1 # Derived from portconquery.py 2 # 3 # This file is part of SETools. 4 # 5 # SETools is free software: you can redistribute it and/or modify 6 # it under the terms of the GNU Lesser General Public License as 7 # published by the Free Software Foundation, either version 2.1 of 8 # the License, or (at your option) any later version. 9 # 10 # SETools is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU Lesser General Public License for more details. 14 # 15 # You should have received a copy of the GNU Lesser General Public 16 # License along with SETools. If not, see 17 # <http://www.gnu.org/licenses/>. 18 # 19 import logging 20 21 from .mixins import MatchContext 22 from .policyrep.xencontext import port_range 23 from .query import PolicyQuery 24 from .util import match_range 25 26 27 class IoportconQuery(MatchContext, PolicyQuery): 28 29 """ 30 Ioportcon context query. 31 32 Parameter: 33 policy The policy to query. 34 35 Keyword Parameters/Class attributes: 36 ports A 2-tuple of the port range to match. (Set both to 37 the same value for a single port) 38 ports_subset If true, the criteria will match if it is a subset 39 of the ioportcon's range. 40 ports_overlap If true, the criteria will match if it overlaps 41 any of the ioportcon's range. 42 ports_superset If true, the criteria will match if it is a superset 43 of the ioportcon's range. 44 ports_proper If true, use proper superset/subset operations. 45 No effect if not using set operations. 46 47 user The criteria to match the context's user. 48 user_regex If true, regular expression matching 49 will be used on the user. 50 51 role The criteria to match the context's role. 52 role_regex If true, regular expression matching 53 will be used on the role. 54 55 type_ The criteria to match the context's type. 56 type_regex If true, regular expression matching 57 will be used on the type. 58 59 range_ The criteria to match the context's range. 60 range_subset If true, the criteria will match if it is a subset 61 of the context's range. 62 range_overlap If true, the criteria will match if it overlaps 63 any of the context's range. 64 range_superset If true, the criteria will match if it is a superset 65 of the context's range. 66 range_proper If true, use proper superset/subset operations. 67 No effect if not using set operations. 68 """ 69 70 _ports = None 71 ports_subset = False 72 ports_overlap = False 73 ports_superset = False 74 ports_proper = False 75 76 @property 77 def ports(self): 78 return self._ports 79 80 @ports.setter 81 def ports(self, value): 82 pending_ports = port_range(*value) 83 84 if all(pending_ports): 85 if pending_ports.low < 1 or pending_ports.high < 1: 86 raise ValueError("Port numbers must be positive: {0.low}-{0.high}". 87 format(pending_ports)) 88 89 if pending_ports.low > pending_ports.high: 90 raise ValueError( 91 "The low port must be smaller than the high port: {0.low}-{0.high}". 92 format(pending_ports)) 93 94 self._ports = pending_ports 95 else: 96 self._ports = None 97 98 def __init__(self, policy, **kwargs): 99 super(IoportconQuery, self).__init__(policy, **kwargs) 100 self.log = logging.getLogger(__name__) 101 102 def results(self): 103 """Generator which yields all matching ioportcons.""" 104 self.log.info("Generating results from {0.policy}".format(self)) 105 self.log.debug("Ports: {0.ports!r}, overlap: {0.ports_overlap}, " 106 "subset: {0.ports_subset}, superset: {0.ports_superset}, " 107 "proper: {0.ports_proper}".format(self)) 108 self._match_context_debug(self.log) 109 110 for ioportcon in self.policy.ioportcons(): 111 112 if self.ports and not match_range( 113 ioportcon.ports, 114 self.ports, 115 self.ports_subset, 116 self.ports_overlap, 117 self.ports_superset, 118 self.ports_proper): 119 continue 120 121 if not self._match_context(ioportcon.context): 122 continue 123 124 yield ioportcon 125
