a qqe@sddlZddlZddlmZmZddlmZmZmZddl m Z ddl m Z m Z ddlmZeejejfZGdd d e eZdS) N)AF_INETAF_INET6)IterableOptionalUnion) MatchContext)NodeconNodeconIPVersion) PolicyQuerycseZdZUdZdZeeed<dZe ed<dZ ee ed<e ee ddd Z e jeeee fdd d d Z e eedd d Zejeeeefdd dd Zddfdd ZeedddZZS) NodeconQueryaI Query nodecon statements. Parameter: policy The policy to query. Keyword Parameters/Class attributes: network The IPv4/IPv6 address or IPv4/IPv6 network address with netmask, e.g. 192.168.1.0/255.255.255.0 or "192.168.1.0/24". network_overlap If true, the net will match if it overlaps with the nodecon's network instead of equality. ip_version The IP version of the nodecon to match. (socket.AF_INET for IPv4 or socket.AF_INET6 for IPv6) user The criteria to match the context's user. user_regex If true, regular expression matching will be used on the user. role The criteria to match the context's role. role_regex If true, regular expression matching will be used on the role. type_ The criteria to match the context's type. type_regex If true, regular expression matching will be used on the type. range_ The criteria to match the context's range. range_subset If true, the criteria will match if it is a subset of the context's range. range_overlap If true, the criteria will match if it overlaps any of the context's range. range_superset If true, the criteria will match if it is a superset of the context's range. range_proper If true, use proper superset/subset operations. No effect if not using set operations. N_networkFnetwork_overlap _ip_version)returncCs|jSN)rselfr:/usr/lib64/python3.9/site-packages/setools/nodeconquery.py ip_version;szNodeconQuery.ip_version)valuercCs|rt||_nd|_dSr)r lookuprrrrrrr?scCs|jSr)r rrrrnetworkFszNodeconQuery.networkcCs|rt||_nd|_dSr) ipaddressZ ip_networkr rrrrrJsc s(tt|j|fi|tt|_dSr)superr __init__loggingZ getLogger__name__log)rpolicykwargs __class__rrrQszNodeconQuery.__init__ccs|jd||jd||jd|||j|jD]X}|jr||jrn|j |js|qLn|j|jks|qL|j r|j |j krqL| |j sqL|VqLdS)z-Generator which yields all matching nodecons.z*Generating nodecon results from {0.policy}z4Network: {0.network!r}, overlap: {0.network_overlap}zIP Version: {0.ip_version!r}N) r infoformatdebugZ_match_context_debugr!ZnodeconsrrZoverlapsrZ_match_contextcontext)rZnodeconrrrresultsUs    zNodeconQuery.results)r __module__ __qualname____doc__r r AnyIPNetwork__annotations__rboolrr propertyrsetterrstrrrrr r) __classcell__rrr#rr s " r )rrZsocketrrtypingrrrZmixinsrZ policyrepr r queryr Z IPv4NetworkZ IPv6Networkr-r rrrrs