mirror of
https://github.com/evennia/evennia.git
synced 2026-03-24 08:46:31 +01:00
356 lines
No EOL
38 KiB
HTML
356 lines
No EOL
38 KiB
HTML
|
|
<!DOCTYPE html>
|
|
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<title>evennia.contrib.security.auditing.server — Evennia 1.0-dev documentation</title>
|
|
<link rel="stylesheet" href="../../../../../_static/nature.css" type="text/css" />
|
|
<link rel="stylesheet" href="../../../../../_static/pygments.css" type="text/css" />
|
|
<script id="documentation_options" data-url_root="../../../../../" src="../../../../../_static/documentation_options.js"></script>
|
|
<script src="../../../../../_static/jquery.js"></script>
|
|
<script src="../../../../../_static/underscore.js"></script>
|
|
<script src="../../../../../_static/doctools.js"></script>
|
|
<script src="../../../../../_static/language_data.js"></script>
|
|
<script async="async" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.7/latest.js?config=TeX-AMS-MML_HTMLorMML"></script>
|
|
<script type="text/x-mathjax-config">MathJax.Hub.Config({"tex2jax": {"processClass": "tex2jax_process|mathjax_process|math|output_area"}})</script>
|
|
<link rel="shortcut icon" href="../../../../../_static/favicon.ico"/>
|
|
<link rel="index" title="Index" href="../../../../../genindex.html" />
|
|
<link rel="search" title="Search" href="../../../../../search.html" />
|
|
</head><body>
|
|
<div class="related" role="navigation" aria-label="related navigation">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../../../../genindex.html" title="General Index"
|
|
accesskey="I">index</a></li>
|
|
<li class="right" >
|
|
<a href="../../../../../py-modindex.html" title="Python Module Index"
|
|
>modules</a> |</li>
|
|
<li class="nav-item nav-item-0"><a href="../../../../../index.html">Evennia 1.0-dev</a> »</li>
|
|
<li class="nav-item nav-item-1"><a href="../../../../index.html" >Module code</a> »</li>
|
|
<li class="nav-item nav-item-2"><a href="../../../../evennia.html" accesskey="U">evennia</a> »</li>
|
|
<li class="nav-item nav-item-this"><a href="">evennia.contrib.security.auditing.server</a></li>
|
|
</ul>
|
|
<div class="develop">develop branch</div>
|
|
</div>
|
|
|
|
<div class="document">
|
|
<div class="documentwrapper">
|
|
<div class="bodywrapper">
|
|
<div class="body" role="main">
|
|
|
|
<h1>Source code for evennia.contrib.security.auditing.server</h1><div class="highlight"><pre>
|
|
<span></span><span class="sd">"""</span>
|
|
<span class="sd">Auditable Server Sessions:</span>
|
|
<span class="sd">Extension of the stock ServerSession that yields objects representing</span>
|
|
<span class="sd">user inputs and system outputs.</span>
|
|
|
|
<span class="sd">Evennia contribution - Johnny 2017</span>
|
|
<span class="sd">"""</span>
|
|
<span class="kn">import</span> <span class="nn">os</span>
|
|
<span class="kn">import</span> <span class="nn">re</span>
|
|
<span class="kn">import</span> <span class="nn">socket</span>
|
|
|
|
<span class="kn">from</span> <span class="nn">django.utils</span> <span class="kn">import</span> <span class="n">timezone</span>
|
|
<span class="kn">from</span> <span class="nn">django.conf</span> <span class="kn">import</span> <span class="n">settings</span> <span class="k">as</span> <span class="n">ev_settings</span>
|
|
<span class="kn">from</span> <span class="nn">evennia.utils</span> <span class="kn">import</span> <span class="n">utils</span><span class="p">,</span> <span class="n">logger</span><span class="p">,</span> <span class="n">mod_import</span><span class="p">,</span> <span class="n">get_evennia_version</span>
|
|
<span class="kn">from</span> <span class="nn">evennia.server.serversession</span> <span class="kn">import</span> <span class="n">ServerSession</span>
|
|
|
|
<span class="c1"># Attributes governing auditing of commands and where to send log objects</span>
|
|
<span class="n">AUDIT_CALLBACK</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span>
|
|
<span class="n">ev_settings</span><span class="p">,</span> <span class="s2">"AUDIT_CALLBACK"</span><span class="p">,</span> <span class="s2">"evennia.contrib.security.auditing.outputs.to_file"</span>
