-
-
-
-
-# -*- coding: utf-8 -*-
-
-"""A Python package for parsing DMARC reports"""
-
-import logging
-import os
-import json
-from datetime import datetime
-from collections import OrderedDict
-from datetime import timedelta
-from io import BytesIO, StringIO
-from gzip import GzipFile
-import tarfile
-import zipfile
-from csv import DictWriter
-import re
-from base64 import b64decode
-import binascii
-import shutil
-import email
-import tempfile
-import subprocess
-import socket
-from email.mime.application import MIMEApplication
-from email.mime.multipart import MIMEMultipart
-from email.mime.text import MIMEText
-from email.utils import COMMASPACE, formatdate
-import smtplib
-import ssl
-import time
-
-import publicsuffix
-import xmltodict
-import dns.reversename
-import dns.resolver
-import dns.exception
-from requests import get
-import geoip2.database
-import geoip2.errors
-import imapclient
-import imapclient.exceptions
-import dateparser
-import mailparser
-
-__version__ = "3.5.0"
-
-logger = logging.getLogger(__name__)
-logger.setLevel(logging.INFO)
-
-feedback_report_regex = re.compile(r"^([\w\-]+): (.+)$", re.MULTILINE)
-
-MAGIC_ZIP = b"\x50\x4B\x03\x04"
-MAGIC_GZIP = b"\x1F\x8B"
-MAGIC_XML = b"\x3c\x3f\x78\x6d\x6c\x20"
-
-
-
-
-
-
-
-
-
-
-
-[docs]class InvalidDMARCReport(ParserError):
- """Raised when an invalid DMARC report is encountered"""
-
-
-[docs]class InvalidAggregateReport(InvalidDMARCReport):
- """Raised when an invalid DMARC aggregate report is encountered"""
-
-
-[docs]class InvalidForensicReport(InvalidDMARCReport):
- """Raised when an invalid DMARC forensic report is encountered"""
-
-
-def _get_base_domain(domain):
- """
- Gets the base domain name for the given domain
-
- .. note::
- Results are based on a list of public domain suffixes at
- https://publicsuffix.org/list/public_suffix_list.dat.
-
- This file is saved to the current working directory,
- where it is used as a cache file for 24 hours.
-
- Args:
- domain (str): A domain or subdomain
-
- Returns:
- str: The base domain of the given domain
-
- """
- psl_path = ".public_suffix_list.dat"
-
- def download_psl():
- fresh_psl = publicsuffix.fetch()
- with open(psl_path, "w", encoding="utf-8") as fresh_psl_file:
- fresh_psl_file.write(fresh_psl.read())
-
- return publicsuffix.PublicSuffixList(fresh_psl)
-
- if not os.path.exists(psl_path):
- psl = download_psl()
- else:
- psl_age = datetime.now() - datetime.fromtimestamp(
- os.stat(psl_path).st_mtime)
- if psl_age > timedelta(hours=24):
- psl = download_psl()
- else:
- with open(psl_path, encoding="utf-8") as psl_file:
- psl = publicsuffix.PublicSuffixList(psl_file)
-
- return psl.get_public_suffix(domain)
-
-
-def _query_dns(domain, record_type, nameservers=None, timeout=6.0):
- """
- Queries DNS
-
- Args:
- domain (str): The domain or subdomain to query about
- record_type (str): The record type to query for
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- list: A list of answers
- """
- resolver = dns.resolver.Resolver()
- timeout = float(timeout)
- if nameservers is None:
- nameservers = ["1.1.1.1", "1.0.0.1",
- "2606:4700:4700::1111", "2606:4700:4700::1001",
- ]
- resolver.nameservers = nameservers
- resolver.timeout = timeout
- resolver.lifetime = timeout
- return list(map(
- lambda r: r.to_text().replace(' "', '').replace('"', '').rstrip("."),
- resolver.query(domain, record_type, tcp=True)))
-
-
-def _get_reverse_dns(ip_address, nameservers=None, timeout=6.0):
- """
- Resolves an IP address to a hostname using a reverse DNS query
-
- Args:
- ip_address (str): The IP address to resolve
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS query timeout in seconds
-
- Returns:
- str: The reverse DNS hostname (if any)
- """
- hostname = None
- try:
- address = dns.reversename.from_address(ip_address)
- hostname = _query_dns(address, "PTR",
- nameservers=nameservers,
- timeout=timeout)[0]
-
- except dns.exception.DNSException:
- pass
-
- return hostname
-
-
-def _timestamp_to_datetime(timestamp):
- """
- Converts a UNIX/DMARC timestamp to a Python ``DateTime`` object
-
- Args:
- timestamp (int): The timestamp
-
- Returns:
- DateTime: The converted timestamp as a Python ``DateTime`` object
- """
- return datetime.fromtimestamp(int(timestamp))
-
-
-def _timestamp_to_human(timestamp):
- """
- Converts a UNIX/DMARC timestamp to a human-readable string
-
- Args:
- timestamp: The timestamp
-
- Returns:
- str: The converted timestamp in ``YYYY-MM-DD HH:MM:SS`` format
- """
- return _timestamp_to_datetime(timestamp).strftime("%Y-%m-%d %H:%M:%S")
-
-
-[docs]def human_timestamp_to_datetime(human_timestamp):
- """
- Converts a human-readable timestamp into a Python ``DateTime`` object
-
- Args:
- human_timestamp (str): A timestamp in `YYYY-MM-DD HH:MM:SS`` format
-
- Returns:
- DateTime: The converted timestamp
- """
- return datetime.strptime(human_timestamp, "%Y-%m-%d %H:%M:%S")
-
-
-def _get_ip_address_country(ip_address):
- """
- Uses the MaxMind Geolite2 Country database to return the ISO code for the
- country associated with the given IPv4 or IPv6 address
-
- Args:
- ip_address (str): The IP address to query for
-
- Returns:
- str: And ISO country code associated with the given IP address
- """
- db_filename = ".GeoLite2-Country.mmdb"
-
- def download_country_database(location=".GeoLite2-Country.mmdb"):
- """Downloads the MaxMind Geolite2 Country database
-
- Args:
- location (str): Local location for the database file
- """
- url = "https://geolite.maxmind.com/download/geoip/database/" \
- "GeoLite2-Country.tar.gz"
- original_filename = "GeoLite2-Country.mmdb"
- tar_file = tarfile.open(fileobj=BytesIO(get(url).content), mode="r:gz")
- tar_dir = tar_file.getnames()[0]
- tar_path = "{0}/{1}".format(tar_dir, original_filename)
- tar_file.extract(tar_path)
- shutil.move(tar_path, location)
- shutil.rmtree(tar_dir)
-
- system_paths = ["/usr/local/share/GeoIP/GeoLite2-Country.mmdb",
- "/usr/share/GeoIP/GeoLite2-Country.mmdb"]
- db_path = ""
-
- for system_path in system_paths:
- if os.path.exists(system_path):
- db_path = system_path
- break
-
- if db_path == "":
- if not os.path.exists(db_filename):
- download_country_database(db_filename)
- else:
- db_age = datetime.now() - datetime.fromtimestamp(
- os.stat(db_filename).st_mtime)
- if db_age > timedelta(days=60):
- download_country_database()
- db_path = db_filename
-
- db_reader = geoip2.database.Reader(db_path)
-
- country = None
-
- try:
- country = db_reader.country(ip_address).country.iso_code
- except geoip2.errors.AddressNotFoundError:
- pass
-
- return country
-
-
-def _get_ip_address_info(ip_address, nameservers=None, timeout=6.0):
- """
- Returns reverse DNS and country information for the given IP address
-
- Args:
- ip_address (str): The IP address to check
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- OrderedDict: ``ip_address``, ``reverse_dns``
-
- """
- ip_address = ip_address.lower()
- info = OrderedDict()
- info["ip_address"] = ip_address
- reverse_dns = _get_reverse_dns(ip_address,
- nameservers=nameservers,
- timeout=timeout)
- country = _get_ip_address_country(ip_address)
- info["country"] = country
- info["reverse_dns"] = reverse_dns
- info["base_domain"] = None
- if reverse_dns is not None:
- base_domain = _get_base_domain(reverse_dns)
- info["base_domain"] = base_domain
-
- return info
-
-
-def _parse_report_record(record, nameservers=None, timeout=6.0):
- """
- Converts a record from a DMARC aggregate report into a more consistent
- format
-
- Args:
- record (OrderedDict): The record to convert
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- OrderedDict: The converted record
- """
- if nameservers is None:
- nameservers = ["8.8.8.8", "4.4.4.4"]
- record = record.copy()
- new_record = OrderedDict()
- new_record["source"] = _get_ip_address_info(record["row"]["source_ip"],
- nameservers=nameservers,
- timeout=timeout)
- new_record["count"] = int(record["row"]["count"])
- policy_evaluated = record["row"]["policy_evaluated"].copy()
- new_policy_evaluated = OrderedDict([("disposition", "none"),
- ("dkim", "fail"),
- ("spf", "fail"),
- ("policy_override_reasons", [])
- ])
- if "disposition" in policy_evaluated:
- new_policy_evaluated["disposition"] = policy_evaluated["disposition"]
- if "dkim" in policy_evaluated:
- new_policy_evaluated["dkim"] = policy_evaluated["dkim"]
- if "spf" in policy_evaluated:
- new_policy_evaluated["spf"] = policy_evaluated["spf"]
- reasons = []
- if "reason" in policy_evaluated:
- if type(policy_evaluated["reason"]) == list:
- reasons = policy_evaluated["reason"]
- else:
- reasons = [policy_evaluated["reason"]]
- for reason in reasons:
- if "comment" not in reason:
- reason["comment"] = "none"
- reasons.append(reason)
- new_policy_evaluated["policy_override_reasons"] = reasons
- new_record["policy_evaluated"] = new_policy_evaluated
- new_record["identifiers"] = record["identifiers"].copy()
- new_record["auth_results"] = OrderedDict([("dkim", []), ("spf", [])])
- auth_results = record["auth_results"].copy()
- if "dkim" in auth_results:
- if type(auth_results["dkim"]) != list:
- auth_results["dkim"] = [auth_results["dkim"]]
- for result in auth_results["dkim"]:
- if "domain" in result and result["domain"] is not None:
- new_result = OrderedDict([("domain", result["domain"])])
- if "selector" in result and result["selector"] is not None:
- new_result["selector"] = result["selector"]
- else:
- new_result["selector"] = "none"
- if "result" in result and result["result"] is not None:
- new_result["result"] = result["result"]
- else:
- new_result["result"] = "none"
- new_record["auth_results"]["dkim"].append(new_result)
- if type(auth_results["spf"]) != list:
- auth_results["spf"] = [auth_results["spf"]]
- for result in auth_results["spf"]:
- new_result = OrderedDict([("domain", result["domain"])])
- if "scope" in result and result["scope"] is not None:
- new_result["scope"] = result["scope"]
- else:
- new_result["scope"] = "mfrom"
- if "result" in result and result["result"] is not None:
- new_result["result"] = result["result"]
- else:
- new_result["result"] = "none"
- new_record["auth_results"]["spf"].append(new_result)
-
- if "envelope_from" not in new_record["identifiers"]:
- envelope_from = new_record["auth_results"]["spf"][-1]["domain"].lower()
- new_record["identifiers"]["envelope_from"] = envelope_from
-
- elif new_record["identifiers"]["envelope_from"] is None:
- envelope_from = new_record["auth_results"]["spf"][-1]["domain"].lower()
- new_record["identifiers"]["envelope_from"] = envelope_from
-
- envelope_to = None
- if "envelope_to" in new_record["identifiers"]:
- envelope_to = new_record["identifiers"]["envelope_to"]
- del new_record["identifiers"]["envelope_to"]
-
- new_record["identifiers"]["envelope_to"] = envelope_to
-
- return new_record
-
-
-[docs]def parse_aggregate_report_xml(xml, nameservers=None, timeout=6.0):
- """Parses a DMARC XML report string and returns a consistent OrderedDict
-
- Args:
- xml (str): A string of DMARC aggregate report XML
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- OrderedDict: The parsed aggregate DMARC report
- """
- try:
- report = xmltodict.parse(xml)["feedback"]
- report_metadata = report["report_metadata"]
- schema = "draft"
- if "version" in report:
- schema = report["version"]
- new_report = OrderedDict([("xml_schema", schema)])
- new_report_metadata = OrderedDict()
- org_name = _get_base_domain(report_metadata["org_name"])
- new_report_metadata["org_name"] = org_name
- new_report_metadata["org_email"] = report_metadata["email"]
- extra = None
- if "extra_contact_info" in report_metadata:
- extra = report_metadata["extra_contact_info"]
- new_report_metadata["org_extra_contact_info"] = extra
- new_report_metadata["report_id"] = report_metadata["report_id"]
- report_id = new_report_metadata["report_id"]
- report_id = report_id.replace("<",
- "").replace(">", "").split("@")[0]
- new_report_metadata["report_id"] = report_id
- date_range = report["report_metadata"]["date_range"]
- date_range["begin"] = _timestamp_to_human(date_range["begin"])
- date_range["end"] = _timestamp_to_human(date_range["end"])
- new_report_metadata["begin_date"] = date_range["begin"]
- new_report_metadata["end_date"] = date_range["end"]
- errors = []
- if "error" in report["report_metadata"]:
- if type(report["report_metadata"]["error"]) != list:
- errors = [report["report_metadata"]["error"]]
- else:
- errors = report["report_metadata"]["error"]
- new_report_metadata["errors"] = errors
- new_report["report_metadata"] = new_report_metadata
- records = []
- policy_published = report["policy_published"]
- new_policy_published = OrderedDict()
- new_policy_published["domain"] = policy_published["domain"]
- adkim = "r"
- if "adkim" in policy_published:
- if policy_published["adkim"] is not None:
- adkim = policy_published["adkim"]
- new_policy_published["adkim"] = adkim
- aspf = "r"
- if "aspf" in policy_published:
- if policy_published["aspf"] is not None:
- aspf = policy_published["aspf"]
- new_policy_published["aspf"] = aspf
- new_policy_published["p"] = policy_published["p"]
- sp = new_policy_published["p"]
- if "sp" in policy_published:
- if policy_published["sp"] is not None:
- sp = report["policy_published"]["sp"]
- new_policy_published["sp"] = sp
- pct = "100"
- if "pct" in policy_published:
- if policy_published["pct"] is not None:
- pct = report["policy_published"]["pct"]
- new_policy_published["pct"] = pct
- fo = "0"
- if "fo" in policy_published:
- if policy_published["fo"] is not None:
- fo = report["policy_published"]["fo"]
- new_policy_published["fo"] = fo
- new_report["policy_published"] = new_policy_published
-
- if type(report["record"]) == list:
- for record in report["record"]:
- records.append(_parse_report_record(record,
- nameservers=nameservers,
- timeout=timeout))
-
- else:
- records.append(_parse_report_record(report["record"]))
-
- new_report["records"] = records
-
- return new_report
-
- except KeyError as error:
- raise InvalidAggregateReport("Missing field: "
- "{0}".format(error.__str__()))
-
-
-[docs]def extract_xml(input_):
- """
- Extracts xml from a zip or gzip file at the given path, file-like object,
- or bytes.
