YȈNx' @UddlZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z m Z ddlmZddlmZmZmZddlmZejZejejzejzZejeZeZ ee e!d<dej"fd Z#d)d Z$ej%e$d Z&Gd de'Z(de)d dfdZ*dZ+d*dZ,de)fdZ-de)de)fdZ.de)de)fdZ/de)fdZ0e,ej1Z1e,ej2Z2e d+dZ3e dZ4e de)fdZ5e d,dee)e6ffd Z7e de)d!e6d"e6d#e8fd$Z9d%eee)e6fee6dffd&eee)e6fee6dfffd'Z: d-d%e)d&e)fd(Z;dS).N)ProcessPoolExecutor)contextmanagersuppress)chain)SetTupleUnion)utils _active_poolsloopcKtd}t| |j|g|Rd{V |dt|S#t|wxYw# |dt|w#t|wxYwxYw)N) max_workersF)wait)rr addrun_in_executorshutdowndiscard)r argspools W/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/utils/safe_fileops.py_run_in_fresh_executorrs 1 - - -Dd()T)$66666666666 ( MMuM % % %  ! !$ ' ' ' 'M ! !$ ' ' ' ' ( MMuM % % %  ! !$ ' ' ' 'M ! !$ ' ' ' 's/BA44BC%C+C%C""C%returncttD]L} |dd#t$r%}td|Yd}~Ed}~wwxYwtdS)zShutdown all tracked ProcessPoolExecutors. Should be called during agent shutdown to ensure clean process termination. FT)rcancel_futuresz+Error shutting down ProcessPoolExecutor: %sN)listr r Exceptionloggerwarningclear)res rshutdown_process_poolsr")s ]##MM M MMuTM : : : : M M M NNH! L L L L L L L L Ms0 AAActjgtj|tj|||SN)os setgroupssetgidsetuid)funuidgidrs rdropr,:s8LIcNNNIcNNN 3:ceZdZdS)UnsafeFileOperationN)__name__ __module__ __qualname__r-rr/r/AsDr-r/pathctj|}tj|jsYt d|tj|jtj|td|dS)zVerify path is a regular file; remove and raise FileNotFoundError if not. Uses os.lstat() to avoid following symlinks. If the file is a FIFO, symlink, socket, device, etc., it is deleted so the caller can recreate it as a regular file. z:Identity file %s is not a regular file (mode=%s), removingz#Removed non-regular identity file: N) r%lstatstatS_ISREGst_moderrfilemodeunlinkFileNotFoundError)r4sts rensure_regular_filer>Es $B < # #N H  M"* % %   $ Ld L LMMMNNr-ctjt|}|jt jkrt dt|zdS)Nz The file belongs to admin user: T)r%r7strst_uidr get_min_uidr/)filer=s rcheck_non_admin_filerDWsT T  B y5$&&&&! .T :    4r-Fcfd}|S)NcPtjddfd }|S)N)r cBKtj|s std|zt j|}t t|j|g} rt|j}|D]I}tj t|}|j dkr|j dkr|j |j }}n Jtdt|z|ptj}t!|t" |||g|Rd{VS)NzNo such file or directory: rz"Unsafe file operation under root: )r%r4existsr<pathlibPathrreversedparentsr7r@rAst_gidr/asyncioget_event_looprr,) filenamer rr4pathspr=r*r+r) missing_oks rwrapperz$safe.._safe..wrapperbsQ7>>(++ J '1H<<))D(4<004&99E / ..  WSVV__9>>bi1nn!y")CE)83t99D37133D/  r-) functoolswraps)r)rTrSs` r_safezsafe.._safeasK   04          >r-r3)rSrWs` rsaferX`s$!!!!!F Lr-rPcRtj|dSr$)rIrJtouchrPs r_touchr\s$ L  """""r-datacTtj||dSr$)rIrJ write_textrPr]s r _write_textras& L%%d+++++r-cbKtdt||d{VSNT)rS)rXrar`s rr_r_s@3&&&&{33HdCC C C C C C CCr-c`Ktdt|d{VSrc)rXr\r[s rrZrZs>.&&&&v..x88 8 8 8 8 8 88r-Tc#LKd|vrtdt||5}tj|}t j|}tjd|}t|}||ks|j |j krtd||rEtj |j tj |jvrtd|d|VddddS#1swxYwYdS)Nwz'w' mode is not permittedz/proc/self/fd/zUnable to safely read z. File is not in user homedir)r/openr%fstatfilenopwdgetpwnamreadlinkr@rApw_uidrIrJpw_dirrL) rPmodeuserrespect_homedirfr=passwd real_path filename_strs rsafe_open_filervsz d{{!"