-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[cleaner] Separate process of preparing obfuscations #3262
Merged
TurboTurtle
merged 6 commits into
sosreport:main
from
TurboTurtle:clean-separate-map-prep
Jun 22, 2023
Merged
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
13ce9b4
[cleaner] Separate cleaner prepping from archives
TurboTurtle a8cf9c3
[ip] Add new prepper
TurboTurtle 978cff3
[hostname] Add new prepper
TurboTurtle bab03a0
[mac] Add new Prepper
TurboTurtle 1f1c5ec
[username] Add new Prepper
TurboTurtle 359aaa4
[keywords] Add new Prepper
TurboTurtle File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,125 @@ | ||
# Copyright 2023 Red Hat, Inc. Jake Hunsaker <jhunsake@redhat.com> | ||
|
||
# This file is part of the sos project: https://github.com/sosreport/sos | ||
# | ||
# This copyrighted material is made available to anyone wishing to use, | ||
# modify, copy, or redistribute it subject to the terms and conditions of | ||
# version 2 of the GNU General Public License. | ||
# | ||
# See the LICENSE file in the source distribution for further information. | ||
|
||
import logging | ||
|
||
|
||
class SoSPrepper(): | ||
""" | ||
A prepper is a way to prepare loaded mappings with selected items within | ||
an sos report prior to beginning the full obfuscation routine. | ||
|
||
This was previously handled directly within archives, however this is a bit | ||
cumbersome and doesn't allow for all the flexibility we could use in this | ||
effort. | ||
|
||
Preppers are separated from parsers but will leverage them in order to feed | ||
parser-matched strings from files highlighted by a Prepper() to the | ||
appropriate mapping for initial obfuscation. | ||
|
||
Preppers may specify their own priority in order to influence the order in | ||
which mappings are prepped. Further, Preppers have two ways to prepare | ||
the maps - either by generating a list of filenames or via directly pulling | ||
content out of select files without the assistance of a parser. A lower | ||
priority value means the prepper should run sooner than those with higher | ||
values. | ||
|
||
For the former approach, `Prepper._get_$parser_file_list()` should be used | ||
and should yield filenames that exist in target archives. For the latter, | ||
the `Prepper._get_items_for_$map()` should be used. | ||
|
||
Finally, a `regex_items` dict is available for storing individual regex | ||
items for parsers that rely on them. These items will be added after all | ||
files and other individual items are handled. This dict has keys set to | ||
parser/mapping names, and the values should be sets of items, so preppers | ||
should add to them like so: | ||
|
||
self.regex_items['hostname'].add('myhostname') | ||
""" | ||
|
||
name = 'Undefined' | ||
priority = 100 | ||
|
||
def __init__(self): | ||
self.regex_items = { | ||
'hostname': set(), | ||
'ip': set(), | ||
'ipv6': set(), | ||
'keyword': set(), | ||
'mac': set(), | ||
'username': set() | ||
} | ||
self.soslog = logging.getLogger('sos') | ||
self.ui_log = logging.getLogger('sos_ui') | ||
|
||
def _fmt_log_msg(self, msg): | ||
return f"[prepper:{self.name}] {msg}" | ||
|
||
def log_debug(self, msg): | ||
self.soslog.debug(self._fmt_log_msg(msg)) | ||
|
||
def log_info(self, msg): | ||
self.soslog.info(self._fmt_log_msg(msg)) | ||
|
||
def log_error(self, msg): | ||
self.soslog.error(self._fmt_log_msg(msg)) | ||
|
||
def get_parser_file_list(self, parser, archive): | ||
""" | ||
Helper that calls the appropriate Prepper method for the specified | ||
parser. This allows Preppers to be able to provide items for multiple | ||
types of parsers without needing to handle repetitious logic to | ||
determine which parser we're interested within each individual call. | ||
|
||
The convention to use is to define `_get_$parser_file_list()` methods | ||
within Preppers, e.g. `_get_hostname_file_list()` would be used to | ||
provide filenames for the hostname parser. If such a method is not | ||
defined within a Prepper for a given parser, we handle that here so | ||
that individual Preppers do not need to. | ||
|
||
:param parser: The _name_ of the parser to get a file list for | ||
:type parser: ``str`` | ||
|
||
:param archive: The archive we are operating on currently for the | ||
specified parser | ||
:type archive: ``SoSObfuscationArchive`` | ||
|
||
:returns: A list of filenames within the archive to prep with | ||
:rtype: ``list`` | ||
""" | ||
_check = f"_get_{parser}_file_list" | ||
if hasattr(self, _check): | ||
return getattr(self, _check)(archive) | ||
return [] | ||
|
||
def get_items_for_map(self, mapping, archive): | ||
""" | ||
Similar to `get_parser_file_list()`, a helper for calling the specific | ||
method for generating items for the given `map`. This allows Preppers | ||
to be able to provide items for multiple types of maps, without the | ||
need to handle repetitious logic to determine which parser we're | ||
interested in within each individual call. | ||
|
||
:param mapping: The _name_ of the mapping to get items for | ||
:type mapping: ``str`` | ||
|
||
:param archive: The archive we are operating on currently for the | ||