-
- Args:
- input_: A path to a file, a file like object, or bytes
-
- Returns:
- str: The extracted XML
-
- """
- if type(input_) == str:
- file_object = open(input_, "rb")
- elif type(input_) == bytes:
- file_object = BytesIO(input_)
- else:
- file_object = input_
- try:
- header = file_object.read(6)
- file_object.seek(0)
- if header.startswith(MAGIC_ZIP):
- _zip = zipfile.ZipFile(file_object)
- xml = _zip.open(_zip.namelist()[0]).read().decode()
- elif header.startswith(MAGIC_GZIP):
- xml = GzipFile(fileobj=file_object).read().decode()
- elif header.startswith(MAGIC_XML):
- xml = file_object.read().decode()
- else:
- file_object.close()
- raise InvalidAggregateReport("Not a valid zip, gzip, or xml file")
-
- file_object.close()
-
- except UnicodeDecodeError:
- raise InvalidAggregateReport("File objects must be opened in binary "
- "(rb) mode")
-
- return xml
-
-
-[docs]def parse_aggregate_report_file(_input, nameservers=None, timeout=6.0):
- """Parses a file at the given path, a file-like object. or bytes as a
- aggregate DMARC report
-
- Args:
- _input: A path to a file, a file like object, or bytes
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- OrderedDict: The parsed DMARC aggregate report
- """
- xml = extract_xml(_input)
-
- return parse_aggregate_report_xml(xml,
- nameservers=nameservers,
- timeout=timeout)
-
-
-[docs]def parsed_aggregate_reports_to_csv(reports):
- """
- Converts one or more parsed aggregate reports to flat CSV format, including
- headers
-
- Args:
- reports: A parsed aggregate report or list of parsed aggregate reports
-
- Returns:
- str: Parsed aggregate report data in flat CSV format, including headers
- """
- fields = ["xml_schema", "org_name", "org_email",
- "org_extra_contact_info", "report_id", "begin_date", "end_date",
- "errors", "domain", "adkim", "aspf", "p", "sp", "pct", "fo",
- "source_ip_address", "source_country", "source_reverse_dns",
- "source_base_domain", "count", "disposition", "dkim_alignment",
- "spf_alignment", "policy_override_reasons",
- "policy_override_comments", "envelope_from", "header_from",
- "envelope_to", "dkim_domains", "dkim_selectors", "dkim_results",
- "spf_domains", "spf_scopes", "spf_results"]
-
- csv_file_object = StringIO()
- writer = DictWriter(csv_file_object, fields)
- writer.writeheader()
-
- if type(reports) == OrderedDict:
- reports = [reports]
-
- for report in reports:
- xml_schema = report["xml_schema"]
- org_name = report["report_metadata"]["org_name"]
- org_email = report["report_metadata"]["org_email"]
- org_extra_contact = report["report_metadata"]["org_extra_contact_info"]
- report_id = report["report_metadata"]["report_id"]
- begin_date = report["report_metadata"]["begin_date"]
- end_date = report["report_metadata"]["end_date"]
- errors = "|".join(report["report_metadata"]["errors"])
- domain = report["policy_published"]["domain"]
- adkim = report["policy_published"]["adkim"]
- aspf = report["policy_published"]["aspf"]
- p = report["policy_published"]["p"]
- sp = report["policy_published"]["sp"]
- pct = report["policy_published"]["pct"]
- fo = report["policy_published"]["fo"]
-
- report_dict = dict(xml_schema=xml_schema, org_name=org_name,
- org_email=org_email,
- org_extra_contact_info=org_extra_contact,
- report_id=report_id, begin_date=begin_date,
- end_date=end_date, errors=errors, domain=domain,
- adkim=adkim, aspf=aspf, p=p, sp=sp, pct=pct, fo=fo)
-
- for record in report["records"]:
- row = report_dict
- row["source_ip_address"] = record["source"]["ip_address"]
- row["source_country"] = record["source"]["country"]
- row["source_reverse_dns"] = record["source"]["reverse_dns"]
- row["source_base_domain"] = record["source"]["base_domain"]
- row["count"] = record["count"]
- row["disposition"] = record["policy_evaluated"]["disposition"]
- row["spf_alignment"] = record["policy_evaluated"]["spf"]
- row["dkim_alignment"] = record["policy_evaluated"]["dkim"]
- policy_override_reasons = list(map(lambda r: r["type"],
- record["policy_evaluated"]
- ["policy_override_reasons"]))
- policy_override_comments = list(map(lambda r: r["comment"],
- record["policy_evaluated"]
- ["policy_override_reasons"]))
- row["policy_override_reasons"] = ",".join(
- policy_override_reasons)
- row["policy_override_comments"] = "|".join(
- policy_override_comments)
- row["envelope_from"] = record["identifiers"]["envelope_from"]
- row["header_from"] = record["identifiers"]["header_from"]
- envelope_to = record["identifiers"]["envelope_to"]
- row["envelope_to"] = envelope_to
- dkim_domains = []
- dkim_selectors = []
- dkim_results = []
- for dkim_result in record["auth_results"]["dkim"]:
- dkim_domains.append(dkim_result["domain"])
- if "selector" in dkim_result:
- dkim_selectors.append(dkim_result["selector"])
- dkim_results.append(dkim_result["result"])
- row["dkim_domains"] = ",".join(dkim_domains)
- row["dkim_selectors"] = ",".join(dkim_selectors)
- row["dkim_results"] = ",".join(dkim_results)
- spf_domains = []
- spf_scopes = []
- spf_results = []
- for spf_result in record["auth_results"]["spf"]:
- spf_domains.append(spf_result["domain"])
- spf_scopes.append(spf_result["scope"])
- spf_results.append(spf_result["result"])
- row["spf_domains"] = ",".join(spf_domains)
- row["spf_scopes"] = ",".join(spf_scopes)
- row["spf_results"] = ",".join(spf_results)
-
- writer.writerow(row)
- csv_file_object.flush()
-
- return csv_file_object.getvalue()
-
-
-[docs]def parse_forensic_report(feedback_report, sample, sample_headers_only,
- nameservers=None, timeout=6.0):
- """
- Converts a DMARC forensic report and sample to a ``OrderedDict``
-
- Args:
- feedback_report (str): A message's feedback report as a string
- sample (str): The RFC 822 headers or RFC 822 message sample
- sample_headers_only (bool): Set true if the sample is only headers
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- OrderedDict: An parsed report and sample
- """
-
- def convert_address(original_address):
- if original_address[0] == "":
- display_name = None
- else:
- display_name = original_address[0]
- address = original_address[1]
-
- return OrderedDict([("display_name", display_name),
- ("address", address)])
-
- def get_filename_safe_subject(_subject):
- """
- Converts a message subject to a string that is safe for a filename
- Args:
- _subject (str): A message subject
-
- Returns:
- str: A string safe for a filename
- """
- invalid_filename_chars = ['\\', '/', ':', '"', '*', '?', '|', '\n',
- '\r']
- if _subject is None:
- _subject = "No Subject"
- for char in invalid_filename_chars:
- _subject = _subject.replace(char, "")
- _subject = _subject.rstrip(".")
-
- return _subject
-
- try:
- parsed_report = OrderedDict()
- report_values = feedback_report_regex.findall(feedback_report)
- for report_value in report_values:
- key = report_value[0].lower().replace("-", "_")
- parsed_report[key] = report_value[1]
- if key == "arrival_date":
- arrival_utc = dateparser.parse(parsed_report["arrival_date"],
- settings={"TO_TIMEZONE": "UTC"})
- arrival_utc = arrival_utc.strftime("%Y-%m-%d %H:%M:%S")
- parsed_report["arrival_date_utc"] = arrival_utc
-
- ip_address = parsed_report["source_ip"]
- parsed_report["source"] = _get_ip_address_info(ip_address,
- nameservers=nameservers,
- timeout=timeout)
- del parsed_report["source_ip"]
-
- if "identity_alignment" not in parsed_report:
- parsed_report["authentication_mechanisms"] = []
- elif parsed_report["identity_alignment"] == "none":
- parsed_report["authentication_mechanisms"] = []
- del parsed_report["identity_alignment"]
- else:
- auth_mechanisms = parsed_report["identity_alignment"]
- auth_mechanisms = auth_mechanisms.split(",")
- parsed_report["authentication_mechanisms"] = auth_mechanisms
- del parsed_report["identity_alignment"]
-
- if "auth_failure" not in parsed_report:
- parsed_report["auth_failure"] = "dmarc"
- auth_failure = parsed_report["auth_failure"].split(",")
- parsed_report["auth_failure"] = auth_failure
-
- optional_fields = ["original_envelope_id", "dkim_domain",
- "original_mail_from", "original_rcpt_to"]
- for optional_field in optional_fields:
- if optional_field not in parsed_report:
- parsed_report[optional_field] = None
-
- parsed_mail = mailparser.parse_from_string(sample)
- parsed_headers = json.loads(parsed_mail.headers_json)
- parsed_message = json.loads(parsed_mail.mail_json)
- parsed_sample = OrderedDict([("headers", parsed_headers)])
- for key in parsed_message:
- parsed_sample[key] = parsed_message[key]
-
- parsed_sample["date"] = parsed_sample["date"].replace("T", " ")
- if "received" in parsed_message:
- for received in parsed_message["received"]:
- if "date_utc" in received:
- received["date_utc"] = received["date_utc"].replace("T",
- " ")
- parsed_sample["from"] = convert_address(parsed_sample["from"][0])
-
- if "reply_to" in parsed_sample:
- parsed_sample["reply_to"] = list(map(lambda x: convert_address(x),
- parsed_sample["reply_to"]))
- else:
- parsed_sample["reply_to"] = []
-
- parsed_sample["to"] = list(map(lambda x: convert_address(x),
- parsed_sample["to"]))
- if "cc" in parsed_sample:
- parsed_sample["cc"] = list(map(lambda x: convert_address(x),
- parsed_sample["cc"]))
- else:
- parsed_sample["cc"] = []
-
- if "bcc" in parsed_sample:
- parsed_sample["bcc"] = list(map(lambda x: convert_address(x),
- parsed_sample["bcc"]))
- else:
- parsed_sample["bcc"] = []
-
- if "delivered_to" in parsed_sample:
- parsed_sample["delivered_to"] = list(
- map(lambda x: convert_address(x),
- parsed_sample["delivered_to"])
- )
-
- if "attachments" not in parsed_sample:
- parsed_sample["attachments"] = []
-
- if "subject" not in parsed_sample:
- parsed_sample["subject"] = None
-
- parsed_sample["filename_safe_subject"] = get_filename_safe_subject(
- parsed_sample["subject"])
-
- if "body" not in parsed_sample:
- parsed_sample["body"] = None
-
- if sample_headers_only and parsed_sample["has_defects"]:
- del parsed_sample["defects"]
- del parsed_sample["defects_categories"]
- del parsed_sample["has_defects"]
- parsed_report["sample_headers_only"] = sample_headers_only
- parsed_report["sample"] = sample
- parsed_report["parsed_sample"] = parsed_sample
-
- return parsed_report
-
- except KeyError as error:
- raise InvalidForensicReport("Missing value: {0}".format(
- error.__str__()))
-
-
-[docs]def parsed_forensic_reports_to_csv(reports):
- """
- Converts one or more parsed forensic reports to flat CSV format, including
- headers
-
- Args:
- reports: A parsed forensic report or list of parsed forensic reports
-
- Returns:
- str: Parsed forensic report data in flat CSV format, including headers
- """
- fields = ["feedback_type", "user_agent", "version", "original_envelope_id",
- "original_mail_from", "original_rcpt_to", "arrival_date",
- "arrival_date_utc", "subject", "message_id",
- "authentication_results", "dkim_domain", "source_ip_address",
- "source_country", "source_reverse_dns", "source_base_domain",
- "delivery_result", "auth_failure", "reported_domain",
- "authentication_mechanisms", "sample_headers_only"]
-
- if type(reports) == OrderedDict:
- reports = [reports]
- csv_file = StringIO()
- csv_writer = DictWriter(csv_file, fieldnames=fields)
- csv_writer.writeheader()
- for report in reports:
- row = report.copy()
- row["source_ip_address"] = report["source"]["ip_address"]
- row["source_reverse_dns"] = report["source"]["reverse_dns"]
- row["source_base_domain"] = report["source"]["base_domain"]
- row["source_country"] = report["source"]["country"]
- del row["source"]
- row["subject"] = report["parsed_sample"]["subject"]
- row["auth_failure"] = ",".join(report["auth_failure"])
- authentication_mechanisms = report["authentication_mechanisms"]
- row["authentication_mechanisms"] = ",".join(
- authentication_mechanisms)
- del row["sample"]
- del row["parsed_sample"]
- csv_writer.writerow(row)
-
- return csv_file.getvalue()
-
-
-[docs]def parse_report_email(input_, nameservers=None, timeout=6.0):
- """
- Parses a DMARC report from an email
-
- Args:
- input_: An emailed DMARC report in RFC 822 format, as bytes or a string
- nameservers (list): A list of one or more nameservers to use
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- OrderedDict:
- * ``report_type``: ``aggregate`` or ``forensic``
- * ``report``: The parsed report
- """
-
- def is_outlook_msg(suspect_bytes):
- """Checks if the given content is a Outlook msg OLE file"""
- return suspect_bytes.startswith(b"\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1")
-
- def convert_outlook_msg(msg_bytes):
- """
- Uses the ``msgconvert`` Perl utility to convert an Outlook MS file to
- standard RFC 822 format
-
- Args:
- msg_bytes (bytes): the content of the .msg file
-
- Returns:
- A RFC 822 string
- """
- if not is_outlook_msg(msg_bytes):
- raise ValueError("The supplied bytes are not an Outlook MSG file")
- orig_dir = os.getcwd()
- tmp_dir = tempfile.mkdtemp()
- os.chdir(tmp_dir)
- with open("sample.msg", "wb") as msg_file:
- msg_file.write(msg_bytes)
- try:
- subprocess.check_call(["msgconvert", "sample.msg"])
- eml_path = "sample.eml"
- with open(eml_path, "rb") as eml_file:
- rfc822 = eml_file.read()
- except FileNotFoundError as e:
- raise RuntimeError(
- "Error running msgconvert. Please ensure it is installed\n"
- "sudo apt install libemail-outlook-message-perl\n"
- "https://github.com/mvz/email-outlook-message-perl\n\n"
- "{0}".format(e))
- finally:
- os.chdir(orig_dir)
- shutil.rmtree(tmp_dir)
-
- return rfc822
-
- def decode_header(header):
- """Decodes a RFC 822 email header"""
- header = header.replace("\r", "").replace("\n", "")
- decoded_header = email.header.decode_header(header)
- header = ""
- for header_part in decoded_header:
- if type(header_part[0]) == bytes:
- encoding = header_part[1] or "ascii"
- header_part = header_part[0].decode(encoding=encoding,
- errors="replace")
- else:
- header_part = header_part[0]
- header += header_part
- header = header.replace("\r", " ").replace("\n", " ")
-
- return header
-
- if type(input_) == bytes:
- if is_outlook_msg(input_):
- input_ = convert_outlook_msg(input_)
- input_ = input_.decode("utf-8", errors="replace")
- result = None
- msg = email.message_from_string(input_)
- subject = None
- feedback_report = None
- sample_headers_only = False
- sample = None
- if "subject" in msg:
- subject = decode_header(msg["subject"])
- for part in msg.walk():
- content_type = part.get_content_type()
- payload = part.get_payload()
- if type(payload) == list:
- payload = payload[0].__str__()
- if content_type == "message/feedback-report":
- feedback_report = payload
- elif content_type == "text/rfc822-headers":
- sample = payload
- sample_headers_only = True
- elif content_type == "message/rfc822":
- sample = payload
- sample_headers_only = False
- if feedback_report and sample:
- forensic_report = parse_forensic_report(feedback_report,
- sample,
- sample_headers_only,
- nameservers=nameservers,
- timeout=timeout)
-
- result = OrderedDict([("report_type", "forensic"),
- ("report", forensic_report)])
- return result
- try:
- payload = b64decode(payload)
- if payload.startswith(MAGIC_ZIP) or \
- payload.startswith(MAGIC_GZIP) or \
- payload.startswith(MAGIC_XML):
- ns = nameservers
- aggregate_report = parse_aggregate_report_file(payload,
- nameservers=ns,
- timeout=timeout)
- result = OrderedDict([("report_type", "aggregate"),
- ("report", aggregate_report)])
- except (TypeError, binascii.Error):
- pass
-
- if result is None:
- error = 'Message with subject "{0}" is ' \
- 'not a valid DMARC report'.format(subject)
- raise InvalidDMARCReport(error)
-
- return result
-
-
-[docs]def parse_report_file(input_, nameservers=None, timeout=6.0):
- """Parses a DMARC aggregate or forensic file at the given path, a
- file-like object. or bytes
-
- Args:
- input_: A path to a file, a file like object, or bytes
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- timeout (float): Sets the DNS timeout in seconds
-
- Returns:
- OrderedDict: The parsed DMARC report
- """
- if type(input_) == str:
- file_object = open(input_, "rb")
- elif type(input_) == bytes:
- file_object = BytesIO(input_)
- else:
- file_object = input_
-
- content = file_object.read()
- try:
- report = parse_aggregate_report_file(content, nameservers=nameservers,
- timeout=timeout)
- results = OrderedDict([("report_type", "aggregate"),
- ("report", report)])
- except InvalidAggregateReport:
- try:
- results = parse_report_email(content,
- nameservers=nameservers,
- timeout=timeout)
- except InvalidDMARCReport:
- raise InvalidDMARCReport("Not a valid aggregate or forensic "
- "report")
- return results
-
-
-[docs]def get_dmarc_reports_from_inbox(host, user, password,
- reports_folder="INBOX",
- archive_folder="Archive",
- delete=False, test=False,
- nameservers=None,
- dns_timeout=6.0):
- """
- Fetches and parses DMARC reports from sn inbox
-
- Args:
- host: The mail server hostname or IP address
- user: The mail server user
- password: The mail server password
- reports_folder: The IMAP folder where reports can be found
- archive_folder: The folder to move processed mail to
- delete (bool): Delete messages after processing them
- test (bool): Do not move or delete messages after processing them
- nameservers (list): A list of DNS nameservers to query
- dns_timeout (float): Set the DNS query timeout
-
- Returns:
- OrderedDict: Lists of ``aggregate_reports`` and ``forensic_reports``
- """
-
- def chunks(l, n):
- """Yield successive n-sized chunks from l."""
