line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package XML::IODEF; |
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
# syntax cerbere |
4
|
1
|
|
|
1
|
|
19908
|
use 5.006; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
29
|
|
5
|
1
|
|
|
1
|
|
5
|
use strict; |
|
1
|
|
|
|
|
1
|
|
|
1
|
|
|
|
|
27
|
|
6
|
1
|
|
|
1
|
|
4
|
use warnings; |
|
1
|
|
|
|
|
5
|
|
|
1
|
|
|
|
|
30
|
|
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
# various includes |
9
|
1
|
|
|
1
|
|
4
|
use Carp; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
103
|
|
10
|
1
|
|
|
1
|
|
347
|
use XML::DOM; |
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
use DateTime; |
12
|
|
|
|
|
|
|
use XML::Simple; |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
# export, version, inheritance |
15
|
|
|
|
|
|
|
require Exporter; |
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
our @ISA = qw(Exporter); |
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
our %EXPORT_TAGS = ( 'all' => [ qw() ] ); |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
our @EXPORT = qw(xml_encode |
24
|
|
|
|
|
|
|
xml_decode |
25
|
|
|
|
|
|
|
byte_to_string |
26
|
|
|
|
|
|
|
extend_iodef |
27
|
|
|
|
|
|
|
extend_dtd |
28
|
|
|
|
|
|
|
set_doctype_name |
29
|
|
|
|
|
|
|
set_doctype_sysid |
30
|
|
|
|
|
|
|
set_doctype_pubid |
31
|
|
|
|
|
|
|
); |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
our $VERSION = '0.11'; |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
our $MAX_ITER = 20; |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
40
|
|
|
|
|
|
|
## |
41
|
|
|
|
|
|
|
## IODEF - An XML wrapper for building/parsing IODEF messages |
42
|
|
|
|
|
|
|
## |
43
|
|
|
|
|
|
|
## Erwan Lemonnier - Proact Defcom - 2002/05 |
44
|
|
|
|
|
|
|
## Adapted to IODEF by John Green - JANET-CERT - 2003/07 |
45
|
|
|
|
|
|
|
## Updated to RFC 5070 Release 2007 -- Wes Young 2010/01 |
46
|
|
|
|
|
|
|
## |
47
|
|
|
|
|
|
|
## DESC: |
48
|
|
|
|
|
|
|
## |
49
|
|
|
|
|
|
|
## IODEF.pm is an interface for simply creating and parsing IODEF messages. |
50
|
|
|
|
|
|
|
## It is compliant with IODEF v1.0, and hence provides calls for building Incident, |
51
|
|
|
|
|
|
|
## ToolIncident, CorrelationIncident, OverflowIncident and Heartbeat IODEF messages. |
52
|
|
|
|
|
|
|
## |
53
|
|
|
|
|
|
|
## This interface has been designed for simplifying the task of translating a |
54
|
|
|
|
|
|
|
## key-value based format to its iodef representation. A typical session involves |
55
|
|
|
|
|
|
|
## the creation of a new IODEF message, the initialisation of some of it's fields |
56
|
|
|
|
|
|
|
## and its conversion into an IODEF string, as illustrated below: |
57
|
|
|
|
|
|
|
## |
58
|
|
|
|
|
|
|
## use XML::IODEF; |
59
|
|
|
|
|
|
|
## |
60
|
|
|
|
|
|
|
## my $iodef = new XML::IODEF(); |
61
|
|
|
|
|
|
|
## $iodef->create_time(); |
62
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "myvalue", "mymeaning"); |
63
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", byte_to_string($bytes), "binary-data", "byte"); |
64
|
|
|
|
|
|
|
## print $iodef->out(); |
65
|
|
|
|
|
|
|
## |
66
|
|
|
|
|
|
|
## An interface to load and parse an IODEF message is also provided (with the |
67
|
|
|
|
|
|
|
## 'to_hash' function), but is quite limited. |
68
|
|
|
|
|
|
|
## |
69
|
|
|
|
|
|
|
## This module is based on XML::DOM and contains a simplified version of the latest |
70
|
|
|
|
|
|
|
## IODEF DTD. It is hence DTD aware and perform some validity checks on the IODEF |
71
|
|
|
|
|
|
|
## message treated, in an attempt at easying the process of producing valid IODEF |
72
|
|
|
|
|
|
|
## messages. |
73
|
|
|
|
|
|
|
## |
74
|
|
|
|
|
|
|
## This simplified internal DTD representation can easily be upgraded or extended to |
75
|
|
|
|
|
|
|
## support new XML node. For information on how to extend IODEF with IODEF.pm, read |
76
|
|
|
|
|
|
|
## the documentation in the source code. |
77
|
|
|
|
|
|
|
## |
78
|
|
|
|
|
|
|
## |
79
|
|
|
|
|
|
|
## REM: to extract the api documentation, do 'cat IODEF.pm | grep "##" | sed -e "s/##//"' |
80
|
|
|
|
|
|
|
## |
81
|
|
|
|
|
|
|
## |
82
|
|
|
|
|
|
|
## BSD LICENSE: |
83
|
|
|
|
|
|
|
## |
84
|
|
|
|
|
|
|
## All rights reserved. |
85
|
|
|
|
|
|
|
## |
86
|
|
|
|
|
|
|
## Redistribution and use in source and binary forms, with or without modification, are permitted |
87
|
|
|
|
|
|
|
## provided that the following conditions are met: |
88
|
|
|
|
|
|
|
## |
89
|
|
|
|
|
|
|
## Redistributions of source code must retain the above copyright notice, this list |
90
|
|
|
|
|
|
|
## of conditions and the following disclaimer. |
91
|
|
|
|
|
|
|
## Redistributions in binary form must reproduce the above copyright notice, this list of |
92
|
|
|
|
|
|
|
## conditions and the following disclaimer in the documentation and/or other materials |
93
|
|
|
|
|
|
|
## provided with the distribution. |
94
|
|
|
|
|
|
|
## Neither the name of the nor the names of its contributors may be used |
95
|
|
|
|
|
|
|
## to endorse or promote products derived from this software without specific prior written |
96
|
|
|
|
|
|
|
## permission. |
97
|
|
|
|
|
|
|
## |
98
|
|
|
|
|
|
|
## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" |
99
|
|
|
|
|
|
|
## AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
100
|
|
|
|
|
|
|
## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
101
|
|
|
|
|
|
|
## ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE |
102
|
|
|
|
|
|
|
## LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
103
|
|
|
|
|
|
|
## CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
104
|
|
|
|
|
|
|
## SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
105
|
|
|
|
|
|
|
## INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
106
|
|
|
|
|
|
|
## CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
107
|
|
|
|
|
|
|
## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
108
|
|
|
|
|
|
|
## POSSIBILITY OF SUCH DAMAGE. |
109
|
|
|
|
|
|
|
## |
110
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
111
|
|
|
|
|
|
|
## |
112
|
|
|
|
|
|
|
## LIST OF FUNCTIONS |
113
|
|
|
|
|
|
|
## |
114
|
|
|
|
|
|
|
## new # create new IODEF message |
115
|
|
|
|
|
|
|
## in # load new IODEF message from string/file |
116
|
|
|
|
|
|
|
## out # write IODEF message to string/file |
117
|
|
|
|
|
|
|
## |
118
|
|
|
|
|
|
|
## to_hash # convert IODEF message to hash for easy parsing |
119
|
|
|
|
|
|
|
## add # add a field to IODEF message |
120
|
|
|
|
|
|
|
## get_type # return type of IODEF message |
121
|
|
|
|
|
|
|
## |
122
|
|
|
|
|
|
|
## create_time # initialize the CreateTime field with the current time |
123
|
|
|
|
|
|
|
## |
124
|
|
|
|
|
|
|
## EXPORTS: |
125
|
|
|
|
|
|
|
## |
126
|
|
|
|
|
|
|
## xml_encode # encode data (not binary) into an IODEF compliant string |
127
|
|
|
|
|
|
|
## xml_decode # and the other way round |
128
|
|
|
|
|
|
|
## byte_to_string # encode binary data into an IODEF compliant string |
129
|
|
|
|
|
|
|
## |
130
|
|
|
|
|
|
|
## |
131
|
|
|
|
|
|
|
## |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
|
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
# |
137
|
|
|
|
|
|
|
# IODEF DTD REPRESENTATION |
138
|
|
|
|
|
|
|
# ------------------------ |
139
|
|
|
|
|
|
|
# |
140
|
|
|
|
|
|
|
# The IODEF DTD, as all DTDs, can be represented as a class hierarchy in which |
141
|
|
|
|
|
|
|
# each class corresponds to one node level. There can be 2 kind of relations between |
142
|
|
|
|
|
|
|
# these node classes: inheritance (ex: a ToolIncident is an Incident) and composition |
143
|
|
|
|
|
|
|
# (Incident contains Analyzer, Source, Target...). |
144
|
|
|
|
|
|
|
# |
145
|
|
|
|
|
|
|
# Below is a hash structure, called 'IODEF_DTD', which defines the whole IODEF DTD |
146
|
|
|
|
|
|
|
# as in version xxx. Each key is the name of the root tag of an IODEF node, and its |
147
|
|
|
|
|
|
|
# value is a structure representing the attributes, tags and subnodes allowed for |
148
|
|
|
|
|
|
|
# this node, as well as the node's subclasses if there are some. If on attribute can |
149
|
|
|
|
|
|
|
# take only a limited set of values, this is also specified. One class element (tag, |
150
|
|
|
|
|
|
|
# attribute or node) may appear more than once, in which case it is specified. |
151
|
|
|
|
|
|
|
# |
152
|
|
|
|
|
|
|
# This IODEF DTD is then parsed by the 'load_xml_dtd' function when the IODEF.pm |
153
|
|
|
|
|
|
|
# module is loaded, which in turn builds two internal and more convenient |
154
|
|
|
|
|
|
|
# representations: $EXPAND_PATH & $CHECK_VALUE. These 2 hashes are used by the add() |
155
|
|
|
|
|
|
|
# call, and faster to use than the DTD class construction. |
156
|
|
|
|
|
|
|
# |
157
|
|
|
|
|
|
|
# The main advantage of prefering a DTD representation of IODEF is its flexibility: |
158
|
|
|
|
|
|
|
# if the IODEF rfc happens to change, the DTD hash is the only part of this module |
159
|
|
|
|
|
|
|
# which will need an upgrade. Beside, it gets easy to extend IODEF by adding to the |
160
|
|
|
|
|
|
|
# DTD some home-defined root class, and extend IODEF.pm. The extension module only |
161
|
|
|
|
|
|
|
# needs to contain a DTD hash extending the one of IODEF, and call 'extend_iodef'. |
162
|
|
|
|
|
|
|
# All other functions ('in', 'out', 'add', 'to_hash'...) are then inherited from IODEF. |
163
|
|
|
|
|
|
|
# |
164
|
|
|
|
|
|
|
# This code is actually build in a very generic way and could be used with whatever |
165
|
|
|
|
|
|
|
# other XML format. |
166
|
|
|
|
|
|
|
# |
167
|
|
|
|
|
|
|
# DTD hash: |
168
|
|
|
|
|
|
|
# --------- |
169
|
|
|
|
|
|
|
# |
170
|
|
|
|
|
|
|
# A DTD is represented as a hash where each key is the name of a node, and each value |
171
|
|
|
|
|
|
|
# a hash encoding the corresponding DTD definition of this node. |
172
|
|
|
|
|
|
|
# This hash describes the attributes, children and content type of this node, |
173
|
|
|
|
|
|
|
# and can be deduced directly from the corresponding ELEMENT and ATTRIBUTE definitions |
174
|
|
|
|
|
|
|
# in the DTD. Yet, some subtilities from the DTD, such as complex combinations |
175
|
|
|
|
|
|
|
# of allowed children order and occurence, can not be represented in this model. |
176
|
|
|
|
|
|
|
# That's why this DTD representation only is a pseudo-DTD, and will not be able |
177
|
|
|
|
|
|
|
# to comply to some case of complex DTDs. |
178
|
|
|
|
|
|
|
# |
179
|
|
|
|
|
|
|
# A node has a name, which is its tag string. This name is the node's key in the DTD |
180
|
|
|
|
|
|
|
# hash. |
181
|
|
|
|
|
|
|
# |
182
|
|
|
|
|
|
|
# A node may has children nodes. These children are listed in an anonymous array |
183
|
|
|
|
|
|
|
# associated to the CHILDREN key. Each element of this children array is a string |
184
|
|
|
|
|
|
|
# made of the name of the child node preceded by a one letter prefix representing |
185
|
|
|
|
|
|
|
# the allowed occurencies of this child node. This prefix should be one of: |
186
|
|
|
|
|
|
|
# |
187
|
|
|
|
|
|
|
# prefix meaning |
188
|
|
|
|
|
|
|
# ------ ------- |
189
|
|
|
|
|
|
|
# |
190
|
|
|
|
|
|
|
# ? 0 or 1 occurences |
191
|
|
|
|
|
|
|
# + 1 or more |
192
|
|
|
|
|
|
|
# * 0 or more |
193
|
|
|
|
|
|
|
# 1 exactly one |
194
|
|
|
|
|
|
|
# # unknown (in practice, same as *) |
195
|
|
|
|
|
|
|
# |
196
|
|
|
|
|
|
|
# The order of the children names in the children array reflects the order of |
197
|
|
|
|
|
|
|
# children nodes in the DTD. As a result, the XML::IODEF API allows only to |
198
|
|
|
|
|
|
|
# create XML messages with one given order of children in each node. If the DTD |
199
|
|
|
|
|
|
|
# allows other combinations, it can not be encoded in XML::IODEF, and you will |
200
|
|
|
|
|
|
|
# have to choose one of the possible combinations when writting the pseudo-DTD. |
201
|
|
|
|
|
|
|
# In some cases, this won't be possible. That's why this API can not yet be |
202
|
|
|
|
|
|
|
# generalised to any generating any XML format. |
203
|
|
|
|
|
|
|
# |
204
|
|
|
|
|
|
|
# A node can also have attributes, which are represented as keys of the ATTRIBUTES |
205
|
|
|
|
|
|
|
# hash. The value associated with each key is an array of the values allowed for this |
206
|
|
|
|
|
|
|
# attributes, or an empty array if there are no restrictions on the value. |
207
|
|
|
|
|
|
|
# |
208
|
|
|
|
|
|
|