=>>> h   Xahhjj ! !d##K = = =>> 8}} I % %29 +E+E%&M|&M&MNN N   V]++< --566&.... -sC&DD Dc/BKtj|i|} |Vtt5tj|ddddS#1swxYwYdS#tt5tj|dddw#1swxYwYwxYw)z Context manager which wraps os.open and close file descriptor at the end :param args: positional arguments for os.open :param kwargs: keyword arguments for os.open N)r%rgrOSErrorclose)rkwargsfds ropen_fdr|s! $ !& ! !B g     HRLLL                  Xg     HRLLL                s@AAAAB1B BB BB Bnamec/Kt|g|Rdtji|5}tjd|}||krt d|VddddS#1swxYwYdS)a  Context manager to get a directory file descriptor It also checks if a directory doesn't contain a symlink in the path :param name: full directory name :param args: positional arguments for os.open :param kwargs: keyword arguments for os.open flagsz/proc/self/fd/{}z%Operations on symlinks are prohibitedN)r|r% O_DIRECTORYrlformatr/)r}rrzdir_fdreals r opendir_fdrs  = = = =BN =f = ={-44V<<== 4<<%&MNN N sAA--A14A1rrc #Kd}t|trtt5t j||}t j||jt jzt j z|dddn #1swxYwYt j |||}t||5}|pt j||_ |V|rGtt5t j||jdddn #1swxYwYnO#|rHtt5t j||jdddw#1swxYwYwwxYwddddS#1swxYwYdS)a Context manager to open file object from file name or from file descriptor File object extended with 'st' attribute that contains os.stat_result of the opened file :param f: file name or file descriptor to open :param dir_fd: directory descriptor, ignored if 'f' is a file descriptor :param flags: flags for os.open, ignored if 'f' is a file descriptor :param mode: mode for built-in open Nr)ror)rrro) isinstancer@rrxr%r7chmodr9S_IRUSRS_IWUSRrgr=)rrrrror=fos r open_fobjrs B!S 3 g    6***B H T\1DL@                    GAU6 2 2 2 ad   1r bgajj 1HHH 1g&&11HQRZ0000111111111111111 1g&&11HQRZ00001111111111111111 1 111111111111111111sA BB B :FD%F1D FD F D !F%E1<E$  E1$E( (E1+E( ,E11FFFrris_safec#K|r3t|||5}|dfVddddS#1swxYwYdS||fVdS)z If is_safe flag is True, open file descriptor using name and dir_fd If is_safe is False, return name and dir_fd as is )rrN)r|)r}rrrr{s r safe_tuplers  T& 6 6 6 "d(NNN                  Fls +//srcdstc\|\}}|\}}t|rdn tjz} t||td5} t||| d5} |r|dt j| | t|tr2tj | | j j dddn #1swxYwY|r=t|tr(|r|dtj ||ddddS#1swxYwYdS)Nrrb)rrrowbrrr)W_FLAGSr%O_EXCLrR_FLAGSshutil copyfileobjrr@rrir=r9r;) rr src_unlink dst_overwriteracecallsrc_f src_dir_fddst_f dst_dir_fdw_flagssrc_fodst_fos r_mover sE:E:m:;G  jd   0   *G$   B    vv . . .%%% Bvy/@AAAA B B B B B B B B B B B B B B B  0*UC00 0  IeJ / / / /%000000000000000000s7D!A/C > D! C D!C AD!!D%(D%czKtj|\}}tj|\} } t|5} t| 5} t || t |5} t | | t |5}tj|| }tj }t|tt|j |j| |||| d{V|r*|r(|r|dtj|| |r>tj| |j |j| tj| |j| dddn #1swxYwYdddn #1swxYwYdddn #1swxYwYddddS#1swxYwYdS)Nrr)r%r4splitrrrrr7rNrOrr,rrArMr;chownrr9)rrsafe_srcsafe_dstrrrsrc_dirsrc_namedst_dirdst_namerr src_tuple dst_tuplesrc_str s r safe_mover.s c**GX c**GX G  B J--B Z*gxB J*gx B *555%''$    M M          3( 3  Ihz 2 2 2 2  B HXv}fmJ O O O O HXv~j A A A A=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBsF0&F>FCE*  F*E. .F1E. 2F5 FF FF F F0F F0F F00F47F4)rN)F)T)NrN)FFTFN)rDrXr\rar_rZrr;rvr|rintrboolrrrr3r-rrs   222222////////$$$$$$$$$$!!!!!! + *rz !BK /  8 $ $ +.#%% s&'/// (w'@ ( ( ( (    &'''     )   NcNdNNNN$$$$$N#S####,#,S,,,,DsD#DDDD9#9999 RX bi8    S      1 1sCx 1 1 1 1F S # c D    0 uS#Xc4i 00 10 uS#Xc4i 00 10000H  *B*B *B *B*B*B*B*B*Br-