- for i in range(0, len(l), n):
- yield l[i:i + n]
-
- if delete and test:
- raise ValueError("delete and test options are mutually exclusive")
-
- aggregate_reports = []
- forensic_reports = []
- aggregate_report_msg_uids = []
- forensic_report_msg_uids = []
- aggregate_reports_folder = "{0}/Aggregate".format(archive_folder)
- forensic_reports_folder = "{0}/Forensic".format(archive_folder)
-
- try:
- server = imapclient.IMAPClient(host, use_uid=True)
- server.login(user, password)
- server.select_folder(reports_folder)
- if not server.folder_exists(archive_folder):
- server.create_folder(archive_folder)
- if not server.folder_exists(aggregate_reports_folder):
- server.create_folder(aggregate_reports_folder)
- if not server.folder_exists(forensic_reports_folder):
- server.create_folder(forensic_reports_folder)
- messages = server.search()
- for message_uid in messages:
- raw_msg = server.fetch(message_uid,
- ["RFC822"])[message_uid][b"RFC822"]
- msg_content = raw_msg.decode("utf-8", errors="replace")
-
- try:
- parsed_email = parse_report_email(msg_content,
- nameservers=nameservers,
- timeout=dns_timeout)
- if parsed_email["report_type"] == "aggregate":
- aggregate_reports.append(parsed_email["report"])
- aggregate_report_msg_uids.append(message_uid)
- elif parsed_email["report_type"] == "forensic":
- forensic_reports.append(parsed_email["report"])
- forensic_report_msg_uids.append(message_uid)
- except InvalidDMARCReport as error:
- logger.warning(error.__str__())
-
- if not test:
- if delete:
- processed_messages = aggregate_report_msg_uids + \
- forensic_report_msg_uids
- server.add_flags(processed_messages, [imapclient.DELETED])
- server.expunge()
- else:
- if len(aggregate_report_msg_uids) > 0:
- for chunk in chunks(aggregate_report_msg_uids, 100):
- server.move(chunk,
- aggregate_reports_folder)
- if len(forensic_report_msg_uids) > 0:
- for chunk in chunks(forensic_report_msg_uids, 100):
- server.move(chunk,
- forensic_reports_folder)
-
- results = OrderedDict([("aggregate_reports", aggregate_reports),
- ("forensic_reports", forensic_reports)])
-
- return results
- except imapclient.exceptions.IMAPClientError as error:
- error = error.__str__().lstrip("b'").rstrip("'").rstrip(".")
- raise IMAPError(error)
- except socket.gaierror:
- raise IMAPError("DNS resolution failed")
- except ConnectionRefusedError:
- raise IMAPError("Connection refused")
- except ConnectionResetError:
- raise IMAPError("Connection reset")
- except ConnectionAbortedError:
- raise IMAPError("Connection aborted")
- except TimeoutError:
- raise IMAPError("Connection timed out")
- except ssl.SSLError as error:
- raise IMAPError("SSL error: {0}".format(error.__str__()))
- except ssl.CertificateError as error:
- raise IMAPError("Certificate error: {0}".format(error.__str__()))
-
-
-[docs]def save_output(results, output_directory="output"):
- """
- Save report data in the given directory
-
- Args:
- results (OrderedDict): Parsing results
- output_directory: The patch to the directory to save in
- """
-
- aggregate_reports = results["aggregate_reports"]
- forensic_reports = results["forensic_reports"]
-
- if os.path.exists(output_directory):
- if not os.path.isdir(output_directory):
- raise ValueError("{0} is not a directory".format(output_directory))
- else:
- os.makedirs(output_directory)
-
- with open("{0}".format(os.path.join(output_directory, "aggregate.json")),
- "w", newline="\n", encoding="utf-8") as agg_json:
- agg_json.write(json.dumps(aggregate_reports, ensure_ascii=False,
- indent=2))
-
- with open("{0}".format(os.path.join(output_directory, "aggregate.csv")),
- "w", newline="\n", encoding="utf-8") as agg_csv:
- csv = parsed_aggregate_reports_to_csv(aggregate_reports)
- agg_csv.write(csv)
-
- with open("{0}".format(os.path.join(output_directory, "forensic.json")),
- "w", newline="\n", encoding="utf-8") as for_json:
- for_json.write(json.dumps(forensic_reports, ensure_ascii=False,
- indent=2))
-
- with open("{0}".format(os.path.join(output_directory, "forensic.csv")),
- "w", newline="\n", encoding="utf-8") as for_csv:
- csv = parsed_forensic_reports_to_csv(forensic_reports)
- for_csv.write(csv)
-
- samples_directory = os.path.join(output_directory, "samples")
- if not os.path.exists(samples_directory):
- os.makedirs(samples_directory)
-
- sample_filenames = []
- for forensic_report in forensic_reports:
- sample = forensic_report["sample"]
- message_count = 0
- parsed_sample = forensic_report["parsed_sample"]
- subject = parsed_sample["filename_safe_subject"]
- filename = subject
-
- while filename in sample_filenames:
- message_count += 1
- filename = "{0} ({1})".format(subject, message_count)
-
- sample_filenames.append(filename)
-
- filename = "{0}.eml".format(filename)
- path = os.path.join(samples_directory, filename)
- with open(path, "w", newline="\n", encoding="utf-8") as sample_file:
- sample_file.write(sample)
-
-
-[docs]def get_report_zip(results):
- """
- Creates a zip file of parsed report output
-
- Args:
- results (OrderedDict): The parsed results
-
- Returns:
- bytes: zip file bytes
- """
- def add_subdir(root_path, subdir):
- subdir_path = os.path.join(root_path, subdir)
- for subdir_root, subdir_dirs, subdir_files in os.walk(subdir_path):
- for subdir_file in subdir_files:
- subdir_file_path = os.path.join(root_path, subdir, subdir_file)
- if os.path.isfile(subdir_file_path):
- rel_path = os.path.relpath(subdir_root, subdir_file_path)
- subdir_arc_name = os.path.join(rel_path, subdir_file)
- zip_file.write(subdir_file_path, subdir_arc_name)
- for subdir in subdir_dirs:
- add_subdir(subdir_path, subdir)
-
- storage = BytesIO()
- tmp_dir = tempfile.mkdtemp()
- try:
- save_output(results, tmp_dir)
- with zipfile.ZipFile(storage, 'w', zipfile.ZIP_DEFLATED) as zip_file:
- for root, dirs, files in os.walk(tmp_dir):
- for file in files:
- file_path = os.path.join(root, file)
- if os.path.isfile(file_path):
- arcname = os.path.join(os.path.relpath(root, tmp_dir),
- file)
- zip_file.write(file_path, arcname)
- for directory in dirs:
- dir_path = os.path.join(root, directory)
- if os.path.isdir(dir_path):
- zip_file.write(dir_path, directory)
- add_subdir(root, directory)
- finally:
- shutil.rmtree(tmp_dir)
-
- return storage.getvalue()
-
-
-[docs]def email_results(results, host, mail_from, mail_to, port=0, starttls=True,
- use_ssl=False, user=None, password=None, subject=None,
- attachment_filename=None, message=None, ssl_context=None):
- """
- Emails parsing results as a zip file
-
- Args:
- results (OrderedDict): Parsing results
- host: Mail server hostname or IP address
- mail_from: The value of the message from header
- mail_to : A list of addresses to mail to
- port (int): Port to use
- starttls (bool): use STARTTLS
- use_ssl (bool): Require a SSL connection from the start
- user: An optional username
- password: An optional password
- subject: Overrides the default message subject
- attachment_filename: Override the default attachment filename
- message: Override the default plain text body
- ssl_context: SSL context options
- """
- date_string = datetime.now().strftime("%Y-%m-%d")
- if attachment_filename:
- if not attachment_filename.lower().endswith(".zip"):
- attachment_filename += ".zip"
- filename = attachment_filename
- else:
- filename = "DMARC-{0}.zip".format(date_string)
-
- assert isinstance(mail_to, list)
-
- msg = MIMEMultipart()
- msg['From'] = mail_from
- msg['To'] = COMMASPACE.join(mail_to)
- msg['Date'] = formatdate(localtime=True)
- msg['Subject'] = subject or "DMARC results for {0}".format(date_string)
- text = message or "Please see the attached zip file\n"
-
- msg.attach(MIMEText(text))
-
- zip_bytes = get_report_zip(results)
- part = MIMEApplication(zip_bytes, Name=filename)
-
- part['Content-Disposition'] = 'attachment; filename="{0}"'.format(filename)
- msg.attach(part)
-
- try:
- if ssl_context is None:
- ssl_context = ssl.create_default_context()
- if use_ssl:
- server = smtplib.SMTP_SSL(host, port=port, context=ssl_context)
- server.helo()
- else:
- server = smtplib.SMTP(host, port=port)
- server.ehlo()
- if starttls:
- server.starttls(context=ssl_context)
- server.helo()
- if user and password:
- server.login(user, password)
- server.sendmail(mail_from, mail_to, msg.as_string())
- except smtplib.SMTPException as error:
- error = error.__str__().lstrip("b'").rstrip("'").rstrip(".")
- raise SMTPError(error)
- except socket.gaierror:
- raise SMTPError("DNS resolution failed")
- except ConnectionRefusedError:
- raise SMTPError("Connection refused")
- except ConnectionResetError:
- raise SMTPError("Connection reset")
- except ConnectionAbortedError:
- raise SMTPError("Connection aborted")
- except TimeoutError:
- raise SMTPError("Connection timed out")
- except ssl.SSLError as error:
- raise SMTPError("SSL error: {0}".format(error.__str__()))
- except ssl.CertificateError as error:
- raise SMTPError("Certificate error: {0}".format(error.__str__()))
-
-
-[docs]def watch_inbox(host, username, password, callback, reports_folder="INBOX",
- archive_folder="Archive", delete=False, test=False, wait=30,
- nameservers=None, dns_timeout=6.0):
- """
- Use an IDLE IMAP connection to parse incoming emails, and pass the results
- to a callback function
-
- Args:
- host: The mail server hostname or IP address
- username: The mail server username
- password: The mail server password
- callback: The callback function to receive the parsing results
- reports_folder: The IMAP folder where reports can be found
- archive_folder: The folder to move processed mail to
- delete (bool): Delete messages after processing them
- test (bool): Do not move or delete messages after processing them
- wait (int): Number of seconds to wait for a IMAP IDLE response
- nameservers (list): A list of one or more nameservers to use
- (Cloudflare's public DNS resolvers by default)
- dns_timeout (float): Set the DNS query timeout
- """
- rf = reports_folder
- af = archive_folder
- ns = nameservers
- dt = dns_timeout
- server = imapclient.IMAPClient(host)
-
- try:
- server.login(username, password)
- server.select_folder(rf)
- idle_start_time = time.monotonic()
- server.idle()
-
- except imapclient.exceptions.IMAPClientError as error:
- error = error.__str__().lstrip("b'").rstrip("'").rstrip(".")
- raise IMAPError(error)
- except socket.gaierror:
- raise IMAPError("DNS resolution failed")
- except ConnectionRefusedError:
- raise IMAPError("Connection refused")
- except ConnectionResetError:
- raise IMAPError("Connection reset")
- except ConnectionAbortedError:
- raise IMAPError("Connection aborted")
- except TimeoutError:
- raise IMAPError("Connection timed out")
- except ssl.SSLError as error:
- raise IMAPError("SSL error: {0}".format(error.__str__()))
- except ssl.CertificateError as error:
- raise IMAPError("Certificate error: {0}".format(error.__str__()))
- except BrokenPipeError:
- raise IMAPError("Broken pipe")
-
- while True:
- try:
- # Refresh the IDLE session every 10 minutes to stay connected
- if time.monotonic() - idle_start_time > 10 * 60:
- logger.info("IMAP: Refreshing IDLE session")
- server.idle_done()
- server.idle()
- idle_start_time = time.monotonic()
- responses = server.idle_check(timeout=wait)
- if responses is not None:
- for response in responses:
- if response[1] == b'RECENT' and response[0] > 0:
- res = get_dmarc_reports_from_inbox(host, username,
- password,
- reports_folder=rf,
- archive_folder=af,
- delete=delete,
- test=test,
- nameservers=ns,
- dns_timeout=dt)
- callback(res)
- break
- except imapclient.exceptions.IMAPClientError as error:
- error = error.__str__().lstrip("b'").rstrip("'").rstrip(".")
