synapse 2.214.0__py311-none-any.whl → 2.216.0__py311-none-any.whl

synapse/cortex.py

@@ -758,6 +758,12 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
     confbase['mirror']['hidedocs'] = False  # type: ignore
     confbase['mirror']['hidecmdl'] = False  # type: ignore
 
+    confbase['safemode']['hidecmdl'] = False
+    confbase['safemode']['description'] = (
+        'Enable safe-mode which disables crons, triggers, dmons, storm '
+        'package onload handlers, view merge tasks, and storm pools.'
+    )
+
     confdefs = {
         'axon': {
             'description': 'A telepath URL for a remote axon.',
@@ -1572,9 +1578,11 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
         if self.isactive:
             await self._checkLayerModels()
 
-        self.addActiveCoro(self.agenda.runloop)
+        if not self.safemode:
+            self.addActiveCoro(self.agenda.runloop)
 
         await self._initStormDmons()
+
         await self._initStormSvcs()
 
         # share ourself via the cell dmon as "cortex"
@@ -1621,6 +1629,9 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
     async def initStormPool(self):
 
+        if self.safemode:
+            return
+
         try:
 
             byts = self.slab.get(b'storm:pool', db='cell:conf')
@@ -1959,7 +1970,7 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
         try:
             await self.auth.delAuthGate(f'queue:{name}')
-        except NoSuchAuthGate:  # pragma: no cover
+        except s_exc.NoSuchAuthGate:
             pass
 
         await self.multiqueue.rem(name)
@@ -2961,6 +2972,10 @@ class Cortex(s_oauth.OAuthMixin, s_cell.Cell):  # type: ignore
 
         if onload is not None and self.isactive:
             async def _onload():
+                if self.safemode:
+                    await self.fire('core:pkg:onload:skipped', pkg=name, reason='safemode')
+                    return
+
                 await self.fire('core:pkg:onload:start', pkg=name)
                 try:
                     async for mesg in self.storm(onload):

synapse/lib/cell.py

@@ -930,6 +930,12 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
 
     confdefs = {}  # type: ignore  # This should be a JSONSchema properties list for an object.
     confbase = {
+        'safemode': {
+            'default': False,
+            'description': 'Boot the service in safe-mode.',
+            'type': 'boolean',
+            'hidecmdl': True,
+        },
         'cell:guid': {
             'description': 'An optional hard-coded GUID to store as the permanent GUID for the service.',
             'type': 'string',
@@ -1200,6 +1206,11 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
             'tasks': 1,
         }
 
+        self.safemode = self.conf.req('safemode')
+        if self.safemode:
+            mesg = f'Booting {self.getCellType()} in safe-mode. Some functionality may be disabled.'
+            logger.warning(mesg)
+
         self.minfree = self.conf.get('limit:disk:free')
         if self.minfree is not None:
             self.minfree = self.minfree / 100
@@ -4816,6 +4827,7 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
                 'iden': self.getCellIden(),
                 'paused': self.paused,
                 'active': self.isactive,
+                'safemode': self.safemode,
                 'started': self.startms,
                 'ready': self.nexsroot.ready.is_set(),
                 'commit': self.COMMIT,

synapse/lib/cmd.py

@@ -3,15 +3,19 @@ import asyncio
 import argparse
 
 import synapse.exc as s_exc
-import synapse.common as s_common
 
 import synapse.lib.coro as s_coro
 import synapse.lib.output as s_output
 
 class Parser(argparse.ArgumentParser):
+    '''
+    argparse.ArgumentParser helper class.
 
+    - exit() is overriden to raise a SynErr ( ParserExit )
+    - _print_message prints to an outp object
+    - description formatter uses argparse.RawDescriptionHelpFormatter
+    '''
     def __init__(self, prog=None, outp=s_output.stdout, **kwargs):
-
         self.outp = outp
         self.exited = False
 

synapse/lib/jsonstor.py

@@ -220,6 +220,7 @@ class JsonStor(s_base.Base):
 
         step[name] = valu
         self.dirty[buid] = item
+        self.slab.dirty = True
         return True
 
     async def delPathObjProp(self, path, prop):
@@ -241,6 +242,7 @@ class JsonStor(s_base.Base):
         step.pop(names[-1], None)
 
         self.dirty[buid] = item
+        self.slab.dirty = True
         return True
 
     async def cmpDelPathObjProp(self, path, prop, valu):
@@ -264,6 +266,7 @@ class JsonStor(s_base.Base):
 
