Home | History | Annotate | Download | only in setools 
      1 # Copyright 2016, Tresys Technology, LLC
      2 #
      3 # This file is part of SETools.
      4 #
      5 # SETools is free software: you can redistribute it and/or modify
      6 # it under the terms of the GNU Lesser General Public License as
      7 # published by the Free Software Foundation, either version 2.1 of
      8 # the License, or (at your option) any later version.
      9 #
     10 # SETools is distributed in the hope that it will be useful,
     11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
     12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     13 # GNU Lesser General Public License for more details.
     14 #
     15 # You should have received a copy of the GNU Lesser General Public
     16 # License along with SETools.  If not, see
     17 # <http://www.gnu.org/licenses/>.
     18 #
     19 import logging
     20 import re
     21 
     22 from .descriptors import CriteriaDescriptor, CriteriaSetDescriptor
     23 from .query import PolicyQuery
     24 from .util import match_regex
     25 
     26 
     27 class BoundsQuery(PolicyQuery):
     28 
     29     """
     30     Query *bounds statements.
     31 
     32     Parameter:
     33     policy          The policy to query.
     34 
     35     Keyword Parameters/Class attributes:
     36     ruletype        The rule type(s) to match.
     37     """
     38 
     39     ruletype = CriteriaSetDescriptor(lookup_function="validate_bounds_ruletype")
     40     parent = CriteriaDescriptor("parent_regex")
     41     parent_regex = False
     42     child = CriteriaDescriptor("child_regex")
     43     child_regex = False
     44 
     45     def __init__(self, policy, **kwargs):
     46         super(BoundsQuery, self).__init__(policy, **kwargs)
     47         self.log = logging.getLogger(__name__)
     48 
     49     def results(self):
     50         """Generator which yields all matching *bounds statements."""
     51         self.log.info("Generating bounds results from {0.policy}".format(self))
     52         self.log.debug("Ruletypes: {0.ruletype}".format(self))
     53         self.log.debug("Parent: {0.parent!r}, regex: {0.parent_regex}".format(self))
     54         self.log.debug("Child: {0.child!r}, regex: {0.child_regex}".format(self))
     55 
     56         for b in self.policy.bounds():
     57             if self.ruletype and b.ruletype not in self.ruletype:
     58                 continue
     59 
     60             if self.parent and not match_regex(
     61                     b.parent,
     62                     self.parent,
     63                     self.parent_regex):
     64                 continue
     65 
     66             if self.child and not match_regex(
     67                     b.child,
     68                     self.child,
     69                     self.child_regex):
     70                 continue
     71 
     72             yield b
     73