- raise IMAPError(error)
- except socket.gaierror:
- raise IMAPError("DNS resolution failed")
- except ConnectionRefusedError:
- raise IMAPError("Connection refused")
- except ConnectionResetError:
- raise IMAPError("Connection reset")
- except ConnectionAbortedError:
- raise IMAPError("Connection aborted")
- except TimeoutError:
- raise IMAPError("Connection timed out")
- except ssl.SSLError as error:
- raise IMAPError("SSL error: {0}".format(error.__str__()))
- except ssl.CertificateError as error:
- raise IMAPError("Certificate error: {0}".format(error.__str__()))
- except BrokenPipeError:
- raise IMAPError("Broken pipe")
- except KeyboardInterrupt:
- break
-
- try:
- server.idle_done()
- logger.info("IMAP: Sending DONE")
- server.logout()
- except BrokenPipeError:
- pass
-
-# -*- coding: utf-8 -*-
-
-from collections import OrderedDict
-
-import parsedmarc
-from elasticsearch_dsl.search import Q
-from elasticsearch_dsl import connections, Object, DocType, Index, Nested, \
- InnerDoc, Integer, Text, Boolean, DateRange, Ip, Date
-
-aggregate_index = Index("dmarc_aggregate")
-forensic_index = Index("dmarc_forensic")
-
-
-class _PolicyOverride(InnerDoc):
- type = Text()
- comment = Text()
-
-
-class _PublishedPolicy(InnerDoc):
- adkim = Text()
- aspf = Text()
- p = Text()
- sp = Text()
- pct = Integer()
- fo = Integer()
-
-
-class _DKIMResult(InnerDoc):
- domain = Text()
- selector = Text()
- result = Text()
-
-
-class _SPFResult(InnerDoc):
- domain = Text()
- scope = Text()
- results = Text()
-
-
-class _AggregateReportDoc(DocType):
- class Meta:
- index = "dmarc_aggregate"
-
- xml_schema = Text()
- org_name = Text()
- org_email = Text()
- org_extra_contact_info = Text()
- report_id = Text()
- date_range = DateRange()
- errors = Text()
- domain = Text()
- published_policy = Object(_PublishedPolicy)
- source_ip_address = Ip()
- source_country = Text()
- source_reverse_dns = Text()
- source_Base_domain = Text()
- message_count = Integer
- disposition = Text()
- dkim_aligned = Boolean()
- spf_aligned = Boolean()
- passed_dmarc = Boolean()
- policy_overrides = Nested(_PolicyOverride)
- header_from = Text()
- envelope_from = Text()
- envelope_to = Text()
- dkim_results = Nested(_DKIMResult)
- spf_results = Nested(_SPFResult)
-
- def add_policy_override(self, type_, comment):
- self.policy_overrides.append(_PolicyOverride(type=type_,
- comment=comment))
-
- def add_dkim_result(self, domain, selector, result):
- self.dkim_results.append(_DKIMResult(domain=domain,
- selector=selector,
- result=result))
-
- def add_spf_result(self, domain, scope, result):
- self.spf_results.append(_SPFResult(domain=domain,
- scope=scope,
- result=result))
-
- def save(self, ** kwargs):
- self.passed_dmarc = False
- self.passed_dmarc = self.spf_aligned or self.dkim_aligned
-
- return super().save(** kwargs)
-
-
-class _EmailAddressDoc(InnerDoc):
- display_name = Text()
- address = Text()
-
-
-class _EmailAttachmentDoc(DocType):
- filename = Text()
- content_type = Text()
-
-
-class _ForensicSampleDoc(InnerDoc):
- raw = Text()
- headers = Object()
- headers_only = Boolean()
- to = Nested(_EmailAddressDoc)
- subject = Text()
- filename_safe_subject = Text()
- _from = Object(_EmailAddressDoc)
- date = Date()
- reply_to = Nested(_EmailAddressDoc)
- cc = Nested(_EmailAddressDoc)
- bcc = Nested(_EmailAddressDoc)
- body = Text()
- attachments = Nested(_EmailAttachmentDoc)
-
- def add_to(self, display_name, address):
- self.to.append(_EmailAddressDoc(display_name=display_name,
- address=address))
-
- def add_reply_to(self, display_name, address):
- self.reply_to.append(_EmailAddressDoc(display_name=display_name,
- address=address))
-
- def add_cc(self, display_name, address):
- self.cc.append(_EmailAddressDoc(display_name=display_name,
- address=address))
-
- def add_bcc(self, display_name, address):
- self.bcc.append(_EmailAddressDoc(display_name=display_name,
- address=address))
-
- def add_attachment(self, filename, content_type):
- self.attachments.append(filename=filename,
- content_type=content_type)
-
-
-class _ForensicReportDoc(DocType):
- class Meta:
- index = "dmarc_forensic"
-
- feedback_type = Text()
- user_agent = Text()
- version = Text()
- original_mail_from = Text()
- arrival_date = Date()
- domain = Text()
- original_envelope_id = Text()
- authentication_results = Text()
- delivery_results = Text()
- source_ip_address = Ip()
- source_country = Text()
- source_reverse_dns = Text()
- source_authentication_mechanisms = Text()
- source_auth_failures = Text()
- dkim_domain = Text()
- original_rcpt_to = Text()
- sample = Object(_ForensicSampleDoc)
-
-
-[docs]class AlreadySaved(ValueError):
- """Raised when a report to be saved matches an existing report"""
-
-
-[docs]def set_hosts(hosts):
- """
- Sets the Elasticsearch hosts to use
-
- Args:
- hosts: A single hostname or URL, or list of hostnames or URLs
- """
- if type(hosts) != list:
- hosts = [hosts]
- connections.create_connection(hosts=hosts, timeout=20)
-
-
-[docs]def create_indexes():
- """Creates the required indexes"""
- if not aggregate_index.exists():
- aggregate_index.create()
- if not forensic_index.exists():
- forensic_index.create()
-
-
-[docs]def save_aggregate_report_to_elasticsearch(aggregate_report):
- """
- Saves a parsed DMARC aggregate report to ElasticSearch
-
- Args:
- aggregate_report (OrderedDict): A parsed forensic report
-
- Raises:
- AlreadySaved
- """
- aggregate_report = aggregate_report.copy()
- metadata = aggregate_report["report_metadata"]
- org_name = metadata["org_name"]
- report_id = metadata["report_id"]
- domain = aggregate_report["policy_published"]["domain"]
- begin_date = parsedmarc.human_timestamp_to_datetime(metadata["begin_date"])
- end_date = parsedmarc.human_timestamp_to_datetime(metadata["end_date"])
- begin_date_human = begin_date.strftime("%Y-%m-%d %H:%M:%S")
- end_date_human = end_date.strftime("%Y-%m-%d %H:%M:%S")
- aggregate_report["begin_date"] = begin_date
- aggregate_report["end_date"] = end_date
- date_range = (aggregate_report["begin_date"],
- aggregate_report["end_date"])
-
- org_name_query = Q(dict(match=dict(org_name=org_name)))
- report_id_query = Q(dict(match=dict(report_id=report_id)))
- domain_query = Q(dict(match=dict(domain=domain)))
- begin_date_query = Q(dict(match=dict(date_range=begin_date)))
- end_date_query = Q(dict(match=dict(date_range=end_date)))
-
- search = aggregate_index.search()
- search.query = org_name_query & report_id_query & domain_query & \
- begin_date_query & end_date_query
-
- existing = search.execute()
- if len(existing) > 0:
- raise AlreadySaved("An aggregate report ID {0} from {1} about {2} "
- "with a date range of {3} UTC to {4} UTC already "
- "exists in "
- "Elasticsearch".format(report_id,
- org_name,
- domain,
- begin_date_human,
- end_date_human))
- published_policy = _PublishedPolicy(
- adkim=aggregate_report["policy_published"]["adkim"],
- aspf=aggregate_report["policy_published"]["aspf"],
- p=aggregate_report["policy_published"]["p"],
- sp=aggregate_report["policy_published"]["sp"],
- pct=aggregate_report["policy_published"]["pct"],
- fo=aggregate_report["policy_published"]["fo"]
- )
-
- for record in aggregate_report["records"]:
- agg_doc = _AggregateReportDoc(
- xml_schemea=aggregate_report["xml_schema"],
- org_name=metadata["org_name"],
- org_email=metadata["org_email"],
- org_extra_contact_info=metadata["org_extra_contact_info"],
- report_id=metadata["report_id"],
- date_range=date_range,
- errors=metadata["errors"],
- domain=aggregate_report["policy_published"]["domain"],
- published_policy=published_policy,
- source_ip_address=record["source"]["ip_address"],
- source_country=record["source"]["country"],
- source_reverse_dns=record["source"]["reverse_dns"],
- source_base_domain=record["source"]["base_domain"],
- message_count=record["count"],
- disposition=record["policy_evaluated"]["disposition"],
- dkim_aligned=record["policy_evaluated"]["dkim"] == "pass",
- spf_aligned=record["policy_evaluated"]["spf"] == "pass",
- header_from=record["identifiers"]["header_from"],
- envelope_from=record["identifiers"]["envelope_from"],
- envelope_to=record["identifiers"]["envelope_to"]
- )
-
- for override in record["policy_evaluated"]["policy_override_reasons"]:
- agg_doc.add_policy_override(type_=override["type"],
- comment=override["comment"])
-
- for dkim_result in record["auth_results"]["dkim"]:
- agg_doc.add_dkim_result(domain=dkim_result["domain"],
- selector=dkim_result["selector"],
- result=dkim_result["result"])
-
- for spf_result in record["auth_results"]["spf"]:
- agg_doc.add_spf_result(domain=spf_result["domain"],
- scope=spf_result["scope"],
- result=spf_result["result"])
- agg_doc.save()
-
-
-[docs]def save_forensic_report_to_elasticsearch(forensic_report):
- """
- Saves a parsed DMARC forensic report to ElasticSearch
-
- Args:
- forensic_report (OrderedDict): A parsed forensic report
-
- Raises:
- AlreadySaved
-
- """
- forensic_report = forensic_report.copy()
- sample_date = forensic_report["parsed_sample"]["date"]
- sample_date = parsedmarc.human_timestamp_to_datetime(sample_date)
- original_headers = forensic_report["parsed_sample"]["headers"]
- headers = OrderedDict()
- for original_header in original_headers:
- headers[original_header.lower()] = original_headers[original_header]
-
- arrival_date_human = forensic_report["arrival_date_utc"]
- arrival_date = parsedmarc.human_timestamp_to_datetime(arrival_date_human)
-
- search = forensic_index.search()
- to_query = {"match": {"sample.headers.to": headers["to"]}}
- from_query = {"match": {"sample.headers.from": headers["from"]}}
- subject_query = {"match": {"sample.headers.subject": headers["subject"]}}
- arrival_date_query = {"match": {"sample.headers.arrival_date": arrival_date
- }}
- q = Q(to_query) & Q(from_query) & Q(subject_query) & Q(arrival_date_query)
- search.query = q
- existing = search.execute()
-
- if len(existing) > 0:
- raise AlreadySaved("A forensic sample to {0} from {1} "
- "with a subject of {2} and arrival date of {3} "
- "already exists in "
- "Elasticsearch".format(headers["to"],
- headers["from"],
- headers["subject"],
- arrival_date_human
- ))
-
- parsed_sample = forensic_report["parsed_sample"]
- sample = _ForensicSampleDoc(
- raw=forensic_report["sample"],
- headers=headers,
- headers_only=forensic_report["sample_headers_only"],
- date=sample_date,
- subject=forensic_report["parsed_sample"]["subject"],
- filename_safe_subject=parsed_sample["filename_safe_subject"],
- body=forensic_report["parsed_sample"]["body"]
- )
-
- for address in forensic_report["parsed_sample"]["to"]:
- sample.add_to(display_name=address["display_name"],
- address=address["address"])
- for address in forensic_report["parsed_sample"]["reply_to"]:
- sample.add_reply_to(display_name=address["display_name"],
- address=address["address"])
- for address in forensic_report["parsed_sample"]["cc"]:
- sample.add_cc(display_name=address["display_name"],
- address=address["address"])
- for address in forensic_report["parsed_sample"]["bcc"]:
- sample.add_bcc(display_name=address["display_name"],
- address=address["address"])
- for attachment in forensic_report["parsed_sample"]["attachments"]:
- sample.add_attachment(filename=attachment["filename"],
- content_type=attachment["mail_content_type"])
-
- forensic_doc = _ForensicReportDoc(
- feedback_type=forensic_report["feedback_type"],
- user_agent=forensic_report["user_agent"],
- version=forensic_report["version"],
- original_mail_from=forensic_report["original_mail_from"],
- arrival_date=arrival_date,
- domain=forensic_report["reported_domain"],
- original_envelope_id=forensic_report["original_envelope_id"],
- authentication_results=forensic_report["authentication_results"],
- delivery_results=forensic_report["delivery_result"],
- source_ip_address=forensic_report["source"]["ip_address"],
- source_country=forensic_report["source"]["country"],
- source_reverse_dns=forensic_report["source"]["reverse_dns"],
- source_base_domain=forensic_report["source"]["base_domain"],
- authentication_mechanisms=forensic_report["authentication_mechanisms"],
- auth_failure=forensic_report["auth_failure"],
- dkim_domain=forensic_report["dkim_domain"],
- original_rcpt_to=forensic_report["original_rcpt_to"],
- sample=sample
- )
-
- forensic_doc.save()
-' + _('Hide Search Matches') + '
') - .appendTo($('#searchbox')); - } - }, - - /** - * init the domain index toggle buttons - */ - initIndexTable : function() { - var togglers = $('img.toggler').click(function() { - var src = $(this).attr('src'); - var idnum = $(this).attr('id').substr(7); - $('tr.cg-' + idnum).toggle(); - if (src.substr(-9) === 'minus.png') - $(this).attr('src', src.substr(0, src.length-9) + 'plus.png'); - else - $(this).attr('src', src.substr(0, src.length-8) + 'minus.png'); - }).css('display', ''); - if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) { - togglers.click(); - } - }, - - /** - * helper function to hide the search marks again - */ - hideSearchWords : function() { - $('#searchbox .highlight-link').fadeOut(300); - $('span.highlighted').removeClass('highlighted'); - }, - - /** - * make the url absolute - */ - makeURL : function(relativeURL) { - return DOCUMENTATION_OPTIONS.URL_ROOT + '/' + relativeURL; - }, - - /** - * get the current relative url - */ - getCurrentURL : function() { - var path = document.location.pathname; - var parts = path.split(/\//); - $.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//), function() { - if (this === '..') - parts.pop(); - }); - var url = parts.join('/'); - return path.substring(url.lastIndexOf('/') + 1, path.length - 1); - }, - - initOnKeyListeners: function() { - $(document).keyup(function(event) { - var activeElementType = document.activeElement.tagName; - // don't navigate when in search box or textarea - if (activeElementType !== 'TEXTAREA' && activeElementType !== 'INPUT' && activeElementType !== 'SELECT') { - switch (event.keyCode) { - case 37: // left - var prevHref = $('link[rel="prev"]').prop('href'); - if (prevHref) { - window.location.href = prevHref; - return false; - } - case 39: // right - var nextHref = $('link[rel="next"]').prop('href'); - if (nextHref) { - window.location.href = nextHref; - return false; - } - } - } - }); - } -}; - -// quick alias for translations -_ = Documentation.gettext; - -$(document).ready(function() { - Documentation.init(); -}); \ No newline at end of file diff --git a/html/_static/documentation_options.js b/html/_static/documentation_options.js deleted file mode 100644 index b7b4bbb..0000000 --- a/html/_static/documentation_options.js +++ /dev/null @@ -1,9 +0,0 @@ -var DOCUMENTATION_OPTIONS = { - URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), - VERSION: '3.5.0', - LANGUAGE: 'None', - COLLAPSE_INDEX: false, - FILE_SUFFIX: '.html', - HAS_SOURCE: true, - SOURCELINK_SUFFIX: '.txt' -}; \ No newline at end of file diff --git a/html/_static/down-pressed.png b/html/_static/down-pressed.png deleted file mode 100644 index 5756c8c..0000000 Binary files a/html/_static/down-pressed.png and /dev/null differ diff --git a/html/_static/down.png b/html/_static/down.png deleted file mode 100644 index 1b3bdad..0000000 Binary files a/html/_static/down.png and /dev/null differ diff --git a/html/_static/file.png b/html/_static/file.png deleted file mode 100644 index a858a41..0000000 Binary files a/html/_static/file.png and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bold.eot b/html/_static/fonts/Lato/lato-bold.eot deleted file mode 100644 index 3361183..0000000 Binary files a/html/_static/fonts/Lato/lato-bold.eot and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bold.ttf b/html/_static/fonts/Lato/lato-bold.ttf deleted file mode 100644 index 29f691d..0000000 Binary files a/html/_static/fonts/Lato/lato-bold.ttf and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bold.woff b/html/_static/fonts/Lato/lato-bold.woff deleted file mode 100644 index c6dff51..0000000 Binary files a/html/_static/fonts/Lato/lato-bold.woff and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bold.woff2 b/html/_static/fonts/Lato/lato-bold.woff2 deleted file mode 100644 index bb19504..0000000 Binary files a/html/_static/fonts/Lato/lato-bold.woff2 and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bolditalic.eot b/html/_static/fonts/Lato/lato-bolditalic.eot deleted file mode 100644 index 3d41549..0000000 Binary files a/html/_static/fonts/Lato/lato-bolditalic.eot and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bolditalic.ttf b/html/_static/fonts/Lato/lato-bolditalic.ttf deleted file mode 100644 index f402040..0000000 Binary files a/html/_static/fonts/Lato/lato-bolditalic.ttf and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bolditalic.woff b/html/_static/fonts/Lato/lato-bolditalic.woff deleted file mode 100644 index 88ad05b..0000000 Binary files a/html/_static/fonts/Lato/lato-bolditalic.woff and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-bolditalic.woff2 b/html/_static/fonts/Lato/lato-bolditalic.woff2 deleted file mode 100644 index c4e3d80..0000000 Binary files a/html/_static/fonts/Lato/lato-bolditalic.woff2 and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-italic.eot b/html/_static/fonts/Lato/lato-italic.eot deleted file mode 100644 index 3f82642..0000000 Binary files a/html/_static/fonts/Lato/lato-italic.eot and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-italic.ttf b/html/_static/fonts/Lato/lato-italic.ttf deleted file mode 100644 index b4bfc9b..0000000 Binary files a/html/_static/fonts/Lato/lato-italic.ttf and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-italic.woff b/html/_static/fonts/Lato/lato-italic.woff deleted file mode 100644 index 76114bc..0000000 Binary files a/html/_static/fonts/Lato/lato-italic.woff and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-italic.woff2 b/html/_static/fonts/Lato/lato-italic.woff2 deleted file mode 100644 index 3404f37..0000000 Binary files a/html/_static/fonts/Lato/lato-italic.woff2 and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-regular.eot b/html/_static/fonts/Lato/lato-regular.eot deleted file mode 100644 index 11e3f2a..0000000 Binary files a/html/_static/fonts/Lato/lato-regular.eot and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-regular.ttf b/html/_static/fonts/Lato/lato-regular.ttf deleted file mode 100644 index 74decd9..0000000 Binary files a/html/_static/fonts/Lato/lato-regular.ttf and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-regular.woff b/html/_static/fonts/Lato/lato-regular.woff deleted file mode 100644 index ae1307f..0000000 Binary files a/html/_static/fonts/Lato/lato-regular.woff and /dev/null differ diff --git a/html/_static/fonts/Lato/lato-regular.woff2 b/html/_static/fonts/Lato/lato-regular.woff2 deleted file mode 100644 index 3bf9843..0000000 Binary files a/html/_static/fonts/Lato/lato-regular.woff2 and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot b/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot deleted file mode 100644 index 79dc8ef..