|
|
<span class="p">)</span>
|
|
<span class="n">AUDIT_IN</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">ev_settings</span><span class="p">,</span> <span class="s2">"AUDIT_IN"</span><span class="p">,</span> <span class="kc">False</span><span class="p">)</span>
|
|
<span class="n">AUDIT_OUT</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">ev_settings</span><span class="p">,</span> <span class="s2">"AUDIT_OUT"</span><span class="p">,</span> <span class="kc">False</span><span class="p">)</span>
|
|
<span class="n">AUDIT_ALLOW_SPARSE</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">ev_settings</span><span class="p">,</span> <span class="s2">"AUDIT_ALLOW_SPARSE"</span><span class="p">,</span> <span class="kc">False</span><span class="p">)</span>
|
|
<span class="n">AUDIT_MASKS</span> <span class="o">=</span> <span class="p">[</span>
|
|
<span class="p">{</span><span class="s2">"connect"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^[@\s]*[connect]{5,8}\s+(</span><span class="se">\"</span><span class="s2">.+?</span><span class="se">\"</span><span class="s2">|[^\s]+)\s+(?P<secret>.+)"</span><span class="p">},</span>
|
|
<span class="p">{</span><span class="s2">"connect"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^[@\s]*[connect]{5,8}\s+(?P<secret>[\w]+)"</span><span class="p">},</span>
|
|
<span class="p">{</span><span class="s2">"create"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^[^@]?[create]{5,6}\s+(\w+|</span><span class="se">\"</span><span class="s2">.+?</span><span class="se">\"</span><span class="s2">)\s+(?P<secret>[\w]+)"</span><span class="p">},</span>
|
|
<span class="p">{</span><span class="s2">"create"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^[^@]?[create]{5,6}\s+(?P<secret>[\w]+)"</span><span class="p">},</span>
|
|
<span class="p">{</span><span class="s2">"userpassword"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^[@\s]*[userpassword]{11,14}\s+(\w+|</span><span class="se">\"</span><span class="s2">.+?</span><span class="se">\"</span><span class="s2">)\s+=*\s*(?P<secret>[\w]+)"</span><span class="p">},</span>
|
|
<span class="p">{</span><span class="s2">"userpassword"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^.*new password set to '(?P<secret>[^']+)'\."</span><span class="p">},</span>
|
|
<span class="p">{</span><span class="s2">"userpassword"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^.* has changed your password to '(?P<secret>[^']+)'\."</span><span class="p">},</span>
|
|
<span class="p">{</span><span class="s2">"password"</span><span class="p">:</span> <span class="sa">r</span><span class="s2">"^[@\s]*[password]{6,9}\s+(?P<secret>.*)"</span><span class="p">},</span>
|
|
<span class="p">]</span> <span class="o">+</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">ev_settings</span><span class="p">,</span> <span class="s2">"AUDIT_MASKS"</span><span class="p">,</span> <span class="p">[])</span>
|
|
|
|
|
|
<span class="k">if</span> <span class="n">AUDIT_CALLBACK</span><span class="p">:</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">AUDIT_CALLBACK</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span>
|
|
<span class="n">mod_import</span><span class="p">(</span><span class="s2">"."</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">AUDIT_CALLBACK</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s2">"."</span><span class="p">)[:</span><span class="o">-</span><span class="mi">1</span><span class="p">])),</span> <span class="n">AUDIT_CALLBACK</span><span class="o">.</span><span class="n">split</span><span class="p">(</span><span class="s2">"."</span><span class="p">)[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span>
|
|
<span class="p">)</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">log_sec</span><span class="p">(</span><span class="s2">"Auditing module online."</span><span class="p">)</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">log_sec</span><span class="p">(</span>
|
|
<span class="s2">"Audit record User input: </span><span class="si">{}</span><span class="s2">, output: </span><span class="si">{}</span><span class="s2">.</span><span class="se">\n</span><span class="s2">"</span>
