| Şuanki Dizin: /usr/lib64/python3.9/site-packages/setools/ |
| Şuanki Dosya : //usr/lib64/python3.9/site-packages/setools/portconquery.py |
# Copyright 2014-2015, Tresys Technology, LLC
#
# SPDX-License-Identifier: LGPL-2.1-only
#
import logging
from socket import IPPROTO_TCP, IPPROTO_UDP
from typing import Iterable, Optional, Tuple, Union
from .mixins import MatchContext
from .query import PolicyQuery
from .policyrep import Portcon, PortconRange, PortconProtocol
from .util import match_range
class PortconQuery(MatchContext, PolicyQuery):
"""
Port context query.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
protocol The protocol to match (socket.IPPROTO_TCP for
TCP or socket.IPPROTO_UDP for UDP)
ports A 2-tuple of the port range to match. (Set both to
the same value for a single port)
ports_subset If true, the criteria will match if it is a subset
of the portcon's range.
ports_overlap If true, the criteria will match if it overlaps
any of the portcon's range.
ports_superset If true, the criteria will match if it is a superset
of the portcon's range.
ports_proper If true, use proper superset/subset operations.
No effect if not using set operations.
user The criteria to match the context's user.
user_regex If true, regular expression matching
will be used on the user.
role The criteria to match the context's role.
role_regex If true, regular expression matching
will be used on the role.
type_ The criteria to match the context's type.
type_regex If true, regular expression matching
will be used on the type.
range_ The criteria to match the context's range.
range_subset If true, the criteria will match if it is a subset
of the context's range.
range_overlap If true, the criteria will match if it overlaps
any of the context's range.
range_superset If true, the criteria will match if it is a superset
of the context's range.
range_proper If true, use proper superset/subset operations.
No effect if not using set operations.
"""
_protocol: Optional[PortconProtocol] = None
_ports: Optional[PortconRange] = None
ports_subset: bool = False
ports_overlap: bool = False
ports_superset: bool = False
ports_proper: bool = False
@property
def ports(self) -> Optional[PortconRange]:
return self._ports
@ports.setter
def ports(self, value: Optional[Tuple[int, int]]) -> None:
if value:
pending_ports = PortconRange(*value)
if all(pending_ports):
if pending_ports.low < 1 or pending_ports.high < 1:
raise ValueError("Port numbers must be positive: {0.low}-{0.high}".
format(pending_ports))
if pending_ports.low > pending_ports.high:
raise ValueError(
"The low port must be smaller than the high port: {0.low}-{0.high}".
format(pending_ports))
self._ports = pending_ports
else:
self._ports = None
@property
def protocol(self) -> Optional[PortconProtocol]:
return self._protocol
@protocol.setter
def protocol(self, value: Optional[Union[str, PortconProtocol]]) -> None:
if value:
self._protocol = PortconProtocol.lookup(value)
else:
self._protocol = None
def __init__(self, policy, **kwargs) -> None:
super(PortconQuery, self).__init__(policy, **kwargs)
self.log = logging.getLogger(__name__)
def results(self) -> Iterable[Portcon]:
"""Generator which yields all matching portcons."""
self.log.info("Generating portcon results from {0.policy}".format(self))
self.log.debug("Ports: {0.ports}, overlap: {0.ports_overlap}, "
"subset: {0.ports_subset}, superset: {0.ports_superset}, "
"proper: {0.ports_proper}".format(self))
self.log.debug("Protocol: {0.protocol!r}".format(self))
self._match_context_debug(self.log)
for portcon in self.policy.portcons():
if self.ports and not match_range(
portcon.ports,
self.ports,
self.ports_subset,
self.ports_overlap,
self.ports_superset,
self.ports_proper):
continue
if self.protocol and self.protocol != portcon.protocol:
continue
if not self._match_context(portcon.context):
continue
yield portcon
Linux 65-254-81-4.cprapid.com 5.14.0-284.11.1.el9_2.x86_64 #1 SMP PREEMPT_DYNAMIC Tue May 9 05:49:00 EDT 2023 x86_64
Apache
65.254.81.4