         step.pop(name, None)
         self.dirty[buid] = item
+        self.slab.dirty = True
         return True
 
     async def popPathObjProp(self, path, prop, defv=None):
@@ -285,7 +288,7 @@ class JsonStor(s_base.Base):
 
         retn = step.pop(names[-1], defv)
         self.dirty[buid] = item
-
+        self.slab.dirty = True
         return retn
 
 class JsonStorApi(s_cell.CellApi):

synapse/lib/layer.py

@@ -3489,7 +3489,10 @@ class Layer(s_nexus.Pusher):
 
         valt = edit[1]
         valu, stortype = valt
-        if sode.get('valu') == valt:
+
+        isarray = stortype & STOR_FLAG_ARRAY
+
+        if not isarray and sode.get('valu') == valt:
             return ()
 
         abrv = self.setPropAbrv(form, None)
@@ -3500,7 +3503,7 @@ class Layer(s_nexus.Pusher):
         sode['valu'] = valt
         self.setSodeDirty(buid, sode, form)
 
-        if stortype & STOR_FLAG_ARRAY:
+        if isarray:
 
             for indx in self.getStorIndx(stortype, valu):
                 self.layrslab.put(abrv + indx, buid, db=self.byarray)
@@ -3569,6 +3572,7 @@ class Layer(s_nexus.Pusher):
 
         if not self.mayDelBuid(buid, sode):
             self.setSodeDirty(buid, sode, form)
+            self.layrslab.dirty = True
 
         return (
             (EDIT_NODE_DEL, (valu, stortype), ()),
@@ -3586,6 +3590,8 @@ class Layer(s_nexus.Pusher):
         if prop[0] == '.':  # '.' to detect universal props (as quickly as possible)
             univabrv = self.setPropAbrv(None, prop)
 
+        isarray = stortype & STOR_FLAG_ARRAY
+
         if oldv is not None:
 
             # merge intervals and min times
@@ -3598,7 +3604,7 @@ class Layer(s_nexus.Pusher):
             elif stortype == STOR_TYPE_MAXTIME:
                 valu = max(valu, oldv)
 
-            if valu == oldv and stortype == oldt:
+            if not isarray and valu == oldv and stortype == oldt:
                 return ()
 
             if oldt & STOR_FLAG_ARRAY:
@@ -3637,7 +3643,7 @@ class Layer(s_nexus.Pusher):
         sode['props'][prop] = (valu, stortype)
         self.setSodeDirty(buid, sode, form)
 
-        if stortype & STOR_FLAG_ARRAY:
+        if isarray:
 
             realtype = stortype & 0x7fff
 
@@ -3827,7 +3833,7 @@ class Layer(s_nexus.Pusher):
             kvpairs.append((tp_abrv + indx, buid))
             kvpairs.append((ftp_abrv + indx, buid))
 
-        await self.layrslab.putmulti(kvpairs, db=self.bytagprop)
+        self.layrslab._putmulti(kvpairs, db=self.bytagprop)
 
         return (
             (EDIT_TAGPROP_SET, (tag, prop, valu, oldv, stortype), ()),
@@ -3842,8 +3848,9 @@ class Layer(s_nexus.Pusher):
             return ()
 
         oldv, oldt = tp_dict.pop(prop, (None, None))
-        if not tp_dict.get(tag):
+        if not tp_dict:
             sode['tagprops'].pop(tag, None)
+
         if oldv is None:
             self.mayDelBuid(buid, sode)
             return ()

synapse/lib/schemas.py

@@ -297,11 +297,18 @@ _authRulesSchema = {
         'type': 'array',
         'items': [
             {'type': 'boolean'},
-            {'type': 'array', 'items': {'type': 'string'}},
+            {
+                'type': 'array',
+                'items': {
+                    'type': 'string',
+                    'minLength': 1
+                },
+                'minItems': 1
+            },
         ],
         'minItems': 2,
         'maxItems': 2,
-    }
+    },
 }
 reqValidRules = s_config.getJsValidator(_authRulesSchema)
 

synapse/lib/snap.py

@@ -384,12 +384,22 @@ class ProtoNode:
 
