openc2lib.profiles.slpf.validation

 1""" SLPF validation rules
 2
 3	This module defines specific SLPF constraints on the usable `Action`s and `Args` defined by the Language Specification.
 4	See Sec. 2.3 of the SLPF Specification.
 5"""
 6
 7from openc2lib import Actions, StatusCode, ActionTargets, ActionArguments, TargetEnum
 8
 9from openc2lib.profiles.slpf.nsid import nsid
10
11AllowedActions = [ Actions.query, Actions.deny, Actions.allow, Actions.deny, Actions.update, Actions.delete]
12""" List of allowed `Action`s """
13
14AllowedTargets = [ 'feature', 'file', 'ipv4_net', 'ipv6_net', 'ipv4_connection', 'ipv6_connection' , nsid+':rule_number']
15""" List of allowed `Target`s 
16
17	 This is probably not strictly necessary
18"""
19
20AllowedStatusCode = [StatusCode.PROCESSING, StatusCode.OK, StatusCode.BADREQUEST, StatusCode.INTERNALERROR, StatusCode.NOTIMPLEMENTED ] 
21""" List of allowed status code in `Response` """
22
23AllowedCommandTarget = ActionTargets()
24""" List of allowed `Target` for each `Action`
25
26	 Command Matrix (Table 2.3.1): valid Command/Target pairs
27"""
28# TODO: complete (replace with commented lines) after defining all targets
29AllowedCommandTarget[Actions.allow] = [TargetEnum.ipv4_connection, TargetEnum.ipv4_net]
30#AllowedCommandTarget[Actions.allow] = [TargetEnum.ipv4_connection, TargetEnum.ipv6_connection,
31#	TargetEnum.ipv4_net, TargetEnum.ipv6_net]
32AllowedCommandTarget[Actions.deny] = [TargetEnum.ipv4_connection, TargetEnum.ipv4_net]
33#AllowedCommandTarget[Actions.deny] = [TargetEnum.ipv4_connection, TargetEnum.ipv6_connection,
34#	TargetEnum.ipv4_net, TargetEnum.ipv6_net]
35AllowedCommandTarget[Actions.query] = [TargetEnum.features]
36AllowedCommandTarget[Actions.delete] = [TargetEnum[nsid+':rule_number']]
37#AllowedCommandTarget[Actions.update] = [TargetEnum.file]
38
39AllowedCommandArguments = ActionArguments()
40""" List of allowed `Args` for each `Action` 
41
42	Command Arguments Matrix (Table 2.3.2): valid Command/Arguments pairs.
43	An argument value of 'None' means the argument is valid for any supported target (see Table 2.3.1).
44	See Sec. 2.3.1-2.3.5 for the behaviour to be implemented in the actuators.
45"""
46# TODO: complete the list (if necessary)
47AllowedCommandArguments[(Actions.allow, None)] = ['response_requested', 'start_time', 'stop_time',
48	'duration','persistent','direction','insert_rule']
49AllowedCommandArguments[(Actions.deny, None)] = ['response_requested', 'start_time', 'stop_time',
50	'duration','persistent','direction','insert_rule','drop_process']
51AllowedCommandArguments[(Actions.query, TargetEnum.features)] = ['response_requested']
52AllowedCommandArguments[(Actions.delete, TargetEnum[nsid+':rule_number'])] = ['response_requested', 'start_time']
53#AllowedCommandArguments[(Actions.update, TargetEnum.file)] = ['response_requested', 'start_time']
54
55def validate_command(cmd):
56	""" Validate a `Command` 
57
58		Helper function to check the `Target` in a `Command` are valid for the `Action` according
59		to the SLPF profile.
60		:param cmd: The `Command` class to validate.
61	"""
62	try:
63		if cmd.action in AllowedActions and \
64			TargetEnum[cmd.target.getName()] in AllowedCommandTarget[cmd.action]:
65			return True
66		else:
67			return False
68	except:
69		return False
70
71def validate_args(cmd):
72	""" Validate a `Command` 
73
74		Helper function to check the `Args` in a `Command` are valid for the `Action` and `Target`  according
75		to the SLPF profile.
76		:param cmd: The `Command` class to validate.
77	"""
78	try:
79		if cmd.args is None: 
80			return True
81		for k,v in cmd.args.items():
82			if k not in AllowedCommandArguments[cmd.action, TargetEnum[cmd.target.getName()]]:
83				return False
84		return True
85	except:
86	  return False