vvelox
/
Regexp-F2B
mirror of https://github.com/LilithSec/Regexp-F2B.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add add_finder for any match group, formatting cleanup, and some more docs

This commit is contained in:
Zane C. B-H 2023-07-09 21:31:16 -05:00
parent e529041962
commit 8dafee66af
2 changed files with 76 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
lib/Regexp/F2B.pm
View File

@ -61,8 +61,7 @@ sub new {
# make sure we have something sane for lines
if ( !defined $opts{lines} ) {
$opts{lines} = 1;
}
else {
} else {
if ( $opts{lines} !~ /^[0-9]+$/ ) {
die( 'lines is set to "' . $opts{lines} . '" which is not numeric' );
}
@ -74,8 +73,7 @@ sub new {
if ( !defined( $opts{regexp} ) ) {
die('regexp is undefined');
}
else {
} else {
if ( ref( $opts{regexp} ) ne 'ARRAY' ) {
die( 'regexp is a ' . ref( $opts{regexp} ) . ' and not a array' );
}
@ -85,8 +83,7 @@ sub new {
while ( defined( $opts{regexp}[$int] ) ) {
if ( ref( \$opts{regexp}[$int] ) ne 'SCALAR' ) {
die( 'regexp[' . $int . '] is a ' . ref( \$opts{regexp}[$int] ) . ' and not a scalar' );
}
elsif (ref( \$opts{regexp}[$int] ) ne 'SCALAR'
} elsif ( ref( \$opts{regexp}[$int] ) ne 'SCALAR'
&& ref( $opts{regexp}[$int] ) ne 'SCALAR' )
{
die( 'regexp[' . $int . '] is a ' . ref( $opts{regexp}[$int] ) . ' and not a scalar' );
@ -97,12 +94,11 @@ sub new {
}
$int++;
}
} ## end while ( defined( $opts{regexp}[$int] ) )
if ( !defined( $opts{pre_regexp} ) ) {
$opts{pre_regexp} = [];
}
else {
} else {
if ( ref( $opts{pre_regexp} ) ne 'ARRAY' ) {
die( 'regexp is a ' . ref( $opts{pre_regexp} ) . ' and not a array' );
}
@ -151,7 +147,7 @@ sub new {
|| $value =~ /\<DNS\>/ )
{
die( "HOST, CIDR, SUBNET, IP4, IP6, and DNS may only be used in regexp... " . $value );
}
} ## end if ( $value =~ /\<HOST\>/ || $value =~ /\<CIDR\>/...)
$value =~ s/\<F\-MLFID\>/(?<FMLFID>/;
$value =~ s/\<\/F\-MLFID\>/)/;
@ -163,7 +159,7 @@ sub new {
}
$int++;
}
} ## end while ( defined( $self->{pre_regexp}[$int] ) )
delete( $self->{pre_regexp} );
$self->{pre_regexp} = \@pre_regexp_tmp;
@ -174,6 +170,7 @@ sub new {
#
$int = 0;
while ( defined( $self->{regexp}[$int] ) ) {
my $has_finder = 0;
# we should only have F-CONTENT in pre_regexp
if ( $self->{regexp}[$int] =~ /\<F\-CONTENT\>/
@ -186,9 +183,11 @@ sub new {
# process any /F-[A-Za-z0-9\_\-]+/ items
if ( $self->{regexp}[$int] =~ /\<F\-[A-Za-z0-9\_]+\>/ ) {
$self->{regexp}[$int] =~ s/\<F\-([A-Za-z0-9\_]+)\>/(?<F$1>/g;
$has_finder = 1;
}
if ( $self->{regexp}[$int] =~ /\<\/F\-[A-Za-z0-9\_]+\>/ ) {
$self->{regexp}[$int] =~ s/\<\/F\-[A-Za-z0-9\_]+\>/)/g;
$has_finder = 1;
}
# add ^ and $ bits as needed
@ -200,34 +199,27 @@ sub new {
}
# replace various tags with regexps for matching
my $has_finder = 0;