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.eot and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf b/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf deleted file mode 100644 index df5d1df..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.ttf and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff b/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff deleted file mode 100644 index 6cb6000..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 b/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 deleted file mode 100644 index 7059e23..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-bold.woff2 and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot b/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot deleted file mode 100644 index 2f7ca78..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.eot and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf b/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf deleted file mode 100644 index eb52a79..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.ttf and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff b/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff deleted file mode 100644 index f815f63..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff and /dev/null differ diff --git a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 b/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 deleted file mode 100644 index f2c76e5..0000000 Binary files a/html/_static/fonts/RobotoSlab/roboto-slab-v7-regular.woff2 and /dev/null differ diff --git a/html/_static/fonts/fontawesome-webfont.eot b/html/_static/fonts/fontawesome-webfont.eot deleted file mode 100644 index e9f60ca..0000000 Binary files a/html/_static/fonts/fontawesome-webfont.eot and /dev/null differ diff --git a/html/_static/fonts/fontawesome-webfont.svg b/html/_static/fonts/fontawesome-webfont.svg deleted file mode 100644 index 855c845..0000000 --- a/html/_static/fonts/fontawesome-webfont.svg +++ /dev/null @@ -1,2671 +0,0 @@ - - - diff --git a/html/_static/fonts/fontawesome-webfont.ttf b/html/_static/fonts/fontawesome-webfont.ttf deleted file mode 100644 index 35acda2..0000000 Binary files a/html/_static/fonts/fontawesome-webfont.ttf and /dev/null differ diff --git a/html/_static/fonts/fontawesome-webfont.woff b/html/_static/fonts/fontawesome-webfont.woff deleted file mode 100644 index 400014a..0000000 Binary files a/html/_static/fonts/fontawesome-webfont.woff and /dev/null differ diff --git a/html/_static/fonts/fontawesome-webfont.woff2 b/html/_static/fonts/fontawesome-webfont.woff2 deleted file mode 100644 index 4d13fc6..0000000 Binary files a/html/_static/fonts/fontawesome-webfont.woff2 and /dev/null differ diff --git a/html/_static/jquery-3.2.1.js b/html/_static/jquery-3.2.1.js deleted file mode 100644 index d2d8ca4..0000000 --- a/html/_static/jquery-3.2.1.js +++ /dev/null @@ -1,10253 +0,0 @@ -/*! - * jQuery JavaScript Library v3.2.1 - * https://jquery.com/ - * - * Includes Sizzle.js - * https://sizzlejs.com/ - * - * Copyright JS Foundation and other contributors - * Released under the MIT license - * https://jquery.org/license - * - * Date: 2017-03-20T18:59Z - */ -( function( global, factory ) { - - "use strict"; - - if ( typeof module === "object" && typeof module.exports === "object" ) { - - // For CommonJS and CommonJS-like environments where a proper `window` - // is present, execute the factory and get jQuery. - // For environments that do not have a `window` with a `document` - // (such as Node.js), expose a factory as module.exports. - // This accentuates the need for the creation of a real `window`. - // e.g. var jQuery = require("jquery")(window); - // See ticket #14549 for more info. - module.exports = global.document ? - factory( global, true ) : - function( w ) { - if ( !w.document ) { - throw new Error( "jQuery requires a window with a document" ); - } - return factory( w ); - }; - } else { - factory( global ); - } - -// Pass this if window is not defined yet -} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { - -// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 -// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode -// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common -// enough that all such attempts are guarded in a try block. -"use strict"; - -var arr = []; - -var document = window.document; - -var getProto = Object.getPrototypeOf; - -var slice = arr.slice; - -var concat = arr.concat; - -var push = arr.push; - -var indexOf = arr.indexOf; - -var class2type = {}; - -var toString = class2type.toString; - -var hasOwn = class2type.hasOwnProperty; - -var fnToString = hasOwn.toString; - -var ObjectFunctionString = fnToString.call( Object ); - -var support = {}; - - - - function DOMEval( code, doc ) { - doc = doc || document; - - var script = doc.createElement( "script" ); - - script.text = code; - doc.head.appendChild( script ).parentNode.removeChild( script ); - } -/* global Symbol */ -// Defining this global in .eslintrc.json would create a danger of using the global -// unguarded in another place, it seems safer to define global only for this module - - - -var - version = "3.2.1", - - // Define a local copy of jQuery - jQuery = function( selector, context ) { - - // The jQuery object is actually just the init constructor 'enhanced' - // Need init if jQuery is called (just allow error to be thrown if not included) - return new jQuery.fn.init( selector, context ); - }, - - // Support: Android <=4.0 only - // Make sure we trim BOM and NBSP - rtrim = /^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, - - // Matches dashed string for camelizing - rmsPrefix = /^-ms-/, - rdashAlpha = /-([a-z])/g, - - // Used by jQuery.camelCase as callback to replace() - fcamelCase = function( all, letter ) { - return letter.toUpperCase(); - }; - -jQuery.fn = jQuery.prototype = { - - // The current version of jQuery being used - jquery: version, - - constructor: jQuery, - - // The default length of a jQuery object is 0 - length: 0, - - toArray: function() { - return slice.call( this ); - }, - - // Get the Nth element in the matched element set OR - // Get the whole matched element set as a clean array - get: function( num ) { - - // Return all the elements in a clean array - if ( num == null ) { - return slice.call( this ); - } - - // Return just the one element from the set - return num < 0 ? this[ num + this.length ] : this[ num ]; - }, - - // Take an array of elements and push it onto the stack - // (returning the new matched element set) - pushStack: function( elems ) { - - // Build a new jQuery matched element set - var ret = jQuery.merge( this.constructor(), elems ); - - // Add the old object onto the stack (as a reference) - ret.prevObject = this; - - // Return the newly-formed element set - return ret; - }, - - // Execute a callback for every element in the matched set. - each: function( callback ) { - return jQuery.each( this, callback ); - }, - - map: function( callback ) { - return this.pushStack( jQuery.map( this, function( elem, i ) { - return callback.call( elem, i, elem ); - } ) ); - }, - - slice: function() { - return this.pushStack( slice.apply( this, arguments ) ); - }, - - first: function() { - return this.eq( 0 ); - }, - - last: function() { - return this.eq( -1 ); - }, - - eq: function( i ) { - var len = this.length, - j = +i + ( i < 0 ? len : 0 ); - return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); - }, - - end: function() { - return this.prevObject || this.constructor(); - }, - - // For internal use only. - // Behaves like an Array's method, not like a jQuery method. - push: push, - sort: arr.sort, - splice: arr.splice -}; - -jQuery.extend = jQuery.fn.extend = function() { - var options, name, src, copy, copyIsArray, clone, - target = arguments[ 0 ] || {}, - i = 1, - length = arguments.length, - deep = false; - - // Handle a deep copy situation - if ( typeof target === "boolean" ) { - deep = target; - - // Skip the boolean and the target - target = arguments[ i ] || {}; - i++; - } - - // Handle case when target is a string or something (possible in deep copy) - if ( typeof target !== "object" && !jQuery.isFunction( target ) ) { - target = {}; - } - - // Extend jQuery itself if only one argument is passed - if ( i === length ) { - target = this; - i--; - } - - for ( ; i < length; i++ ) { - - // Only deal with non-null/undefined values - if ( ( options = arguments[ i ] ) != null ) { - - // Extend the base object - for ( name in options ) { - src = target[ name ]; - copy = options[ name ]; - - // Prevent never-ending loop - if ( target === copy ) { - continue; - } - - // Recurse if we're merging plain objects or arrays - if ( deep && copy && ( jQuery.isPlainObject( copy ) || - ( copyIsArray = Array.isArray( copy ) ) ) ) { - - if ( copyIsArray ) { - copyIsArray = false; - clone = src && Array.isArray( src ) ? src : []; - - } else { - clone = src && jQuery.isPlainObject( src ) ? src : {}; - } - - // Never move original objects, clone them - target[ name ] = jQuery.extend( deep, clone, copy ); - - // Don't bring in undefined values - } else if ( copy !== undefined ) { - target[ name ] = copy; - } - } - } - } - - // Return the modified object - return target; -}; - -jQuery.extend( { - - // Unique for each copy of jQuery on the page - expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), - - // Assume jQuery is ready without the ready module - isReady: true, - - error: function( msg ) { - throw new Error( msg ); - }, - - noop: function() {}, - - isFunction: function( obj ) { - return jQuery.type( obj ) === "function"; - }, - - isWindow: function( obj ) { - return obj != null && obj === obj.window; - }, - - isNumeric: function( obj ) { - - // As of jQuery 3.0, isNumeric is limited to - // strings and numbers (primitives or objects) - // that can be coerced to finite numbers (gh-2662) - var type = jQuery.type( obj ); - return ( type === "number" || type === "string" ) && - - // parseFloat NaNs numeric-cast false positives ("") - // ...but misinterprets leading-number strings, particularly hex literals ("0x...") - // subtraction forces infinities to NaN - !isNaN( obj - parseFloat( obj ) ); - }, - - isPlainObject: function( obj ) { - var proto, Ctor; - - // Detect obvious negatives - // Use toString instead of jQuery.type to catch host objects - if ( !obj || toString.call( obj ) !== "[object Object]" ) { - return false; - } - - proto = getProto( obj ); - - // Objects with no prototype (e.g., `Object.create( null )`) are plain - if ( !proto ) { - return true; - } - - // Objects with prototype are plain iff they were constructed by a global Object function - Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; - return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; - }, - - isEmptyObject: function( obj ) { - - /* eslint-disable no-unused-vars */ - // See https://github.com/eslint/eslint/issues/6125 - var name; - - for ( name in obj ) { - return false; - } - return true; - }, - - type: function( obj ) { - if ( obj == null ) { - return obj + ""; - } - - // Support: Android <=2.3 only (functionish RegExp) - return typeof obj === "object" || typeof obj === "function" ? - class2type[ toString.call( obj ) ] || "object" : - typeof obj; - }, - - // Evaluates a script in a global context - globalEval: function( code ) { - DOMEval( code ); - }, - - // Convert dashed to camelCase; used by the css and data modules - // Support: IE <=9 - 11, Edge 12 - 13 - // Microsoft forgot to hump their vendor prefix (#9572) - camelCase: function( string ) { - return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); - }, - - each: function( obj, callback ) { - var length, i = 0; - - if ( isArrayLike( obj ) ) { - length = obj.length; - for ( ; i < length; i++ ) { - if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { - break; - } - } - } else { - for ( i in obj ) { - if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { - break; - } - } - } - - return obj; - }, - - // Support: Android <=4.0 only - trim: function( text ) { - return text == null ? - "" : - ( text + "" ).replace( rtrim, "" ); - }, - - // results is for internal usage only - makeArray: function( arr, results ) { - var ret = results || []; - - if ( arr != null ) { - if ( isArrayLike( Object( arr ) ) ) { - jQuery.merge( ret, - typeof arr === "string" ? - [ arr ] : arr - ); - } else { - push.call( ret, arr ); - } - } - - return ret; - }, - - inArray: function( elem, arr, i ) { - return arr == null ? -1 : indexOf.call( arr, elem, i ); - }, - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - merge: function( first, second ) { - var len = +second.length, - j = 0, - i = first.length; - - for ( ; j < len; j++ ) { - first[ i++ ] = second[ j ]; - } - - first.length = i; - - return first; - }, - - grep: function( elems, callback, invert ) { - var callbackInverse, - matches = [], - i = 0, - length = elems.length, - callbackExpect = !invert; - - // Go through the array, only saving the items - // that pass the validator function - for ( ; i < length; i++ ) { - callbackInverse = !callback( elems[ i ], i ); - if ( callbackInverse !== callbackExpect ) { - matches.push( elems[ i ] ); - } - } - - return matches; - }, - - // arg is for internal usage only - map: function( elems, callback, arg ) { - var length, value, - i = 0, - ret = []; - - // Go through the array, translating each of the items to their new values - if ( isArrayLike( elems ) ) { - length = elems.length; - for ( ; i < length; i++ ) { - value = callback( elems[ i ], i, arg ); - - if ( value != null ) { - ret.push( value ); - } - } - - // Go through every key on the object, - } else { - for ( i in elems ) { - value = callback( elems[ i ], i, arg ); - - if ( value != null ) { - ret.push( value ); - } - } - } - - // Flatten any nested arrays - return concat.apply( [], ret ); - }, - - // A global GUID counter for objects - guid: 1, - - // Bind a function to a context, optionally partially applying any - // arguments. - proxy: function( fn, context ) { - var tmp, args, proxy; - - if ( typeof context === "string" ) { - tmp = fn[ context ]; - context = fn; - fn = tmp; - } - - // Quick check to determine if target is callable, in the spec - // this throws a TypeError, but we will just return undefined. - if ( !jQuery.isFunction( fn ) ) { - return undefined; - } - - // Simulated bind - args = slice.call( arguments, 2 ); - proxy = function() { - return fn.apply( context || this, args.concat( slice.call( arguments ) ) ); - }; - - // Set the guid of unique handler to the same of original handler, so it can be removed - proxy.guid = fn.guid = fn.guid || jQuery.guid++; - - return proxy; - }, - - now: Date.now, - - // jQuery.support is not used in Core but other projects attach their - // properties to it so it needs to exist. - support: support -} ); - -if ( typeof Symbol === "function" ) { - jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; -} - -// Populate the class2type map -jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), -function( i, name ) { - class2type[ "[object " + name + "]" ] = name.toLowerCase(); -} ); - -function isArrayLike( obj ) { - - // Support: real iOS 8.2 only (not reproducible in simulator) - // `in` check used to prevent JIT error (gh-2145) - // hasOwn isn't used here due to false negatives - // regarding Nodelist length in IE - var length = !!obj && "length" in obj && obj.length, - type = jQuery.type( obj ); - - if ( type === "function" || jQuery.isWindow( obj ) ) { - return false; - } - - return type === "array" || length === 0 || - typeof length === "number" && length > 0 && ( length - 1 ) in obj; -} -var Sizzle = -/*! - * Sizzle CSS Selector Engine v2.3.3 - * https://sizzlejs.com/ - * - * Copyright jQuery Foundation and other contributors - * Released under the MIT license - * http://jquery.org/license - * - * Date: 2016-08-08 - */ -(function( window ) { - -var i, - support, - Expr, - getText, - isXML, - tokenize, - compile, - select, - outermostContext, - sortInput, - hasDuplicate, - - // Local document vars - setDocument, - document, - docElem, - documentIsHTML, - rbuggyQSA, - rbuggyMatches, - matches, - contains, - - // Instance-specific data - expando = "sizzle" + 1 * new Date(), - preferredDoc = window.document, - dirruns = 0, - done = 0, - classCache = createCache(), - tokenCache = createCache(), - compilerCache = createCache(), - sortOrder = function( a, b ) { - if ( a === b ) { - hasDuplicate = true; - } - return 0; - }, - - // Instance methods - hasOwn = ({}).hasOwnProperty, - arr = [], - pop = arr.pop, - push_native = arr.push, - push = arr.push, - slice = arr.slice, - // Use a stripped-down indexOf as it's faster than native - // https://jsperf.com/thor-indexof-vs-for/5 - indexOf = function( list, elem ) { - var i = 0, - len = list.length; - for ( ; i < len; i++ ) { - if ( list[i] === elem ) { - return i; - } - } - return -1; - }, - - booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped", - - // Regular expressions - - // http://www.w3.org/TR/css3-selectors/#whitespace - whitespace = "[\\x20\\t\\r\\n\\f]", - - // http://www.w3.org/TR/CSS21/syndata.html#value-def-identifier - identifier = "(?:\\\\.