# Finally, a node can have a content, declared under the CONTENT key. That key can |
209
|
|
|
|
|
|
|
# accept 3 values: ANY, PCDATA, EMPTY. In practice, all are treated as PCDATA internaly. |
210
|
|
|
|
|
|
|
# |
211
|
|
|
|
|
|
|
# ex: DTD entity definition |
212
|
|
|
|
|
|
|
# |
213
|
|
|
|
|
|
|
# "EntityName" = { |
214
|
|
|
|
|
|
|
# ATTRIBUTES => { "attribute1" => [ list of values ], |
215
|
|
|
|
|
|
|
# "attribute2" => [], |
216
|
|
|
|
|
|
|
# ... |
217
|
|
|
|
|
|
|
# }, |
218
|
|
|
|
|
|
|
# CHILDREN => [ "elem1", "elem2"... ], |
219
|
|
|
|
|
|
|
# CONTENT => ANY | PCDATA | EMPTY |
220
|
|
|
|
|
|
|
# } |
221
|
|
|
|
|
|
|
# |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
|
224
|
|
|
|
|
|
|
# |
225
|
|
|
|
|
|
|
# CONTENT: |
226
|
|
|
|
|
|
|
# -------- |
227
|
|
|
|
|
|
|
# |
228
|
|
|
|
|
|
|
# the official xml contents supported by this simplified DTD representation |
229
|
|
|
|
|
|
|
|
230
|
|
|
|
|
|
|
use constant ANY => "ANY"; |
231
|
|
|
|
|
|
|
use constant PCDATA => "PCDATA"; |
232
|
|
|
|
|
|
|
use constant EMPTY => "EMPTY"; |
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
|
235
|
|
|
|
|
|
|
|
236
|
|
|
|
|
|
|
# |
237
|
|
|
|
|
|
|
# IODEF_DTD: |
238
|
|
|
|
|
|
|
# ---------- |
239
|
|
|
|
|
|
|
# |
240
|
|
|
|
|
|
|
# A hash encoding all the xml entities defined in the IODEF DTD, as |
241
|
|
|
|
|
|
|
# specified in the version $IODEF_VERSION of the IODEF draft. |
242
|
|
|
|
|
|
|
# |
243
|
|
|
|
|
|
|
# REM: this is a simplified DTD representation and does not reflect |
244
|
|
|
|
|
|
|
# exactly the content of the IODEF DTD. |
245
|
|
|
|
|
|
|
# In particular, this representation does not properly represent |
246
|
|
|
|
|
|
|
# for each entity the allowed number and occurences of its children. |
247
|
|
|
|
|
|
|
|
248
|
|
|
|
|
|
|
# version of the IODEF draft used for this DTD |
249
|
|
|
|
|
|
|
my $IODEF_VERSION = "1.0"; |
250
|
|
|
|
|
|
|
|
251
|
|
|
|
|
|
|
my $IODEF_DTD = { |
252
|
|
|
|
|
|
|
|
253
|
|
|
|
|
|
|
# each children of an entity should have a 1 letter code prefixed |
254
|
|
|
|
|
|
|
# to its name, reflecting the occurences, as allowed by the DTD, and |
255
|
|
|
|
|
|
|
# according to the list below: |
256
|
|
|
|
|
|
|
|
257
|
|
|
|
|
|
|
"IODEF-Document" => { |
258
|
|
|
|
|
|
|
ATTRIBUTES => { |
259
|
|
|
|
|
|
|
"version" => ["1.0"], |
260
|
|
|
|
|
|
|
"lang" => [], |
261
|
|
|
|
|
|
|
"formatid" => [], |
262
|
|
|
|
|
|
|
"xmlns:iodef" => [ "urn:ietf:params:xml:ns:iodef-1.0" ], |
263
|
|
|
|
|
|
|
"xmlns:xsi" => [ "http://www.w3.org/2001/XMLSchema-instance" ], |
264
|
|
|
|
|
|
|
"xsi:schemaLocation" => [ "urn:ietf:params:xmls:schema:iodef-1.0" ] |
265
|
|
|
|
|
|
|
}, |
266
|
|
|
|
|
|
|
CHILDREN => [ "+Incident" ], |
267
|
|
|
|
|
|
|
}, |
268
|
|
|
|
|
|
|
|
269
|
|
|
|
|
|
|
"Incident" => { |
270
|
|
|
|
|
|
|
ATTRIBUTES => { |
271
|
|
|
|
|
|
|
"purpose" => [ "traceback", "mitigation", "reporting", "other", "ext-value" ], |
272
|
|
|
|
|
|
|
"ext-purpose" => [], |
273
|
|
|
|
|
|
|
"lang" => [], |
274
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ] |
275
|
|
|
|
|
|
|
}, |
276
|
|
|
|
|
|
|
CHILDREN => [ "1IncidentID", "?AlternativeID", "?RelatedActivity", "?DetectTime", |
277
|
|
|
|
|
|
|
"?StartTime", "?EndTime", "1ReportTime", "*Description", "+Assessment", |
278
|
|
|
|
|
|
|
"*Method", "+Contact", "*EventData", "?History", "*AdditionalData" ] |
279
|
|
|
|
|
|
|
}, |
280
|
|
|
|
|
|
|
|
281
|
|
|
|
|
|
|
"IncidentID" => { |
282
|
|
|
|
|
|
|
ATTRIBUTES => { |
283
|
|
|
|
|
|
|
"name" => [], |
284
|
|
|
|
|
|
|
"instance" => [], |
285
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ] |
286
|
|
|
|
|
|
|
}, |
287
|
|
|
|
|
|
|
CONTENT => PCDATA |
288
|
|
|
|
|
|
|
}, |
289
|
|
|
|
|
|
|
|
290
|
|
|
|
|
|
|
"AlternativeID" => { |
291
|
|
|
|
|
|
|
ATTRIBUTES => { |
292
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ] |
293
|
|
|
|
|
|
|
}, |
294
|
|
|
|
|
|
|
CHILDREN => ["+IncidentID"] |
295
|
|
|
|
|
|
|
}, |
296
|
|
|
|
|
|
|
|
297
|
|
|
|
|
|
|
"RelatedActivity" => { |
298
|
|
|
|
|
|
|
ATTRIBUTES => { "restriction" => [ "public", "need-to-know", "private", "default" ] }, |
299
|
|
|
|
|
|
|
CHILDREN => [ "*IncidentID", "*URL" ], |
300
|
|
|
|
|
|
|
}, |
301
|
|
|
|
|
|
|
|
302
|
|
|
|
|
|
|
"AdditionalData" => { |
303
|
|
|
|
|
|
|
ATTRIBUTES => { |
304
|
|
|
|
|
|
|
"dtype" => ["boolean", "byte", "character", "date-time", "integer", "portlist", |
305
|
|
|
|
|
|
|
"real", "string", "file", "frame", "packet", "ipv4-packet", "ipv6-packet", |
306
|
|
|
|
|
|
|
"path", "url", "csv", "winreg", "xml", "ext-value"], |
307
|
|
|
|
|
|
|
"ext-dtype" => [], |
308
|
|
|
|
|
|
|
"meaning" => [], |
309
|
|
|
|
|
|
|
"formatid" => [], |
310
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
311
|
|
|
|
|
|
|
}, |
312
|
|
|
|
|
|
|
CONTENT => ANY, |
313
|
|
|
|
|
|
|
}, |
314
|
|
|
|
|
|
|
|
315
|
|
|
|
|
|
|
"Contact" => { |
316
|
|
|
|
|
|
|
ATTRIBUTES => { |
317
|
|
|
|
|
|
|
"role" => [ "creator", "admin", "tech", "irt", "cc", "ext-value" ], |
318
|
|
|
|
|
|
|
"ext-role" => [], |
319
|
|
|
|
|
|
|
"type" => [ "person", "organization", "ext-value" ], |
320
|
|
|
|
|
|
|
"ext-type" => [], |
321
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ] |
322
|
|
|
|
|
|
|
}, |
323
|
|
|
|
|
|
|
CHILDREN => [ "?ContactName", "*Description", "*RegistryHandle","?PostalAddress","*Email", |
324
|
|
|
|
|
|
|
"*Telephone", "?Fax", "?Timezone", "*Contact", "*AdditionalData" ], |
325
|
|
|
|
|
|
|
}, |
326
|
|
|
|
|
|
|
|
327
|
|
|
|
|
|
|
"RegistryHandle" => { |
328
|
|
|
|
|
|
|
ATTRIBUTES => { |
329
|
|
|
|
|
|
|
"registry" => [ "internic", "apnic", "arin", "lacnic", "ripe", "afrinic", "local", "ext-value" ], |
330
|
|
|
|
|
|
|
"ext-registry" => [], |
331
|
|
|
|
|
|
|
}, |
332
|
|
|
|
|
|
|
CONTENT => PCDATA, |
333
|
|
|
|
|
|
|
}, |
334
|
|
|
|
|
|
|
|
335
|
|
|
|
|
|
|
"PostalAddress" => { |
336
|
|
|
|
|
|
|
ATTRIBUTES => { |
337
|
|
|
|
|
|
|
"meaning" => [], |
338
|
|
|
|
|
|
|
"lang" => [], |
339
|
|
|
|
|
|
|
}, |
340
|
|
|
|
|
|
|
CONTENT => PCDATA |
341
|
|
|
|
|
|
|
}, |
342
|
|
|
|
|
|
|
|
343
|
|
|
|
|
|
|
"Email" => { |
344
|
|
|
|
|
|
|
ATTRIBIUTES => { |
345
|
|
|
|
|
|
|
"meaning" => [], |
346
|
|
|
|
|
|
|
}, |
347
|
|
|
|
|
|
|
CONTENT => PCDATA |
348
|
|
|
|
|
|
|
}, |
349
|
|
|
|
|
|
|
|
350
|
|
|
|
|
|
|
"Telephone" => { |
351
|
|
|
|
|
|
|
ATTRIBUTES => { |
352
|
|
|
|
|
|
|
"meaning" => [], |
353
|
|
|
|
|
|
|
}, |
354
|
|
|
|
|
|
|
CONTENT => PCDATA |
355
|
|
|
|
|
|
|
}, |
356
|
|
|
|
|
|
|
|
357
|
|
|
|
|
|
|
"Fax" => { |
358
|
|
|
|
|
|
|
ATTRIBUTES => { |
359
|
|
|
|
|
|
|
"meaning" => [] |
360
|
|
|
|
|
|
|
}, |
361
|
|
|
|
|
|
|
CONTENT => PCDATA |
362
|
|
|
|
|
|
|
}, |
363
|
|
|
|
|
|
|
|
364
|
|
|
|
|
|
|
"StartTime" => { |
365
|
|
|
|
|
|
|
CONTENT => PCDATA |
366
|
|
|
|
|
|
|
}, |
367
|
|
|
|
|
|
|
|
368
|
|
|
|
|
|
|
"EndTime" => { |
369
|
|
|
|
|
|
|
CONTENT => PCDATA |
370
|
|
|
|
|
|
|
}, |
371
|
|
|
|
|
|
|
|
372
|
|
|
|
|
|
|
"DetectTime" => { |
373
|
|
|
|
|
|
|
CONTENT => PCDATA |
374
|
|
|
|
|
|
|
}, |
375
|
|
|
|
|
|
|
|
376
|
|
|
|
|
|
|
"ReportTime" => { |
377
|
|
|
|
|
|
|
CONTENT => PCDATA |
378
|
|
|
|
|
|
|
}, |
379
|
|
|
|
|
|
|
|
380
|
|
|
|
|
|
|
"DateTime" => { |
381
|
|
|
|
|
|
|
CONTENT => PCDATA |
382
|
|
|
|
|
|
|
}, |
383
|
|
|
|
|
|
|
|
384
|
|
|
|
|
|
|
"Method" => { |
385
|
|
|
|
|
|
|
ATTRIBUTES => { |
386
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ] |
387
|
|
|
|
|
|
|
}, |
388
|
|
|
|
|
|
|
CHILDREN => ["*Reference", "*Description", "*AdditionalData"], |
389
|
|
|
|
|
|
|
}, |
390
|
|
|
|
|
|
|
|
391
|
|
|
|
|
|
|
"Reference" => { |
392
|
|
|
|
|
|
|
CHILDREN => ["1ReferenceName", "*URL", "*Description"], |
393
|
|
|
|
|
|
|
}, |
394
|
|
|
|
|
|
|
|
395
|
|
|
|
|
|
|
"Assessment" => { |
396
|
|
|
|
|
|
|
ATTRIBUTES => { |
397
|
|
|
|
|
|
|
"occurence" => ["actual", "potential"], |
398
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ] |
399
|
|
|
|
|
|
|
}, |
400
|
|
|
|
|
|
|
CHILDREN => [ "*Impact", "*TimeImpact", "*MonetaryImpact", "*Counter", "?Confidence", |
401
|
|
|
|
|
|
|
"*AdditionalData"] |
402
|
|
|
|
|
|
|
}, |
403
|
|
|
|
|
|
|
|
404
|
|
|
|
|
|
|
"Impact" => { |
405
|
|
|
|
|
|
|
ATTRIBUTES => { |
406
|
|
|
|
|
|
|
"lang" => [], |
407
|
|
|
|
|
|
|
"severity" => [ "low", "medium", "high" ], |
408
|
|
|
|
|
|
|
"completion" => [ "failed", "succeeded" ], |
409
|
|
|
|
|
|
|
"type" => [ "admin", "dos", "file", "info-leak", "misconfiguration", |
410
|
|
|
|
|
|
|
"policy", "recon", "social-engineering", "user", "unknown", |
411
|
|
|
|
|
|
|
"ext-value"], |
412
|
|
|
|
|
|
|
"ext-type" => [], |
413
|
|
|
|
|
|
|
}, |
414
|
|
|
|
|
|
|
CONTENT => PCDATA |
415
|
|
|
|
|
|
|
}, |
416
|
|
|
|
|
|
|
|
417
|
|
|
|
|
|
|
"TimeImpact" => { |
418
|
|
|
|
|
|
|
ATTRIBUTES => { |
419
|
|
|
|
|
|
|
"severity" => [ "low", "medium", "high" ], |
420
|
|
|
|
|
|
|
"metric" => [ "labor", "elapsed", "downtime", "ext-value" ], |
421
|
|
|
|
|
|
|
"ext-metric" => [], |
422
|
|
|
|
|
|
|
"duration" => [ "second", "minute", "hour", "day", "month", "quarter", "year", "ext-value" ], |
423
|
|
|
|
|
|
|
"ext-duration" => [] |
424
|
|
|
|
|
|
|
}, |
425
|
|
|
|
|
|
|
CONTENT => PCDATA |
426
|
|
|
|
|
|
|
}, |
427
|
|
|
|
|
|
|
|
428
|
|
|
|
|
|
|
"MonetaryImpact" => { |
429
|
|
|
|
|
|
|
ATTRIBUTES => { |
430
|
|
|
|
|
|
|
"severity" => [ "low", "medium", "high" ], |
431
|
|
|
|
|
|
|
"currency" => [] |
432
|
|
|
|
|
|
|
}, |
433
|
|
|
|
|
|
|
CONTENT => PCDATA |
434
|
|
|
|
|
|
|
}, |
435
|
|
|
|
|
|
|
|
436
|
|
|
|
|
|
|
"Confidence" => { |
437
|
|
|
|
|
|
|
ATTRIBUTES => { |
438
|
|
|
|
|
|
|
"rating" => [ "low", "medium", "high", "numeric" ], |
439
|
|
|
|
|
|
|
}, |
440
|
|
|
|
|
|
|
CONTENT => PCDATA, |
441
|
|
|
|
|
|
|
}, |
442
|
|
|
|
|
|
|
|
443
|
|
|
|
|
|
|
"History" => { |
444
|
|
|
|
|
|
|
ATTRIBUTES => { |
445
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ] |
446
|
|
|
|
|
|
|
}, |
447
|
|
|
|
|
|
|
CHILDREN => [ "+HistoryItem" ], |
448
|
|
|
|
|
|
|
}, |
449
|
|
|
|
|
|
|
|
450
|
|
|
|
|
|
|
"HistoryItem" => { |
451
|
|
|
|
|
|
|
ATTRIBUTES => { |
452
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
453
|
|
|
|
|
|
|
"action" => [ "nothing", "contact-source-site", "contact-target-site", "contact-sender", "investigate", |
454
|
|
|
|
|
|
|
"block-host", "block-network", "block-port", "rate-limit-host", "rate-limit-network", |
455
|
|
|
|
|
|
|
"rate-limit-port", "remediate-other", "status-triage", "status-new-info", "other", |
456
|
|
|
|
|
|
|
"ext-value" ], |
457
|
|
|
|
|
|
|
"ext-action" => [] |
458
|
|
|
|
|
|
|
}, |
459
|
|
|
|
|
|
|
CHILDREN => [ "1DateTime", "?IncidentID", "?Contact", "*Description", "*AdditionalData" ], |
460
|
|
|
|
|
|
|
}, |
461
|
|
|
|
|
|
|
|
462
|
|
|
|
|
|
|
"EventData" => { |
463
|
|
|
|
|
|
|
ATTRIBUTES => { |
464
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
465
|
|
|
|
|
|
|
}, |
466
|
|
|
|
|
|
|
CHILDREN => [ "*Description", "?DetectTime", "?StartTime", "?EndTime", "*Contact", |
467
|
|
|
|
|
|
|
"?Assessment", "*Method", "*Flow", "*Expectation", "?Record", |
468
|
|
|
|
|
|
|
"*EventData", "*AdditionalData"] |
469
|
|
|
|
|
|
|
}, |
470
|
|
|
|
|
|
|
|
471
|
|
|
|
|
|
|
"Expectation" => { |
472
|
|
|
|
|
|
|
ATTRIBUTES => { |
473
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
474
|
|
|
|
|
|
|
"severity" => [ "low", "medium", "high" ], |
475
|
|
|
|
|
|
|
"action" => [ "nothing", "contact-source-site", "contact-target-site", "contact-sender", "investigate", |
476
|
|
|
|
|
|
|
"block-host", "block-network", "block-port", "rate-limit-host", "rate-limit-network", |
477
|
|
|
|
|
|
|
"rate-limit-port", "remediate-other", "status-triage", "status-new-info", "other", |
478
|
|
|
|
|
|
|
"ext-value" ], |
479
|
|
|
|
|
|
|
"ext-action" => [] |
480
|
|
|
|
|
|
|
}, |
481
|
|
|
|
|
|
|
CHILDREN => [ "*Description", "?StartTime", "?EndTime", "?Contact" ] |
482
|
|
|
|
|
|
|
}, |
483
|
|
|
|
|
|
|
|
484
|
|
|
|
|
|
|
"Flow" => { |
485
|
|
|
|
|
|
|
CHILDREN => [ "+System" ], |
486
|
|
|
|
|
|
|
}, |
487
|
|
|
|
|
|
|
|
488
|
|
|
|
|
|
|
"System" => { |
489
|
|
|
|
|
|
|
ATTRIBUTES => { |
490
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
491
|
|
|
|
|
|
|
"category" => [ "source", "target", "intermediate", "sensor" , "infrastructure", |
492
|
|
|
|
|
|
|
"ext-value" ], |
493
|
|
|
|
|
|
|
"ext-category" => [], |