|
|
<span class="s2">"Audit sparse recording: </span><span class="si">{}</span><span class="s2">, Log callback: </span><span class="si">{}</span><span class="s2">"</span><span class="o">.</span><span class="n">format</span><span class="p">(</span>
|
|
<span class="n">AUDIT_IN</span><span class="p">,</span> <span class="n">AUDIT_OUT</span><span class="p">,</span> <span class="n">AUDIT_ALLOW_SPARSE</span><span class="p">,</span> <span class="n">AUDIT_CALLBACK</span>
|
|
<span class="p">)</span>
|
|
<span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">log_err</span><span class="p">(</span><span class="s2">"Failed to activate Auditing module. </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">e</span><span class="p">)</span>
|
|
|
|
|
|
<div class="viewcode-block" id="AuditedServerSession"><a class="viewcode-back" href="../../../../../api/evennia.contrib.security.auditing.server.html#evennia.contrib.security.auditing.server.AuditedServerSession">[docs]</a><span class="k">class</span> <span class="nc">AuditedServerSession</span><span class="p">(</span><span class="n">ServerSession</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> This particular implementation parses all server inputs and/or outputs and</span>
|
|
<span class="sd"> passes a dict containing the parsed metadata to a callback method of your</span>
|
|
<span class="sd"> creation. This is useful for recording player activity where necessary for</span>
|
|
<span class="sd"> security auditing, usage analysis or post-incident forensic discovery.</span>
|
|
|
|
<span class="sd"> *** WARNING ***</span>
|
|
<span class="sd"> All strings are recorded and stored in plaintext. This includes those strings</span>
|
|
<span class="sd"> which might contain sensitive data (create, connect, @password). These commands</span>
|
|
<span class="sd"> have their arguments masked by default, but you must mask or mask any</span>
|
|
<span class="sd"> custom commands of your own that handle sensitive information.</span>
|
|
|
|
<span class="sd"> See README.md for installation/configuration instructions.</span>
|
|
<span class="sd"> """</span>
|
|
|
|
<div class="viewcode-block" id="AuditedServerSession.audit"><a class="viewcode-back" href="../../../../../api/evennia.contrib.security.auditing.server.html#evennia.contrib.security.auditing.server.AuditedServerSession.audit">[docs]</a> <span class="k">def</span> <span class="nf">audit</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Extracts messages and system data from a Session object upon message</span>
|
|
<span class="sd"> send or receive.</span>
|
|
|
|
<span class="sd"> Keyword Args:</span>
|
|
<span class="sd"> src (str): Source of data; 'client' or 'server'. Indicates direction.</span>
|
|
<span class="sd"> text (str or list): Client sends messages to server in the form of</span>
|
|
<span class="sd"> lists. Server sends messages to client as string.</span>
|
|
|
|
<span class="sd"> Returns:</span>
|
|
<span class="sd"> log (dict): Dictionary object containing parsed system and user data</span>
|
|
<span class="sd"> related to this message.</span>
|
|
|
|
<span class="sd"> """</span>
|
|
<span class="c1"># Get time at start of processing</span>
|
|
<span class="n">time_obj</span> <span class="o">=</span> <span class="n">timezone</span><span class="o">.</span><span class="n">now</span><span class="p">()</span>
|
|
<span class="n">time_str</span> <span class="o">=</span> <span class="nb">str</span><span class="p">(</span><span class="n">time_obj</span><span class="p">)</span>
|
|
|
|
<span class="n">session</span> <span class="o">=</span> <span class="bp">self</span>
|
|
<span class="n">src</span> <span class="o">=</span> <span class="n">kwargs</span><span class="o">.</span><span class="n">pop</span><span class="p">(</span><span class="s2">"src"</span><span class="p">,</span> <span class="s2">"?"</span><span class="p">)</span>
|
|
<span class="n">bytecount</span> <span class="o">=</span> <span class="mi">0</span>
|
|
|
|
<span class="c1"># Do not log empty lines</span>
|
|
<span class="k">if</span> <span class="ow">not</span> <span class="n">kwargs</span><span class="p">:</span>