|[\\w-]|[^\0-\\xa0])+", - - // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors - attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + - // Operator (capture 2) - "*([*^$|!~]?=)" + whitespace + - // "Attribute values must be CSS identifiers [capture 5] or strings [capture 3 or capture 4]" - "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + whitespace + - "*\\]", - - pseudos = ":(" + identifier + ")(?:\\((" + - // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: - // 1. quoted (capture 3; capture 4 or capture 5) - "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + - // 2. simple (capture 6) - "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + - // 3. anything else (capture 2) - ".*" + - ")\\)|)", - - // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter - rwhitespace = new RegExp( whitespace + "+", "g" ), - rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + whitespace + "+$", "g" ), - - rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), - rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + "*" ), - - rattributeQuotes = new RegExp( "=" + whitespace + "*([^\\]'\"]*?)" + whitespace + "*\\]", "g" ), - - rpseudo = new RegExp( pseudos ), - ridentifier = new RegExp( "^" + identifier + "$" ), - - matchExpr = { - "ID": new RegExp( "^#(" + identifier + ")" ), - "CLASS": new RegExp( "^\\.(" + identifier + ")" ), - "TAG": new RegExp( "^(" + identifier + "|[*])" ), - "ATTR": new RegExp( "^" + attributes ), - "PSEUDO": new RegExp( "^" + pseudos ), - "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + whitespace + - "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + whitespace + - "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), - "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), - // For use in libraries implementing .is() - // We use this for POS matching in `select` - "needsContext": new RegExp( "^" + whitespace + "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + - whitespace + "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) - }, - - rinputs = /^(?:input|select|textarea|button)$/i, - rheader = /^h\d$/i, - - rnative = /^[^{]+\{\s*\[native \w/, - - // Easily-parseable/retrievable ID or TAG or CLASS selectors - rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, - - rsibling = /[+~]/, - - // CSS escapes - // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters - runescape = new RegExp( "\\\\([\\da-f]{1,6}" + whitespace + "?|(" + whitespace + ")|.)", "ig" ), - funescape = function( _, escaped, escapedWhitespace ) { - var high = "0x" + escaped - 0x10000; - // NaN means non-codepoint - // Support: Firefox<24 - // Workaround erroneous numeric interpretation of +"0x" - return high !== high || escapedWhitespace ? - escaped : - high < 0 ? - // BMP codepoint - String.fromCharCode( high + 0x10000 ) : - // Supplemental Plane codepoint (surrogate pair) - String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); - }, - - // CSS string/identifier serialization - // https://drafts.csswg.org/cssom/#common-serializing-idioms - rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, - fcssescape = function( ch, asCodePoint ) { - if ( asCodePoint ) { - - // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER - if ( ch === "\0" ) { - return "\uFFFD"; - } - - // Control characters and (dependent upon position) numbers get escaped as code points - return ch.slice( 0, -1 ) + "\\" + ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; - } - - // Other potentially-special ASCII characters get backslash-escaped - return "\\" + ch; - }, - - // Used for iframes - // See setDocument() - // Removing the function wrapper causes a "Permission Denied" - // error in IE - unloadHandler = function() { - setDocument(); - }, - - disabledAncestor = addCombinator( - function( elem ) { - return elem.disabled === true && ("form" in elem || "label" in elem); - }, - { dir: "parentNode", next: "legend" } - ); - -// Optimize for push.apply( _, NodeList ) -try { - push.apply( - (arr = slice.call( preferredDoc.childNodes )), - preferredDoc.childNodes - ); - // Support: Android<4.0 - // Detect silently failing push.apply - arr[ preferredDoc.childNodes.length ].nodeType; -} catch ( e ) { - push = { apply: arr.length ? - - // Leverage slice if possible - function( target, els ) { - push_native.apply( target, slice.call(els) ); - } : - - // Support: IE<9 - // Otherwise append directly - function( target, els ) { - var j = target.length, - i = 0; - // Can't trust NodeList.length - while ( (target[j++] = els[i++]) ) {} - target.length = j - 1; - } - }; -} - -function Sizzle( selector, context, results, seed ) { - var m, i, elem, nid, match, groups, newSelector, - newContext = context && context.ownerDocument, - - // nodeType defaults to 9, since context defaults to document - nodeType = context ? context.nodeType : 9; - - results = results || []; - - // Return early from calls with invalid selector or context - if ( typeof selector !== "string" || !selector || - nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { - - return results; - } - - // Try to shortcut find operations (as opposed to filters) in HTML documents - if ( !seed ) { - - if ( ( context ? context.ownerDocument || context : preferredDoc ) !== document ) { - setDocument( context ); - } - context = context || document; - - if ( documentIsHTML ) { - - // If the selector is sufficiently simple, try using a "get*By*" DOM method - // (excepting DocumentFragment context, where the methods don't exist) - if ( nodeType !== 11 && (match = rquickExpr.exec( selector )) ) { - - // ID selector - if ( (m = match[1]) ) { - - // Document context - if ( nodeType === 9 ) { - if ( (elem = context.getElementById( m )) ) { - - // Support: IE, Opera, Webkit - // TODO: identify versions - // getElementById can match elements by name instead of ID - if ( elem.id === m ) { - results.push( elem ); - return results; - } - } else { - return results; - } - - // Element context - } else { - - // Support: IE, Opera, Webkit - // TODO: identify versions - // getElementById can match elements by name instead of ID - if ( newContext && (elem = newContext.getElementById( m )) && - contains( context, elem ) && - elem.id === m ) { - - results.push( elem ); - return results; - } - } - - // Type selector - } else if ( match[2] ) { - push.apply( results, context.getElementsByTagName( selector ) ); - return results; - - // Class selector - } else if ( (m = match[3]) && support.getElementsByClassName && - context.getElementsByClassName ) { - - push.apply( results, context.getElementsByClassName( m ) ); - return results; - } - } - - // Take advantage of querySelectorAll - if ( support.qsa && - !compilerCache[ selector + " " ] && - (!rbuggyQSA || !rbuggyQSA.test( selector )) ) { - - if ( nodeType !== 1 ) { - newContext = context; - newSelector = selector; - - // qSA looks outside Element context, which is not what we want - // Thanks to Andrew Dupont for this workaround technique - // Support: IE <=8 - // Exclude object elements - } else if ( context.nodeName.toLowerCase() !== "object" ) { - - // Capture the context ID, setting it first if necessary - if ( (nid = context.getAttribute( "id" )) ) { - nid = nid.replace( rcssescape, fcssescape ); - } else { - context.setAttribute( "id", (nid = expando) ); - } - - // Prefix every selector in the list - groups = tokenize( selector ); - i = groups.length; - while ( i-- ) { - groups[i] = "#" + nid + " " + toSelector( groups[i] ); - } - newSelector = groups.join( "," ); - - // Expand context for sibling selectors - newContext = rsibling.test( selector ) && testContext( context.parentNode ) || - context; - } - - if ( newSelector ) { - try { - push.apply( results, - newContext.querySelectorAll( newSelector ) - ); - return results; - } catch ( qsaError ) { - } finally { - if ( nid === expando ) { - context.removeAttribute( "id" ); - } - } - } - } - } - } - - // All others - return select( selector.replace( rtrim, "$1" ), context, results, seed ); -} - -/** - * Create key-value caches of limited size - * @returns {function(string, object)} Returns the Object data after storing it on itself with - * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) - * deleting the oldest entry - */ -function createCache() { - var keys = []; - - function cache( key, value ) { - // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) - if ( keys.push( key + " " ) > Expr.cacheLength ) { - // Only keep the most recent entries - delete cache[ keys.shift() ]; - } - return (cache[ key + " " ] = value); - } - return cache; -} - -/** - * Mark a function for special use by Sizzle - * @param {Function} fn The function to mark - */ -function markFunction( fn ) { - fn[ expando ] = true; - return fn; -} - -/** - * Support testing using an element - * @param {Function} fn Passed the created element and returns a boolean result - */ -function assert( fn ) { - var el = document.createElement("fieldset"); - - try { - return !!fn( el ); - } catch (e) { - return false; - } finally { - // Remove from its parent by default - if ( el.parentNode ) { - el.parentNode.removeChild( el ); - } - // release memory in IE - el = null; - } -} - -/** - * Adds the same handler for all of the specified attrs - * @param {String} attrs Pipe-separated list of attributes - * @param {Function} handler The method that will be applied - */ -function addHandle( attrs, handler ) { - var arr = attrs.split("|"), - i = arr.length; - - while ( i-- ) { - Expr.attrHandle[ arr[i] ] = handler; - } -} - -/** - * Checks document order of two siblings - * @param {Element} a - * @param {Element} b - * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b - */ -function siblingCheck( a, b ) { - var cur = b && a, - diff = cur && a.nodeType === 1 && b.nodeType === 1 && - a.sourceIndex - b.sourceIndex; - - // Use IE sourceIndex if available on both nodes - if ( diff ) { - return diff; - } - - // Check if b follows a - if ( cur ) { - while ( (cur = cur.nextSibling) ) { - if ( cur === b ) { - return -1; - } - } - } - - return a ? 1 : -1; -} - -/** - * Returns a function to use in pseudos for input types - * @param {String} type - */ -function createInputPseudo( type ) { - return function( elem ) { - var name = elem.nodeName.toLowerCase(); - return name === "input" && elem.type === type; - }; -} - -/** - * Returns a function to use in pseudos for buttons - * @param {String} type - */ -function createButtonPseudo( type ) { - return function( elem ) { - var name = elem.nodeName.toLowerCase(); - return (name === "input" || name === "button") && elem.type === type; - }; -} - -/** - * Returns a function to use in pseudos for :enabled/:disabled - * @param {Boolean} disabled true for :disabled; false for :enabled - */ -function createDisabledPseudo( disabled ) { - - // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable - return function( elem ) { - - // Only certain elements can match :enabled or :disabled - // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled - // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled - if ( "form" in elem ) { - - // Check for inherited disabledness on relevant non-disabled elements: - // * listed form-associated elements in a disabled fieldset - // https://html.spec.whatwg.org/multipage/forms.html#category-listed - // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled - // * option elements in a disabled optgroup - // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled - // All such elements have a "form" property. - if ( elem.parentNode && elem.disabled === false ) { - - // Option elements defer to a parent optgroup if present - if ( "label" in elem ) { - if ( "label" in elem.parentNode ) { - return elem.parentNode.disabled === disabled; - } else { - return elem.disabled === disabled; - } - } - - // Support: IE 6 - 11 - // Use the isDisabled shortcut property to check for disabled fieldset ancestors - return elem.isDisabled === disabled || - - // Where there is no isDisabled, check manually - /* jshint -W018 */ - elem.isDisabled !== !disabled && - disabledAncestor( elem ) === disabled; - } - - return elem.disabled === disabled; - - // Try to winnow out elements that can't be disabled before trusting the disabled property. - // Some victims get caught in our net (label, legend, menu, track), but it shouldn't - // even exist on them, let alone have a boolean value. - } else if ( "label" in elem ) { - return elem.disabled === disabled; - } - - // Remaining elements are neither :enabled nor :disabled - return false; - }; -} - -/** - * Returns a function to use in pseudos for positionals - * @param {Function} fn - */ -function createPositionalPseudo( fn ) { - return markFunction(function( argument ) { - argument = +argument; - return markFunction(function( seed, matches ) { - var j, - matchIndexes = fn( [], seed.length, argument ), - i = matchIndexes.length; - - // Match elements found at the specified indexes - while ( i-- ) { - if ( seed[ (j = matchIndexes[i]) ] ) { - seed[j] = !(matches[j] = seed[j]); - } - } - }); - }); -} - -/** - * Checks a node for validity as a Sizzle context - * @param {Element|Object=} context - * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value - */ -function testContext( context ) { - return context && typeof context.getElementsByTagName !== "undefined" && context; -} - -// Expose support vars for convenience -support = Sizzle.support = {}; - -/** - * Detects XML nodes - * @param {Element|Object} elem An element or a document - * @returns {Boolean} True iff elem is a non-HTML XML node - */ -isXML = Sizzle.isXML = function( elem ) { - // documentElement is verified for cases where it doesn't yet exist - // (such as loading iframes in IE - #4833) - var documentElement = elem && (elem.ownerDocument || elem).documentElement; - return documentElement ? documentElement.nodeName !== "HTML" : false; -}; - -/** - * Sets document-related variables once based on the current document - * @param {Element|Object} [doc] An element or document object to use to set the document - * @returns {Object} Returns the current document - */ -setDocument = Sizzle.setDocument = function( node ) { - var hasCompare, subWindow, - doc = node ? node.ownerDocument || node : preferredDoc; - - // Return early if doc is invalid or already selected - if ( doc === document || doc.nodeType !== 9 || !doc.documentElement ) { - return document; - } - - // Update global variables - document = doc; - docElem = document.documentElement; - documentIsHTML = !isXML( document ); - - // Support: IE 9-11, Edge - // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) - if ( preferredDoc !== document && - (subWindow = document.defaultView) && subWindow.top !== subWindow ) { - - // Support: IE 11, Edge - if ( subWindow.addEventListener ) { - subWindow.addEventListener( "unload", unloadHandler, false ); - - // Support: IE 9 - 10 only - } else if ( subWindow.attachEvent ) { - subWindow.attachEvent( "onunload", unloadHandler ); - } - } - - /* Attributes - ---------------------------------------------------------------------- */ - - // Support: IE<8 - // Verify that getAttribute really returns attributes and not properties - // (excepting IE8 booleans) - support.attributes = assert(function( el ) { - el.className = "i"; - return !el.getAttribute("className"); - }); - - /* getElement(s)By* - ---------------------------------------------------------------------- */ - - // Check if getElementsByTagName("*") returns only elements - support.getElementsByTagName = assert(function( el ) { - el.appendChild( document.createComment("") ); - return !el.getElementsByTagName("*").length; - }); - - // Support: IE<9 - support.getElementsByClassName = rnative.test( document.getElementsByClassName ); - - // Support: IE<10 - // Check if getElementById returns elements by name - // The broken getElementById methods don't pick up programmatically-set names, - // so use a roundabout getElementsByName test - support.getById = assert(function( el ) { - docElem.appendChild( el ).id = expando; - return !document.getElementsByName || !document.getElementsByName( expando ).length; - }); - - // ID filter and find - if ( support.getById ) { - Expr.filter["ID"] = function( id ) { - var attrId = id.replace( runescape, funescape ); - return function( elem ) { - return elem.getAttribute("id") === attrId; - }; - }; - Expr.find["ID"] = function( id, context ) { - if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { - var elem = context.getElementById( id ); - return elem ? [ elem ] : []; - } - }; - } else { - Expr.filter["ID"] = function( id ) { - var attrId = id.replace( runescape, funescape ); - return function( elem ) { - var node = typeof elem.getAttributeNode !