if ( $self->{regexp}[$int] =~ /\<HOST\>/ ) {
$self->{regexp}[$int] =~ s/\<HOST\>/(?<HOST>$IPv4_re|$IPv6_re|[a-zA-Z][a-zA-Z\-0-9\.]*[a-zA-Z\-0-9]+)/;
$has_finder = 1;
}
elsif ( $self->{regexp}[$int] =~ /\<ADDR\>/ ) {
} elsif ( $self->{regexp}[$int] =~ /\<ADDR\>/ ) {
$self->{regexp}[$int] =~ s/\<ADDR\>/(?<ADDR>$IPv4_re|$IPv6_re)/;
$has_finder = 1;
}
elsif ( $self->{regexp}[$int] =~ /\<CIDR\>/ ) {
} elsif ( $self->{regexp}[$int] =~ /\<CIDR\>/ ) {
$self->{regexp}[$int]
=~ s/\<CIDR\>/(?<CIDR>$IPv4_re\/\\b([1-9]|[12][0-9]|3[0-2])\\b|$IPv6_re\/\\b([1-9]|[1-9][0-9]|1[01][0-9]|12[0-8])\\b)/;
$has_finder = 1;
}
elsif ( $self->{regexp}[$int] =~ /\<SUBNET\>/ ) {
} elsif ( $self->{regexp}[$int] =~ /\<SUBNET\>/ ) {
$self->{regexp}[$int]
=~ s/\<SUBNET\>/(?<SUBNET>$IPv4_re|$IPv6_re|$IPv4_re\/\\b([1-9]|[12][0-9]|3[0-2])\\b|$IPv6_re\/\\b([1-9]|[1-9][0-9]|1[01][0-9]|12[0-8])\\b)/;
$has_finder = 1;
}
elsif ( $self->{regexp}[$int] =~ /\<IP4\>/ ) {
} elsif ( $self->{regexp}[$int] =~ /\<IP4\>/ ) {
$self->{regexp}[$int] =~ s/\<IP4\>/(?<IP4>$IPv4_re)/;
$has_finder = 1;
}
elsif ( $self->{regexp}[$int] =~ /\<IP6\>/ ) {
} elsif ( $self->{regexp}[$int] =~ /\<IP6\>/ ) {
$self->{regexp}[$int] =~ s/\<IP6\>/(?<IP6>$IPv6_re)/;
$has_finder = 1;
}
elsif ( $self->{regexp}[$int] =~ /\<DNS\>/ ) {
} elsif ( $self->{regexp}[$int] =~ /\<DNS\>/ ) {
$self->{regexp}[$int] =~ s/\<DNS\>/(?<DNS>[a-zA-Z][a-zA-Z\-0-9\.]*[a-zA-Z\-0-9]+)/;
$has_finder = 1;
}
@ -256,7 +248,7 @@ sub new {
$self->{regexp}[$int] =~ s/\(\?\(([a-zA-Z_0-0][a-zA-Z_0-0]+)\)/(?(<$1>)/g;
$int++;
}
} ## end while ( defined( $self->{regexp}[$int] ) )
# remove any blank items
my @items = ( 'pre_regexp', 'regexp' );
@ -272,7 +264,7 @@ sub new {
}
delete( $self->{$regexp} );
$self->{$regexp} = \@new_array;
}
} ## end foreach my $regexp (@items)
# make sure we have atleast one item we can use
foreach my $regexp (@items) {
@ -282,7 +274,7 @@ sub new {
}
return $self;
}
} ## end sub new
=head2 proc_lines
@ -332,18 +324,19 @@ sub proc_line {
while ( defined( $self->{pre_regexp}[$int] ) && $not_found ) {
my $regexp = $self->{pre_regexp}[$int];
if ( $joined =~ /$regexp/ ) {
if ( defined( $+{'FCONTENT'} ) ) {
my %found_items = %+;
if ( defined( $found_items{'FCONTENT'} ) ) {
$not_found = 0;
$joined = $+{'FCONTENT'};
$found->{data}{'F-CONTENT'} = $+{'FCONTENT'};
if ( defined( $+{'FMLFID'} ) ) {
$found->{data}{'F-MLFID'} = $+{'FMLFID'};
$joined = $found_items{'FCONTENT'};
$found->{data}{'F-CONTENT'} = $found_items{'FCONTENT'};
if ( defined( $found_items{'FMLFID'} ) ) {
$found->{data}{'F-MLFID'} = $found_items{'FMLFID'};
}
}
}
} ## end if ( $joined =~ /$regexp/ )
$int++;
}
} ## end while ( defined( $self->{pre_regexp}[$int] ) ...)