|
|
<span class="k">return</span> <span class="p">{}</span>
|
|
|
|
<span class="c1"># Get current session's IP address</span>
|
|
<span class="n">client_ip</span> <span class="o">=</span> <span class="n">session</span><span class="o">.</span><span class="n">address</span>
|
|
|
|
<span class="c1"># Capture Account name and dbref together</span>
|
|
<span class="n">account</span> <span class="o">=</span> <span class="n">session</span><span class="o">.</span><span class="n">get_account</span><span class="p">()</span>
|
|
<span class="n">account_token</span> <span class="o">=</span> <span class="s2">""</span>
|
|
<span class="k">if</span> <span class="n">account</span><span class="p">:</span>
|
|
<span class="n">account_token</span> <span class="o">=</span> <span class="s2">"</span><span class="si">%s%s</span><span class="s2">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">account</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">account</span><span class="o">.</span><span class="n">dbref</span><span class="p">)</span>
|
|
|
|
<span class="c1"># Capture Character name and dbref together</span>
|
|
<span class="n">char</span> <span class="o">=</span> <span class="n">session</span><span class="o">.</span><span class="n">get_puppet</span><span class="p">()</span>
|
|
<span class="n">char_token</span> <span class="o">=</span> <span class="s2">""</span>
|
|
<span class="k">if</span> <span class="n">char</span><span class="p">:</span>
|
|
<span class="n">char_token</span> <span class="o">=</span> <span class="s2">"</span><span class="si">%s%s</span><span class="s2">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">char</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">char</span><span class="o">.</span><span class="n">dbref</span><span class="p">)</span>
|
|
|
|
<span class="c1"># Capture Room name and dbref together</span>
|
|
<span class="n">room</span> <span class="o">=</span> <span class="kc">None</span>
|
|
<span class="n">room_token</span> <span class="o">=</span> <span class="s2">""</span>
|
|
<span class="k">if</span> <span class="n">char</span><span class="p">:</span>
|
|
<span class="n">room</span> <span class="o">=</span> <span class="n">char</span><span class="o">.</span><span class="n">location</span>
|
|
<span class="n">room_token</span> <span class="o">=</span> <span class="s2">"</span><span class="si">%s%s</span><span class="s2">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">room</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">room</span><span class="o">.</span><span class="n">dbref</span><span class="p">)</span>
|
|
|
|
<span class="c1"># Try to compile an input/output string</span>
|
|
<span class="k">def</span> <span class="nf">drill</span><span class="p">(</span><span class="n">obj</span><span class="p">,</span> <span class="n">bucket</span><span class="p">):</span>
|
|
<span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">obj</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span>
|
|
<span class="k">return</span> <span class="n">bucket</span>
|
|
<span class="k">elif</span> <span class="n">utils</span><span class="o">.</span><span class="n">is_iter</span><span class="p">(</span><span class="n">obj</span><span class="p">):</span>
|
|
<span class="k">for</span> <span class="n">sub_obj</span> <span class="ow">in</span> <span class="n">obj</span><span class="p">:</span>
|
|
<span class="n">bucket</span><span class="o">.</span><span class="n">extend</span><span class="p">(</span><span class="n">drill</span><span class="p">(</span><span class="n">sub_obj</span><span class="p">,</span> <span class="p">[]))</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">bucket</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">obj</span><span class="p">)</span>
|
|
<span class="k">return</span> <span class="n">bucket</span>
|
|
|
|
<span class="n">text</span> <span class="o">=</span> <span class="n">kwargs</span><span class="o">.</span><span class="n">pop</span><span class="p">(</span><span class="s2">"text"</span><span class="p">,</span> <span class="s2">""</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">utils</span><span class="o">.</span><span class="n">is_iter</span><span class="p">(</span><span class="n">text</span><span class="p">):</span>
