python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-06-17 00:07:37 +02:00
Code Issues Releases Activity

fix parse_post

Browse Source
This commit is contained in:
Kelly Brazil
2020-05-19 17:13:03 -07:00
parent 9363f430f2
commit 1639dee1bb
1 changed files with 10 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
jc/parsers/netstat_osx.py
View File

@ -1,6 +1,4 @@
"""jc - JSON CLI output utility OSX netstat Parser""" """jc - JSON CLI output utility OSX netstat Parser"""
import string
import jc.utils
def normalize_headers(header): def normalize_headers(header):
@ -8,6 +6,7 @@ def normalize_headers(header):
header = header.replace('local address', 'local_address') header = header.replace('local address', 'local_address')
header = header.replace('foreign address', 'foreign_address') header = header.replace('foreign address', 'foreign_address')
header = header.replace('(state)', 'state') header = header.replace('(state)', 'state')
header = header.replace('inode', 'osx_inode')
header = header.replace('-', '_') header = header.replace('-', '_')
return header return header
@ -31,10 +30,6 @@ def parse_socket(headers, entry):
# Count words in header # Count words in header
# if len of line is one less than len of header, then insert None in field 5 # if len of line is one less than len of header, then insert None in field 5
entry = entry.split(maxsplit=len(headers) - 1) entry = entry.split(maxsplit=len(headers) - 1)
if len(entry) == len(headers) - 1:
entry.insert(5, None)
output_line = dict(zip(headers, entry)) output_line = dict(zip(headers, entry))
output_line['kind'] = 'socket' output_line['kind'] = 'socket'
@ -45,10 +40,6 @@ def parse_reg_kernel_control(headers, entry):
# Count words in header # Count words in header
# if len of line is one less than len of header, then insert None in field 5 # if len of line is one less than len of header, then insert None in field 5
entry = entry.split(maxsplit=len(headers) - 1) entry = entry.split(maxsplit=len(headers) - 1)
if len(entry) == len(headers) - 1:
entry.insert(5, None)
output_line = dict(zip(headers, entry)) output_line = dict(zip(headers, entry))
output_line['kind'] = 'Registered kernel control module' output_line['kind'] = 'Registered kernel control module'
@ -59,23 +50,16 @@ def parse_active_kernel_event(headers, entry):
# Count words in header # Count words in header
# if len of line is one less than len of header, then insert None in field 5 # if len of line is one less than len of header, then insert None in field 5
entry = entry.split(maxsplit=len(headers) - 1) entry = entry.split(maxsplit=len(headers) - 1)
if len(entry) == len(headers) - 1:
entry.insert(5, None)
output_line = dict(zip(headers, entry)) output_line = dict(zip(headers, entry))
output_line['kind'] = 'Active kernel event socket' output_line['kind'] = 'Active kernel event socket'
return output_line return output_line
def parse_active_kernel_control(headers, entry): def parse_active_kernel_control(headers, entry):
# Count words in header # Count words in header
# if len of line is one less than len of header, then insert None in field 5 # if len of line is one less than len of header, then insert None in field 5
entry = entry.split(maxsplit=len(headers) - 1) entry = entry.split(maxsplit=len(headers) - 1)
if len(entry) == len(headers) - 1:
entry.insert(5, None)
output_line = dict(zip(headers, entry)) output_line = dict(zip(headers, entry))
output_line['kind'] = 'Active kernel control socket' output_line['kind'] = 'Active kernel control socket'
@ -83,41 +67,33 @@ def parse_active_kernel_control(headers, entry):
def parse_post(raw_data): def parse_post(raw_data):
# clean up trailing whitespace on each item in each entry
# flags --- = null
# program_name - = null
# split pid and program name and ip addresses and ports
# create network and transport protocol fields # create network and transport protocol fields
for entry in raw_data: for entry in raw_data:
if 'local_address' in entry: if 'local_address' in entry:
if entry['local_address']: if entry['local_address']:
ladd = entry['local_address'].rsplit(':', maxsplit=1)[0] ladd = entry['local_address'].rsplit('.', maxsplit=1)[0]
lport = entry['local_address'].rsplit(':', maxsplit=1)[1] lport = entry['local_address'].rsplit('.', maxsplit=1)[1]
entry['local_address'] = ladd entry['local_address'] = ladd
entry['local_port'] = lport entry['local_port'] = lport
if 'foreign_address' in entry: if 'foreign_address' in entry:
if entry['foreign_address']: if entry['foreign_address']:
fadd = entry['foreign_address'].rsplit(':', maxsplit=1)[0] fadd = entry['foreign_address'].rsplit('.', maxsplit=1)[0]
fport = entry['foreign_address'].rsplit(':', maxsplit=1)[1] fport = entry['foreign_address'].rsplit('.', maxsplit=1)[1]
entry['foreign_address'] = fadd entry['foreign_address'] = fadd
entry['foreign_port'] = fport entry['foreign_port'] = fport
if 'proto' in entry and 'kind' in entry: if 'proto' in entry and 'kind' in entry:
if entry['kind'] == 'network': if entry['kind'] == 'network':
if 'tcp' in entry['proto']: entry['transport_protocol'] = entry['proto'][:-1]
entry['transport_protocol'] = 'tcp'
elif 'udp' in entry['proto']:
entry['transport_protocol'] = 'udp'
else:
entry['transport_protocol'] = None
if '6' in entry['proto']: if '6' in entry['proto']:
entry['network_protocol'] = 'ipv6' entry['network_protocol'] = 'ipv6'
else: else:
entry['network_protocol'] = 'ipv4' entry['network_protocol'] = 'ipv4'
#
return raw_data return raw_data
@ -260,5 +236,4 @@ def parse(cleandata):
for item in [network_list, socket_list, reg_kernel_control_list, active_kernel_event_list, active_kernel_control_list]: for item in [network_list, socket_list, reg_kernel_control_list, active_kernel_event_list, active_kernel_control_list]:
raw_output.extend(item) raw_output.extend(item)
return raw_output return parse_post(raw_output)