specified parser | ||
:type archive: ``SoSObfuscationArchive`` | ||
|
||
:returns: A list of distinct items to obfuscate without using a parser | ||
:rtype: ``list`` | ||
""" | ||
_check = f"_get_items_for_{mapping}" | ||
if hasattr(self, _check): | ||
return getattr(self, _check)(archive) | ||
return [] | ||
|
||
# vim: set et ts=4 sw=4 : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,6 +20,10 @@ | |
from sos.cleaner.mappings.hostname_map import SoSHostnameMap | ||
from sos.cleaner.mappings.keyword_map import SoSKeywordMap | ||
from sos.cleaner.mappings.ipv6_map import SoSIPv6Map | ||
from sos.cleaner.preppers import SoSPrepper | ||
from sos.cleaner.preppers.hostname import HostnamePrepper | ||
from sos.cleaner.preppers.ip import IPPrepper | ||
from sos.cleaner.archives.sos import SoSReportArchive | ||
|
||
|
||
class CleanerMapTests(unittest.TestCase): | ||
|
@@ -28,7 +32,7 @@ def setUp(self): | |
self.mac_map = SoSMacMap() | ||
self.ip_map = SoSIPMap() | ||
self.host_map = SoSHostnameMap() | ||
self.host_map.load_domains_from_options(['redhat.com']) | ||
self.host_map.sanitize_item('redhat.com') | ||
self.kw_map = SoSKeywordMap() | ||
self.ipv6_map = SoSIPv6Map() | ||
|
||
|
@@ -152,13 +156,14 @@ def setUp(self): | |
self.ip_parser = SoSIPParser(config={}) | ||
self.ipv6_parser = SoSIPv6Parser(config={}) | ||
self.mac_parser = SoSMacParser(config={}) | ||
self.host_parser = SoSHostnameParser(config={}, | ||
opt_domains=['foobar.com']) | ||
self.kw_parser = SoSKeywordParser(config={}, keywords=['foobar']) | ||
self.host_parser = SoSHostnameParser(config={}) | ||
self.host_parser.mapping.add('foobar.com') | ||
self.kw_parser = SoSKeywordParser(config={}) | ||
self.kw_parser.mapping.add('foobar') | ||
self.kw_parser_none = SoSKeywordParser(config={}) | ||
self.kw_parser.generate_item_regexes() | ||
self.uname_parser = SoSUsernameParser(config={}, | ||
opt_names=['DOMAIN\myusername']) | ||
self.uname_parser = SoSUsernameParser(config={}) | ||
self.uname_parser.mapping.add('DOMAIN\myusername') | ||
|
||
def test_ip_parser_valid_ipv4_line(self): | ||
line = 'foobar foo 10.0.0.1/24 barfoo bar' | ||
|
@@ -210,22 +215,22 @@ def test_mac_parser_with_quotes_ipv6_quad(self): | |
|
||
def test_hostname_load_hostname_string(self): | ||
fqdn = 'myhost.subnet.example.com' | ||
self.host_parser.load_hostname_into_map(fqdn) | ||
self.host_parser.mapping.add(fqdn) | ||
|
||
def test_hostname_valid_domain_line(self): | ||
self.host_parser.load_hostname_into_map('myhost.subnet.example.com') | ||
self.host_parser.mapping.add('myhost.subnet.example.com') | ||
line = 'testing myhost.subnet.example.com in a string' | ||
_test = self.host_parser.parse_line(line)[0] | ||
self.assertNotEqual(line, _test) | ||
|
||
def test_hostname_short_name_in_line(self): | ||
self.host_parser.load_hostname_into_map('myhost.subnet.example.com') | ||
self.host_parser.mapping.add('myhost.subnet.example.com') | ||
line = 'testing just myhost in a line' | ||
_test = self.host_parser.parse_line(line)[0] | ||
self.assertNotEqual(line, _test) | ||
|
||
def test_obfuscate_whole_fqdn_for_given_domainname(self): | ||
self.host_parser.load_hostname_into_map('sostestdomain.domain') | ||
self.host_parser.mapping.add('sostestdomain.domain') | ||
line = 'let obfuscate soshost.sostestdomain.domain' | ||
_test = self.host_parser.parse_line(line)[0] | ||
self.assertFalse('soshost' in _test) | ||
|
@@ -274,3 +279,35 @@ def test_ad_username(self): | |
line = "DOMAIN\myusername" | ||
_test = self.uname_parser.parse_line(line)[0] | ||
self.assertNotEqual(line, _test) | ||
|
||
|
||
class PrepperTests(unittest.TestCase): | ||
""" | ||
Ensure that the translations for different parser/mapping methods are | ||
working | ||
""" | ||
|
||
def setUp(self): | ||
self.prepper = SoSPrepper() | ||
self.archive = SoSReportArchive( | ||
archive_path='tests/test_data/sosreport-cleanertest-2021-08-03-qpkxdid.tar.xz', | ||
tmpdir='/tmp' | ||
) | ||
self.host_prepper = HostnamePrepper() | ||
self.ipv4_prepper = IPPrepper() | ||
|
||
def test_parser_method_translation(self): | ||
self.assertEqual([], self.prepper.get_parser_file_list('hostname', None)) | ||
pmoravec marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
def test_mapping_method_translation(self): | ||
self.assertEqual([], self.prepper.get_items_for_map('foobar', None)) | ||
Comment on lines
+302
to
+303
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same comment like to |
||
|
||
def test_hostname_prepper_map_items(self): | ||
self.assertEqual(['cleanertest'], self.host_prepper.get_items_for_map('hostname', self.archive)) | ||
|
||
def test_ipv4_prepper_parser_files(self): | ||
self.assertEqual(['sos_commands/networking/ip_-o_addr'], self.ipv4_prepper.get_parser_file_list('ip', self.archive)) | ||
|
||
def test_ipv4_prepper_invalid_parser_files(self): | ||
self.assertEqual([], self.ipv4_prepper.get_parser_file_list('foobar', self.archive)) | ||
pmoravec marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick comment: swap 2nd and 3rd sentence (as priority levels follows the 1st sentence, while "two ways to prepare the maps" is followe by the next paragraph.