|
|
<span class="n">text</span> <span class="o">=</span> <span class="s2">"|"</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">drill</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="p">[]))</span>
|
|
|
|
<span class="c1"># Mask any PII in message, where possible</span>
|
|
<span class="n">bytecount</span> <span class="o">=</span> <span class="nb">len</span><span class="p">(</span><span class="n">text</span><span class="o">.</span><span class="n">encode</span><span class="p">(</span><span class="s2">"utf-8"</span><span class="p">))</span>
|
|
<span class="n">text</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">mask</span><span class="p">(</span><span class="n">text</span><span class="p">)</span>
|
|
|
|
<span class="c1"># Compile the IP, Account, Character, Room, and the message.</span>
|
|
<span class="n">log</span> <span class="o">=</span> <span class="p">{</span>
|
|
<span class="s2">"time"</span><span class="p">:</span> <span class="n">time_str</span><span class="p">,</span>
|
|
<span class="s2">"hostname"</span><span class="p">:</span> <span class="n">socket</span><span class="o">.</span><span class="n">getfqdn</span><span class="p">(),</span>
|
|
<span class="s2">"application"</span><span class="p">:</span> <span class="s2">"</span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="n">ev_settings</span><span class="o">.</span><span class="n">SERVERNAME</span><span class="p">,</span>
|
|
<span class="s2">"version"</span><span class="p">:</span> <span class="n">get_evennia_version</span><span class="p">(),</span>
|
|
<span class="s2">"pid"</span><span class="p">:</span> <span class="n">os</span><span class="o">.</span><span class="n">getpid</span><span class="p">(),</span>
|
|
<span class="s2">"direction"</span><span class="p">:</span> <span class="s2">"SND"</span> <span class="k">if</span> <span class="n">src</span> <span class="o">==</span> <span class="s2">"server"</span> <span class="k">else</span> <span class="s2">"RCV"</span><span class="p">,</span>
|
|
<span class="s2">"protocol"</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">protocol_key</span><span class="p">,</span>
|
|
<span class="s2">"ip"</span><span class="p">:</span> <span class="n">client_ip</span><span class="p">,</span>
|
|
<span class="s2">"session"</span><span class="p">:</span> <span class="s2">"session#</span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="bp">self</span><span class="o">.</span><span class="n">sessid</span><span class="p">,</span>
|
|
<span class="s2">"account"</span><span class="p">:</span> <span class="n">account_token</span><span class="p">,</span>
|
|
<span class="s2">"character"</span><span class="p">:</span> <span class="n">char_token</span><span class="p">,</span>
|
|
<span class="s2">"room"</span><span class="p">:</span> <span class="n">room_token</span><span class="p">,</span>
|
|
<span class="s2">"text"</span><span class="p">:</span> <span class="n">text</span><span class="o">.</span><span class="n">strip</span><span class="p">(),</span>
|
|
<span class="s2">"bytes"</span><span class="p">:</span> <span class="n">bytecount</span><span class="p">,</span>
|
|
<span class="s2">"data"</span><span class="p">:</span> <span class="n">kwargs</span><span class="p">,</span>
|
|
<span class="s2">"objects"</span><span class="p">:</span> <span class="p">{</span>
|
|
<span class="s2">"time"</span><span class="p">:</span> <span class="n">time_obj</span><span class="p">,</span>
|
|
<span class="s2">"session"</span><span class="p">:</span> <span class="bp">self</span><span class="p">,</span>
|
|
<span class="s2">"account"</span><span class="p">:</span> <span class="n">account</span><span class="p">,</span>
|
|
<span class="s2">"character"</span><span class="p">:</span> <span class="n">char</span><span class="p">,</span>
|
|
<span class="s2">"room"</span><span class="p">:</span> <span class="n">room</span><span class="p">,</span>
|
|
<span class="p">},</span>
|
|
<span class="p">}</span>
|
|
|
|