# we did not any matching lines, so just return
if ( defined( $self->{pre_regexp}[$int] ) && $not_found ) {
@ -367,20 +360,19 @@ sub proc_line {
my $new_key = $key;
$new_key =~ s/^F/F-/;
$found->{data}{$new_key} = $found_items{$key};
}
else {
} else {
$found->{data}{$key} = $found_items{$key};
}
}
} ## end foreach my $key ( keys(%found_items) )
$not_found = 0;
$found->{found} = 1;
}
} ## end if ( $joined =~ /$regexp/ )
$int++;
}
} ## end while ( defined( $self->{regexp}[$int] ) && $not_found)
return $found;
}
} ## end sub proc_line
=head1 AUTHOR

77
lib/Regexp/F2B/Baphomet_YAML.pm
View File

@ -53,7 +53,7 @@ sub load {
);
return $object;
}
} ## end sub load
=head2 parse
@ -95,8 +95,7 @@ sub parse {
{
push( @order, $file_name );
push( @to_read, @{ $confs->{$file_name}{includes} } );
}
else {
} else {
push( @order, $file_name );
}
@ -132,7 +131,7 @@ sub parse {
push( @to_read, @{ $confs->{$item}{includes} } );
}
}
} ## end foreach my $item (@to_read)
# @order is actually reversed given how it is generated
# reverse it so it can be used with foreach
@ -193,7 +192,7 @@ sub parse {
$vars{$conf_key} = $confs->{$conf}{vars}{$conf_key};
}
}
}
} ## end foreach my $conf (@order)
# process priority vars
my @var_keys = keys(%vars);
@ -209,8 +208,8 @@ sub parse {
}
$count++;
}
}
} ## end while ( $count <= 1 )
} ## end foreach my $item (@vars_order)
# put all the vars together
$count = 0;
@ -224,10 +223,10 @@ sub parse {
}
}
}
}
} ## end foreach my $item (@var_keys)
$count++;
}
} ## end while ( $count <= 1 )
# process the pre_regexp
$count = 0;
@ -242,7 +241,7 @@ sub parse {
$count2++;
}
$count++;
}
} ## end while ( $count <= 1 )
# process the regexp
$count = 0;
@ -257,7 +256,7 @@ sub parse {
$count2++;
}
$count++;
}
} ## end while ( $count <= 1 )
# process the start_pattern
if ( defined($start_pattern) ) {
@ -269,7 +268,7 @@ sub parse {
}
$count++;
}
}
} ## end if ( defined($start_pattern) )
return {
regexp => \@regexp,
@ -280,7 +279,7 @@ sub parse {
start_pattern => $start_pattern,
lines => $lines,
};
}
} ## end sub parse
=head2 test_yaml
@ -378,8 +377,7 @@ sub test_yaml {
push( @{ $to_return->{warnings} }, $warning );
push( @{ $to_return->{tests}{$test}{warnings} }, $warning );
}
}
elsif ( $test_results && !$raw_conf->{tests}{$test}{found} ) {
} elsif ( $test_results && !$raw_conf->{tests}{$test}{found} ) {
if ( !defined( $raw_conf->{tests}{$test}{undefed} ) ) {
$test_results = 0;
my $warning = 'test "' . $test . '" has found set to true, but undefed is undef';
@ -405,7 +403,7 @@ sub test_yaml {
push( @{ $to_return->{test}{$test}{errors} }, $error );
}
}
} ## end if ( $test_results && defined( $raw_conf->...))