494
|
|
|
|
|
|
|
"interface" => [], |
495
|
|
|
|
|
|
|
"spoofed" => [ "unknown", "yes", "no" ], |
496
|
|
|
|
|
|
|
}, |
497
|
|
|
|
|
|
|
CHILDREN => [ "1Node", "*Service", "*OperatingSystem", "*Description", "*AdditionalData" ] |
498
|
|
|
|
|
|
|
}, |
499
|
|
|
|
|
|
|
|
500
|
|
|
|
|
|
|
"Node" => { |
501
|
|
|
|
|
|
|
CHILDREN => [ "*NodeName", "*Address", "?Location", "?DateTime", "*NodeRole", |
502
|
|
|
|
|
|
|
"*Counter"] |
503
|
|
|
|
|
|
|
}, |
504
|
|
|
|
|
|
|
|
505
|
|
|
|
|
|
|
"Counter" => { |
506
|
|
|
|
|
|
|
ATTRIBUTES => { |
507
|
|
|
|
|
|
|
"type" => [ "byte", "packet", "flow", "session", "alert", |
508
|
|
|
|
|
|
|
"message", "event", "host", "site", "organization", |
509
|
|
|
|
|
|
|
"ext-value" ], |
510
|
|
|
|
|
|
|
"ext-type" => [], |
511
|
|
|
|
|
|
|
"meaning" => [], |
512
|
|
|
|
|
|
|
"duration" => [ "second", "minute", "hour", "day", "month", "quarter", "year", "ext-value" ], |
513
|
|
|
|
|
|
|
"ext-duration" => [], |
514
|
|
|
|
|
|
|
}, |
515
|
|
|
|
|
|
|
CONTENT => PCDATA |
516
|
|
|
|
|
|
|
}, |
517
|
|
|
|
|
|
|
|
518
|
|
|
|
|
|
|
"Address" => { |
519
|
|
|
|
|
|
|
ATTRIBUTES => { |
520
|
|
|
|
|
|
|
"category" => [ "asn", "atm", "e-mail", "ipv4-addr", "ipv4-net", |
521
|
|
|
|
|
|
|
"ipv4-net-mask", "ipv6-addr", "ipv6-net", "ipv6-net-mask", "mac", |
522
|
|
|
|
|
|
|
"ext-value" ], |
523
|
|
|
|
|
|
|
"ext-category" => [], |
524
|
|
|
|
|
|
|
"vlan-name" => [], |
525
|
|
|
|
|
|
|
"vlan-num" => [], |
526
|
|
|
|
|
|
|
}, |
527
|
|
|
|
|
|
|
CONTENT => PCDATA |
528
|
|
|
|
|
|
|
}, |
529
|
|
|
|
|
|
|
|
530
|
|
|
|
|
|
|
"NodeRole" => { |
531
|
|
|
|
|
|
|
ATTRIBUTES => { |
532
|
|
|
|
|
|
|
"category" => [ "client", "server-internal", "server-public", "www", "mail", |
533
|
|
|
|
|
|
|
"messaging", "streaming", "voice", "file", "ftp", |
534
|
|
|
|
|
|
|
"p2p", "name", "directory", "credential", "print", |
535
|
|
|
|
|
|
|
"application", "database", "infra", "log", "ext-value"], |
536
|
|
|
|
|
|
|
"ext-category" => [], |
537
|
|
|
|
|
|
|
"lang" => [], |
538
|
|
|
|
|
|
|
} |
539
|
|
|
|
|
|
|
}, |
540
|
|
|
|
|
|
|
|
541
|
|
|
|
|
|
|
"Service" => { |
542
|
|
|
|
|
|
|
ATTRIBUTES => { |
543
|
|
|
|
|
|
|
"ip_protocol" => [], |
544
|
|
|
|
|
|
|
}, |
545
|
|
|
|
|
|
|
CHILDREN => [ "?Port", "?Portlist", "?ProtoCode", "?ProtoType", "?ProtoFlags", |
546
|
|
|
|
|
|
|
"?Application" ] |
547
|
|
|
|
|
|
|
}, |
548
|
|
|
|
|
|
|
|
549
|
|
|
|
|
|
|
"Application" => { |
550
|
|
|
|
|
|
|
ATTRIBUTES => { |
551
|
|
|
|
|
|
|
"swid" => [], |
552
|
|
|
|
|
|
|
"configid" => [], |
553
|
|
|
|
|
|
|
"vendor" => [], |
554
|
|
|
|
|
|
|
"family" => [], |
555
|
|
|
|
|
|
|
"name" => [], |
556
|
|
|
|
|
|
|
"version" => [], |
557
|
|
|
|
|
|
|
"patch" => [], |
558
|
|
|
|
|
|
|
}, |
559
|
|
|
|
|
|
|
CHILDREN => [ "?URL" ] |
560
|
|
|
|
|
|
|
}, |
561
|
|
|
|
|
|
|
|
562
|
|
|
|
|
|
|
"OperatingSystem" => { |
563
|
|
|
|
|
|
|
ATTRIBUTES => { |
564
|
|
|
|
|
|
|
"swid" => [], |
565
|
|
|
|
|
|
|
"configid" => [], |
566
|
|
|
|
|
|
|
"vendor" => [], |
567
|
|
|
|
|
|
|
"family" => [], |
568
|
|
|
|
|
|
|
"name" => [], |
569
|
|
|
|
|
|
|
"version" => [], |
570
|
|
|
|
|
|
|
"patch" => [], |
571
|
|
|
|
|
|
|
}, |
572
|
|
|
|
|
|
|
CHILDREN => [ "?URL" ] |
573
|
|
|
|
|
|
|
}, |
574
|
|
|
|
|
|
|
|
575
|
|
|
|
|
|
|
"Record" => { |
576
|
|
|
|
|
|
|
ATTRIBUTES => { |
577
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
578
|
|
|
|
|
|
|
}, |
579
|
|
|
|
|
|
|
CHILDREN => [ "+RecordData" ] |
580
|
|
|
|
|
|
|
}, |
581
|
|
|
|
|
|
|
|
582
|
|
|
|
|
|
|
"RecordData" => { |
583
|
|
|
|
|
|
|
ATTRIBUTES => { |
584
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
585
|
|
|
|
|
|
|
}, |
586
|
|
|
|
|
|
|
CHILDREN => [ "?DateTime", "*Description", "?Application", "*RecordPattern", "+RecordItem", |
587
|
|
|
|
|
|
|
"*AdditionalData" ] |
588
|
|
|
|
|
|
|
}, |
589
|
|
|
|
|
|
|
|
590
|
|
|
|
|
|
|
"RecordPattern" => { |
591
|
|
|
|
|
|
|
ATTRIBUTES => { |
592
|
|
|
|
|
|
|
"type" => [ "regex", "binary", "xpath", "ext-value" ], |
593
|
|
|
|
|
|
|
"ext-type" => [], |
594
|
|
|
|
|
|
|
"offset" => [], |
595
|
|
|
|
|
|
|
"offsetunit" => [ "line", "binary", "ext-value" ], |
596
|
|
|
|
|
|
|
"ext-offsetunit" => [], |
597
|
|
|
|
|
|
|
"instance" => [], |
598
|
|
|
|
|
|
|
}, |
599
|
|
|
|
|
|
|
CONTENT => PCDATA, |
600
|
|
|
|
|
|
|
}, |
601
|
|
|
|
|
|
|
|
602
|
|
|
|
|
|
|
"RecordItem" => { |
603
|
|
|
|
|
|
|
ATTRIBUTES => { "dtype" => ["boolean", "byte", "character", "date-time", "integer", "portlist", |
604
|
|
|
|
|
|
|
"real", "string", "file", "frame", "packet", "ipv4-packet", "ipv6-packet", |
605
|
|
|
|
|
|
|
"path", "url", "csv", "winreg", "xml", "ext-value"], |
606
|
|
|
|
|
|
|
"ext-dtype" => [], |
607
|
|
|
|
|
|
|
"meaning" => [], |
608
|
|
|
|
|
|
|
"formatid" => [], |
609
|
|
|
|
|
|
|
"restriction" => [ "public", "need-to-know", "private", "default" ], |
610
|
|
|
|
|
|
|
}, |
611
|
|
|
|
|
|
|
CONTENT => ANY, |
612
|
|
|
|
|
|
|
}, |
613
|
|
|
|
|
|
|
|
614
|
|
|
|
|
|
|
# |
615
|
|
|
|
|
|
|
# Simple elements with no sub-elements and no attributes |
616
|
|
|
|
|
|
|
# |
617
|
|
|
|
|
|
|
"Description" => { CONTENT => PCDATA }, |
618
|
|
|
|
|
|
|
"URL" => { CONTENT => PCDATA }, |
619
|
|
|
|
|
|
|
"ContactName" => { CONTENT => PCDATA }, |
620
|
|
|
|
|
|
|
"Timezone" => { CONTENT => PCDATA }, |
621
|
|
|
|
|
|
|
"ReferenceName" => { CONTENT => PCDATA }, |
622
|
|
|
|
|
|
|
"NodeName" => { CONTENT => PCDATA }, |
623
|
|
|
|
|
|
|
"Location" => { CONTENT => PCDATA }, |
624
|
|
|
|
|
|
|
"Port" => { CONTENT => PCDATA }, |
625
|
|
|
|
|
|
|
"Portlist" => { CONTENT => PCDATA }, |
626
|
|
|
|
|
|
|
"ProtoCode" => { CONTENT => PCDATA }, |
627
|
|
|
|
|
|
|
"ProtoType" => { CONTENT => PCDATA }, |
628
|
|
|
|
|
|
|
"ProtoFlags" => { CONTENT => PCDATA }, |
629
|
|
|
|
|
|
|
|
630
|
|
|
|
|
|
|
}; |
631
|
|
|
|
|
|
|
|
632
|
|
|
|
|
|
|
|
633
|
|
|
|
|
|
|
|
634
|
|
|
|
|
|
|
|
635
|
|
|
|
|
|
|
##-------------------------------------------------------------------------------- |
636
|
|
|
|
|
|
|
## |
637
|
|
|
|
|
|
|
## |
638
|
|
|
|
|
|
|
## CLASS METHODS: |
639
|
|
|
|
|
|
|
## -------------- |
640
|
|
|
|
|
|
|
## |
641
|
|
|
|
|
|
|
## |
642
|
|
|
|
|
|
|
##-------------------------------------------------------------------------------- |
643
|
|
|
|
|
|
|
|
644
|
|
|
|
|
|
|
|
645
|
|
|
|
|
|
|
|
646
|
|
|
|
|
|
|
|
647
|
|
|
|
|
|
|
##================================================================================ |
648
|
|
|
|
|
|
|
## |
649
|
|
|
|
|
|
|
## XML PSEUDO DTD LOADER |
650
|
|
|
|
|
|
|
## |
651
|
|
|
|
|
|
|
##================================================================================ |
652
|
|
|
|
|
|
|
## |
653
|
|
|
|
|
|
|
## Below is the generic code for loading a pseudo DTD representation of an XML |
654
|
|
|
|
|
|
|
## DTD into structures optimised for internal usage. |
655
|
|
|
|
|
|
|
## |
656
|
|
|
|
|
|
|
|
657
|
|
|
|
|
|
|
|
658
|
|
|
|
|
|
|
|
659
|
|
|
|
|
|
|
# $EXPAND_PATH is a hash table linking an iodef tag path to the corresponding list |
660
|
|
|
|
|
|
|
# of arguments needed to add a value at this path with the add() call. |
661
|
|
|
|
|
|
|
# each key is a tagpath to a given IODEF field, as given to the 'add()' call. |
662
|
|
|
|
|
|
|
# each corresponding value is an array containing the list of tags in the |
663
|
|
|
|
|
|
|
# tagpath, preceded by 2 values. The first one is 'A' if the pointed field is |
664
|
|
|
|
|
|
|
# an attribute, 'C' if it is a content, 'N' if it is just a node. Notice that |
665
|
|
|
|
|
|
|
# a C path is a N path. |
666
|
|
|
|
|
|
|
# ex: |
667
|
|
|
|
|
|
|
# 'IncidentEventDatarestriction' => [ A, "Incident", "EventData", "restriction"], |
668
|
|
|
|
|
|
|
# 'Incidentpurpose' => [ A, "Incident", "purpose"], |
669
|
|
|
|
|
|
|
# 'IncidentDescription' => [ C, "Incident", "Description"], |
670
|
|
|
|
|
|
|
# 'IncidentEventDataStartTime' => [ C, "Incident", "EventData", "StartTime"], |
671
|
|
|
|
|
|
|
# 'IncidentContact => [ N, "Incident", "Contact"], |
672
|
|
|
|
|
|
|
|
673
|
|
|
|
|
|
|
my $EXPAND_PATH = {}; |
674
|
|
|
|
|
|
|
|
675
|
|
|
|
|
|
|
|
676
|
|
|
|
|
|
|
# hash of the tagpaths for which the values can only take a limited set of values |
677
|
|
|
|
|
|
|
# which can be checked with check_allowed. each key is a tagpath, each value is |
678
|
|
|
|
|
|
|
# an array of the corresponding allowed values. |
679
|
|
|
|
|
|
|
# |
680
|
|
|
|
|
|
|
# ex: |
681
|
|
|
|
|
|
|
# 'Incidentpurpose' => [ 'reporting', 'mitigation'... ], |
682
|
|
|
|
|
|
|
# |
683
|
|
|
|
|
|
|
|
684
|
|
|
|
|
|
|
my $CHECK_VALUE = {}; |
685
|
|
|
|
|
|
|
|
686
|
|
|
|
|
|
|
|
687
|
|
|
|
|
|
|
# DEPRECATED |
688
|
|
|
|
|
|
|
# a counter used by create_ident's unique id generator |
689
|
|
|
|
|
|
|
# |
690
|
|
|
|
|
|
|
|
691
|
|
|
|
|
|
|
my $ID_COUNT = 0; |
692
|
|
|
|
|
|
|
|
693
|
|
|
|
|
|
|
|
694
|
|
|
|
|
|
|
# |
695
|
|
|
|
|
|
|
# Internal variables describing the DTD in use |
696
|
|
|
|
|
|
|
# -------------------------------------------- |
697
|
|
|
|
|
|
|
# |
698
|
|
|
|
|
|
|
# This variables are to be initiated by a serie |
699
|
|
|
|
|
|
|
# of api calls, listed below. |
700
|
|
|
|
|
|
|
|
701
|
|
|
|
|
|
|
my $DTD = undef; |
702
|
|
|
|
|
|
|
my $ROOT = undef; |
703
|
|
|
|
|
|
|
|
704
|
|
|
|
|
|
|
|
705
|
|
|
|
|
|
|
# |
706
|
|
|
|
|
|
|
# xml declaration |
707
|
|
|
|
|
|
|
# |
708
|
|
|
|
|
|
|
|
709
|
|
|
|
|
|
|
my $XML_DECL_VER = "1.0"; |
710
|
|
|
|
|
|
|
my $XML_DECL_ENC = "UTF-8"; |
711
|
|
|
|
|
|
|
|
712
|
|
|
|
|
|
|
|
713
|
|
|
|
|
|
|
# |
714
|
|
|
|
|
|
|
# IODEF DTD declaration |
715
|
|
|
|
|
|
|
# |
716
|
|
|
|
|
|
|
|
717
|
|
|
|
|
|
|
my $DOCTYPE_NAME = "IODEF-Document"; |
718
|
|
|
|
|
|
|
my $DOCTYPE_SYSID = "IODEF-Document.dtd"; |
719
|
|
|
|
|
|
|
my $DOCTYPE_PUBID = "-//IETF//DTD RFC 5070 IODEF v1.0//EN"; |
720
|
|
|
|
|
|
|
|
721
|
|
|
|
|
|
|
|
722
|
|
|
|
|
|
|
|
723
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
724
|
|
|
|
|
|
|
## |
725
|
|
|
|
|
|
|
## set_doctype_name() |
726
|
|
|
|
|
|
|
## set_doctype_sysid() |
727
|
|
|
|
|
|
|
## set_doctype_pubid() |
728
|
|
|
|
|
|
|
## |
729
|
|
|
|
|
|
|
|
730
|
|
|
|
|
|
|
sub set_doctype_name { $DOCTYPE_NAME = shift; } |
731
|
|
|
|
|
|
|
sub set_doctype_sysid { $DOCTYPE_SYSID = shift; } |
732
|
|
|
|
|
|
|
sub set_doctype_pubid { $DOCTYPE_PUBID = shift; } |
733
|
|
|
|
|
|
|
|
734
|
|
|
|
|
|
|
|
735
|
|
|
|
|
|
|
|
736
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
737
|
|
|
|
|
|
|
## |
738
|
|
|
|
|
|
|
## extend_dtd($DTD_extension, "new_root_class") |
739
|
|
|
|
|
|
|
## |
740
|
|
|
|
|
|
|
## ARGS: |
741
|
|
|
|
|
|
|
## $DTD_extension a DTD hash, as described in the source doc above. |
742
|
|
|
|
|
|
|
## "new_root_class" the name of a new root class |
743
|
|
|
|
|
|
|
## |
744
|
|
|
|
|
|
|
## RETURN: |
745
|
|
|
|
|
|
|
## This function can be used to extend IODEF by adding a new |
746
|
|
|
|
|
|
|
## root class definition to the original IODEF DTD. |
747
|
|
|
|
|
|
|
## $DTD_extension is a DTD hash, as defined above, providing definitions |
748
|
|
|
|
|
|
|
## for all the new IODEF classes introduced by the extension, including |
749
|
|
|
|
|
|
|
## the one for the new root class. |
750
|
|
|
|
|
|
|
## "new_root_class" is the name of the root node of the IODEF extension. |
751
|
|
|
|
|
|
|
## From now on, the usual IODEF calls ('in', 'add', 'to_hash'...) can be |
752
|
|
|
|
|
|
|
## used to create/parse extended messages as well. |
753
|
|
|
|
|
|
|
## |
754
|
|
|
|
|
|
|
## To extend IODEF, use extend_dtd(, "IODEF-Message") |
755
|
|
|
|
|
|
|
## To load a new DTD, extend_dtd(, "new root") + call set_doctype_* |
756
|
|
|
|
|
|
|
## |
757
|
|
|
|
|
|
|
|
758
|
|
|
|
|
|
|
sub extend_dtd { |
759
|
|
|
|
|
|
|
my($dtd, $name) = @_; |
760
|
|
|
|
|
|
|
|
761
|
|
|
|
|
|
|
$name = "IODEF-Document" if (!defined($name)); |
762
|
|
|
|
|
|
|
|
763
|
|
|
|
|
|
|
foreach my $k (keys(%{$dtd})) { |
764
|
|
|
|
|
|
|
$IODEF_DTD->{$k} = $dtd->{$k}; |
765
|
|
|
|
|
|
|
} |
766
|
|
|
|
|
|
|
|
767
|
|
|
|
|
|
|
load_xml_dtd($IODEF_DTD, $name); |
768
|
|
|
|
|
|
|
} |
769
|
|
|
|
|
|
|
|
770
|
|
|
|
|
|
|
|
771
|
|
|
|
|
|
|
|
772
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
773
|
|
|
|
|
|
|
## |
774
|
|
|
|
|
|
|
## load_xml_dtd(, ) |
775
|
|
|
|
|
|
|
## |
776
|
|
|