<span class="c1"># Remove any keys with blank values</span>
|
|
<span class="k">if</span> <span class="n">AUDIT_ALLOW_SPARSE</span> <span class="ow">is</span> <span class="kc">False</span><span class="p">:</span>
|
|
<span class="n">log</span><span class="p">[</span><span class="s2">"data"</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="n">k</span><span class="p">:</span> <span class="n">v</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">log</span><span class="p">[</span><span class="s2">"data"</span><span class="p">]</span><span class="o">.</span><span class="n">items</span><span class="p">()</span> <span class="k">if</span> <span class="n">v</span><span class="p">}</span>
|
|
<span class="n">log</span><span class="p">[</span><span class="s2">"objects"</span><span class="p">]</span> <span class="o">=</span> <span class="p">{</span><span class="n">k</span><span class="p">:</span> <span class="n">v</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">log</span><span class="p">[</span><span class="s2">"objects"</span><span class="p">]</span><span class="o">.</span><span class="n">items</span><span class="p">()</span> <span class="k">if</span> <span class="n">v</span><span class="p">}</span>
|
|
<span class="n">log</span> <span class="o">=</span> <span class="p">{</span><span class="n">k</span><span class="p">:</span> <span class="n">v</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">log</span><span class="o">.</span><span class="n">items</span><span class="p">()</span> <span class="k">if</span> <span class="n">v</span><span class="p">}</span>
|
|
|
|
<span class="k">return</span> <span class="n">log</span></div>
|
|
|
|
<div class="viewcode-block" id="AuditedServerSession.mask"><a class="viewcode-back" href="../../../../../api/evennia.contrib.security.auditing.server.html#evennia.contrib.security.auditing.server.AuditedServerSession.mask">[docs]</a> <span class="k">def</span> <span class="nf">mask</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">msg</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Masks potentially sensitive user information within messages before</span>
|
|
<span class="sd"> writing to log. Recording cleartext password attempts is bad policy.</span>
|
|
|
|
<span class="sd"> Args:</span>
|
|
<span class="sd"> msg (str): Raw text string sent from client <-> server</span>
|
|
|
|
<span class="sd"> Returns:</span>
|
|
<span class="sd"> msg (str): Text string with sensitive information masked out.</span>
|
|
|
|
<span class="sd"> """</span>
|
|
<span class="c1"># Check to see if the command is embedded within server output</span>
|
|
<span class="n">_msg</span> <span class="o">=</span> <span class="n">msg</span>
|
|
<span class="n">is_embedded</span> <span class="o">=</span> <span class="kc">False</span>
|
|
<span class="n">match</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">match</span><span class="p">(</span><span class="s2">".*Command.*'(.+)'.*is not available.*"</span><span class="p">,</span> <span class="n">msg</span><span class="p">,</span> <span class="n">flags</span><span class="o">=</span><span class="n">re</span><span class="o">.</span><span class="n">IGNORECASE</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">match</span><span class="p">:</span>
|
|
<span class="n">msg</span> <span class="o">=</span> <span class="n">match</span><span class="o">.</span><span class="n">group</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="s2">"</span><span class="se">\\</span><span class="s2">"</span><span class="p">,</span> <span class="s2">""</span><span class="p">)</span>
|
|
<span class="n">submsg</span> <span class="o">=</span> <span class="n">msg</span>
|
|
<span class="n">is_embedded</span> <span class="o">=</span> <span class="kc">True</span>
|
|
|
|
<span class="k">for</span> <span class="n">mask</span> <span class="ow">in</span> <span class="n">AUDIT_MASKS</span><span class="p">:</span>
|
|