== "undefined" && - elem.getAttributeNode("id"); - return node && node.value === attrId; - }; - }; - - // Support: IE 6 - 7 only - // getElementById is not reliable as a find shortcut - Expr.find["ID"] = function( id, context ) { - if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { - var node, i, elems, - elem = context.getElementById( id ); - - if ( elem ) { - - // Verify the id attribute - node = elem.getAttributeNode("id"); - if ( node && node.value === id ) { - return [ elem ]; - } - - // Fall back on getElementsByName - elems = context.getElementsByName( id ); - i = 0; - while ( (elem = elems[i++]) ) { - node = elem.getAttributeNode("id"); - if ( node && node.value === id ) { - return [ elem ]; - } - } - } - - return []; - } - }; - } - - // Tag - Expr.find["TAG"] = support.getElementsByTagName ? - function( tag, context ) { - if ( typeof context.getElementsByTagName !== "undefined" ) { - return context.getElementsByTagName( tag ); - - // DocumentFragment nodes don't have gEBTN - } else if ( support.qsa ) { - return context.querySelectorAll( tag ); - } - } : - - function( tag, context ) { - var elem, - tmp = [], - i = 0, - // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too - results = context.getElementsByTagName( tag ); - - // Filter out possible comments - if ( tag === "*" ) { - while ( (elem = results[i++]) ) { - if ( elem.nodeType === 1 ) { - tmp.push( elem ); - } - } - - return tmp; - } - return results; - }; - - // Class - Expr.find["CLASS"] = support.getElementsByClassName && function( className, context ) { - if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { - return context.getElementsByClassName( className ); - } - }; - - /* QSA/matchesSelector - ---------------------------------------------------------------------- */ - - // QSA and matchesSelector support - - // matchesSelector(:active) reports false when true (IE9/Opera 11.5) - rbuggyMatches = []; - - // qSa(:focus) reports false when true (Chrome 21) - // We allow this because of a bug in IE8/9 that throws an error - // whenever `document.activeElement` is accessed on an iframe - // So, we allow :focus to pass through QSA all the time to avoid the IE error - // See https://bugs.jquery.com/ticket/13378 - rbuggyQSA = []; - - if ( (support.qsa = rnative.test( document.querySelectorAll )) ) { - // Build QSA regex - // Regex strategy adopted from Diego Perini - assert(function( el ) { - // Select is set to empty string on purpose - // This is to test IE's treatment of not explicitly - // setting a boolean content attribute, - // since its presence should be enough - // https://bugs.jquery.com/ticket/12359 - docElem.appendChild( el ).innerHTML = "" + - ""; - - // Support: IE8, Opera 11-12.16 - // Nothing should be selected when empty strings follow ^= or $= or *= - // The test attribute must be unknown in Opera but "safe" for WinRT - // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section - if ( el.querySelectorAll("[msallowcapture^='']").length ) { - rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); - } - - // Support: IE8 - // Boolean attributes and "value" are not treated correctly - if ( !el.querySelectorAll("[selected]").length ) { - rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); - } - - // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ - if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { - rbuggyQSA.push("~="); - } - - // Webkit/Opera - :checked should return selected option elements - // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked - // IE8 throws error here and will not see later tests - if ( !el.querySelectorAll(":checked").length ) { - rbuggyQSA.push(":checked"); - } - - // Support: Safari 8+, iOS 8+ - // https://bugs.webkit.org/show_bug.cgi?id=136851 - // In-page `selector#id sibling-combinator selector` fails - if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { - rbuggyQSA.push(".#.+[+~]"); - } - }); - - assert(function( el ) { - el.innerHTML = "" + - ""; - - // Support: Windows 8 Native Apps - // The type and name attributes are restricted during .innerHTML assignment - var input = document.createElement("input"); - input.setAttribute( "type", "hidden" ); - el.appendChild( input ).setAttribute( "name", "D" ); - - // Support: IE8 - // Enforce case-sensitivity of name attribute - if ( el.querySelectorAll("[name=d]").length ) { - rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); - } - - // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) - // IE8 throws error here and will not see later tests - if ( el.querySelectorAll(":enabled").length !== 2 ) { - rbuggyQSA.push( ":enabled", ":disabled" ); - } - - // Support: IE9-11+ - // IE's :disabled selector does not pick up the children of disabled fieldsets - docElem.appendChild( el ).disabled = true; - if ( el.querySelectorAll(":disabled").length !== 2 ) { - rbuggyQSA.push( ":enabled", ":disabled" ); - } - - // Opera 10-11 does not throw on post-comma invalid pseudos - el.querySelectorAll("*,:x"); - rbuggyQSA.push(",.*:"); - }); - } - - if ( (support.matchesSelector = rnative.test( (matches = docElem.matches || - docElem.webkitMatchesSelector || - docElem.mozMatchesSelector || - docElem.oMatchesSelector || - docElem.msMatchesSelector) )) ) { - - assert(function( el ) { - // Check to see if it's possible to do matchesSelector - // on a disconnected node (IE 9) - support.disconnectedMatch = matches.call( el, "*" ); - - // This should fail with an exception - // Gecko does not error, returns false instead - matches.call( el, "[s!='']:x" ); - rbuggyMatches.push( "!=", pseudos ); - }); - } - - rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join("|") ); - rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join("|") ); - - /* Contains - ---------------------------------------------------------------------- */ - hasCompare = rnative.test( docElem.compareDocumentPosition ); - - // Element contains another - // Purposefully self-exclusive - // As in, an element does not contain itself - contains = hasCompare || rnative.test( docElem.contains ) ? - function( a, b ) { - var adown = a.nodeType === 9 ? a.documentElement : a, - bup = b && b.parentNode; - return a === bup || !!( bup && bup.nodeType === 1 && ( - adown.contains ? - adown.contains( bup ) : - a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 - )); - } : - function( a, b ) { - if ( b ) { - while ( (b = b.parentNode) ) { - if ( b === a ) { - return true; - } - } - } - return false; - }; - - /* Sorting - ---------------------------------------------------------------------- */ - - // Document order sorting - sortOrder = hasCompare ? - function( a, b ) { - - // Flag for duplicate removal - if ( a === b ) { - hasDuplicate = true; - return 0; - } - - // Sort on method existence if only one input has compareDocumentPosition - var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; - if ( compare ) { - return compare; - } - - // Calculate position if both inputs belong to the same document - compare = ( a.ownerDocument || a ) === ( b.ownerDocument || b ) ? - a.compareDocumentPosition( b ) : - - // Otherwise we know they are disconnected - 1; - - // Disconnected nodes - if ( compare & 1 || - (!support.sortDetached && b.compareDocumentPosition( a ) === compare) ) { - - // Choose the first element that is related to our preferred document - if ( a === document || a.ownerDocument === preferredDoc && contains(preferredDoc, a) ) { - return -1; - } - if ( b === document || b.ownerDocument === preferredDoc && contains(preferredDoc, b) ) { - return 1; - } - - // Maintain original order - return sortInput ? - ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : - 0; - } - - return compare & 4 ? -1 : 1; - } : - function( a, b ) { - // Exit early if the nodes are identical - if ( a === b ) { - hasDuplicate = true; - return 0; - } - - var cur, - i = 0, - aup = a.parentNode, - bup = b.parentNode, - ap = [ a ], - bp = [ b ]; - - // Parentless nodes are either documents or disconnected - if ( !aup || !bup ) { - return a === document ? -1 : - b === document ? 1 : - aup ? -1 : - bup ? 1 : - sortInput ? - ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : - 0; - - // If the nodes are siblings, we can do a quick check - } else if ( aup === bup ) { - return siblingCheck( a, b ); - } - - // Otherwise we need full lists of their ancestors for comparison - cur = a; - while ( (cur = cur.parentNode) ) { - ap.unshift( cur ); - } - cur = b; - while ( (cur = cur.parentNode) ) { - bp.unshift( cur ); - } - - // Walk down the tree looking for a discrepancy - while ( ap[i] === bp[i] ) { - i++; - } - - return i ? - // Do a sibling check if the nodes have a common ancestor - siblingCheck( ap[i], bp[i] ) : - - // Otherwise nodes in our document sort first - ap[i] === preferredDoc ? -1 : - bp[i] === preferredDoc ? 1 : - 0; - }; - - return document; -}; - -Sizzle.matches = function( expr, elements ) { - return Sizzle( expr, null, null, elements ); -}; - -Sizzle.matchesSelector = function( elem, expr ) { - // Set document vars if needed - if ( ( elem.ownerDocument || elem ) !== document ) { - setDocument( elem ); - } - - // Make sure that attribute selectors are quoted - expr = expr.replace( rattributeQuotes, "='$1']" ); - - if ( support.matchesSelector && documentIsHTML && - !compilerCache[ expr + " " ] && - ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && - ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { - - try { - var ret = matches.call( elem, expr ); - - // IE 9's matchesSelector returns false on disconnected nodes - if ( ret || support.disconnectedMatch || - // As well, disconnected nodes are said to be in a document - // fragment in IE 9 - elem.document && elem.document.nodeType !== 11 ) { - return ret; - } - } catch (e) {} - } - - return Sizzle( expr, document, null, [ elem ] ).length > 0; -}; - -Sizzle.contains = function( context, elem ) { - // Set document vars if needed - if ( ( context.ownerDocument || context ) !== document ) { - setDocument( context ); - } - return contains( context, elem ); -}; - -Sizzle.attr = function( elem, name ) { - // Set document vars if needed - if ( ( elem.ownerDocument || elem ) !== document ) { - setDocument( elem ); - } - - var fn = Expr.attrHandle[ name.toLowerCase() ], - // Don't get fooled by Object.prototype properties (jQuery #13807) - val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? - fn( elem, name, !documentIsHTML ) : - undefined; - - return val !== undefined ? - val : - support.attributes || !documentIsHTML ? - elem.getAttribute( name ) : - (val = elem.getAttributeNode(name)) && val.specified ? - val.value : - null; -}; - -Sizzle.escape = function( sel ) { - return (sel + "").replace( rcssescape, fcssescape ); -}; - -Sizzle.error = function( msg ) { - throw new Error( "Syntax error, unrecognized expression: " + msg ); -}; - -/** - * Document sorting and removing duplicates - * @param {ArrayLike} results - */ -Sizzle.uniqueSort = function( results ) { - var elem, - duplicates = [], - j = 0, - i = 0; - - // Unless we *know* we can detect duplicates, assume their presence - hasDuplicate = !support.detectDuplicates; - sortInput = !support.sortStable && results.slice( 0 ); - results.sort( sortOrder ); - - if ( hasDuplicate ) { - while ( (elem = results[i++]) ) { - if ( elem === results[ i ] ) { - j = duplicates.push( i ); - } - } - while ( j-- ) { - results.splice( duplicates[ j ], 1 ); - } - } - - // Clear input after sorting to release objects - // See https://github.com/jquery/sizzle/pull/225 - sortInput = null; - - return results; -}; - -/** - * Utility function for retrieving the text value of an array of DOM nodes - * @param {Array|Element} elem - */ -getText = Sizzle.getText = function( elem ) { - var node, - ret = "", - i = 0, - nodeType = elem.nodeType; - - if ( !nodeType ) { - // If no nodeType, this is expected to be an array - while ( (node = elem[i++]) ) { - // Do not traverse comment nodes - ret += getText( node ); - } - } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { - // Use textContent for elements - // innerText usage removed for consistency of new lines (jQuery #11153) - if ( typeof elem.textContent === "string" ) { - return elem.textContent; - } else { - // Traverse its children - for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { - ret += getText( elem ); - } - } - } else if ( nodeType === 3 || nodeType === 4 ) { - return elem.nodeValue; - } - // Do not include comment or processing instruction nodes - - return ret; -}; - -Expr = Sizzle.selectors = { - - // Can be adjusted by the user - cacheLength: 50, - - createPseudo: markFunction, - - match: matchExpr, - - attrHandle: {}, - - find: {}, - - relative: { - ">": { dir: "parentNode", first: true }, - " ": { dir: "parentNode" }, - "+": { dir: "previousSibling", first: true }, - "~": { dir: "previousSibling" } - }, - - preFilter: { - "ATTR": function( match ) { - match[1] = match[1].replace( runescape, funescape ); - - // Move the given value to match[3] whether quoted or unquoted - match[3] = ( match[3] || match[4] || match[5] || "" ).replace( runescape, funescape ); - - if ( match[2] === "~=" ) { - match[3] = " " + match[3] + " "; - } - - return match.slice( 0, 4 ); - }, - - "CHILD": function( match ) { - /* matches from matchExpr["CHILD"] - 1 type (only|nth|...) - 2 what (child|of-type) - 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) - 4 xn-component of xn+y argument ([+-]?\d*n|) - 5 sign of xn-component - 6 x of xn-component - 7 sign of y-component - 8 y of y-component - */ - match[1] = match[1].toLowerCase(); - - if ( match[1].slice( 0, 3 ) === "nth" ) { - // nth-* requires argument - if ( !match[3] ) { - Sizzle.error( match[0] ); - } - - // numeric x and y parameters for Expr.filter.CHILD - // remember that false/true cast respectively to 0/1 - match[4] = +( match[4] ? match[5] + (match[6] || 1) : 2 * ( match[3] === "even" || match[3] === "odd" ) ); - match[5] = +( ( match[7] + match[8] ) || match[3] === "odd" ); - - // other types prohibit arguments - } else if ( match[3] ) { - Sizzle.error( match[0] ); - } - - return match; - }, - - "PSEUDO": function( match ) { - var excess, - unquoted = !match[6] && match[2]; - - if ( matchExpr["CHILD"].test( match[0] ) ) { - return null; - } - - // Accept quoted arguments as-is - if ( match[3] ) { - match[2] = match[4] || match[5] || ""; - - // Strip excess characters from unquoted arguments - } else if ( unquoted && rpseudo.test( unquoted ) && - // Get excess from tokenize (recursively) - (excess = tokenize( unquoted, true )) && - // advance to the next closing parenthesis - (excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length) ) { - - // excess is a negative index - match[0] = match[0].slice( 0, excess ); - match[2] = unquoted.slice( 0, excess ); - } - - // Return only captures needed by the pseudo filter method (type and argument) - return match.slice( 0, 3 ); - } - }, - - filter: { - - "TAG": function( nodeNameSelector ) { - var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); - return nodeNameSelector === "*" ? - function() { return true; } : - function( elem ) { - return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; - }; - }, - - "CLASS": function( className ) { - var pattern = classCache[ className + " " ]; - - return pattern || - (pattern = new RegExp( "(^|" + whitespace + ")" + className + "(" + whitespace + "|$)" )) && - classCache( className, function( elem ) { - return pattern.test( typeof elem.className === "string" && elem.className || typeof elem.getAttribute !== "undefined" && elem.getAttribute("class") || "" ); - }); - }, - - "ATTR": function( name, operator, check ) { - return function( elem ) { - var result = Sizzle.attr( elem, name ); - - if ( result == null ) { - return operator === "!="; - } - if ( !operator ) { - return true; - } - - result += ""; - - return operator === "=" ? result === check : - operator === "!=" ? result !== check : - operator === "^=" ? check && result.indexOf( check ) === 0 : - operator === "*=" ? check && result.indexOf( check ) > -1 : - operator === "$=" ? check && result.slice( -check.length ) === check : - operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : - operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : - false; - }; - }, - - "CHILD": function( type, what, argument, first, last ) { - var simple = type.slice( 0, 3 ) !== "nth", - forward = type.slice( -4 ) !== "last", - ofType = what === "of-type"; - - return first === 1 && last === 0 ? - - // Shortcut for :nth-*(n) - function( elem ) { - return !!elem.parentNode; - } : - - function( elem, context, xml ) { - var cache, uniqueCache, outerCache, node, nodeIndex, start, - dir = simple !== forward ? "nextSibling" : "previousSibling", - parent = elem.parentNode, - name = ofType && elem.nodeName.toLowerCase(), - useCache = !xml && !ofType, - diff = false; - - if ( parent ) { - - // :(first|last|only)-(child|of-type) - if ( simple ) { - while ( dir ) { - node = elem; - while ( (node = node[ dir ]) ) { - if ( ofType ? - node.nodeName.toLowerCase() === name : - node.nodeType === 1 ) { - - return false; - } - } - // Reverse direction for :only-* (if we haven't yet done so) - start = dir = type === "only" && !start && "nextSibling"; - } - return true; - } - - start = [ forward ? parent.firstChild : parent.lastChild ]; - - // non-xml :nth-child(...) stores cache data on `parent` - if ( forward && useCache ) { - - // Seek `elem` from a previously-cached index - - // ...in a gzip-friendly way - node = parent; - outerCache = node[ expando ] || (node[ expando ] = {}); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - (outerCache[ node.uniqueID ] = {}); - - cache = uniqueCache[ type ] || []; - nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; - diff = nodeIndex && cache[ 2 ]; - node = nodeIndex && parent.childNodes[ nodeIndex ]; - - while ( (node = ++nodeIndex && node && node[ dir ] || - - // Fallback to seeking `elem` from the start - (diff = nodeIndex = 0) || start.pop()) ) { - - // When found, cache indexes on `parent` and break - if ( node.nodeType === 1 && ++diff && node === elem ) { - uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; - break; - } - } - - } else { - // Use previously-cached element index if available - if ( useCache ) { - // ...in a gzip-friendly way - node = elem; - outerCache = node[ expando ] || (node[ expando ] = {}); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - (outerCache[ node.uniqueID ] = {}); - - cache = uniqueCache[ type ] || []; - nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; - diff = nodeIndex; - } - - // xml :nth-child(...) - // or :nth-last-child(...) or :nth(-last)?