|
|
|
|
## ARGS: |
777
|
|
|
|
|
|
|
## a DTD hash |
778
|
|
|
|
|
|
|
## the name (string) of the DTD's root class |
779
|
|
|
|
|
|
|
## |
780
|
|
|
|
|
|
|
## RETURN: |
781
|
|
|
|
|
|
|
## This is the DTD parser used to load the IODEF DTD in the DTD |
782
|
|
|
|
|
|
|
## engine at startup. |
783
|
|
|
|
|
|
|
## This function parses the DTD entity list as defined |
784
|
|
|
|
|
|
|
## through the hash and builds the xml class tree of |
785
|
|
|
|
|
|
|
## the root node . |
786
|
|
|
|
|
|
|
## |
787
|
|
|
|
|
|
|
## EX: |
788
|
|
|
|
|
|
|
## # load the IODEF DTD at startup |
789
|
|
|
|
|
|
|
## load_xml_dtd($IODEF_DTD, "IODEF-Message"); |
790
|
|
|
|
|
|
|
## |
791
|
|
|
|
|
|
|
|
792
|
|
|
|
|
|
|
sub load_xml_dtd { |
793
|
|
|
|
|
|
|
my($dtd, $root) = @_; |
794
|
|
|
|
|
|
|
|
795
|
|
|
|
|
|
|
defined($dtd) |
796
|
|
|
|
|
|
|
|| croak "XML::IODEF - load_xml_dtd: received a null ref in place of DTD hash."; |
797
|
|
|
|
|
|
|
defined($root) |
798
|
|
|
|
|
|
|
|| croak "XML::IODEF - load_xml_dtd: received a null ref in place of DTD root name."; |
799
|
|
|
|
|
|
|
exists($dtd->{$root}) |
800
|
|
|
|
|
|
|
|| croak "XML::IODEF - load_xml_dtd: the root entity \'$root\' is not defined in the DTD hash."; |
801
|
|
|
|
|
|
|
|
802
|
|
|
|
|
|
|
my $err = check_xml_dtd($dtd, $root, 0); |
803
|
|
|
|
|
|
|
croak "XML::IODEF - load_xml_dtd: $err errors in the pseudo DTD. dying." |
804
|
|
|
|
|
|
|
if ($err > 0); |
805
|
|
|
|
|
|
|
|
806
|
|
|
|
|
|
|
# everything fine, accept DTD |
807
|
|
|
|
|
|
|
$DTD = $dtd; |
808
|
|
|
|
|
|
|
$ROOT = $root; |
809
|
|
|
|
|
|
|
|
810
|
|
|
|
|
|
|
fill_internal_hashes($DTD, "1".$ROOT,0); |
811
|
|
|
|
|
|
|
|
812
|
|
|
|
|
|
|
return 0; |
813
|
|
|
|
|
|
|
} |
814
|
|
|
|
|
|
|
|
815
|
|
|
|
|
|
|
|
816
|
|
|
|
|
|
|
|
817
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
818
|
|
|
|
|
|
|
# |
819
|
|
|
|
|
|
|
# fill_internal_hashes(, [, @path]) |
820
|
|
|
|
|
|
|
# |
821
|
|
|
|
|
|
|
# build the EXPAND_PATH and CHECK_VALUE hashes. |
822
|
|
|
|
|
|
|
# it works recursively, and @path is the path of tags |
823
|
|
|
|
|
|
|
# of where we currently are in the xml tree. |
824
|
|
|
|
|
|
|
# |
825
|
|
|
|
|
|
|
|
826
|
|
|
|
|
|
|
sub fill_internal_hashes { |
827
|
|
|
|
|
|
|
my($dtd, $name, $depth, @path) = @_; |
828
|
|
|
|
|
|
|
my($node, $k, $v, $type, $att, $kid, $vals); |
829
|
|
|
|
|
|
|
|
830
|
|
|
|
|
|
|
$node = $dtd->{substr($name,1)}; |
831
|
|
|
|
|
|
|
$k = join '', map({substr $_, 1} @path, $name); |
832
|
|
|
|
|
|
|
|
833
|
|
|
|
|
|
|
# add node too EXPAND_PATH, as a node or content |
834
|
|
|
|
|
|
|
if (exists($node->{CONTENT})) { |
835
|
|
|
|
|
|
|
$EXPAND_PATH->{$k} = ['C', @path, $name]; |
836
|
|
|
|
|
|
|
} else { |
837
|
|
|
|
|
|
|
$EXPAND_PATH->{$k} = ['N', @path, $name]; |
838
|
|
|
|
|
|
|
} |
839
|
|
|
|
|
|
|
|
840
|
|
|
|
|
|
|
# does it have attributes? if so, add them. |
841
|
|
|
|
|
|
|
if (exists($node->{ATTRIBUTES})) { |
842
|
|
|
|
|
|
|
foreach $att (keys %{$node->{ATTRIBUTES}}) { |
843
|
|
|
|
|
|
|
$EXPAND_PATH->{$k.$att} = ['A', @path, $name, $att]; |
844
|
|
|
|
|
|
|
|
845
|
|
|
|
|
|
|
# fill CHECK_VALUE hash |
846
|
|
|
|
|
|
|
$vals = $node->{ATTRIBUTES}->{$att}; |
847
|
|
|
|
|
|
|
$CHECK_VALUE->{$k.$att} = $vals |
848
|
|
|
|
|
|
|
if ((scalar @{$vals}) > 0); |
849
|
|
|
|
|
|
|
} |
850
|
|
|
|
|
|
|
} |
851
|
|
|
|
|
|
|
|
852
|
|
|
|
|
|
|
# does it have children elements? if so, add them. |
853
|
|
|
|
|
|
|
if (exists($node->{CHILDREN}) && ( $depth < $MAX_ITER) ) { |
854
|
|
|
|
|
|
|
foreach $kid (@{$node->{CHILDREN}}) { |
855
|
|
|
|
|
|
|
fill_internal_hashes($dtd, $kid, $depth+1, @path, $name); |
856
|
|
|
|
|
|
|
} |
857
|
|
|
|
|
|
|
} |
858
|
|
|
|
|
|
|
|
859
|
|
|
|
|
|
|
return 0; |
860
|
|
|
|
|
|
|
} |
861
|
|
|
|
|
|
|
|
862
|
|
|
|
|
|
|
|
863
|
|
|
|
|
|
|
|
864
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
865
|
|
|
|
|
|
|
# |
866
|
|
|
|
|
|
|
# check_xml_dtd(, ) |
867
|
|
|
|
|
|
|
# |
868
|
|
|
|
|
|
|
# internal function, called by load_xml_dtd to validate the pseudo DTD's |
869
|
|
|
|
|
|
|
# syntax. recursive function. log errors to stdout. |
870
|
|
|
|
|
|
|
# |
871
|
|
|
|
|
|
|
# return 0 if no error found, a positive number (error count) if errors found. |
872
|
|
|
|
|
|
|
# If error found, the module should croak. |
873
|
|
|
|
|
|
|
# |
874
|
|
|
|
|
|
|
|
875
|
|
|
|
|
|
|
sub check_xml_dtd { |
876
|
|
|
|
|
|
|
my($dtd, $name, $depth) = @_; |
877
|
|
|
|
|
|
|
my($ent, $code, $child); |
878
|
|
|
|
|
|
|
my $ret = 0; |
879
|
|
|
|
|
|
|
|
880
|
|
|
|
|
|
|
# check if entity is defined in pseudo-dtd |
881
|
|
|
|
|
|
|
if (!exists($dtd->{$name})) { |
882
|
|
|
|
|
|
|
print "XML::IODEF - check_xml_dtd: entity \'$name\' is not defined in the pseudo DTD.\n"; |
883
|
|
|
|
|
|
|
return 1; |
884
|
|
|
|
|
|
|
} |
885
|
|
|
|
|
|
|
|
886
|
|
|
|
|
|
|
$ent = $dtd->{$name}; |
887
|
|
|
|
|
|
|
|
888
|
|
|
|
|
|
|
# check entity content code |
889
|
|
|
|
|
|
|
if (exists($ent->{CONTENT})) { |
890
|
|
|
|
|
|
|
$code = $ent->{CONTENT}; |
891
|
|
|
|
|
|
|
if ($code ne PCDATA && $code ne ANY && $code ne EMPTY) { |
892
|
|
|
|
|
|
|
print "XML::IODEF - check_xml_dtd: entity \'$name\' does not have a valid content.\n"; |
893
|
|
|
|
|
|
|
$ret++; |
894
|
|
|
|
|
|
|
} |
895
|
|
|
|
|
|
|
} |
896
|
|
|
|
|
|
|
|
897
|
|
|
|
|
|
|
# check each child of this entity |
898
|
|
|
|
|
|
|
if (exists($ent->{CHILDREN}) && ($depth < $MAX_ITER)) { |
899
|
|
|
|
|
|
|
$code = $ent->{CHILDREN}; |
900
|
|
|
|
|
|
|
foreach $child (@{$code}) { |
901
|
|
|
|
|
|
|
|
902
|
|
|
|
|
|
|
# check that children starts with occurence code |
903
|
|
|
|
|
|
|
if (index("?*+1#", substr($child,0,1)) == -1) { |
904
|
|
|
|
|
|
|
print "XML::IODEF - check_xml_dtd: children \'$child\' of entity \'$name\' does not have a proper occurence code.\n"; |
905
|
|
|
|
|
|
|
$ret++; |
906
|
|
|
|
|
|
|
} else { |
907
|
|
|
|
|
|
|
# check children's validity |
908
|
|
|
|
|
|
|
$ret += check_xml_dtd($dtd, substr($child,1), $depth+1); |
909
|
|
|
|
|
|
|
} |
910
|
|
|
|
|
|
|
} |
911
|
|
|
|
|
|
|
} |
912
|
|
|
|
|
|
|
|
913
|
|
|
|
|
|
|
return $ret; |
914
|
|
|
|
|
|
|
} |
915
|
|
|
|
|
|
|
|
916
|
|
|
|
|
|
|
|
917
|
|
|
|
|
|
|
|
918
|
|
|
|
|
|
|
##-------------------------------------------------------------------------------- |
919
|
|
|
|
|
|
|
## |
920
|
|
|
|
|
|
|
## MODULE LOAD TIME INITIALISATION |
921
|
|
|
|
|
|
|
## |
922
|
|
|
|
|
|
|
##-------------------------------------------------------------------------------- |
923
|
|
|
|
|
|
|
|
924
|
|
|
|
|
|
|
# DTD engine initialization: |
925
|
|
|
|
|
|
|
# load the IODEF root classes: Incident, and build the intermediary |
926
|
|
|
|
|
|
|
# structures representing the DTD (EXPAND_PATH & CHECK_VALUE) used by API calls |
927
|
|
|
|
|
|
|
# such as add(). |
928
|
|
|
|
|
|
|
load_xml_dtd($IODEF_DTD, "IODEF-Document"); |
929
|
|
|
|
|
|
|
|
930
|
|
|
|
|
|
|
|
931
|
|
|
|
|
|
|
|
932
|
|
|
|
|
|
|
# return true to package loader |
933
|
|
|
|
|
|
|
1; |
934
|
|
|
|
|
|
|
|
935
|
|
|
|
|
|
|
|
936
|
|
|
|
|
|
|
|
937
|
|
|
|
|
|
|
|
938
|
|
|
|
|
|
|
|
939
|
|
|
|
|
|
|
##-------------------------------------------------------------------------------- |
940
|
|
|
|
|
|
|
## |
941
|
|
|
|
|
|
|
## |
942
|
|
|
|
|
|
|
## OBJECT METHODS: |
943
|
|
|
|
|
|
|
## --------------- |
944
|
|
|
|
|
|
|
## |
945
|
|
|
|
|
|
|
## |
946
|
|
|
|
|
|
|
##-------------------------------------------------------------------------------- |
947
|
|
|
|
|
|
|
|
948
|
|
|
|
|
|
|
|
949
|
|
|
|
|
|
|
|
950
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
951
|
|
|
|
|
|
|
## |
952
|
|
|
|
|
|
|
## new IODEF() |
953
|
|
|
|
|
|
|
## |
954
|
|
|
|
|
|
|
## RETURN |
955
|
|
|
|
|
|
|
## a new empty IODEF message, with initiated doctype and xml declaration |
956
|
|
|
|
|
|
|
## as well as root element and IODEF version tag. |
957
|
|
|
|
|
|
|
## |
958
|
|
|
|
|
|
|
## DESC |
959
|
|
|
|
|
|
|
## create a new empty iodef message |
960
|
|
|
|
|
|
|
## |
961
|
|
|
|
|
|
|
## EXAMPLES: |
962
|
|
|
|
|
|
|
## $iodef = new XML::IODEF(); |
963
|
|
|
|
|
|
|
## |
964
|
|
|
|
|
|
|
|
965
|
|
|
|
|
|
|
sub new { |
966
|
|
|
|
|
|
|
my($iodef, $doc, $x); |
967
|
|
|
|
|
|
|
|
968
|
|
|
|
|
|
|
$iodef = {}; |
969
|
|
|
|
|
|
|
bless($iodef, "XML::IODEF"); |
970
|
|
|
|
|
|
|
|
971
|
|
|
|
|
|
|
$doc = new XML::DOM::Document(); |
972
|
|
|
|
|
|
|
|
973
|
|
|
|
|
|
|
#$x = $doc->createDocumentType($DOCTYPE_NAME, $DOCTYPE_SYSID, $DOCTYPE_PUBID); |
974
|
|
|
|
|
|
|
#$doc->setDoctype($x); |
975
|
|
|
|
|
|
|
|
976
|
|
|
|
|
|
|
$x = $doc->createXMLDecl($XML_DECL_VER, $XML_DECL_ENC); |
977
|
|
|
|
|
|
|
$doc->setXMLDecl($x); |
978
|
|
|
|
|
|
|
|
979
|
|
|
|
|
|
|
$iodef->{"DOM"} = $doc; |
980
|
|
|
|
|
|
|
|
981
|
|
|
|
|
|
|
$iodef->add("version", $IODEF_VERSION); |
982
|
|
|
|
|
|
|
# $iodef->add("xmlns:iodef", "urn:ietf:params:xml:ns:iodef-1.0"); |
983
|
|
|
|
|
|
|
$iodef->add("xmlns:xsi","http://www.w3.org/2001/XMLSchema-instance"); |
984
|
|
|
|
|
|
|
$iodef->add("xsi:schemaLocation","urn:ietf:params:xmls:schema:iodef-1.0"); |
985
|
|
|
|
|
|
|
|
986
|
|
|
|
|
|
|
return $iodef; |
987
|
|
|
|
|
|
|
} |
988
|
|
|
|
|
|
|
|
989
|
|
|
|
|
|
|
|
990
|
|
|
|
|
|
|
|
991
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
992
|
|
|
|
|
|
|
## |
993
|
|
|
|
|
|
|
## in(, ) |
994
|
|
|
|
|
|
|
## |
995
|
|
|
|
|
|
|
## ARGS: |
996
|
|
|
|
|
|
|
## iodef object |
997
|
|
|
|
|
|
|
## can be either a path to an IODEF file to load, or an IODEF string. |
998
|
|
|
|
|
|
|
## if it is an empty string, a new empty IODEF message is created. |
999
|
|
|
|
|
|
|
## RETURN: |
1000
|
|
|
|
|
|
|
## a hash to the loaded IODEF message |
1001
|
|
|
|
|
|
|
## |
1002
|
|
|
|
|
|
|
## DESC: |
1003
|
|
|
|
|
|
|
## loads an iodef message into an IODEF container (a hash with XML::Simple syntax) |
1004
|
|
|
|
|
|
|
## the input can either be a string, a file or an empty string. if the parsed IODEF |
1005
|
|
|
|
|
|
|
## message does not include an XML or DOCTYPE declaration, it will be added, assuming |
1006
|
|
|
|
|
|
|
## IODEF v1.0 as the default. |
1007
|
|
|
|
|
|
|
## |
1008
|
|
|
|
|
|
|
## EXAMPLES: |
1009
|
|
|
|
|
|
|
## my $iodef = (new XML::IODEF)->in("/home/user/iodef.xml"); |
1010
|
|
|
|
|
|
|
## $iodef = $iodef->in(""); |
1011
|
|
|
|
|
|
|
## |
1012
|
|
|
|
|
|
|
|
1013
|
|
|
|
|
|
|
sub in { |
1014
|
|
|
|
|
|
|
my($iodef, $arg) = @_; |
1015
|
|
|
|
|
|
|
my($doc, $parser, $x); |
1016
|
|
|
|
|
|
|
|
1017
|
|
|
|
|
|
|
# if no param, create empty XML::IODEF doc |
1018
|
|
|
|
|
|
|
return new XML::IODEF if (!defined($iodef)); |
1019
|
|
|
|
|
|
|
return new XML::IODEF if (!defined($arg)); |
1020
|
|
|
|
|
|
|
|
1021
|
|
|
|
|
|
|
# parse IODEF string or file |
1022
|
|
|
|
|
|
|
$parser = XML::DOM::Parser->new; |
1023
|
|
|
|
|
|
|
|
1024
|
|
|
|
|
|
|
# is $arg an iodef string or a filepath? test if it starts with < |
1025
|
|
|
|
|
|
|
$arg =~ / *(.)/; |
1026
|
|
|
|
|
|
|
if ($1 eq "<") { |
1027
|
|
|
|
|
|
|
$doc = $parser->parse($arg); |
1028
|
|
|
|
|
|
|
} else { |
1029
|
|
|
|
|
|
|
$doc = $parser->parsefile($arg); |
1030
|
|
|
|
|
|
|
} |
1031
|
|
|
|
|
|
|
|
1032
|
|
|
|
|
|
|
# check that the document has a DOCTYPE and an XML declaration |
1033
|
|
|
|
|
|
|
#if (!defined($doc->getDoctype())) { |
1034
|
|
|
|
|
|
|
#$x = $doc->createDocumentType($DOCTYPE_NAME, $DOCTYPE_SYSID, $DOCTYPE_PUBID); |
1035
|
|
|
|
|
|
|
#$doc->setDoctype($x); |
1036
|
|
|
|
|
|
|
#} |
1037
|
|
|
|
|
|
|
|
1038
|
|
|
|
|
|
|
if (!defined($doc->getXMLDecl())) { |
1039
|
|
|
|
|
|
|
$x = $doc->createXMLDecl($XML_DECL_VER, $XML_DECL_ENC); |
1040
|
|
|
|
|
|
|
$doc->setXMLDecl($x); |
1041
|
|
|
|
|
|
|
} |
1042
|
|
|
|
|
|
|
|
1043
|
|
|
|
|
|
|
$iodef->{"DOM"} = $doc; |
1044
|
|
|
|
|
|
|
|
1045
|
|
|
|
|
|
|
return $iodef; |
1046
|
|
|
|
|
|
|
} |
1047
|
|
|
|
|
|
|
|
1048
|
|
|
|
|
|
|
|
1049
|
|
|
|
|
|
|
|
1050
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1051
|
|
|
|
|
|
|
## |
1052
|
|
|
|
|
|
|
## out() |
1053
|
|
|
|
|
|
|
## |
1054
|
|
|
|
|
|
|
## ARGS: |
1055
|
|
|
|
|
|
|
## an XML::IODEF object |
1056
|
|
|
|
|
|
|
## |
1057
|
|
|
|
|
|
|
## RETURN: |
1058
|
|
|
|
|
|
|
## a string containing the corresponding IODEF message |
1059
|
|
|
|
|
|
|
## |
1060
|
|
|
|
|
|
|
## EXAMPLES: |
1061
