From 21b56096c57cfcf5c55fdf5f9bab88b6d5c7dd73 Mon Sep 17 00:00:00 2001
From: Kelly Brazil <kellyjonbrazil@gmail.com>
Date: Thu, 7 Nov 2019 13:53:23 -0800
Subject: [PATCH] finalize parse_post

---
 jc/parsers/netstat.py | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/jc/parsers/netstat.py b/jc/parsers/netstat.py
index 01496678..665d50dd 100644
--- a/jc/parsers/netstat.py
+++ b/jc/parsers/netstat.py
@@ -88,7 +88,9 @@ def parse_socket(header_text, headers, entry):
 
 
 def parse_post(raw_data):
+    # clean up trailing whitespace on each item in each entry
     # flags --- = null
+    # program_name - = null
     # post process to split pid and program name and ip addresses and ports
 
     for entry in raw_data:
@@ -102,10 +104,45 @@ def parse_post(raw_data):
         if 'flags' in entry:
             if entry['flags'] == '---':
                 entry['flags'] = None
+
         if 'program_name' in entry:
             if entry['program_name'] == '-':
                 entry['program_name'] = None
 
+            if entry['program_name']:
+                pid = entry['program_name'].split('/', maxsplit=1)[0]
+                name = entry['program_name'].split('/', maxsplit=1)[1]
+                entry['pid'] = pid
+                entry['program_name'] = name
+
+        if 'local_address' in entry:
+            if entry['local_address']:
+                ladd = entry['local_address'].rsplit(':', maxsplit=1)[0]
+                lport = entry['local_address'].rsplit(':', maxsplit=1)[1]
+                entry['local_address'] = ladd
+                entry['local_port'] = lport
+
+        if 'foreign_address' in entry:
+            if entry['foreign_address']:
+                fadd = entry['foreign_address'].rsplit(':', maxsplit=1)[0]
+                fport = entry['foreign_address'].rsplit(':', maxsplit=1)[1]
+                entry['foreign_address'] = fadd
+                entry['foreign_port'] = fport
+
+        if 'proto' in entry and 'kind' in entry:
+            if entry['kind'] == 'network':
+                if entry['proto'].find('tcp') != -1:
+                    entry['transport_protocol'] = 'tcp'
+                elif entry['proto'].find('udp') != -1:
+                    entry['transport_protocol'] = 'udp'
+                else:
+                    entry['transport_protocol'] = None
+
+                if entry['proto'].find('6') != -1:
+                    entry['network_protocol'] = 'ipv6'
+                else:
+                    entry['network_protocol'] = 'ipv4'
+
     return raw_data