-of-type(...) - if ( diff === false ) { - // Use the same loop as above to seek `elem` from the start - while ( (node = ++nodeIndex && node && node[ dir ] || - (diff = nodeIndex = 0) || start.pop()) ) { - - if ( ( ofType ? - node.nodeName.toLowerCase() === name : - node.nodeType === 1 ) && - ++diff ) { - - // Cache the index of each encountered element - if ( useCache ) { - outerCache = node[ expando ] || (node[ expando ] = {}); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - (outerCache[ node.uniqueID ] = {}); - - uniqueCache[ type ] = [ dirruns, diff ]; - } - - if ( node === elem ) { - break; - } - } - } - } - } - - // Incorporate the offset, then check against cycle size - diff -= last; - return diff === first || ( diff % first === 0 && diff / first >= 0 ); - } - }; - }, - - "PSEUDO": function( pseudo, argument ) { - // pseudo-class names are case-insensitive - // http://www.w3.org/TR/selectors/#pseudo-classes - // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters - // Remember that setFilters inherits from pseudos - var args, - fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || - Sizzle.error( "unsupported pseudo: " + pseudo ); - - // The user may use createPseudo to indicate that - // arguments are needed to create the filter function - // just as Sizzle does - if ( fn[ expando ] ) { - return fn( argument ); - } - - // But maintain support for old signatures - if ( fn.length > 1 ) { - args = [ pseudo, pseudo, "", argument ]; - return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? - markFunction(function( seed, matches ) { - var idx, - matched = fn( seed, argument ), - i = matched.length; - while ( i-- ) { - idx = indexOf( seed, matched[i] ); - seed[ idx ] = !( matches[ idx ] = matched[i] ); - } - }) : - function( elem ) { - return fn( elem, 0, args ); - }; - } - - return fn; - } - }, - - pseudos: { - // Potentially complex pseudos - "not": markFunction(function( selector ) { - // Trim the selector passed to compile - // to avoid treating leading and trailing - // spaces as combinators - var input = [], - results = [], - matcher = compile( selector.replace( rtrim, "$1" ) ); - - return matcher[ expando ] ? - markFunction(function( seed, matches, context, xml ) { - var elem, - unmatched = matcher( seed, null, xml, [] ), - i = seed.length; - - // Match elements unmatched by `matcher` - while ( i-- ) { - if ( (elem = unmatched[i]) ) { - seed[i] = !(matches[i] = elem); - } - } - }) : - function( elem, context, xml ) { - input[0] = elem; - matcher( input, null, xml, results ); - // Don't keep the element (issue #299) - input[0] = null; - return !results.pop(); - }; - }), - - "has": markFunction(function( selector ) { - return function( elem ) { - return Sizzle( selector, elem ).length > 0; - }; - }), - - "contains": markFunction(function( text ) { - text = text.replace( runescape, funescape ); - return function( elem ) { - return ( elem.textContent || elem.innerText || getText( elem ) ).indexOf( text ) > -1; - }; - }), - - // "Whether an element is represented by a :lang() selector - // is based solely on the element's language value - // being equal to the identifier C, - // or beginning with the identifier C immediately followed by "-". - // The matching of C against the element's language value is performed case-insensitively. - // The identifier C does not have to be a valid language name." - // http://www.w3.org/TR/selectors/#lang-pseudo - "lang": markFunction( function( lang ) { - // lang value must be a valid identifier - if ( !ridentifier.test(lang || "") ) { - Sizzle.error( "unsupported lang: " + lang ); - } - lang = lang.replace( runescape, funescape ).toLowerCase(); - return function( elem ) { - var elemLang; - do { - if ( (elemLang = documentIsHTML ? - elem.lang : - elem.getAttribute("xml:lang") || elem.getAttribute("lang")) ) { - - elemLang = elemLang.toLowerCase(); - return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; - } - } while ( (elem = elem.parentNode) && elem.nodeType === 1 ); - return false; - }; - }), - - // Miscellaneous - "target": function( elem ) { - var hash = window.location && window.location.hash; - return hash && hash.slice( 1 ) === elem.id; - }, - - "root": function( elem ) { - return elem === docElem; - }, - - "focus": function( elem ) { - return elem === document.activeElement && (!document.hasFocus || document.hasFocus()) && !!(elem.type || elem.href || ~elem.tabIndex); - }, - - // Boolean properties - "enabled": createDisabledPseudo( false ), - "disabled": createDisabledPseudo( true ), - - "checked": function( elem ) { - // In CSS3, :checked should return both checked and selected elements - // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked - var nodeName = elem.nodeName.toLowerCase(); - return (nodeName === "input" && !!elem.checked) || (nodeName === "option" && !!elem.selected); - }, - - "selected": function( elem ) { - // Accessing this property makes selected-by-default - // options in Safari work properly - if ( elem.parentNode ) { - elem.parentNode.selectedIndex; - } - - return elem.selected === true; - }, - - // Contents - "empty": function( elem ) { - // http://www.w3.org/TR/selectors/#empty-pseudo - // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), - // but not by others (comment: 8; processing instruction: 7; etc.) - // nodeType < 6 works because attributes (2) do not appear as children - for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { - if ( elem.nodeType < 6 ) { - return false; - } - } - return true; - }, - - "parent": function( elem ) { - return !Expr.pseudos["empty"]( elem ); - }, - - // Element/input types - "header": function( elem ) { - return rheader.test( elem.nodeName ); - }, - - "input": function( elem ) { - return rinputs.test( elem.nodeName ); - }, - - "button": function( elem ) { - var name = elem.nodeName.toLowerCase(); - return name === "input" && elem.type === "button" || name === "button"; - }, - - "text": function( elem ) { - var attr; - return elem.nodeName.toLowerCase() === "input" && - elem.type === "text" && - - // Support: IE<8 - // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" - ( (attr = elem.getAttribute("type")) == null || attr.toLowerCase() === "text" ); - }, - - // Position-in-collection - "first": createPositionalPseudo(function() { - return [ 0 ]; - }), - - "last": createPositionalPseudo(function( matchIndexes, length ) { - return [ length - 1 ]; - }), - - "eq": createPositionalPseudo(function( matchIndexes, length, argument ) { - return [ argument < 0 ? argument + length : argument ]; - }), - - "even": createPositionalPseudo(function( matchIndexes, length ) { - var i = 0; - for ( ; i < length; i += 2 ) { - matchIndexes.push( i ); - } - return matchIndexes; - }), - - "odd": createPositionalPseudo(function( matchIndexes, length ) { - var i = 1; - for ( ; i < length; i += 2 ) { - matchIndexes.push( i ); - } - return matchIndexes; - }), - - "lt": createPositionalPseudo(function( matchIndexes, length, argument ) { - var i = argument < 0 ? argument + length : argument; - for ( ; --i >= 0; ) { - matchIndexes.push( i ); - } - return matchIndexes; - }), - - "gt": createPositionalPseudo(function( matchIndexes, length, argument ) { - var i = argument < 0 ? argument + length : argument; - for ( ; ++i < length; ) { - matchIndexes.push( i ); - } - return matchIndexes; - }) - } -}; - -Expr.pseudos["nth"] = Expr.pseudos["eq"]; - -// Add button/input type pseudos -for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { - Expr.pseudos[ i ] = createInputPseudo( i ); -} -for ( i in { submit: true, reset: true } ) { - Expr.pseudos[ i ] = createButtonPseudo( i ); -} - -// Easy API for creating new setFilters -function setFilters() {} -setFilters.prototype = Expr.filters = Expr.pseudos; -Expr.setFilters = new setFilters(); - -tokenize = Sizzle.tokenize = function( selector, parseOnly ) { - var matched, match, tokens, type, - soFar, groups, preFilters, - cached = tokenCache[ selector + " " ]; - - if ( cached ) { - return parseOnly ? 0 : cached.slice( 0 ); - } - - soFar = selector; - groups = []; - preFilters = Expr.preFilter; - - while ( soFar ) { - - // Comma and first run - if ( !matched || (match = rcomma.exec( soFar )) ) { - if ( match ) { - // Don't consume trailing commas as valid - soFar = soFar.slice( match[0].length ) || soFar; - } - groups.push( (tokens = []) ); - } - - matched = false; - - // Combinators - if ( (match = rcombinators.exec( soFar )) ) { - matched = match.shift(); - tokens.push({ - value: matched, - // Cast descendant combinators to space - type: match[0].replace( rtrim, " " ) - }); - soFar = soFar.slice( matched.length ); - } - - // Filters - for ( type in Expr.filter ) { - if ( (match = matchExpr[ type ].exec( soFar )) && (!preFilters[ type ] || - (match = preFilters[ type ]( match ))) ) { - matched = match.shift(); - tokens.push({ - value: matched, - type: type, - matches: match - }); - soFar = soFar.slice( matched.length ); - } - } - - if ( !matched ) { - break; - } - } - - // Return the length of the invalid excess - // if we're just parsing - // Otherwise, throw an error or return tokens - return parseOnly ? - soFar.length : - soFar ? - Sizzle.error( selector ) : - // Cache the tokens - tokenCache( selector, groups ).slice( 0 ); -}; - -function toSelector( tokens ) { - var i = 0, - len = tokens.length, - selector = ""; - for ( ; i < len; i++ ) { - selector += tokens[i].value; - } - return selector; -} - -function addCombinator( matcher, combinator, base ) { - var dir = combinator.dir, - skip = combinator.next, - key = skip || dir, - checkNonElements = base && key === "parentNode", - doneName = done++; - - return combinator.first ? - // Check against closest ancestor/preceding element - function( elem, context, xml ) { - while ( (elem = elem[ dir ]) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - return matcher( elem, context, xml ); - } - } - return false; - } : - - // Check against all ancestor/preceding elements - function( elem, context, xml ) { - var oldCache, uniqueCache, outerCache, - newCache = [ dirruns, doneName ]; - - // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching - if ( xml ) { - while ( (elem = elem[ dir ]) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - if ( matcher( elem, context, xml ) ) { - return true; - } - } - } - } else { - while ( (elem = elem[ dir ]) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - outerCache = elem[ expando ] || (elem[ expando ] = {}); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ elem.uniqueID ] || (outerCache[ elem.uniqueID ] = {}); - - if ( skip && skip === elem.nodeName.toLowerCase() ) { - elem = elem[ dir ] || elem; - } else if ( (oldCache = uniqueCache[ key ]) && - oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { - - // Assign to newCache so results back-propagate to previous elements - return (newCache[ 2 ] = oldCache[ 2 ]); - } else { - // Reuse newcache so results back-propagate to previous elements - uniqueCache[ key ] = newCache; - - // A match means we're done; a fail means we have to keep checking - if ( (newCache[ 2 ] = matcher( elem, context, xml )) ) { - return true; - } - } - } - } - } - return false; - }; -} - -function elementMatcher( matchers ) { - return matchers.length > 1 ? - function( elem, context, xml ) { - var i = matchers.length; - while ( i-- ) { - if ( !matchers[i]( elem, context, xml ) ) { - return false; - } - } - return true; - } : - matchers[0]; -} - -function multipleContexts( selector, contexts, results ) { - var i = 0, - len = contexts.length; - for ( ; i < len; i++ ) { - Sizzle( selector, contexts[i], results ); - } - return results; -} - -function condense( unmatched, map, filter, context, xml ) { - var elem, - newUnmatched = [], - i = 0, - len = unmatched.length, - mapped = map != null; - - for ( ; i < len; i++ ) { - if ( (elem = unmatched[i]) ) { - if ( !filter || filter( elem, context, xml ) ) { - newUnmatched.push( elem ); - if ( mapped ) { - map.push( i ); - } - } - } - } - - return newUnmatched; -} - -function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { - if ( postFilter && !postFilter[ expando ] ) { - postFilter = setMatcher( postFilter ); - } - if ( postFinder && !postFinder[ expando ] ) { - postFinder = setMatcher( postFinder, postSelector ); - } - return markFunction(function( seed, results, context, xml ) { - var temp, i, elem, - preMap = [], - postMap = [], - preexisting = results.length, - - // Get initial elements from seed or context - elems = seed || multipleContexts( selector || "*", context.nodeType ? [ context ] : context, [] ), - - // Prefilter to get matcher input, preserving a map for seed-results synchronization - matcherIn = preFilter && ( seed || !selector ) ? - condense( elems, preMap, preFilter, context, xml ) : - elems, - - matcherOut = matcher ? - // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, - postFinder || ( seed ? preFilter : preexisting || postFilter ) ? - - // ...intermediate processing is necessary - [] : - - // ...otherwise use results directly - results : - matcherIn; - - // Find primary matches - if ( matcher ) { - matcher( matcherIn, matcherOut, context, xml ); - } - - // Apply postFilter - if ( postFilter ) { - temp = condense( matcherOut, postMap ); - postFilter( temp, [], context, xml ); - - // Un-match failing elements by moving them back to matcherIn - i = temp.length; - while ( i-- ) { - if ( (elem = temp[i]) ) { - matcherOut[ postMap[i] ] = !(matcherIn[ postMap[i] ] = elem); - } - } - } - - if ( seed ) { - if ( postFinder || preFilter ) { - if ( postFinder ) { - // Get the final matcherOut by condensing this intermediate into postFinder contexts - temp = []; - i = matcherOut.length; - while ( i-- ) { - if ( (elem = matcherOut[i]) ) { - // Restore matcherIn since elem is not yet a final match - temp.push( (matcherIn[i] = elem) ); - } - } - postFinder( null, (matcherOut = []), temp, xml ); - } - - // Move matched elements from seed to results to keep them synchronized - i = matcherOut.length; - while ( i-- ) { - if ( (elem = matcherOut[i]) && - (temp = postFinder ? indexOf( seed, elem ) : preMap[i]) > -1 ) { - - seed[temp] = !(results[temp] = elem); - } - } - } - - // Add elements to results, through postFinder if defined - } else { - matcherOut = condense( - matcherOut === results ? - matcherOut.splice( preexisting, matcherOut.length ) : - matcherOut - ); - if ( postFinder ) { - postFinder( null, results, matcherOut, xml ); - } else { - push.apply( results, matcherOut ); - } - } - }); -} - -function matcherFromTokens( tokens ) { - var checkContext, matcher, j, - len = tokens.length, - leadingRelative = Expr.relative[ tokens[0].type ], - implicitRelative = leadingRelative || Expr.relative[" "], - i = leadingRelative ? 1 : 0, - - // The foundational matcher ensures that elements are reachable from top-level context(s) - matchContext = addCombinator( function( elem ) { - return elem === checkContext; - }, implicitRelative, true ), - matchAnyContext = addCombinator( function( elem ) { - return indexOf( checkContext, elem ) > -1; - }, implicitRelative, true ), - matchers = [ function( elem, context, xml ) { - var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( - (checkContext = context).nodeType ? - matchContext( elem, context, xml ) : - matchAnyContext( elem, context, xml ) ); - // Avoid hanging onto element (issue #299) - checkContext = null; - return ret; - } ]; - - for ( ; i < len; i++ ) { - if ( (matcher = Expr.relative[ tokens[i].type ]) ) { - matchers = [ addCombinator(elementMatcher( matchers ), matcher) ]; - } else { - matcher = Expr.filter[ tokens[i].type ].apply( null, tokens[i].matches ); - - // Return special upon seeing a positional matcher - if ( matcher[ expando ] ) { - // Find the next relative operator (if any) for proper handling - j = ++i; - for ( ; j < len; j++ ) { - if ( Expr.relative[ tokens[j].type ] ) { - break; - } - } - return setMatcher( - i > 1 && elementMatcher( matchers ), - i > 1 && toSelector( - // If the preceding token was a descendant combinator, insert an implicit any-element `*` - tokens.slice( 0, i - 1 ).concat({ value: tokens[ i - 2 ].type === " " ? "*" : "" }) - ).replace( rtrim, "$1" ), - matcher, - i < j && matcherFromTokens( tokens.slice( i, j ) ), - j < len && matcherFromTokens( (tokens = tokens.slice( j )) ), - j < len && toSelector( tokens ) - ); - } - matchers.push( matcher ); - } - } - - return elementMatcher( matchers ); -} - -function matcherFromGroupMatchers( elementMatchers, setMatchers ) { - var bySet = setMatchers.length > 0, - byElement = elementMatchers.length > 0, - superMatcher = function( seed, context, xml, results, outermost ) { - var elem, j, matcher, - matchedCount = 0, - i = "0", - unmatched = seed && [], - setMatched = [], - contextBackup = outermostContext, - // We must always have either seed elements or outermost context - elems = seed || byElement && Expr.find["TAG"]( "*", outermost ), - // Use integer dirruns iff this is the outermost matcher - dirrunsUnique = (dirruns += contextBackup == null ? 1 : Math.random() || 0.1), - len = elems.length; - - if ( outermost ) { - outermostContext = context === document || context || outermost; - } - - // Add elements passing elementMatchers directly to results - // Support: IE<9, Safari - // Tolerate NodeList properties (IE: "length"; Safari: