*>+++\+Zrr)__doc__r;r|ra collectionsr dataclassesrrtypingrrrrjr r r r rutilsrrrr!r)r,ABCr0r@rurrrrrsh* ######((((((((----------0///////$$$$$Z$$$ 8888888 8                 cg   ZZZZZgZZZzPPPPPwPPPfCCCCCCCCCCr