<span class="k">for</span> <span class="n">command</span><span class="p">,</span> <span class="n">regex</span> <span class="ow">in</span> <span class="n">mask</span><span class="o">.</span><span class="n">items</span><span class="p">():</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">match</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">match</span><span class="p">(</span><span class="n">regex</span><span class="p">,</span> <span class="n">msg</span><span class="p">,</span> <span class="n">flags</span><span class="o">=</span><span class="n">re</span><span class="o">.</span><span class="n">IGNORECASE</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">log_err</span><span class="p">(</span><span class="n">regex</span><span class="p">)</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">log_err</span><span class="p">(</span><span class="n">e</span><span class="p">)</span>
|
|
<span class="k">continue</span>
|
|
|
|
<span class="k">if</span> <span class="n">match</span><span class="p">:</span>
|
|
<span class="n">term</span> <span class="o">=</span> <span class="n">match</span><span class="o">.</span><span class="n">group</span><span class="p">(</span><span class="s2">"secret"</span><span class="p">)</span>
|
|
<span class="n">masked</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">sub</span><span class="p">(</span><span class="n">term</span><span class="p">,</span> <span class="s2">"*"</span> <span class="o">*</span> <span class="nb">len</span><span class="p">(</span><span class="n">term</span><span class="o">.</span><span class="n">zfill</span><span class="p">(</span><span class="mi">8</span><span class="p">)),</span> <span class="n">msg</span><span class="p">)</span>
|
|
|
|
<span class="k">if</span> <span class="n">is_embedded</span><span class="p">:</span>
|
|
<span class="n">msg</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">sub</span><span class="p">(</span>
|
|
<span class="n">submsg</span><span class="p">,</span> <span class="s2">"</span><span class="si">%s</span><span class="s2"> <Masked: </span><span class="si">%s</span><span class="s2">>"</span> <span class="o">%</span> <span class="p">(</span><span class="n">masked</span><span class="p">,</span> <span class="n">command</span><span class="p">),</span> <span class="n">_msg</span><span class="p">,</span> <span class="n">flags</span><span class="o">=</span><span class="n">re</span><span class="o">.</span><span class="n">IGNORECASE</span>
|
|
<span class="p">)</span>
|
|
<span class="k">else</span><span class="p">:</span>
|
|
<span class="n">msg</span> <span class="o">=</span> <span class="n">masked</span>
|
|
|
|
<span class="k">return</span> <span class="n">msg</span>
|
|
|
|
<span class="k">return</span> <span class="n">_msg</span></div>
|
|
|
|
<div class="viewcode-block" id="AuditedServerSession.data_out"><a class="viewcode-back" href="../../../../../api/evennia.contrib.security.auditing.server.html#evennia.contrib.security.auditing.server.AuditedServerSession.data_out">[docs]</a> <span class="k">def</span> <span class="nf">data_out</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Generic hook for sending data out through the protocol.</span>
|
|
|
|
<span class="sd"> Keyword Args:</span>
|
|
<span class="sd"> kwargs (any): Other data to the protocol.</span>
|
|
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="n">AUDIT_CALLBACK</span> <span class="ow">and</span> <span class="n">AUDIT_OUT</span><span class="p">:</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">log</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">audit</span><span class="p">(</span><span class="n">src</span><span class="o">=</span><span class="s2">"server"</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">log</span><span class="p">:</span>
|
|
<span class="n">AUDIT_CALLBACK</span><span class="p">(</span><span class="n">log</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">log_err</span><span class="p">(</span><span class="n">e</span><span class="p">)</span>
|
|
|
|
<span class="nb">super</span><span class="p">(</span><span class="n">AuditedServerSession</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">data_out</span><span class="p">(</span><span class="o">**</span><span class="n">kwargs</span><span class="p">)</span></div>
|
|
|
|
