python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-06-19 00:17:51 +02:00
Code Issues Releases Activity

post_parse flags and program_name

Browse Source
This commit is contained in:
Kelly Brazil
2019-11-07 10:52:02 -08:00
parent 579124475b
commit 94a88bb566
1 changed files with 35 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
jc/parsers/netstat.py
View File

@ -4,8 +4,7 @@ Usage:
Specify --netstat as the first argument if the piped input is coming from netstat Specify --netstat as the first argument if the piped input is coming from netstat
Limitations: Limitations:
-Z option may rarely cause incorrect parsing of the program_name, security_context, and path incorrect parsing can occur when there is a space in the program_name field when using the -p option in netstat
for lines with spaces in the program_name
""" """
import string import string
import jc.utils import jc.utils
@ -15,20 +14,28 @@ def process(proc_data):
'''schema: '''schema:
[ [
{ {
"proto": "tcp", "proto": string,
"recv_q": "0", "recv_q": integer,
"send_q": "0", "send_q": integer,
"local_address": "0.0.0.0:22", "transport_protocol" string,
"foreign_address": "0.0.0.0:*", "network_protocol": string,
"state": "LISTEN", "local_address": string,
"program_name": "1219/sshd", "local_port": string,
"security_context": "system_u:system_r:sshd_t:s0-s0:c0.c1023 ", "local_port_num": integer,
"refcnt": "2", "foreign_address": string,
"flags": "ACC", "foreign_port": string,
"type": "STREAM", "foreign_port_num": integer,
"inode": "20782", "state": string,
"path": "/var/run/NetworkManager/private-dhcp", "program_name": string,
"kind": "network" "pid": integer,
"user": string,
"security_context": string, ",
"refcnt": integer,
"flags": string,
"type": stromg,
"inode": integer,
"path": string,
"kind": string
} }
] ]
''' '''
@ -81,9 +88,18 @@ def parse_socket(header_text, headers, entry):
def parse_post(raw_data): def parse_post(raw_data):
# flags --- = null
# post process to split pid and program name and ip addresses and ports # post process to split pid and program name and ip addresses and ports
for entry in raw_data:
if 'flags' in entry:
if entry['flags'] == '---':
entry['flags'] = None
if 'program_name' in entry:
entry['program_name'] = entry['program_name'].rstrip()
if entry['program_name'] == '-':
entry['program_name'] = None
return raw_data return raw_data
@ -95,6 +111,8 @@ def parse(data, raw=False, quiet=False):
jc.utils.compatibility(__name__, compatible) jc.utils.compatibility(__name__, compatible)
cleandata = data.splitlines() cleandata = data.splitlines()
cleandata = list(filter(None, cleandata))
raw_output = [] raw_output = []
network = False network = False