|
|
|
|
|
|
|
## $string = $iodef->out(); |
1062
|
|
|
|
|
|
|
## |
1063
|
|
|
|
|
|
|
|
1064
|
|
|
|
|
|
|
sub out { |
1065
|
|
|
|
|
|
|
my $iodef = shift; |
1066
|
|
|
|
|
|
|
return $iodef->{"DOM"}->toString; |
1067
|
|
|
|
|
|
|
} |
1068
|
|
|
|
|
|
|
|
1069
|
|
|
|
|
|
|
|
1070
|
|
|
|
|
|
|
|
1071
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1072
|
|
|
|
|
|
|
## |
1073
|
|
|
|
|
|
|
## get_root() |
1074
|
|
|
|
|
|
|
## |
1075
|
|
|
|
|
|
|
## ARGS: |
1076
|
|
|
|
|
|
|
## an XML::IODEF object |
1077
|
|
|
|
|
|
|
## |
1078
|
|
|
|
|
|
|
## RETURN: |
1079
|
|
|
|
|
|
|
## a string representing the name of the root element of the IODEF message, |
1080
|
|
|
|
|
|
|
## normally "IODEF-Document", or undef if no root element defined. |
1081
|
|
|
|
|
|
|
## |
1082
|
|
|
|
|
|
|
## EXAMPLES: |
1083
|
|
|
|
|
|
|
## $iodef = new XML::IODEF(); |
1084
|
|
|
|
|
|
|
## $iodef->add("IncidentIncidentID", "#12345"); |
1085
|
|
|
|
|
|
|
## $root = $iodef->get_root(); # $type now contains the string "IODEF-Document" |
1086
|
|
|
|
|
|
|
## |
1087
|
|
|
|
|
|
|
|
1088
|
|
|
|
|
|
|
sub get_root { |
1089
|
|
|
|
|
|
|
my $iodef = shift; |
1090
|
|
|
|
|
|
|
|
1091
|
|
|
|
|
|
|
my $c = $iodef->{"DOM"}->getDocumentElement(); |
1092
|
|
|
|
|
|
|
return $c->getTagName() |
1093
|
|
|
|
|
|
|
if (defined($c)); |
1094
|
|
|
|
|
|
|
|
1095
|
|
|
|
|
|
|
return undef; |
1096
|
|
|
|
|
|
|
} |
1097
|
|
|
|
|
|
|
|
1098
|
|
|
|
|
|
|
|
1099
|
|
|
|
|
|
|
|
1100
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1101
|
|
|
|
|
|
|
## |
1102
|
|
|
|
|
|
|
## get_type() |
1103
|
|
|
|
|
|
|
## |
1104
|
|
|
|
|
|
|
## ARGS: |
1105
|
|
|
|
|
|
|
## an XML::IODEF object |
1106
|
|
|
|
|
|
|
## |
1107
|
|
|
|
|
|
|
## RETURN: |
1108
|
|
|
|
|
|
|
## a string representing the type of IODEF message ("Incident"...) |
1109
|
|
|
|
|
|
|
## or undef if this message does not have a type yet. |
1110
|
|
|
|
|
|
|
## |
1111
|
|
|
|
|
|
|
## EXAMPLES: |
1112
|
|
|
|
|
|
|
## $iodef = new XML::IODEF(); |
1113
|
|
|
|
|
|
|
## $iodef->add("IncidentIncidentID", "#12345"); |
1114
|
|
|
|
|
|
|
## $type = $iodef->get_type(); # $type now contains the string "Incident" |
1115
|
|
|
|
|
|
|
## |
1116
|
|
|
|
|
|
|
|
1117
|
|
|
|
|
|
|
sub get_type { |
1118
|
|
|
|
|
|
|
my $iodef = shift; |
1119
|
|
|
|
|
|
|
|
1120
|
|
|
|
|
|
|
my $c = $iodef->{"DOM"}->getDocumentElement(); |
1121
|
|
|
|
|
|
|
return undef |
1122
|
|
|
|
|
|
|
if (!defined($c)); |
1123
|
|
|
|
|
|
|
|
1124
|
|
|
|
|
|
|
foreach my $n ($c->getChildNodes()) { |
1125
|
|
|
|
|
|
|
return $n->getTagName() |
1126
|
|
|
|
|
|
|
if ($n->getNodeType() == ELEMENT_NODE); |
1127
|
|
|
|
|
|
|
} |
1128
|
|
|
|
|
|
|
|
1129
|
|
|
|
|
|
|
return undef; |
1130
|
|
|
|
|
|
|
} |
1131
|
|
|
|
|
|
|
|
1132
|
|
|
|
|
|
|
|
1133
|
|
|
|
|
|
|
|
1134
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1135
|
|
|
|
|
|
|
## |
1136
|
|
|
|
|
|
|
## contains(, ) |
1137
|
|
|
|
|
|
|
## |
1138
|
|
|
|
|
|
|
## ARGS: |
1139
|
|
|
|
|
|
|
## iodef: a hash representation of an IODEF message, as received from new or in |
1140
|
|
|
|
|
|
|
## tagpath: a string obtained by concatenating the names of the nested tags, from the |
1141
|
|
|
|
|
|
|
## Incident tag down to the closest tag to value. |
1142
|
|
|
|
|
|
|
## |
1143
|
|
|
|
|
|
|
## RETURN: |
1144
|
|
|
|
|
|
|
## 1 if there is at least one value set to the particular tagpath. |
1145
|
|
|
|
|
|
|
## 0 otherwise. |
1146
|
|
|
|
|
|
|
## |
1147
|
|
|
|
|
|
|
|
1148
|
|
|
|
|
|
|
sub contains { |
1149
|
|
|
|
|
|
|
my($iodef, $path) = @_; |
1150
|
|
|
|
|
|
|
my($type, @tagpath, $dom, $att, $n); |
1151
|
|
|
|
|
|
|
|
1152
|
|
|
|
|
|
|
$path = $ROOT.$path; |
1153
|
|
|
|
|
|
|
$dom = $iodef->{"DOM"}->getDocumentElement; |
1154
|
|
|
|
|
|
|
|
1155
|
|
|
|
|
|
|
return 0 if (!defined $dom); |
1156
|
|
|
|
|
|
|
|
1157
|
|
|
|
|
|
|
return 0 if (!exists($EXPAND_PATH->{$path})); |
1158
|
|
|
|
|
|
|
|
1159
|
|
|
|
|
|
|
($type, @tagpath) = @{$EXPAND_PATH->{$path}}; |
1160
|
|
|
|
|
|
|
|
1161
|
|
|
|
|
|
|
$att = pop @tagpath |
1162
|
|
|
|
|
|
|
if ($type eq 'A'); |
1163
|
|
|
|
|
|
|
|
1164
|
|
|
|
|
|
|
if ($type eq 'N' or $type eq 'C') { |
1165
|
|
|
|
|
|
|
defined(find_node($dom, @tagpath)) ? return 1 : return 0; |
1166
|
|
|
|
|
|
|
|
1167
|
|
|
|
|
|
|
} elsif ($type eq 'A') { |
1168
|
|
|
|
|
|
|
$n = find_node($dom, @tagpath); |
1169
|
|
|
|
|
|
|
return 0 if (!defined($n)); |
1170
|
|
|
|
|
|
|
($n->getAttribute($att) ne "") ? return 1 : return 0; |
1171
|
|
|
|
|
|
|
} |
1172
|
|
|
|
|
|
|
|
1173
|
|
|
|
|
|
|
croak "contains: internal error. found element of type $type."; |
1174
|
|
|
|
|
|
|
} |
1175
|
|
|
|
|
|
|
|
1176
|
|
|
|
|
|
|
|
1177
|
|
|
|
|
|
|
|
1178
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
1179
|
|
|
|
|
|
|
# |
1180
|
|
|
|
|
|
|
# find_node($node, @tagpath) |
1181
|
|
|
|
|
|
|
# |
1182
|
|
|
|
|
|
|
# return the last node in @tagpath if @tagpath exists in $dom, |
1183
|
|
|
|
|
|
|
# return undef otherwise |
1184
|
|
|
|
|
|
|
# @tagpath are the name of DOM::Elements inside $dom. no attribute. |
1185
|
|
|
|
|
|
|
# tagpath starts at the root (IODEF-Message) |
1186
|
|
|
|
|
|
|
# if the tagpath occurs multiple times, return the first occurence of it. |
1187
|
|
|
|
|
|
|
# |
1188
|
|
|
|
|
|
|
|
1189
|
|
|
|
|
|
|
sub find_node { |
1190
|
|
|
|
|
|
|
my($node, @tagpath) = @_; |
1191
|
|
|
|
|
|
|
my($name, $n, $m); |
1192
|
|
|
|
|
|
|
|
1193
|
|
|
|
|
|
|
$name = substr(shift(@tagpath), 1); |
1194
|
|
|
|
|
|
|
|
1195
|
|
|
|
|
|
|
if ($node->getTagName() eq $name) { |
1196
|
|
|
|
|
|
|
|
1197
|
|
|
|
|
|
|
return $node |
1198
|
|
|
|
|
|
|
if ((scalar @tagpath) == 0); |
1199
|
|
|
|
|
|
|
|
1200
|
|
|
|
|
|
|
foreach $n ($node->getChildNodes()) { |
1201
|
|
|
|
|
|
|
if ($n->getNodeType() == ELEMENT_NODE) { |
1202
|
|
|
|
|
|
|
$m = find_node($n, @tagpath); |
1203
|
|
|
|
|
|
|
if (defined($m)) { |
1204
|
|
|
|
|
|
|
return $m; |
1205
|
|
|
|
|
|
|
} |
1206
|
|
|
|
|
|
|
} |
1207
|
|
|
|
|
|
|
} |
1208
|
|
|
|
|
|
|
} |
1209
|
|
|
|
|
|
|
|
1210
|
|
|
|
|
|
|
return undef; |
1211
|
|
|
|
|
|
|
} |
1212
|
|
|
|
|
|
|
|
1213
|
|
|
|
|
|
|
|
1214
|
|
|
|
|
|
|
|
1215
|
|
|
|
|
|
|
|
1216
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
1217
|
|
|
|
|
|
|
# |
1218
|
|
|
|
|
|
|
# find_node_in_first_path($node, @tagpath) |
1219
|
|
|
|
|
|
|
# |
1220
|
|
|
|
|
|
|
# similar to find_node(), but look only through the first |
1221
|
|
|
|
|
|
|
# occurence of the tagpath. the node may hence exists somewhere else. |
1222
|
|
|
|
|
|
|
# return the last node in @tagpath if @tagpath exists in $dom, |
1223
|
|
|
|
|
|
|
# return undef otherwise |
1224
|
|
|
|
|
|
|
# |
1225
|
|
|
|
|
|
|
|
1226
|
|
|
|
|
|
|
sub find_node_in_first_path { |
1227
|
|
|
|
|
|
|
my($node, @tagpath) = @_; |
1228
|
|
|
|
|
|
|
my($tag, $name, $n, $next); |
1229
|
|
|
|
|
|
|
|
1230
|
|
|
|
|
|
|
$name = substr(shift @tagpath, 1); |
1231
|
|
|
|
|
|
|
|
1232
|
|
|
|
|
|
|
return undef |
1233
|
|
|
|
|
|
|
if ($node->getTagName() ne $name); |
1234
|
|
|
|
|
|
|
|
1235
|
|
|
|
|
|
|
foreach $tag (@tagpath) { |
1236
|
|
|
|
|
|
|
$name = substr($tag, 1); |
1237
|
|
|
|
|
|
|
|
1238
|
|
|
|
|
|
|
# find a child with right name |
1239
|
|
|
|
|
|
|
$next = undef; |
1240
|
|
|
|
|
|
|
foreach $n ($node->getChildNodes()) { |
1241
|
|
|
|
|
|
|
if ($n->getNodeType() == ELEMENT_NODE and $n->getTagName() eq $name) { |
1242
|
|
|
|
|
|
|
$next = $n; |
1243
|
|
|
|
|
|
|
last; |
1244
|
|
|
|
|
|
|
} |
1245
|
|
|
|
|
|
|
} |
1246
|
|
|
|
|
|
|
|
1247
|
|
|
|
|
|
|
# next child not found |
1248
|
|
|
|
|
|
|
return undef |
1249
|
|
|
|
|
|
|
if (!defined($next)); |
1250
|
|
|
|
|
|
|
|
1251
|
|
|
|
|
|
|
$node = $next; |
1252
|
|
|
|
|
|
|
} |
1253
|
|
|
|
|
|
|
|
1254
|
|
|
|
|
|
|
return $node; |
1255
|
|
|
|
|
|
|
} |
1256
|
|
|
|
|
|
|
|
1257
|
|
|
|
|
|
|
|
1258
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1259
|
|
|
|
|
|
|
## |
1260
|
|
|
|
|
|
|
## add(hash, tagpath, value) |
1261
|
|
|
|
|
|
|
## |
1262
|
|
|
|
|
|
|
## ARGS: |
1263
|
|
|
|
|
|
|
## hash: a hash representation of an IODEF message, as received from new or in |
1264
|
|
|
|
|
|
|
## tagpath: a string obtained by concatenating the names of the nested tags, from the |
1265
|
|
|
|
|
|
|
## Incident tag down to the closest tag to value. |
1266
|
|
|
|
|
|
|
## value: the value (content of a tag, or value of an attribute) of the last tag |
1267
|
|
|
|
|
|
|
## given in tagpath |
1268
|
|
|
|
|
|
|
## |
1269
|
|
|
|
|
|
|
## RETURN: |
1270
|
|
|
|
|
|
|
## 0 if the field was correctly added, and croak otherwise (if you did |
1271
|
|
|
|
|
|
|
## something that goes against the DTD). |
1272
|
|
|
|
|
|
|
## |
1273
|
|
|
|
|
|
|
## DESC: |
1274
|
|
|
|
|
|
|
## Each IODEF field of a given IODEF message can be created through a corresponding add() |
1275
|
|
|
|
|
|
|
## call. These interfaces are designed for easily building a new IODEF message while |
1276
|
|
|
|
|
|
|
## parsing a log file. The 'tagpath' is the same as returned by the 'to_hash' call. |
1277
|
|
|
|
|
|
|
## |
1278
|
|
|
|
|
|
|
## RESTRICTIONS: |
1279
|
|
|
|
|
|
|
## You cannot change an attribute value with add(). An attempt to run add() on an attribute |
1280
|
|
|
|
|
|
|
## that already exists will just be ignored. Contents cannot be changed either, but a new |
1281
|
|
|
|
|
|
|
## tag can be created if you are adding an iodef content that can occur multiple time (ex: |
1282
|
|
|
|
|
|
|
## UserIdname, AdditionalData...). |
1283
|
|
|
|
|
|
|
## |
1284
|
|
|
|
|
|
|
## SPECIAL CASE: AdditionalData |
1285
|
|
|
|
|
|
|
## AdditionalData is a special tag requiring at least 2 add() calls to build a valid node. In |
1286
|
|
|
|
|
|
|
## case of multiple AdditionalData delaration, take care of building AdditionalData nodes one |
1287
|
|
|
|
|
|
|
## at a time, and always begin by adding the "AddtitionalData" field (ie the tag's content). |
1288
|
|
|
|
|
|
|
## Otherwise, the iodef key insertion engine will get lost, and you'll get scrap. |
1289
|
|
|
|
|
|
|
## |
1290
|
|
|
|
|
|
|
## As a response to this issue, the 'add("IncidentAdditionalData", "value")' call accepts an |
1291
|
|
|
|
|
|
|
## extended syntax compared with other calls: |
1292
|
|
|
|
|
|
|
## |
1293
|
|
|
|
|
|
|
## add("IncidentAdditionalData", ); |
1294
|
|
|
|
|
|
|
## => add the content to Incident/AdditionalData |
1295
|
|
|
|
|
|
|
## |
1296
|
|
|
|
|
|
|
## add("IncidentAdditionalData", , ); |
1297
|
|
|
|
|
|
|
## => same as: (type string is assumed by default) |
1298
|
|
|
|
|
|
|
## add("IncidentAdditionalData", ); |
1299
|
|
|
|
|
|
|
## add("IncidentAdditionalDatameaning", ); |
1300
|
|
|
|
|
|
|
## add("IncidentAdditionalDatadtype", "string"); |
1301
|
|
|
|
|
|
|
## |
1302
|
|
|
|
|
|
|
## add("IncidentAdditionalData", , , ); |
1303
|
|
|
|
|
|
|
## => same as: |
1304
|
|
|
|
|
|
|
## add("IncidentAdditionalData", ); |
1305
|
|
|
|
|
|
|
## add("IncidentAdditionalDatameaning", ); |
1306
|
|
|
|
|
|
|
## add("IncidentAdditionalDatadtype", ); |
1307
|
|
|
|
|
|
|
## |
1308
|
|
|
|
|
|
|
## The use of add("IncidentAdditionalData", , , ); is prefered to the simple |
1309
|
|
|
|
|
|
|
## add call, since it creates the whole AdditionalData node at once. In the case of |
1310
|
|
|
|
|
|
|
## multiple arguments add("IncidentAdditionalData"...), the returned value is 1 if the type key |
1311
|
|
|
|
|
|
|
## was inserted, 0 otherwise. |
1312
|
|
|
|
|
|
|
## |
1313
|
|
|
|
|
|
|
## |
1314
|
|
|
|
|
|
|
## EXAMPLES: |
1315
|
|
|
|
|
|
|
## |
1316
|
|
|
|
|
|
|
## my $iodef = new XML::IODEF(); |
1317
|
|
|
|
|
|
|
## |
1318
|
|
|
|
|
|
|
## $iodef->add("IncidentIncidentID", ""); |
1319
|
|
|
|
|
|
|
## |
1320
|
|
|
|
|
|
|
## $iodef->add($iodef, "Incidentrestriction", ""); |
1321
|
|
|
|
|
|
|
## |
1322
|
|
|
|
|
|
|
## # AdditionalData case: |
1323
|
|
|
|
|
|
|
## # DO: |
1324
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value"); # content add first |
1325
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatadtype", "string"); # ok |
1326
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatameaning", "meaning"); # ok |
1327
|
|
|
|
|
|
|
## |
1328
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value2"); # content add first |
1329
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatadtype", "string"); # ok |
