Menu
▾
▴
[Radmind-commit] radmind-assistant/rte RTEFilter.h, NONE, 1.1 RTEFilter.m, NONE, 1.1
|
From: Andrew M. <fit...@us...> - 2006-08-29 01:24:15
|
Update of /cvsroot/radmind/radmind-assistant/rte In directory sc8-pr-cvs9.sourceforge.net:/tmp/cvs-serv25008 Added Files: RTEFilter.h RTEFilter.m Log Message: New filtering class supercedes RTEAuditor. --- NEW FILE: RTEFilter.m --- /* * Copyright (c) 2005 Regents of The University of Michigan. * All Rights Reserved. */ #import "RTEFilter.h" #import "UMWildcard.h" #include <sys/stat.h> //define WORLDWRITABLE ( S_IWUSR | S_IWGRP | S_IWOTH ) @implementation RTEFilter - ( id )init { if (( self = [ super init ] ) == nil ) { NSLog( @"%@ %@ failed.", [ self class ], NSStringFromSelector( _cmd )); return( nil ); } _rteFilterResults = nil; _rteFilteredTranscript = nil; return( self ); } /* accessor methods */ - ( id )filteredTranscriptContents { return( _rteFilteredTranscript ); } - ( void )setFilteredTranscriptContents: ( id )contents { if ( _rteFilteredTranscript != nil ) { [ _rteFilteredTranscript release ]; _rteFilteredTranscript = nil; } if ( contents == nil ) { return; } _rteFilteredTranscript = [ contents retain ]; } /* return YES if line is potentially dangerous */ - ( BOOL )auditLine: ( NSMutableDictionary * )line { NSString *owner, *modeString; NSString *objectType = @"unknown"; mode_t mode; int type; if ( line == nil ) { return( NO ); } owner = [ line objectForKey: @"owner" ]; modeString = [ line objectForKey: @"perm" ]; type = [[ line objectForKey: @"type" ] characterAtIndex: 0 ]; if ( modeString == nil || [ modeString characterAtIndex: 0 ] == '-' ) { return( NO ); } errno = 0; mode = strtol( [ modeString UTF8String ], NULL, 8 ); if ( errno ) { NSLog( @"strtol %@: %s", modeString, strerror( errno )); return( NO ); } if ( [ owner isEqualToString: @"0" ] ) { if ( mode & S_ISUID ) { [ line setObject: NSLocalizedString( @"setuid root", @"setuid root" ) forKey: @"RTEAuditorAnalysis" ]; return( YES ); } if ( mode & S_ISGID ) { [ line setObject: NSLocalizedString( @"setgid root", @"setgid root" ) forKey: @"RTEAuditorAnalysis" ]; return( YES ); } } if (( mode & S_IWOTH ) && !( mode & S_ISVTX )) { switch ( type ) { default: case 'a': case 'f': objectType = NSLocalizedString( @"file", @"file" ); break; case 'd': objectType = NSLocalizedString( @"directory", @"directory" ); break; } [ line setObject: [ NSString stringWithFormat: NSLocalizedString( @"Unprotected world-writable %@", @"Unprotected world-writable %@" ), objectType ] forKey: @"RTEAuditorAnalysis" ]; return( YES ); } return( NO ); } /* * Parse the dictionary for potentially insecure lines. * Return an array of problem lines. */ - ( NSMutableArray * )auditTranscriptContents: ( id )transcript { int i; if ( transcript == nil || ! [ transcript isKindOfClass: [ NSArray class ]] ) { return( nil ); } [ self setFilteredTranscriptContents: transcript ]; _rteFilterResults = [[ NSMutableArray alloc ] init ]; for ( i = 0; i < [ transcript count ]; i++ ) { if ( [ self auditLine: [ transcript objectAtIndex: i ]] ) { [ _rteFilterResults addObject: [ transcript objectAtIndex: i ]]; } } [ self setFilteredTranscriptContents: nil ]; return( _rteFilterResults ); } - ( NSMutableArray * )filterTranscript: ( id )transcript withFilterPatterns: ( NSArray * )patterns { NSMutableIndexSet *indexes; NSMutableArray *results = nil; unsigned int i, j; if ( transcript == nil || ![ transcript isKindOfClass: [ NSArray class ]] ) { return( nil ); } [ self setFilteredTranscriptContents: transcript ]; _rteFilterResults = [[ NSMutableArray alloc ] init ]; indexes = [[[ NSMutableIndexSet alloc ] init ] autorelease ]; for ( i = 0; i < [ transcript count ]; i++ ) { for ( j = 0; j < [ patterns count ]; j++ ) { if ( [ self filterLine: [ transcript objectAtIndex: i ] withFilterPattern: [ patterns objectAtIndex: j ]] ) { continue; } [ indexes addIndex: i ]; } } if ( [ indexes count ] > 0 ) { results = [[ NSMutableArray alloc ] initWithArray: [ transcript objectsAtIndexes: indexes ]]; [ results autorelease ]; } return( results ); } - ( BOOL )filterLine: ( NSDictionary * )transcriptLine withFilterPattern: ( NSDictionary * )filterPattern { NSArray *lineKeys, *filterKeys; NSString *lineValue; id tmp; BOOL filter = YES, caseSensitive = NO; BOOL negateBoolean = NO; unsigned int i; lineKeys = [ transcriptLine allKeys ]; filterKeys = [ filterPattern allKeys ]; /* XXX could be moved to parent method */ if (( tmp = [ filterPattern objectForKey: @"caseSensitive" ] ) != nil ) { caseSensitive = [ tmp boolValue ]; } if (( tmp = [ filterPattern objectForKey: @"negateBoolean" ] ) != nil ) { negateBoolean = [ tmp boolValue ]; } for ( i = 0; i < [ filterKeys count ]; i++ ) { if (( lineValue = [ transcriptLine objectForKey: [ filterKeys objectAtIndex: i ]] ) == nil ) { continue; } filter = [ lineValue matchesWildcard: [ filterPattern objectForKey: [ filterKeys objectAtIndex: i ]] caseSensitive: caseSensitive ]; if ( negateBoolean ) { filter = !filter; } if ( filter == NO ) { break; } } return( filter ); } - ( void )dealloc { if ( _rteFilteredTranscript != nil ) { [ _rteFilteredTranscript release ]; _rteFilteredTranscript = nil; } if ( _rteFilterResults != nil ) { [ _rteFilterResults release ]; _rteFilterResults = nil; } [ super dealloc ]; } @end --- NEW FILE: RTEFilter.h --- /* * Copyright (c) 2005 Regents of The University of Michigan. * All Rights Reserved. */ #import <Foundation/Foundation.h> @interface RTEFilter : NSObject { @private NSArray *_rteFilteredTranscript; NSMutableArray *_rteFilterResults; } - ( id )filteredTranscriptContents; - ( void )setFilteredTranscriptContents: ( id )contents; - ( BOOL )auditLine: ( NSMutableDictionary * )line; - ( NSMutableArray * )auditTranscriptContents: ( id )transcript; - ( NSMutableArray * )filterTranscript: ( id )transcript withFilterPatterns: ( NSArray * )patterns; - ( BOOL )filterLine: ( NSDictionary * )transcriptLine withFilterPattern: ( NSDictionary * )filterPattern; @end |