<div class="viewcode-block" id="AuditedServerSession.data_in"><a class="viewcode-back" href="../../../../../api/evennia.contrib.security.auditing.server.html#evennia.contrib.security.auditing.server.AuditedServerSession.data_in">[docs]</a> <span class="k">def</span> <span class="nf">data_in</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span>
|
|
<span class="sd">"""</span>
|
|
<span class="sd"> Hook for protocols to send incoming data to the engine.</span>
|
|
|
|
<span class="sd"> Keyword Args:</span>
|
|
<span class="sd"> kwargs (any): Other data from the protocol.</span>
|
|
|
|
<span class="sd"> """</span>
|
|
<span class="k">if</span> <span class="n">AUDIT_CALLBACK</span> <span class="ow">and</span> <span class="n">AUDIT_IN</span><span class="p">:</span>
|
|
<span class="k">try</span><span class="p">:</span>
|
|
<span class="n">log</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">audit</span><span class="p">(</span><span class="n">src</span><span class="o">=</span><span class="s2">"client"</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span>
|
|
<span class="k">if</span> <span class="n">log</span><span class="p">:</span>
|
|
<span class="n">AUDIT_CALLBACK</span><span class="p">(</span><span class="n">log</span><span class="p">)</span>
|
|
<span class="k">except</span> <span class="ne">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
|
|
<span class="n">logger</span><span class="o">.</span><span class="n">log_err</span><span class="p">(</span><span class="n">e</span><span class="p">)</span>
|
|
|
|
<span class="nb">super</span><span class="p">(</span><span class="n">AuditedServerSession</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">data_in</span><span class="p">(</span><span class="o">**</span><span class="n">kwargs</span><span class="p">)</span></div></div>
|
|
</pre></div>
|
|
|
|
<div class="clearer"></div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
|
|
<div class="sphinxsidebarwrapper">
|
|
<p class="logo"><a href="../../../../../index.html">
|
|
<img class="logo" src="../../../../../_static/evennia_logo.png" alt="Logo"/>
|
|
</a></p>
|
|
<div id="searchbox" style="display: none" role="search">
|
|
<h3 id="searchlabel">Quick search</h3>
|
|
<div class="searchformwrapper">
|
|
<form class="search" action="../../../../../search.html" method="get">
|
|
<input type="text" name="q" aria-labelledby="searchlabel" />
|
|
<input type="submit" value="Go" />
|
|
</form>
|
|
</div>
|
|
</div>
|
|
<script>$('#searchbox').show(0);</script><h3>Links</h3>
|
|
<ul>
|
|
<li><a href="https://www.evennia.com">Home page</a> </li>
|
|
<li><a href="https://github.com/evennia/evennia">Evennia Github</a> </li>
|
|
<li><a href="http://games.evennia.com">Game Index</a> </li>
|
|
<li>
|
|
<a href="https://discord.gg/AJJpcRUhtF">Discord</a> -
|
|
<a href="https://github.com/evennia/evennia/discussions">Discussions</a> -
|
|
<a href="https://evennia.blogspot.com/">Blog</a>
|
|
</li>
|
|
</ul>
|
|
<h3>Versions</h3>
|
|
<ul>
|
|
<li><a href="server.html">1.0-dev (develop branch)</a></li>
|
|
<li><a href="../../../../../../0.95/index.html">0.95 (v0.9.5 branch)</a></li>
|
|
</ul>
|
|
|
|
</div>
|
|
</div>
|
|
<div class="clearer"></div>
|
|
</div>
|
|
<div class="related" role="navigation" aria-label="related navigation">
|
|
<h3>Navigation</h3>
|
|
<ul>
|
|
<li class="right" style="margin-right: 10px">
|
|
<a href="../../../../../genindex.html" title="General Index"
|
|
>index</a></li>
|
|
<li class="right" >
|
|
<a href="../../../../../py-modindex.html" title="Python Module Index"
|
|
>modules</a> |</li>
|
|
<li class="nav-item nav-item-0"><a href="../../../../../index.html">Evennia 1.0-dev</a> »</li>
|
|
<li class="nav-item nav-item-1"><a href="../../../../index.html" >Module code</a> »</li>
|
|
<li class="nav-item nav-item-2"><a href="../../../../evennia.html" >evennia</a> »</li>
|
|
<li class="nav-item nav-item-this"><a href="">evennia.contrib.security.auditing.server</a></li>
|
|
</ul>
|
|
<div class="develop">develop branch</div>
|
|
</div>
|
|
<div class="footer" role="contentinfo">
|
|
© Copyright 2020, The Evennia developer community.
|
|
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 3.2.1.
|
|
</div>
|
|
</body>
|
|
</html> |