bqm 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/bqm +35 -6
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4a7ea69f913278933cdcbae6a764b166d7990931ce1f68c1264f3c0127f548ad
|
|
4
|
+
data.tar.gz: 65a2b6a2aa1e78864e48671a2f8b5e4ce395fa0eaead13ce3098806cc6391ce9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: be95aaeccf71fb47aac6179e3be127d5d456fc88e4f67b1798b46dfafcf24cba0220cc6c5569fba98acbd24b9ca2f6bde71adb2604e9b0d9e2e4afeb56bb743f
|
|
7
|
+
data.tar.gz: c752dc0e0d790b2b9e5337d5622cf05fd5d553558d7c3cb6654829ad54d8fb88157849e4d70c5a55589327c136dd2d442a857089d244923062953ba6b3a06f83
|
data/bin/bqm
CHANGED
|
@@ -14,7 +14,8 @@ def find_dataset
|
|
|
14
14
|
raise IOError, "The dataset file #{source_file} does not exist or is unreadable."
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
|
|
17
|
+
# Merge remote sets defined in data/query-sets.json
|
|
18
|
+
def merge_remote(source)
|
|
18
19
|
sets = get_datasets(source)
|
|
19
20
|
queries = []
|
|
20
21
|
sets.each do |s|
|
|
@@ -25,6 +26,24 @@ def merge(source)
|
|
|
25
26
|
queries
|
|
26
27
|
end
|
|
27
28
|
|
|
29
|
+
# Merge local sets provided by the user
|
|
30
|
+
def merge_local(sources)
|
|
31
|
+
queries = []
|
|
32
|
+
sources.each do |source|
|
|
33
|
+
if File.file?(source) && File.readable?(source)
|
|
34
|
+
begin
|
|
35
|
+
data = JSON.load_file(source)
|
|
36
|
+
rescue NoMethodError # ruby 2.7 retro-compatibility
|
|
37
|
+
data = JSON.parse(File.read(source))
|
|
38
|
+
end
|
|
39
|
+
queries += data['queries']
|
|
40
|
+
else
|
|
41
|
+
raise IOError, "The dataset file #{source} does not exist or is unreadable."
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
queries
|
|
45
|
+
end
|
|
46
|
+
|
|
28
47
|
# Query class just for the sake of having custom comparison
|
|
29
48
|
class BQMquery
|
|
30
49
|
attr_accessor :data
|
|
@@ -72,14 +91,20 @@ if __FILE__ == $PROGRAM_NAME
|
|
|
72
91
|
source = find_dataset
|
|
73
92
|
|
|
74
93
|
require 'optparse'
|
|
75
|
-
options = {
|
|
94
|
+
options = {
|
|
95
|
+
:'local-sets' => []
|
|
96
|
+
}
|
|
76
97
|
OptionParser.new do |parser|
|
|
77
98
|
parser.banner = 'Usage: bqm [options]'
|
|
78
99
|
|
|
79
100
|
parser.on('-o', '--output-path PATH', 'Path where to store the query file')
|
|
80
101
|
parser.on('-l', '--list', 'List available datasets')
|
|
102
|
+
parser.on('-i', '--local-sets FILE,...', Array, 'Local custom queries files') do |f|
|
|
103
|
+
options[:'local-sets'] += f
|
|
104
|
+
end
|
|
81
105
|
parser.separator ''
|
|
82
106
|
parser.separator 'Example: bqm -o ~/.config/bloodhound/customqueries.json'
|
|
107
|
+
parser.separator 'Example: bqm -o /tmp/customqueries.json -i /tmp/a.json,/tmp/b.json'
|
|
83
108
|
end.parse!(into: options)
|
|
84
109
|
|
|
85
110
|
out = options[:'output-path']
|
|
@@ -95,16 +120,20 @@ if __FILE__ == $PROGRAM_NAME
|
|
|
95
120
|
if File.file?(out) && File.readable?(out)
|
|
96
121
|
puts "[+] The output path #{out} already exists"
|
|
97
122
|
puts '[?] Do you want to overwrite it? [y/n]'
|
|
98
|
-
if gets.chomp == 'y'
|
|
123
|
+
if STDIN.gets.chomp == 'y'
|
|
99
124
|
puts '[?] What to do with the existing queries? (merge / discard) [m/d]'
|
|
100
|
-
flags[:merge_actual] = true if gets.chomp == 'm'
|
|
125
|
+
flags[:merge_actual] = true if STDIN.gets.chomp == 'm'
|
|
101
126
|
else
|
|
102
127
|
exit
|
|
103
128
|
end
|
|
104
129
|
end
|
|
105
130
|
puts '[+] Fetching and merging datasets'
|
|
106
|
-
data =
|
|
107
|
-
|
|
131
|
+
data = merge_remote(source)
|
|
132
|
+
local_set = options[:'local-sets']
|
|
133
|
+
if local_set
|
|
134
|
+
data += merge_local(local_set)
|
|
135
|
+
end
|
|
136
|
+
if flags[:'merge_actual']
|
|
108
137
|
puts '[+] Merging your existing queries'
|
|
109
138
|
data += JSON.parse(File.read(out))['queries']
|
|
110
139
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bqm
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-06-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Deduplicate custom BloudHound queries from different datasets and merge
|
|
14
14
|
them in one customqueries.json file.
|
|
@@ -26,6 +26,8 @@ licenses:
|
|
|
26
26
|
- MIT
|
|
27
27
|
metadata:
|
|
28
28
|
bug_tracker_uri: https://github.com/Acceis/bqm/issues
|
|
29
|
+
changelog_uri: https://github.com/Acceis/bqm/releases
|
|
30
|
+
documentation_uri: https://acceis.github.io/bqm/
|
|
29
31
|
homepage_uri: https://github.com/Acceis/bqm
|
|
30
32
|
source_code_uri: https://github.com/Acceis/bqm/
|
|
31
33
|
rubygems_mfa_required: 'true'
|