1330
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatameaning", "meaning2"); # ok |
1331
|
|
|
|
|
|
|
## |
1332
|
|
|
|
|
|
|
## # or BETTER: |
1333
|
|
|
|
|
|
|
## |
1334
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value", "meaning", "string"); # VERY GOOD |
1335
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value2", "meaning2"); # VERY GOOD (string type is default) |
1336
|
|
|
|
|
|
|
## |
1337
|
|
|
|
|
|
|
## |
1338
|
|
|
|
|
|
|
## # DO NOT DO: |
1339
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value"); # BAD!! content should be declared first |
1340
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatameaning", "meaning2"); # BAD!! content first! |
1341
|
|
|
|
|
|
|
## |
1342
|
|
|
|
|
|
|
## # DO NOT DO: |
1343
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value"); # BAD!!!!! mixing node declarations |
1344
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value2"); # BAD!!!!! for value & value2 |
1345
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatadtype", "string"); # BAD!!!!! |
1346
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatadtype", "string"); # BAD!!!!! |
1347
|
|
|
|
|
|
|
|
1348
|
|
|
|
|
|
|
## TODO -- test ext-value and ext-dtype |
1349
|
|
|
|
|
|
|
|
1350
|
|
|
|
|
|
|
sub add { |
1351
|
|
|
|
|
|
|
my ($tag, $root, $dom, $c); |
1352
|
|
|
|
|
|
|
my ($iodef, $path, $value, @tail) = @_; |
1353
|
|
|
|
|
|
|
|
1354
|
|
|
|
|
|
|
$path = $ROOT.$path; |
1355
|
|
|
|
|
|
|
$dom = $iodef->{"DOM"}; |
1356
|
|
|
|
|
|
|
$root = $dom->getDocumentElement; |
1357
|
|
|
|
|
|
|
|
1358
|
|
|
|
|
|
|
# create a root element if none exists |
1359
|
|
|
|
|
|
|
if (!defined $root) { |
1360
|
|
|
|
|
|
|
$root = $dom->createElement($ROOT); |
1361
|
|
|
|
|
|
|
$dom->appendChild($root); |
1362
|
|
|
|
|
|
|
} |
1363
|
|
|
|
|
|
|
|
1364
|
|
|
|
|
|
|
# is this a known tagpath? |
1365
|
|
|
|
|
|
|
if (!exists($EXPAND_PATH->{$path})) { |
1366
|
|
|
|
|
|
|
croak "add: $path is not a known IODEF tag path (IODEF v$IODEF_VERSION)."; |
1367
|
|
|
|
|
|
|
} |
1368
|
|
|
|
|
|
|
|
1369
|
|
|
|
|
|
|
# if it is an attribute or a content, did we get a value? |
1370
|
|
|
|
|
|
|
$c = ${$EXPAND_PATH->{$path}}[0]; |
1371
|
|
|
|
|
|
|
croak "add: $path is an attribute or a content and requires a value (which you did not give)." |
1372
|
|
|
|
|
|
|
if (($c eq 'A' or $c eq 'C') and !defined($value)); |
1373
|
|
|
|
|
|
|
|
1374
|
|
|
|
|
|
|
# check if value is valid |
1375
|
|
|
|
|
|
|
if (exists($CHECK_VALUE->{$path})) { |
1376
|
|
|
|
|
|
|
check_allowed($path, $value, @{$CHECK_VALUE->{$path}}); |
1377
|
|
|
|
|
|
|
} |
1378
|
|
|
|
|
|
|
|
1379
|
|
|
|
|
|
|
# add key to path |
1380
|
|
|
|
|
|
|
$tag = @{$EXPAND_PATH->{$path}}[3]; |
1381
|
|
|
|
|
|
|
|
1382
|
|
|
|
|
|
|
# check if it is AdditionalData |
1383
|
|
|
|
|
|
|
## TODO: check for ext-value settings |
1384
|
|
|
|
|
|
|
if (defined($tag) && substr($tag,1) eq "AdditionalData") { |
1385
|
|
|
|
|
|
|
|
1386
|
|
|
|
|
|
|
if (scalar(@tail) == 0) { |
1387
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path, $value); |
1388
|
|
|
|
|
|
|
} elsif (scalar(@tail) == 1) { |
1389
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path, $value); |
1390
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path."meaning", $tail[0]); |
1391
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path."dtype", "string"); |
1392
|
|
|
|
|
|
|
} elsif (scalar(@tail) == 2) { |
1393
|
|
|
|
|
|
|
check_allowed($path."type", $tail[1], @{$CHECK_VALUE->{$path."dtype"}}); |
1394
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path, $value); |
1395
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path."meaning", $tail[0]); |
1396
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path."dtype", $tail[1]); |
1397
|
|
|
|
|
|
|
} else { |
1398
|
|
|
|
|
|
|
croak "add: wrong number of arguments given to add(\"$path\")"; |
1399
|
|
|
|
|
|
|
} |
1400
|
|
|
|
|
|
|
} |
1401
|
|
|
|
|
|
|
else |
1402
|
|
|
|
|
|
|
{ |
1403
|
|
|
|
|
|
|
add_in_dom($dom, $root, $path, $value); |
1404
|
|
|
|
|
|
|
} |
1405
|
|
|
|
|
|
|
|
1406
|
|
|
|
|
|
|
return 0; |
1407
|
|
|
|
|
|
|
} |
1408
|
|
|
|
|
|
|
|
1409
|
|
|
|
|
|
|
|
1410
|
|
|
|
|
|
|
|
1411
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
1412
|
|
|
|
|
|
|
# |
1413
|
|
|
|
|
|
|
# add_in_dom($root, $tagpath [, $value]) |
1414
|
|
|
|
|
|
|
# |
1415
|
|
|
|
|
|
|
# if their is a value, add this value to the tagpath, otherwise add the |
1416
|
|
|
|
|
|
|
# node pointed by tagpath. return the changed node. |
1417
|
|
|
|
|
|
|
# |
1418
|
|
|
|
|
|
|
|
1419
|
|
|
|
|
|
|
sub add_in_dom { |
1420
|
|
|
|
|
|
|
my($dom, $root, $path, $val) = @_; |
1421
|
|
|
|
|
|
|
my($type, @tagpath, $att, $node, $text, $n); |
1422
|
|
|
|
|
|
|
|
1423
|
|
|
|
|
|
|
# find the tagpath corresponding to $path |
1424
|
|
|
|
|
|
|
($type, @tagpath) = @{$EXPAND_PATH->{$path}}; |
1425
|
|
|
|
|
|
|
|
1426
|
|
|
|
|
|
|
if ($type eq 'N') { |
1427
|
|
|
|
|
|
|
# we want to add a node |
1428
|
|
|
|
|
|
|
$node = find_node_in_first_path($root, @tagpath); |
1429
|
|
|
|
|
|
|
|
1430
|
|
|
|
|
|
|
if (defined $node) { |
1431
|
|
|
|
|
|
|
return duplicate_node_path($dom, $root, @tagpath); |
1432
|
|
|
|
|
|
|
} else { |
1433
|
|
|
|
|
|
|
return create_node_path($dom, $root, @tagpath); |
1434
|
|
|
|
|
|
|
} |
1435
|
|
|
|
|
|
|
|
1436
|
|
|
|
|
|
|
} elsif ($type eq 'A') { |
1437
|
|
|
|
|
|
|
# we want to add an attribute |
1438
|
|
|
|
|
|
|
$att = pop @tagpath; |
1439
|
|
|
|
|
|
|
$node = find_node_in_first_path($root, @tagpath); |
1440
|
|
|
|
|
|
|
|
1441
|
|
|
|
|
|
|
if (!defined $node) { |
1442
|
|
|
|
|
|
|
$node = create_node_path($dom, $root, @tagpath); |
1443
|
|
|
|
|
|
|
} else { |
1444
|
|
|
|
|
|
|
# if attribute already set, try to duplicate node |
1445
|
|
|
|
|
|
|
if ($node->getAttribute($att) ne "") { |
1446
|
|
|
|
|
|
|
$node = duplicate_node_path($dom, $root, @tagpath); |
1447
|
|
|
|
|
|
|
} |
1448
|
|
|
|
|
|
|
} |
1449
|
|
|
|
|
|
|
|
1450
|
|
|
|
|
|
|
# add attribute |
1451
|
|
|
|
|
|
|
$node->setAttribute($att, $val); |
1452
|
|
|
|
|
|
|
|
1453
|
|
|
|
|
|
|
return $node; |
1454
|
|
|
|
|
|
|
|
1455
|
|
|
|
|
|
|
} elsif ($type eq 'C') { |
1456
|
|
|
|
|
|
|
# we want to add a content |
1457
|
|
|
|
|
|
|
$node = find_node_in_first_path($root, @tagpath); |
1458
|
|
|
|
|
|
|
|
1459
|
|
|
|
|
|
|
# if node does not exists, create it |
1460
|
|
|
|
|
|
|
if (!defined $node) { |
1461
|
|
|
|
|
|
|
$node = create_node_path($dom, $root, @tagpath); |
1462
|
|
|
|
|
|
|
} |
1463
|
|
|
|
|
|
|
|
1464
|
|
|
|
|
|
|
|
1465
|
|
|
|
|
|
|
# find this node's Text node |
1466
|
|
|
|
|
|
|
foreach $n ($node->getChildNodes()) { |
1467
|
|
|
|
|
|
|
if ($n->getNodeType() == TEXT_NODE) { |
1468
|
|
|
|
|
|
|
# node already has text child. duplicate node |
1469
|
|
|
|
|
|
|
$n = duplicate_node_path($dom, $root, @tagpath); |
1470
|
|
|
|
|
|
|
$node = $n; |
1471
|
|
|
|
|
|
|
last; |
1472
|
|
|
|
|
|
|
} |
1473
|
|
|
|
|
|
|
} |
1474
|
|
|
|
|
|
|
|
1475
|
|
|
|
|
|
|
# found a node that does not have any text element. create text. |
1476
|
|
|
|
|
|
|
$n = $dom->createTextNode($val); |
1477
|
|
|
|
|
|
|
$node->appendChild($n); |
1478
|
|
|
|
|
|
|
|
1479
|
|
|
|
|
|
|
return $node; |
1480
|
|
|
|
|
|
|
} |
1481
|
|
|
|
|
|
|
|
1482
|
|
|
|
|
|
|
croak "add_in_dom: internal error. found element of type $type."; |
1483
|
|
|
|
|
|
|
} |
1484
|
|
|
|
|
|
|
|
1485
|
|
|
|
|
|
|
|
1486
|
|
|
|
|
|
|
|
1487
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
1488
|
|
|
|
|
|
|
# |
1489
|
|
|
|
|
|
|
# create_node_path($root, @tagpath) |
1490
|
|
|
|
|
|
|
# |
1491
|
|
|
|
|
|
|
# create all nodes in @tagpath, and return the last node in tagpath. |
1492
|
|
|
|
|
|
|
# all nodes in @tagpath are elements. |
1493
|
|
|
|
|
|
|
# create_node assumes that $root is a non null element, which usually |
1494
|
|
|
|
|
|
|
# implies that the iodef dom document should have a root. |
1495
|
|
|
|
|
|
|
# |
1496
|
|
|
|
|
|
|
|
1497
|
|
|
|
|
|
|
sub create_node_path { |
1498
|
|
|
|
|
|
|
my($dom, $root, @tagpath) = @_; |
1499
|
|
|
|
|
|
|
@tagpath = map({substr($_,1)} @tagpath); |
1500
|
|
|
|
|
|
|
return create_node_internal($dom, $root, @tagpath); |
1501
|
|
|
|
|
|
|
} |
1502
|
|
|
|
|
|
|
|
1503
|
|
|
|
|
|
|
sub create_node_internal { |
1504
|
|
|
|
|
|
|
my($dom, $node, @tagpath) = @_; |
1505
|
|
|
|
|
|
|
my($name_node, $name_next, @child_order, $i, $pos, $next_child, $pos2, $name, $new, @a, $n); |
1506
|
|
|
|
|
|
|
|
1507
|
|
|
|
|
|
|
$name_node = shift @tagpath; |
1508
|
|
|
|
|
|
|
$name_next = shift @tagpath; |
1509
|
|
|
|
|
|
|
|
1510
|
|
|
|
|
|
|
croak "create_node: got empty tagpath." |
1511
|
|
|
|
|
|
|
if (!defined $name_node); |
1512
|
|
|
|
|
|
|
|
1513
|
|
|
|
|
|
|
return undef |
1514
|
|
|
|
|
|
|
if ($node->getTagName() ne $name_node); |
1515
|
|
|
|
|
|
|
|
1516
|
|
|
|
|
|
|
return $node |
1517
|
|
|
|
|
|
|
if (!defined $name_next); |
1518
|
|
|
|
|
|
|
|
1519
|
|
|
|
|
|
|
# lookup children order for $name_node in DTD |
1520
|
|
|
|
|
|
|
@child_order = @{$DTD->{$name_node}->{CHILDREN}}; |
1521
|
|
|
|
|
|
|
@child_order = map({substr $_, 1} @child_order); |
1522
|
|
|
|
|
|
|
|
1523
|
|
|
|
|
|
|
# this expression finds the offset in @children of the last occurence of $name_next |
1524
|
|
|
|
|
|
|
for($pos=0, $i=0; $i < scalar(@child_order); $i++) { |
1525
|
|
|
|
|
|
|
$pos = $i if ($child_order[$i] eq $name_next); |
1526
|
|
|
|
|
|
|
} |
1527
|
|
|
|
|
|
|
|
1528
|
|
|
|
|
|
|
# go through all children, and insert new node before first following kid |
1529
|
|
|
|
|
|
|
$next_child = undef; |
1530
|
|
|
|
|
|
|
|
1531
|
|
|
|
|
|
|
foreach $n ($node->getChildNodes()) { |
1532
|
|
|
|
|
|
|
|
1533
|
|
|
|
|
|
|
if ($n->getNodeType() == ELEMENT_NODE) { |
1534
|
|
|
|
|
|
|
$name = $n->getTagName; |
1535
|
|
|
|
|
|
|
|
1536
|
|
|
|
|
|
|
# if we found the node we searched, loop in it |
1537
|
|
|
|
|
|
|
if ($name eq $name_next) { |
1538
|
|
|
|
|
|
|
return create_node_internal($dom, $n, $name_next, @tagpath); |
1539
|
|
|
|
|
|
|
} |
1540
|
|
|
|
|
|
|
|
1541
|
|
|
|
|
|
|
# check if we found a node that should occur after the one to be inserted |
1542
|
|
|
|
|
|
|
# if so, break the loop and create a new node before it |
1543
|
|
|
|
|
|
|
for($pos2=0, $i=0; $i < scalar(@child_order); $i++) { |
1544
|
|
|
|
|
|
|
if ($child_order[$i] eq $name) { |
1545
|
|
|
|
|
|
|
$pos2 = $i; |
1546
|
|
|
|
|
|
|
last; |
1547
|
|
|
|
|
|
|
} |
1548
|
|
|
|
|
|
|
} |
1549
|
|
|
|
|
|
|
|
1550
|
|
|
|
|
|
|
if ($pos2 > $pos) { |
1551
|
|
|
|
|
|
|
$next_child = $n; |
1552
|
|
|
|
|
|
|
last; |
1553
|
|
|
|
|
|
|
} |
1554
|
|
|
|
|
|
|
} |
1555
|
|
|
|
|
|
|
} |
1556
|
|
|
|
|
|
|
|
1557
|
|
|
|
|
|
|
# create a new node and insert it at the right place |
1558
|
|
|
|
|
|
|
$new = $dom->createElement($name_next); |
1559
|
|
|
|
|
|
|
$node->insertBefore($new, $next_child); |
1560
|
|
|
|
|
|
|
|
1561
|
|
|
|
|
|
|
return create_node_internal($dom, $new, $name_next, @tagpath); |
1562
|
|
|
|
|
|
|
} |
1563
|
|
|
|
|
|
|
|
1564
|
|
|
|
|
|
|
|
1565
|
|
|
|
|
|
|
|
1566
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
1567
|
|
|
|
|
|
|
# |
1568
|
|
|
|
|
|
|
# duplicate_node_path($dom, $root, @tagpath) |
1569
|
|
|
|
|
|
|
# |
1570
|
|
|
|
|
|
|
# duplicate the last node in @tagpath, ie |
1571
|
|
|
|
|
|
|
# find the closest parent to that node that accepts multiple occurences |
1572
|
|
|
|
|
|
|
# of node path, create a new instance of the node, and call create_node |
1573
|
|
|
|
|
|
|
# to recreate all elements down to the node. return the duplicated node |
1574
|
|
|
|
|
|
|
# |
1575
|
|
|
|
|
|
|
|
1576
|
|
|
|
|
|
|
sub duplicate_node_path { |
1577
|
|
|
|
|
|
|
my($dom, $root, @node_path) = @_; |
1578
|
|
|
|
|
|
|
my($name, $node, $new, $next, $array, @tail, $i, $c, @array); |
1579
|
|
|
|
|
|
|
|
1580
|
|
|
|
|
|
|
# find the closest parent of last node, having multiple occurences |
1581
|
|
|
|
|
|
|
for ($i = (scalar @node_path) - 1; $i > 0; $i--) { |
1582
|
|
|
|
|
|
|
last if ($node_path[$i] =~ /^[\+\#\*]/); |
1583
|
|
|
|
|
|
|
} |
1584
|
|
|
|
|
|
|
|
1585
|
|
|
|
|
|
|
croak "add - duplicate_node: could not duplicate node".(pop @node_path).". no duplicable parent." |
1586
|
|
|
|
|
|
|
if ($i == 0); |
1587
|
|
|