         if norminfo is None:
             try:
-                valu, norminfo = prop.type.norm(valu)
+                if (isinstance(valu, dict) and isinstance(prop.type, s_types.Guid)
+                    and (form := self.ctx.snap.core.model.form(prop.type.name)) is not None):
+
+                    norms, props = await self.ctx.snap._normGuidNodeDict(form, valu)
+                    valu = await self.ctx.snap._addGuidNodeByDict(form, norms, props)
+                    norminfo = {}
+                else:
+                    valu, norminfo = prop.type.norm(valu)
+
             except s_exc.BadTypeValu as e:
-                oldm = e.get('mesg')
-                e.update({'prop': prop.name,
-                          'form': prop.form.name,
-                          'mesg': f'Bad prop value {prop.full}={valu!r} : {oldm}'})
+                if 'prop' not in e.errinfo:
+                    oldm = e.get('mesg')
+                    e.update({'prop': prop.name,
+                              'form': prop.form.name,
+                              'mesg': f'Bad prop value {prop.full}={valu!r} : {oldm}'})
+
                 if self.ctx.snap.strict:
                     raise e
                 await self.ctx.snap.warn(e)

synapse/lib/storm.py

@@ -1363,7 +1363,7 @@ class DmonManager(s_base.Base):
         '''
         Start all the dmons.
         '''
-        if self.enabled:
+        if self.enabled or self.core.safemode:
             return
         dmons = list(self.dmons.values())
         if not dmons:

synapse/lib/types.py

@@ -625,6 +625,9 @@ class Guid(Type):
         )
 
     def _normPyList(self, valu):
+        if not valu:
+            mesg = 'Guid list values cannot be empty.'
+            raise s_exc.BadTypeValu(name=self.name, valu=valu, mesg=mesg)
         return s_common.guid(valu), {}
 
     def _normPyStr(self, valu):

synapse/lib/version.py

@@ -223,6 +223,6 @@ def reqVersion(valu, reqver,
 ##############################################################################
 # The following are touched during the release process by bumpversion.
 # Do not modify these directly.
-version = (2, 214, 0)
+version = (2, 216, 0)
 verstring = '.'.join([str(x) for x in version])
-commit = '41e2ed0599236256e9452b8afeb152660e68e2c2'
+commit = '2a44a91a495a7daf2e4e6e44d32c1c3030db3fd2'

synapse/lib/view.py

@@ -260,6 +260,9 @@ class View(s_nexus.Pusher):  # type: ignore
         if self.merging: # pragma: no cover
             return
 
+        if self.core.safemode:
+            return
+
         if not await self.isMergeReady():
             return
 
@@ -380,6 +383,9 @@ class View(s_nexus.Pusher):  # type: ignore
         if not await self.core.isCellActive():
             return
 
+        if self.core.safemode:
+            return
+
         self.mergetask = self.core.schedCoro(self.runViewMerge())
 
     async def finiMergeTask(self):
@@ -568,6 +574,9 @@ class View(s_nexus.Pusher):  # type: ignore
         if not await self.core.isCellActive():
             return
 
+        if self.core.safemode:
+            return
+
         self.trigtask = self.schedCoro(self._trigQueueLoop())
 
     async def finiTrigTask(self):
@@ -1577,7 +1586,7 @@ class View(s_nexus.Pusher):  # type: ignore
 
     async def runTagAdd(self, node, tag, valu):
 
-        if self.core.migration:
+        if self.core.migration or self.core.safemode:
             return
 
         # Run any trigger handlers
@@ -1585,21 +1594,21 @@ class View(s_nexus.Pusher):  # type: ignore
 
     async def runTagDel(self, node, tag, valu):
 
-        if self.core.migration:
+        if self.core.migration or self.core.safemode:
             return
 
         await self.triggers.runTagDel(node, tag)
 
     async def runNodeAdd(self, node):
 
-        if self.core.migration:
+        if self.core.migration or self.core.safemode:
             return
 
         await self.triggers.runNodeAdd(node)
 
     async def runNodeDel(self, node):
 
-        if self.core.migration:
+        if self.core.migration or self.core.safemode:
             return
 
         await self.triggers.runNodeDel(node)
@@ -1608,21 +1617,21 @@ class View(s_nexus.Pusher):  # type: ignore
         '''
         Handle when a prop set trigger event fired
         '''
-        if self.core.migration:
+        if self.core.migration or self.core.safemode:
             return
 
         await self.triggers.runPropSet(node, prop, oldv)
 
     async def runEdgeAdd(self, n1, edge, n2):
 
-        if self.core.migration:
+        if self.core.migration or self.core.safemode:
             return
 
         await self.triggers.runEdgeAdd(n1, edge, n2)
 
     async def runEdgeDel(self, n1, edge, n2):
 
