recog 3.0.3 → 3.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f61ccb4f953facea4bbf95ccbd3deb144d8f0763d9be1355cba70a6eb4dc9c79
4
- data.tar.gz: 8fa728463dfc0f3dd783fd3f535965b70e62f6e47eb8960e269076e6ddf3c43f
3
+ metadata.gz: ea0370676af55fb1b15cd5161a97c6beb3320d61809faaeb2bcfd51581713459
4
+ data.tar.gz: 4c6682d29ef90372772d9aea9cd562a69ca0233ec72fccd0eb644049b7faf37b
5
5
  SHA512:
6
- metadata.gz: 1f2ed5453f4dc800bcf750592ca16ec25f89c2e93ec7528b2a2a71bada7399bd5d3ea149acb1888006826d8fea0b4a6186b3c7ea4a519febebe99e3be8c6efcf
7
- data.tar.gz: c515c0183b55cf8a38dd03d2865d7ef208c75930854b00f69ade77494b0fe0f7162d244a5806d9451ec7442675c93c2070d2a59ef25d1355b241f4a0922c5d7a
6
+ metadata.gz: 2f54060445501ddd5678b3cce4b5d252aebd9dfb605f9ef6bc4454ad9dd9b269d69f4534a554337dfbe9de911f90cabacf5e2f07db90ec6d2b29280940ed833d
7
+ data.tar.gz: 5302fe685c534a10477d38c1fe9bd81cd6a3f968a98a72fdf0060dbc24dc4b28b7a90fb03245c6ae4a8540a1948d870e6bca006f2efa9bd89e254682ec5daf70
checksums.yaml.gz.sig CHANGED
Binary file
data/README.md CHANGED
@@ -74,8 +74,6 @@ At least one `example` element should be present, however multiple `example` ele
74
74
 
75
75
  tests that `RomSShell_4.62` matches the provided regular expression and that the value of `service.version` is 4.62.
76
76
 
77
- The `param` elements contain a `pos` attribute, which indicates what capture field from the `pattern` should be extracted, or `0` for a static string. The `name` attribute is the key that will be reported in the case of a successful match and the `value` will either be a static string for `pos` values of `0` or missing and taken from the captured field.
78
-
79
77
  The `example` string can be base64 encoded to permit the use of unprintable characters. To signal this to Recog an `_encoding` attribute with the value of `base64` is added to the `example` element. Based64 encoded text that is longer than 80 characters may be wrapped with newlines as shown below to aid in readability.
80
78
 
81
79
  ```xml
@@ -102,6 +100,51 @@ They can then be loaded using the `_filename` attribute:
102
100
 
103
101
  This is useful for long examples.
104
102
 
103
+ The `param` elements contain a `pos` attribute, which indicates what capture field
104
+ from the `pattern` should be extracted, or `0` for a static string. The `name` attribute
105
+ is the key that will be reported in the case of a successful match and the `value`
106
+ will either be a static string for `pos` values of `0` or missing and taken from the
107
+ captured field.
108
+
109
+ The `value` attribute supports interpolation of data from other fields. This is
110
+ often useful when capturing the value for `hw.product` via regex and re-using this
111
+ value in `os.product`.
112
+
113
+ Here is an example from`http_servers.xml` where `hw.product` is captured and reused.
114
+
115
+ ```xml
116
+ <fingerprint pattern="^Eltex (TAU-\d+[A-Z]*(?:\.IP)?)$">
117
+ <description>Eltex TAU model VoIP gateway</description>
118
+ <example hw.product="TAU-72">Eltex TAU-72</example>
119
+ <example hw.product="TAU-1.IP">Eltex TAU-1.IP</example>
120
+ <param pos="0" name="os.vendor" value="Eltex"/>
121
+ <param pos="0" name="os.product" value="{hw.product} Firmware"/>
122
+ <param pos="0" name="os.device" value="VoIP Gateway"/>
123
+ <param pos="0" name="hw.vendor" value="Eltex"/>
124
+ <param pos="1" name="hw.product"/>
125
+ <param pos="0" name="hw.device" value="VoIP Gateway"/>
126
+ </fingerprint>
127
+ ```
128
+
129
+ There is special handling for temporary attributes that have a name starting with
130
+ `_tmp.`. These attributes can be used for interpolation but are not emitted in the
131
+ output. This is useful when a particular product name is inconsistent in various
132
+ banners, vendor marketing, or with NIST values when trying to generate CPEs. In
133
+ these cases the useful parts of the banner can be extracted and a new value
134
+ crafted without cluttering the data emitted by a match.
135
+
136
+ ```xml
137
+ <fingerprint pattern="^foo baz switchThing-(\d{4})$">
138
+ <description>NetCorp NX series switches</description>
139
+ <example hw.product="NX8200">foo baz switchThing-8200</example>
140
+ <param pos="0" name="hw.vendor" value="NetCorp"/>
141
+ <param pos="0" name="hw.product" value="NX{_tmp.001}"/>
142
+ <param pos="2" name="_tmp.001"/>
143
+ </fingerprint>
144
+ ```
145
+
146
+ These temporary attributes are not tracked in the `identifiers/fields.txt`.
147
+
105
148
  [^back to top](#recog-ruby-a-recognition-framework)
106
149
 
107
150
  ## Contributing
@@ -136,6 +136,13 @@ class Fingerprint
136
136
  end
137
137
  end
138
138
 
139
+ # After performing interpolation, remove temporary keys from results
140
+ result.each_pair do |k, _|
141
+ if k.start_with?('_tmp.')
142
+ result.delete(k)
143
+ end
144
+ end
145
+
139
146
  return result
140
147
  end
141
148
 
@@ -230,9 +237,9 @@ class Fingerprint
230
237
  end
231
238
  end
232
239
 
233
- # alert on untested parameters
240
+ # alert on untested parameters unless they are temporary
234
241
  capture_group_used.each do |param_name, param_used|
235
- if !param_used
242
+ if !param_used && !param_name.start_with?('_tmp.')
236
243
  message = "'#{@name}' is missing an example that checks for parameter '#{param_name}' " +
237
244
  "which is derived from a capture group"
238
245
  yield :fail, message
data/lib/recog/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Recog
2
- VERSION = '3.0.3'
2
+ VERSION = '3.1.0'
3
3
  end