|
|
|
|
|
1588
|
|
|
|
|
|
|
# duplicate the node at $i-2 in @node_path |
1589
|
|
|
|
|
|
|
@tail = splice(@node_path, $i+1); |
1590
|
|
|
|
|
|
|
$name = pop @node_path; |
1591
|
|
|
|
|
|
|
|
1592
|
|
|
|
|
|
|
# try to find the node to duplicate |
1593
|
|
|
|
|
|
|
$node = find_node($root, @node_path, $name) || |
1594
|
|
|
|
|
|
|
croak "duplicate_node_path: did not find node to duplicate. impossible."; |
1595
|
|
|
|
|
|
|
|
1596
|
|
|
|
|
|
|
# create new instance of 'name' and insert before $node |
1597
|
|
|
|
|
|
|
$new = $dom->createElement(substr($name, 1)); |
1598
|
|
|
|
|
|
|
$node->getParentNode()->insertBefore($new, $node); |
1599
|
|
|
|
|
|
|
|
1600
|
|
|
|
|
|
|
# build all node path in the original @node_path, and return the last |
1601
|
|
|
|
|
|
|
return create_node_path($dom, $root, @node_path, $name, @tail); |
1602
|
|
|
|
|
|
|
} |
1603
|
|
|
|
|
|
|
|
1604
|
|
|
|
|
|
|
|
1605
|
|
|
|
|
|
|
|
1606
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
1607
|
|
|
|
|
|
|
# |
1608
|
|
|
|
|
|
|
# check_allowed(path, key, @list); |
1609
|
|
|
|
|
|
|
# |
1610
|
|
|
|
|
|
|
# check that key is one element of list. |
1611
|
|
|
|
|
|
|
# returns 1 if it is, 0 if key is not in and |
1612
|
|
|
|
|
|
|
# croak |
1613
|
|
|
|
|
|
|
# |
1614
|
|
|
|
|
|
|
|
1615
|
|
|
|
|
|
|
sub check_allowed { |
1616
|
|
|
|
|
|
|
my($path, $key, $v, @vals); |
1617
|
|
|
|
|
|
|
($path, $key, @vals)= @_; |
1618
|
|
|
|
|
|
|
|
1619
|
|
|
|
|
|
|
foreach $v (@vals) { |
1620
|
|
|
|
|
|
|
return 1 if ($v eq $key); |
1621
|
|
|
|
|
|
|
} |
1622
|
|
|
|
|
|
|
|
1623
|
|
|
|
|
|
|
croak "add: $key is not an allowed value for attribute $path (IODEF v$IODEF_VERSION)."; |
1624
|
|
|
|
|
|
|
return 0; |
1625
|
|
|
|
|
|
|
} |
1626
|
|
|
|
|
|
|
|
1627
|
|
|
|
|
|
|
|
1628
|
|
|
|
|
|
|
|
1629
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1630
|
|
|
|
|
|
|
## |
1631
|
|
|
|
|
|
|
## set(hash, tagpath, value) |
1632
|
|
|
|
|
|
|
## |
1633
|
|
|
|
|
|
|
## ARGS: |
1634
|
|
|
|
|
|
|
## hash: a hash representation of an IODEF message, as received from new or in |
1635
|
|
|
|
|
|
|
## tagpath: a string obtained by concatenating the names of the nested tags, from the |
1636
|
|
|
|
|
|
|
## Incident tag down to the closest tag to value. |
1637
|
|
|
|
|
|
|
## value: the value (content of a tag, or value of an attribute) of the last tag |
1638
|
|
|
|
|
|
|
## given in tagpath |
1639
|
|
|
|
|
|
|
## |
1640
|
|
|
|
|
|
|
## RETURN: |
1641
|
|
|
|
|
|
|
## 0 if the field was correctly changed, croaks otherwise. |
1642
|
|
|
|
|
|
|
## |
1643
|
|
|
|
|
|
|
## DESC: |
1644
|
|
|
|
|
|
|
## The set() call follows the first occurence of the node path described by |
1645
|
|
|
|
|
|
|
## and attempts at changing the corresponding content or attribute value. |
1646
|
|
|
|
|
|
|
## If the first occurence of does not lead to any existing node, set() |
1647
|
|
|
|
|
|
|
## croaks. Check that the node or attribute exists with contains() first. |
1648
|
|
|
|
|
|
|
## If you want to create an attribute value or a node content where there was none, |
1649
|
|
|
|
|
|
|
## use add() instead. |
1650
|
|
|
|
|
|
|
## |
1651
|
|
|
|
|
|
|
## RESTRICTIONS: |
1652
|
|
|
|
|
|
|
## set() only allows you to reach and change the attribute or content of the first |
1653
|
|
|
|
|
|
|
## occurence of a given tagpath. If this tagpath occurs multiple time, you will |
1654
|
|
|
|
|
|
|
## not be able to modify the other occurences. Yet this should be able for most |
1655
|
|
|
|
|
|
|
## applications. Furthermore, set() cannot be used to create any new value/content. |
1656
|
|
|
|
|
|
|
## |
1657
|
|
|
|
|
|
|
## EXAMPLES: |
1658
|
|
|
|
|
|
|
## |
1659
|
|
|
|
|
|
|
## my $iodef = new XML::IODEF(); |
1660
|
|
|
|
|
|
|
## |
1661
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value"); # content add first |
1662
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatadtype", "string"); # ok |
1663
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatameaning", "meaning"); # ok |
1664
|
|
|
|
|
|
|
## |
1665
|
|
|
|
|
|
|
## # change AdditionalData's content value |
1666
|
|
|
|
|
|
|
## $iodef->set("IncidentAdditionalData", "new value"); |
1667
|
|
|
|
|
|
|
## |
1668
|
|
|
|
|
|
|
|
1669
|
|
|
|
|
|
|
sub set { |
1670
|
|
|
|
|
|
|
my($iodef, $path, $value) = @_; |
1671
|
|
|
|
|
|
|
my($root, $type, $att, @tagpath, $node, $n); |
1672
|
|
|
|
|
|
|
|
1673
|
|
|
|
|
|
|
# did we get a path? |
1674
|
|
|
|
|
|
|
croak "set: you did not give any path." |
1675
|
|
|
|
|
|
|
if (!defined($path)); |
1676
|
|
|
|
|
|
|
|
1677
|
|
|
|
|
|
|
$path = $ROOT.$path; |
1678
|
|
|
|
|
|
|
$root = $iodef->{"DOM"}->getDocumentElement; |
1679
|
|
|
|
|
|
|
|
1680
|
|
|
|
|
|
|
# is this a known tagpath? |
1681
|
|
|
|
|
|
|
croak "set: $path is not a known IODEF tag path (IODEF v$IODEF_VERSION)." |
1682
|
|
|
|
|
|
|
if (!exists($EXPAND_PATH->{$path})); |
1683
|
|
|
|
|
|
|
|
1684
|
|
|
|
|
|
|
# is it a content or attribute? |
1685
|
|
|
|
|
|
|
($type, @tagpath) = @{$EXPAND_PATH->{$path}}; |
1686
|
|
|
|
|
|
|
|
1687
|
|
|
|
|
|
|
croak "set: $path does not lead to an attribute nor to an authorized node content." |
1688
|
|
|
|
|
|
|
if ($type eq 'N'); |
1689
|
|
|
|
|
|
|
|
1690
|
|
|
|
|
|
|
# did we get a value? |
1691
|
|
|
|
|
|
|
croak "set: you did not provide any value." |
1692
|
|
|
|
|
|
|
if (!defined($value)); |
1693
|
|
|
|
|
|
|
|
1694
|
|
|
|
|
|
|
# check if value is valid |
1695
|
|
|
|
|
|
|
if (exists($CHECK_VALUE->{$path})) { |
1696
|
|
|
|
|
|
|
check_allowed($path, $value, @{$CHECK_VALUE->{$path}}); |
1697
|
|
|
|
|
|
|
} |
1698
|
|
|
|
|
|
|
|
1699
|
|
|
|
|
|
|
$att = pop @tagpath |
1700
|
|
|
|
|
|
|
if ($type eq 'A'); |
1701
|
|
|
|
|
|
|
|
1702
|
|
|
|
|
|
|
$node = find_node($root, @tagpath); |
1703
|
|
|
|
|
|
|
|
1704
|
|
|
|
|
|
|
# if node does not exists, croaks |
1705
|
|
|
|
|
|
|
croak "set: there is no node at path $path. use add() first." |
1706
|
|
|
|
|
|
|
if (!defined($node)); |
1707
|
|
|
|
|
|
|
|
1708
|
|
|
|
|
|
|
# let's change the content or attribute |
1709
|
|
|
|
|
|
|
if ($type eq 'A') { |
1710
|
|
|
|
|
|
|
|
1711
|
|
|
|
|
|
|
# does the attribute exists? |
1712
|
|
|
|
|
|
|
croak "set: the attribute at path $path has no value. use add() first." |
1713
|
|
|
|
|
|
|
if ($node->getAttribute($att) eq ""); |
1714
|
|
|
|
|
|
|
|
1715
|
|
|
|
|
|
|
# set its value |
1716
|
|
|
|
|
|
|
$node->setAttribute($att, $value); |
1717
|
|
|
|
|
|
|
return 0; |
1718
|
|
|
|
|
|
|
|
1719
|
|
|
|
|
|
|
} elsif ($type eq 'C') { |
1720
|
|
|
|
|
|
|
|
1721
|
|
|
|
|
|
|
# does this node has a text node? |
1722
|
|
|
|
|
|
|
foreach $n ($node->getChildNodes()) { |
1723
|
|
|
|
|
|
|
if ($n->getNodeType() == TEXT_NODE) { |
1724
|
|
|
|
|
|
|
$n->setData($value); |
1725
|
|
|
|
|
|
|
return 0; |
1726
|
|
|
|
|
|
|
} |
1727
|
|
|
|
|
|
|
} |
1728
|
|
|
|
|
|
|
|
1729
|
|
|
|
|
|
|
croak "set: the node at path $path has no content. use add() first."; |
1730
|
|
|
|
|
|
|
} |
1731
|
|
|
|
|
|
|
|
1732
|
|
|
|
|
|
|
# should never reach here |
1733
|
|
|
|
|
|
|
croak "set: internal error."; |
1734
|
|
|
|
|
|
|
} |
1735
|
|
|
|
|
|
|
|
1736
|
|
|
|
|
|
|
|
1737
|
|
|
|
|
|
|
|
1738
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1739
|
|
|
|
|
|
|
## |
1740
|
|
|
|
|
|
|
## get(hash, tagpath, value) |
1741
|
|
|
|
|
|
|
## |
1742
|
|
|
|
|
|
|
## ARGS: |
1743
|
|
|
|
|
|
|
## hash: a hash representation of an IODEF message, as received from new or in |
1744
|
|
|
|
|
|
|
## tagpath: a string obtained by concatenating the names of the nested tags, from the |
1745
|
|
|
|
|
|
|
## Incident tag down to the closest tag to value. |
1746
|
|
|
|
|
|
|
## value: the value (content of a tag, or value of an attribute) of the last tag |
1747
|
|
|
|
|
|
|
## given in tagpath |
1748
|
|
|
|
|
|
|
## |
1749
|
|
|
|
|
|
|
## RETURN: |
1750
|
|
|
|
|
|
|
## a string: the content of the node or value of the attribute, undef if there is |
1751
|
|
|
|
|
|
|
## no such value, and croaks if error. |
1752
|
|
|
|
|
|
|
## |
1753
|
|
|
|
|
|
|
## DESC: |
1754
|
|
|
|
|
|
|
## The get() call follows the first occurence of the node path described by |
1755
|
|
|
|
|
|
|
## and attempts at retrieving the corresponding content or attribute value. |
1756
|
|
|
|
|
|
|
## If the first occurence of does not lead to any existing node, get() |
1757
|
|
|
|
|
|
|
## returns undef. But this does not mean that the value does not exists in an other |
1758
|
|
|
|
|
|
|
## occurence of the pagpath. |
1759
|
|
|
|
|
|
|
## |
1760
|
|
|
|
|
|
|
## RESTRICTIONS: |
1761
|
|
|
|
|
|
|
## get() only allows you to reach and retrieve the attribute or content of the first |
1762
|
|
|
|
|
|
|
## occurence of a given tagpath. If this tagpath occurs multiple time, you will |
1763
|
|
|
|
|
|
|
## not be able to retrieve the other occurences. Yet this should be able for most |
1764
|
|
|
|
|
|
|
## applications. |
1765
|
|
|
|
|
|
|
## |
1766
|
|
|
|
|
|
|
## EXAMPLES: |
1767
|
|
|
|
|
|
|
## |
1768
|
|
|
|
|
|
|
## my $iodef = new XML::IODEF(); |
1769
|
|
|
|
|
|
|
## |
1770
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalData", "value"); # content add first |
1771
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatadtype", "string"); # ok |
1772
|
|
|
|
|
|
|
## $iodef->add("IncidentAdditionalDatameaning", "meaning"); # ok |
1773
|
|
|
|
|
|
|
## |
1774
|
|
|
|
|
|
|
## # change AdditionalData's content value |
1775
|
|
|
|
|
|
|
## $iodef->get("IncidentAdditionalData"); |
1776
|
|
|
|
|
|
|
## |
1777
|
|
|
|
|
|
|
|
1778
|
|
|
|
|
|
|
sub get { |
1779
|
|
|
|
|
|
|
my($iodef, $path, $value) = @_; |
1780
|
|
|
|
|
|
|
my($root, $type, $att, @tagpath, $node, $n); |
1781
|
|
|
|
|
|
|
|
1782
|
|
|
|
|
|
|
# did we get a path? |
1783
|
|
|
|
|
|
|
croak "get: you did not give any path." |
1784
|
|
|
|
|
|
|
if (!defined($path)); |
1785
|
|
|
|
|
|
|
|
1786
|
|
|
|
|
|
|
$path = $ROOT.$path; |
1787
|
|
|
|
|
|
|
$root = $iodef->{"DOM"}->getDocumentElement; |
1788
|
|
|
|
|
|
|
|
1789
|
|
|
|
|
|
|
# is this a known tagpath? |
1790
|
|
|
|
|
|
|
croak "get: $path is not a known IODEF tag path (IODEF v$IODEF_VERSION)." |
1791
|
|
|
|
|
|
|
if (!exists($EXPAND_PATH->{$path})); |
1792
|
|
|
|
|
|
|
|
1793
|
|
|
|
|
|
|
# is it a content or attribute? |
1794
|
|
|
|
|
|
|
($type, @tagpath) = @{$EXPAND_PATH->{$path}}; |
1795
|
|
|
|
|
|
|
|
1796
|
|
|
|
|
|
|
croak "get: $path does not lead to an attribute nor to an authorized node content." |
1797
|
|
|
|
|
|
|
if ($type eq 'N'); |
1798
|
|
|
|
|
|
|
|
1799
|
|
|
|
|
|
|
$att = pop @tagpath |
1800
|
|
|
|
|
|
|
if ($type eq 'A'); |
1801
|
|
|
|
|
|
|
|
1802
|
|
|
|
|
|
|
$node = find_node($root, @tagpath); |
1803
|
|
|
|
|
|
|
|
1804
|
|
|
|
|
|
|
# if node does not exists, return undef |
1805
|
|
|
|
|
|
|
return undef |
1806
|
|
|
|
|
|
|
if (!defined($node)); |
1807
|
|
|
|
|
|
|
|
1808
|
|
|
|
|
|
|
# let's fetch the content or attribute |
1809
|
|
|
|
|
|
|
if ($type eq 'A') { |
1810
|
|
|
|
|
|
|
return $node->getAttribute($att); |
1811
|
|
|
|
|
|
|
|
1812
|
|
|
|
|
|
|
} elsif ($type eq 'C') { |
1813
|
|
|
|
|
|
|
|
1814
|
|
|
|
|
|
|
# does this node has a text node? |
1815
|
|
|
|
|
|
|
foreach $n ($node->getChildNodes()) { |
1816
|
|
|
|
|
|
|
if ($n->getNodeType() == TEXT_NODE) { |
1817
|
|
|
|
|
|
|
return $n->getData; |
1818
|
|
|
|
|
|
|
} |
1819
|
|
|
|
|
|
|
} |
1820
|
|
|
|
|
|
|
|
1821
|
|
|
|
|
|
|
return undef; |
1822
|
|
|
|
|
|
|
} |
1823
|
|
|
|
|
|
|
|
1824
|
|
|
|
|
|
|
# no content in this node |
1825
|
|
|
|
|
|
|
return undef; |
1826
|
|
|
|
|
|
|
} |
1827
|
|
|
|
|
|
|
|
1828
|
|
|
|
|
|
|
|
1829
|
|
|
|
|
|
|
|
1830
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1831
|
|
|
|
|
|
|
## |
1832
|
|
|
|
|
|
|
## create_ident() -- deprecated |
1833
|
|
|
|
|
|
|
## |
1834
|
|
|
|
|
|
|
## ARGS: |
1835
|
|
|
|
|
|
|
## iodef message object |
1836
|
|
|
|
|
|
|
## |
1837
|
|
|
|
|
|
|
## RETURN: |
1838
|
|
|
|
|
|
|
## nothing. |
1839
|
|
|
|
|
|
|
## |
1840
|
|
|
|
|
|
|
## DESC: |
1841
|
|
|
|
|
|
|
## Set the root ident attribute field of this IODEF message with a unique, |
1842
|
|
|
|
|
|
|
## randomly generated ID number. The code for the ID number generator is actually |
1843
|
|
|
|
|
|
|
## inspired from Sys::UniqueID. If no IODEF type is given, "Incident" is assumed as default. |
1844