-        if self.core.migration:
+        if self.core.migration or self.core.safemode:
             return
 
         await self.triggers.runEdgeDel(n1, edge, n2)

synapse/models/inet.py

@@ -1542,7 +1542,7 @@ class InetModule(s_module.CoreModule):
                     ('inet:service:app', ('guid', {}), {
                         'interfaces': ('inet:service:object',),
                         'template': {'service:base': 'application'},
-                        'doc': 'A platform specific application.'}),
+                        'doc': 'An application which is part of a service architecture.'}),
 
                     ('inet:service:instance', ('guid', {}), {
                         'doc': 'An instance of the platform such as Slack or Discord instances.'}),
@@ -3769,6 +3769,12 @@ class InetModule(s_module.CoreModule):
                         ('desc', ('str', {}), {
                             'disp': {'hint': 'text'},
                             'doc': 'A description of the platform specific application.'}),
+
+                        ('provider', ('ou:org', {}), {
+                            'doc': 'The organization which provides the application.'}),
+
+                        ('provider:name', ('ou:name', {}), {
+                            'doc': 'The name of the organization which provides the application.'}),
                     )),
 
                     ('inet:service:account', {}, (

synapse/models/infotech.py

@@ -849,6 +849,14 @@ class ItModule(s_module.CoreModule):
                 ('it:adid', ('str', {'lower': True, 'strip': True}), {
                     'doc': 'An advertising identification string.'}),
 
+                # https://learn.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-services-registry-tree
+                ('it:os:windows:service', ('guid', {}), {
+                    'doc': 'A Microsoft Windows service configuration on a host.'}),
+
+                # TODO
+                # ('it:os:windows:task', ('guid', {}), {
+                #     'doc': 'A Microsoft Windows scheduled task configuration.'}),
+
                 # https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c92a27b1-c772-4fa7-a432-15df5f1b66a1
                 ('it:os:windows:sid', ('str', {'regex': r'^S-1-(?:\d{1,10}|0x[0-9a-fA-F]{12})(?:-(?:\d+|0x[0-9a-fA-F]{2,}))*$'}), {
                     'doc': 'A Microsoft Windows Security Identifier.',
@@ -2582,7 +2590,44 @@ class ItModule(s_module.CoreModule):
                     ('sandbox:file', ('file:bytes', {}), {
                         'doc': 'The initial sample given to a sandbox environment to analyze.'
                     }),
+
+                    # TODO
+                    # ('windows:task', ('it:os:windows:task', {}), {
+                    #     'doc': 'The Microsoft Windows scheduled task responsible for starting the process.'}),
+
+                    ('windows:service', ('it:os:windows:service', {}), {
+                        'doc': 'The Microsoft Windows service responsible for starting the process.'}),
+                )),
+
+                ('it:os:windows:service', {}, (
+
+                    ('host', ('it:host', {}), {
+                        'doc': 'The host that the service was configured on.'}),
+
+                    ('name', ('str', {'lower': True, 'onespace': True}), {
+                        'doc': 'The name of the service from the registry key within Services.'}),
+
+                    # TODO flags...
+                    ('type', ('int', {'min': 0}), {
+                        'doc': 'The type of service from the Type registry key.'}),
+
+                    ('start', ('int', {'min': 0}), {
+                        'doc': 'The start configuration of the service from the Start registry key.'}),
+
+                    ('errorcontrol', ('int', {'min': 0}), {
+                        'doc': 'The service error handling behavior from the ErrorControl registry key.'}),
+
+                    ('displayname', ('str', {'lower': True, 'onespace': True}), {
+                        'doc': 'The friendly name of the service from the DisplayName registry key.'}),
+
+                    # TODO 3.0 text
+                    ('description', ('str', {}), {
+                        'doc': 'The description of the service from the Description registry key.'}),
+
+                    ('imagepath', ('file:path', {}), {
+                        'doc': 'The path to the service binary from the ImagePath registry key.'}),
                 )),
+
                 ('it:query', {}, ()),
                 ('it:exec:query', {}, (
 

synapse/models/risk.py

@@ -220,6 +220,8 @@ class RiskModule(s_module.CoreModule):
                     'doc': 'The threat cluster targeted the target node.'}),
                 (('risk:threat', 'uses', None), {
                     'doc': 'The threat cluster uses the target node.'}),
+                (('risk:threat', 'uses', 'inet:service:app'), {
+                    'doc': 'The threat cluster uses the online application.'}),
                 (('risk:attack', 'targets', None), {
                     'doc': 'The attack targeted the target node.'}),
                 (('risk:attack', 'uses', None), {