# only will trigger on next test
if ( $test_results && !defined($obj) ) {
@ -417,21 +415,21 @@ sub test_yaml {
. $test
. '" can not be run as a previous test tried to reinit the obj and failed';
push( @{ $to_return->{warnings} }, $warning );
}
} ## end if ( $test_results && !defined($obj) )
#
# see if we can actually process a line
#
if ($test_results) {
eval {
$to_return->{ran}{$test}{found} = $to_return->{obj}->proc_line( $raw_conf->{tests}{$test}{line} );
$to_return->{ran}{$test}{found}
= $to_return->{obj}->proc_line( $raw_conf->{tests}{$test}{line} );
};
if ($@) {
my $warning = 'test "' . $test . '" proc_line failed... ' . $@;
push( @{ $to_return->{warnings} }, $warning );
push( @{ $to_return->{tests}{$test}{warnings} }, $warning );
}
else {
} else {
#
# we processed it, now make sure we have all the expected data items
#
@ -441,8 +439,8 @@ sub test_yaml {
my $warning = 'test "' . $test . '" is missing data item "' . $item . '"';
push( @{ $to_return->{warnings} }, $warning );
push( @{ $to_return->{tests}{$test}{warnings} }, $warning );
}
elsif ( $to_return->{ran}{$test}{found}{data}{$item} ne $raw_conf->{tests}{$test}{data}{$item} )
} elsif (
$to_return->{ran}{$test}{found}{data}{$item} ne $raw_conf->{tests}{$test}{data}{$item} )
{
$test_results = 0;
my $warning
@ -457,34 +455,40 @@ sub test_yaml {
. '" found';
push( @{ $to_return->{warnings} }, $warning );
push( @{ $to_return->{tests}{$test}{warnings} }, $warning );
}
}
} ## end elsif ( $to_return->{ran}{$test}{found}{data}...)
} ## end foreach my $item ( keys( %{ $raw_conf->{tests}{...}}))
#
# now that we have checked that we got the expected items, check for ones we want to make
# sure we did not get
#
foreach my $item ( @{ $raw_conf->{tests}{$test}{undefed} } ) {
if ( defined( $to_return->{ran}{$test}{found}{data}{$item} ) ) {
my $warning = 'test "' . $test . '" has the returned value for "' . $item . '" set to "'.$to_return->{ran}{$test}{found}{data}{$item}.'" but is expected to be undef';
my $warning
= 'test "'
. $test
. '" has the returned value for "'
. $item
. '" set to "'
. $to_return->{ran}{$test}{found}{data}{$item}
. '" but is expected to be undef';
push( @{ $to_return->{warnings} }, $warning );
push( @{ $to_return->{tests}{$test}{warnings} }, $warning );
}
}
}
}
} ## end if ( defined( $to_return->{ran}{$test}{found...}))
} ## end foreach my $item ( @{ $raw_conf->{tests}{$test}...})
} ## end else [ if ($@) ]
} ## end if ($test_results)
$to_return->{ran}{$test}{results} = $test_results;
}
else {
} else {
push(
@{ $to_return->{warnings} },
'test "' . $test . '" is not a HASH, but type ' . ref( $raw_conf->{tests}{$test} )
);
}
}
} ## end foreach my $test (@tests)
return $to_return;
}
} ## end sub test_yaml
=head1 Baphomet YAML Schema
@ -510,6 +514,9 @@ There are several vars.
- Default :: undef
- pre_regexp :: An optional array regexps to used for matching lines and extracting content.
If defined, <F-CONTENT> and </F-CONTENT> must be defined in it to grab what ever
will be processed via the regexps.
- Default :: undef
- regexp :: An array of regexps to use.
@ -613,6 +620,10 @@ matched together.
It will match either a IPv4 or IPv6 address.
=item <F-[A-Za-z0-9\_\-]+> </F-[A-Za-z0-9\_\-]+>
Chunks of text to grab for what ever purpose.
=back
=head1 Tests