|
|
|
|
|
|
|
## |
1845
|
|
|
|
|
|
|
|
1846
|
|
|
|
|
|
|
sub create_ident { |
1847
|
|
|
|
|
|
|
my($id, $iodef, $name, $netaddr); |
1848
|
|
|
|
|
|
|
$iodef = shift; |
1849
|
|
|
|
|
|
|
|
1850
|
|
|
|
|
|
|
warn 'create_ident is deprecated, you should be using your domain-name in conjuction with the ID from your workflow system'; |
1851
|
|
|
|
|
|
|
|
1852
|
|
|
|
|
|
|
$name = $iodef->get_type(); |
1853
|
|
|
|
|
|
|
$name = "Incident" if (!defined $name); |
1854
|
|
|
|
|
|
|
|
1855
|
|
|
|
|
|
|
# code cut n paste from Sys::UniqueID. replaced IP with random number. |
1856
|
|
|
|
|
|
|
# absolutely ensure that id is unique: < 0x10000/second |
1857
|
|
|
|
|
|
|
$netaddr = int(rand 10000000); |
1858
|
|
|
|
|
|
|
|
1859
|
|
|
|
|
|
|
unless(++$ID_COUNT < 0x10000) { sleep 1; $ID_COUNT= 0; } |
1860
|
|
|
|
|
|
|
$id = sprintf '%012X%s%08X%04X', time, $netaddr, $$, $ID_COUNT; |
1861
|
|
|
|
|
|
|
|
1862
|
|
|
|
|
|
|
$iodef->add($name."IncidentID", $id); |
1863
|
|
|
|
|
|
|
} |
1864
|
|
|
|
|
|
|
|
1865
|
|
|
|
|
|
|
|
1866
|
|
|
|
|
|
|
|
1867
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1868
|
|
|
|
|
|
|
## |
1869
|
|
|
|
|
|
|
## create_time(, []) |
1870
|
|
|
|
|
|
|
## |
1871
|
|
|
|
|
|
|
## ARGS: |
1872
|
|
|
|
|
|
|
## iodef message object |
1873
|
|
|
|
|
|
|
## optional. epoch time (time since January 1, 1970, UTC). |
1874
|
|
|
|
|
|
|
## |
1875
|
|
|
|
|
|
|
## RETURN: |
1876
|
|
|
|
|
|
|
## nothing. |
1877
|
|
|
|
|
|
|
## |
1878
|
|
|
|
|
|
|
## DESC: |
1879
|
|
|
|
|
|
|
## Set the CreateTime field of this iodef message with the current time |
1880
|
|
|
|
|
|
|
## (if no epoch argument if provided), or to the time corresponding to |
1881
|
|
|
|
|
|
|
## the epoch value provided, in both the content and ntpstamp fields. |
1882
|
|
|
|
|
|
|
## If the IODEF message does not yet have a type, "Incident" is assumed by |
1883
|
|
|
|
|
|
|
## default. |
1884
|
|
|
|
|
|
|
## |
1885
|
|
|
|
|
|
|
|
1886
|
|
|
|
|
|
|
sub create_time { |
1887
|
|
|
|
|
|
|
my $iodef = shift; |
1888
|
|
|
|
|
|
|
my $utc = shift || time(); |
1889
|
|
|
|
|
|
|
|
1890
|
|
|
|
|
|
|
my $timestamp = DateTime->from_epoch(epoch => $utc); |
1891
|
|
|
|
|
|
|
add($iodef,'IncidentReportTime',$timestamp.'Z'); |
1892
|
|
|
|
|
|
|
} |
1893
|
|
|
|
|
|
|
|
1894
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
1895
|
|
|
|
|
|
|
## |
1896
|
|
|
|
|
|
|
## to_hash() |
1897
|
|
|
|
|
|
|
## |
1898
|
|
|
|
|
|
|
## ARGS: |
1899
|
|
|
|
|
|
|
## hash containing an IODEF message in XML::Simple representation |
1900
|
|
|
|
|
|
|
## |
1901
|
|
|
|
|
|
|
## RETURN: |
1902
|
|
|
|
|
|
|
## a hash enumerating all the contents and attributes of this IODEF message. |
1903
|
|
|
|
|
|
|
## each key is a concatenated sequence of tags leading to the content/attribute, |
1904
|
|
|
|
|
|
|
## and the corresponding value is the content/attribute itself. |
1905
|
|
|
|
|
|
|
## all IODEF contents and values are converted from IODEF format (STRING or BYTE) |
1906
|
|
|
|
|
|
|
## back to the original ascii string. |
1907
|
|
|
|
|
|
|
## |
1908
|
|
|
|
|
|
|
## EXAMPLES: |
1909
|
|
|
|
|
|
|
## |
1910
|
|
|
|
|
|
|
## |
1911
|
|
|
|
|
|
|
## |
1912
|
|
|
|
|
|
|
## |
1913
|
|
|
|
|
|
|
## #12345 |
1914
|
|
|
|
|
|
|
## |
1915
|
|
|
|
|
|
|
## data1 |
1916
|
|
|
|
|
|
|
## data2 |
1917
|
|
|
|
|
|
|
## |
1918
|
|
|
|
|
|
|
## |
1919
|
|
|
|
|
|
|
## |
1920
|
|
|
|
|
|
|
## becomes: |
1921
|
|
|
|
|
|
|
## |
1922
|
|
|
|
|
|
|
## { "version" => [ "1.0" ], |
1923
|
|
|
|
|
|
|
## "Incidentpurpose" => [ "handling" ], |
1924
|
|
|
|
|
|
|
## "IncidentIncidentID" => [ "#12345" ], |
1925
|
|
|
|
|
|
|
## "IncidentAdditionalDatameaning" => [ "datatype1", "datatype2" ], #meaning & contents are |
1926
|
|
|
|
|
|
|
## "IncidentAdditionalData" => [ "type1", "type2" ], #listed in same order |
1927
|
|
|
|
|
|
|
## } |
1928
|
|
|
|
|
|
|
## |
1929
|
|
|
|
|
|
|
## |
1930
|
|
|
|
|
|
|
|
1931
|
|
|
|
|
|
|
sub to_hash { |
1932
|
|
|
|
|
|
|
my $iodef = shift; |
1933
|
|
|
|
|
|
|
my $result = {}; |
1934
|
|
|
|
|
|
|
my $root = $iodef->{"DOM"}->getDocumentElement; |
1935
|
|
|
|
|
|
|
|
1936
|
|
|
|
|
|
|
dom_to_hash($root, $result, ""); |
1937
|
|
|
|
|
|
|
|
1938
|
|
|
|
|
|
|
return $result; |
1939
|
|
|
|
|
|
|
} |
1940
|
|
|
|
|
|
|
|
1941
|
|
|
|
|
|
|
# there's probably a 'better' way to do this wihtin DOM |
1942
|
|
|
|
|
|
|
# but who has that kind of time with XML::Simple :) |
1943
|
|
|
|
|
|
|
sub to_tree { |
1944
|
|
|
|
|
|
|
my $iodef = shift; |
1945
|
|
|
|
|
|
|
return(XMLin($iodef->out())); |
1946
|
|
|
|
|
|
|
} |
1947
|
|
|
|
|
|
|
|
1948
|
|
|
|
|
|
|
|
1949
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
1950
|
|
|
|
|
|
|
# |
1951
|
|
|
|
|
|
|
# dom_to_hash($node, $result, $path) |
1952
|
|
|
|
|
|
|
# |
1953
|
|
|
|
|
|
|
# explore node and add its attributes and content to $result, and |
1954
|
|
|
|
|
|
|
# explore recursively each of node's children. |
1955
|
|
|
|
|
|
|
# |
1956
|
|
|
|
|
|
|
|
1957
|
|
|
|
|
|
|
sub dom_to_hash { |
1958
|
|
|
|
|
|
|
my($node, $result, $path) = @_; |
1959
|
|
|
|
|
|
|
my($n, $type); |
1960
|
|
|
|
|
|
|
|
1961
|
|
|
|
|
|
|
return if (!defined($node)); |
1962
|
|
|
|
|
|
|
|
1963
|
|
|
|
|
|
|
# explore node's attributes |
1964
|
|
|
|
|
|
|
foreach $n ($node->getAttributes->getValues) { |
1965
|
|
|
|
|
|
|
add_to_result($result, $path.$n->getName, $n->getValue); |
1966
|
|
|
|
|
|
|
} |
1967
|
|
|
|
|
|
|
|
1968
|
|
|
|
|
|
|
# explore node's children |
1969
|
|
|
|
|
|
|
foreach $n ($node->getChildNodes()) { |
1970
|
|
|
|
|
|
|
|
1971
|
|
|
|
|
|
|
$type = $n->getNodeType(); |
1972
|
|
|
|
|
|
|
|
1973
|
|
|
|
|
|
|
if ($type == TEXT_NODE) { |
1974
|
|
|
|
|
|
|
# first check if the DTD accepts content for this node |
1975
|
|
|
|
|
|
|
# this is to avoid all the '\n' that DOM::Parser consider |
1976
|
|
|
|
|
|
|
# as content. |
1977
|
|
|
|
|
|
|
if (@{$EXPAND_PATH->{$ROOT.$path}}[0] eq 'C') { |
1978
|
|
|
|
|
|
|
add_to_result($result, $path, $n->getData); |
1979
|
|
|
|
|
|
|
} |
1980
|
|
|
|
|
|
|
} elsif ($type == ELEMENT_NODE) { |
1981
|
|
|
|
|
|
|
dom_to_hash($n, $result, $path.$n->getTagName); |
1982
|
|
|
|
|
|
|
} |
1983
|
|
|
|
|
|
|
} |
1984
|
|
|
|
|
|
|
} |
1985
|
|
|
|
|
|
|
|
1986
|
|
|
|
|
|
|
sub add_to_result { |
1987
|
|
|
|
|
|
|
my($result, $path, $val) = @_; |
1988
|
|
|
|
|
|
|
|
1989
|
|
|
|
|
|
|
if (exists($result->{$path})) { |
1990
|
|
|
|
|
|
|
push @{$result->{$path}}, $val; |
1991
|
|
|
|
|
|
|
} else { |
1992
|
|
|
|
|
|
|
$result->{$path} = [ $val ]; |
1993
|
|
|
|
|
|
|
} |
1994
|
|
|
|
|
|
|
} |
1995
|
|
|
|
|
|
|
|
1996
|
|
|
|
|
|
|
|
1997
|
|
|
|
|
|
|
|
1998
|
|
|
|
|
|
|
##========================================================================================= |
1999
|
|
|
|
|
|
|
## |
2000
|
|
|
|
|
|
|
## BACKWARD COMPATIBILIY FUNCTIONS |
2001
|
|
|
|
|
|
|
## |
2002
|
|
|
|
|
|
|
##========================================================================================= |
2003
|
|
|
|
|
|
|
|
2004
|
|
|
|
|
|
|
## |
2005
|
|
|
|
|
|
|
## |
2006
|
|
|
|
|
|
|
## CLASS FUNCTIONS: |
2007
|
|
|
|
|
|
|
## ---------------- |
2008
|
|
|
|
|
|
|
## |
2009
|
|
|
|
|
|
|
|
2010
|
|
|
|
|
|
|
# wrapper for contains() |
2011
|
|
|
|
|
|
|
sub at_least_one { |
2012
|
|
|
|
|
|
|
return contains(@_); |
2013
|
|
|
|
|
|
|
} |
2014
|
|
|
|
|
|
|
|
2015
|
|
|
|
|
|
|
## |
2016
|
|
|
|
|
|
|
## |
2017
|
|
|
|
|
|
|
## EXPORTED FUNCTIONS: |
2018
|
|
|
|
|
|
|
## ------------------- |
2019
|
|
|
|
|
|
|
## |
2020
|
|
|
|
|
|
|
|
2021
|
|
|
|
|
|
|
# wrapper for extend_dtd() |
2022
|
|
|
|
|
|
|
sub extend_iodef { extend_dtd(@_); } |
2023
|
|
|
|
|
|
|
|
2024
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
2025
|
|
|
|
|
|
|
## |
2026
|
|
|
|
|
|
|
## = byte_to_string() |
2027
|
|
|
|
|
|
|
## |
2028
|
|
|
|
|
|
|
## ARGS: |
2029
|
|
|
|
|
|
|
## a binary string |
2030
|
|
|
|
|
|
|
## |
2031
|
|
|
|
|
|
|
## RETURN: |
2032
|
|
|
|
|
|
|
## : the string obtained by converting into its IODEF representation, |
2033
|
|
|
|
|
|
|
## refered to as type BYTE[] in the IODEF rfc. |
2034
|
|
|
|
|
|
|
## |
2035
|
|
|
|
|
|
|
|
2036
|
|
|
|
|
|
|
sub byte_to_string { |
2037
|
|
|
|
|
|
|
return join '', map( { "&\#$_;" } unpack("C*", $_[0]) ); |
2038
|
|
|
|
|
|
|
} |
2039
|
|
|
|
|
|
|
|
2040
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
2041
|
|
|
|
|
|
|
## |
2042
|
|
|
|
|
|
|
## = xml_encode() |
2043
|
|
|
|
|
|
|
## |
2044
|
|
|
|
|
|
|
## ARGS: |
2045
|
|
|
|
|
|
|
## a usual string |
2046
|
|
|
|
|
|
|
## |
2047
|
|
|
|
|
|
|
## RETURN: |
2048
|
|
|
|
|
|
|
## : the xml encoded string equivalent to . |
2049
|
|
|
|
|
|
|
## |
2050
|
|
|
|
|
|
|
## DESC: |
2051
|
|
|
|
|
|
|
## You don't need this function if you are using add() calls (which already calls it). |
2052
|
|
|
|
|
|
|
## To convert a string into an iodef STRING, xml_encode basically replaces |
2053
|
|
|
|
|
|
|
## characters: with: |
2054
|
|
|
|
|
|
|
## & & |
2055
|
|
|
|
|
|
|
## < < |
2056
|
|
|
|
|
|
|
## > > |
2057
|
|
|
|
|
|
|
## " " |
2058
|
|
|
|
|
|
|
## ' ' |
2059
|
|
|
|
|
|
|
## and all non printable characters (ie charcodes >126 or <32 except 10) into |
2060
|
|
|
|
|
|
|
## the corresponding XX; form. |
2061
|
|
|
|
|
|
|
## |
2062
|
|
|
|
|
|
|
|
2063
|
|
|
|
|
|
|
# create a lookup array, start with filling it with xml encoded chars |
2064
|
|
|
|
|
|
|
my @xml_enc = map { sprintf("&\#x00%.2x;", $_) } 0..255; |
2065
|
|
|
|
|
|
|
|
2066
|
|
|
|
|
|
|
# map the printable characters to themselves |
2067
|
|
|
|
|
|
|
# NOTE: XML standard says encode all chars < 32 except 10, and all > 126 |
2068
|
|
|
|
|
|
|
for (10,32..126) { |
2069
|
|
|
|
|
|
|
$xml_enc[$_] = chr($_); |
2070
|
|
|
|
|
|
|
} |
2071
|
|
|
|
|
|
|
|
2072
|
|
|
|
|
|
|
# the special xml characters maps to their own encodings |
2073
|
|
|
|
|
|
|
$xml_enc[ord('&')] = "&"; |
2074
|
|
|
|
|
|
|
$xml_enc[ord('<')] = "<"; |
2075
|
|
|
|
|
|
|
$xml_enc[ord('>')] = ">"; |
2076
|
|
|
|
|
|
|
$xml_enc[ord('"')] = """; |
2077
|
|
|
|
|
|
|
$xml_enc[ord('\'')] = "'"; |
2078
|
|
|
|
|
|
|
|
2079
|
|
|
|
|
|
|
sub xml_encode { |
2080
|
|
|
|
|
|
|
my ($st) = @_; |
2081
|
|
|
|
|
|
|
return join('', map { $xml_enc[ord($_)]} ($st =~ /(.)/gs)); |
2082
|
|
|
|
|
|
|
} |
2083
|
|
|
|
|
|
|
|
2084
|
|
|
|
|
|
|
##---------------------------------------------------------------------------------------- |
2085
|
|
|
|
|
|
|
## |
2086
|
|
|
|
|
|
|
## = xml_decode() |
2087
|
|
|
|
|
|
|
## |
2088
|
|
|
|
|
|
|
## ARGS: |
2089
|
|
|
|
|
|
|
## a xml encoded IODEF STRING |
2090
|
|
|
|
|
|
|
## |
2091
|
|
|
|
|
|
|
## RETURN: |
2092
|
|
|
|
|
|
|
## the corresponding decoded string |
2093
|
|
|
|
|
|
|
## |
2094
|
|
|
|
|
|
|
## DESC: |
2095
|
|
|
|
|
|
|
## You don't need this function with 'to_hash' (which already calls it). |
2096
|
|
|
|
|
|
|
## It decodes into a string, ie replace the following |
2097
|
|
|
|
|
|
|
## characters: with: |
2098
|
|
|
|
|
|
|
## & & |
2099
|
|
|
|
|
|
|
## < < |
2100
|
|
|
|
|
|
|
## > > |
2101
|
|
|
|
|
|
|
## " " |
2102
|
|
|
|
|
|
|
## &apos ' |
2103
|
|
|
|
|
|
|
## X; XX in base 10 |
2104
|
|
|
|
|
|
|
## XXXX; XXXX in base 16 |
2105
|
|
|
|
|
|
|
## It also decodes strings encoded with 'byte_to_string' |
2106
|
|
|
|
|
|
|
## |
2107
|
|
|
|
|
|
|
|
2108
|
|
|
|
|
|
|
sub xml_decode { |
2109
|
|
|
|
|
|
|
my ($st) = @_; |
2110
|
|
|
|
|
|
|
|
2111
|
|
|
|
|
|
|
if (defined $st) { |
2112
|
|
|
|
|
|
|
|
2113
|
|
|
|
|
|
|
$st =~ s/&\;/&/gs; |
2114
|
|
|
|
|
|
|
$st =~ s/<\;/
|
2115
|
|
|
|
|
|
|
$st =~ s/>\;/>/gs; |
2116
|
|
|
|
|
|
|
$st =~ s/"\;/\"/gs; |
2117
|
|
|
|
|
|
|
$st =~ s/&apos\;/\'/gs; |
2118
|
|
|
|
|
|
|
|
2119
|
|
|
|
|
|
|
$st =~ s/&\#x(.{4});/chr(hex $1)/ges; |
2120
|
|
|
|
|
|
|
$st =~ s/&\#(.{2,3});/chr($1)/ges; |
2121
|
|
|
|
|
|
|
} |
2122
|
|
|
|
|
|
|
|
2123
|
|
|
|
|
|
|
return $st; |
2124
|
|
|
|
|
|
|
} |
2125
|
|
|
|
|
|
|
|
2126
|
|
|
|
|
|
|
|
2127
|
|
|
|
|
|
|
|
2128
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
2129
|
|
|
|
|
|
|
# |
2130
|
|
|
|
|
|
|
# END OF CODE - START OF POD DOC |
2131
|
|
|
|
|
|
|
# |
2132
|
|
|
|
|
|
|
#---------------------------------------------------------------------------------------- |
2133
|
|
|
|
|
|
|
|
2134
|
|
|
|
|
|
|
1; |
2135
|
|
|
|
|
|
|
|
2136
|
|
|
|
|
|
|
__END__ |