python/jc
1
0
Fork 0
mirror of https://github.com/kellyjonbrazil/jc.git synced 2025-06-21 00:19:42 +02:00
Code Issues Releases Activity

code cleanup

Browse Source
This commit is contained in:
Kelly Brazil
2020-05-20 07:19:24 -07:00
parent f5feedb90b
commit c8216850ab
1 changed files with 19 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
jc/parsers/netstat_osx.py
View File

@ -12,47 +12,21 @@ def normalize_headers(header):
return header return header
def parse_network(headers, entry): def parse_item(headers, entry, kind):
entry = entry.split(maxsplit=len(headers) - 1) entry = entry.split(maxsplit=len(headers) - 1)
# if len of line is one less than len of header, then insert None in field 5 # TODO: Fix this area
if len(entry) == len(headers) - 1: # fixup udp records with no state field entry
entry.insert(5, None) if entry[0].startswith('udp'):
entry.insert(-1, None)
# if len(entry) == len(headers) - 1:
# if len(headers) == 6:
# entry.insert(5, None)
# else:
# entry.insert(7, None)
output_line = dict(zip(headers, entry)) output_line = dict(zip(headers, entry))
output_line['kind'] = 'network' output_line['kind'] = kind
return output_line
def parse_socket(headers, entry):
entry = entry.split(maxsplit=len(headers) - 1)
output_line = dict(zip(headers, entry))
output_line['kind'] = 'socket'
return output_line
def parse_reg_kernel_control(headers, entry):
entry = entry.split(maxsplit=len(headers) - 1)
output_line = dict(zip(headers, entry))
output_line['kind'] = 'Registered kernel control module'
return output_line
def parse_active_kernel_event(headers, entry):
entry = entry.split(maxsplit=len(headers) - 1)
output_line = dict(zip(headers, entry))
output_line['kind'] = 'Active kernel event socket'
return output_line
def parse_active_kernel_control(headers, entry):
entry = entry.split(maxsplit=len(headers) - 1)
output_line = dict(zip(headers, entry))
output_line['kind'] = 'Active kernel control socket'
return output_line return output_line
@ -88,7 +62,7 @@ def parse_post(raw_data):
def parse(cleandata): def parse(cleandata):
""" """
Main text parsing function Main text parsing function for OSX netstat
Parameters: Parameters:
@ -96,7 +70,7 @@ def parse(cleandata):
Returns: Returns:
List of dictionaries. Raw or processed structured data. List of dictionaries. Raw structured data.
""" """
raw_output = [] raw_output = []
network = False network = False
@ -105,17 +79,11 @@ def parse(cleandata):
active_kernel_event = False active_kernel_event = False
active_kernel_control = False active_kernel_control = False
socket = False socket = False
headers = '' headers = None
network_list = []
socket_list = []
reg_kernel_control_list = []
active_kernel_event_list = []
active_kernel_control_list = []
for line in cleandata: for line in cleandata:
if line.startswith('Active Internet'): if line.startswith('Active Internet'):
network_list = []
network = True network = True
multipath = False multipath = False
socket = False socket = False
@ -135,7 +103,6 @@ def parse(cleandata):
continue continue
if line.startswith('Active LOCAL (UNIX) domain sockets'): if line.startswith('Active LOCAL (UNIX) domain sockets'):
socket_list = []
network = False network = False
multipath = False multipath = False
socket = True socket = True
@ -199,7 +166,7 @@ def parse(cleandata):
# get items # get items
if network: if network:
network_list.append(parse_network(headers, line)) raw_output.append(parse_item(headers, line, 'network'))
continue continue
if multipath: if multipath:
@ -207,22 +174,19 @@ def parse(cleandata):
continue continue
if socket: if socket:
socket_list.append(parse_socket(headers, line)) raw_output.append(parse_item(headers, line, 'socket'))
continue continue
if reg_kernel_control: if reg_kernel_control:
reg_kernel_control_list.append(parse_reg_kernel_control(headers, line)) raw_output.append(parse_item(headers, line, 'Registered kernel control module'))
continue continue
if active_kernel_event: if active_kernel_event:
active_kernel_event_list.append(parse_active_kernel_event(headers, line)) raw_output.append(parse_item(headers, line, 'Active kernel event socket'))
continue continue
if active_kernel_control: if active_kernel_control:
active_kernel_control_list.append(parse_active_kernel_control(headers, line)) raw_output.append(parse_item(headers, line, 'Active kernel control socket'))
continue continue
for item in [network_list, socket_list, reg_kernel_control_list, active_kernel_event_list, active_kernel_control_list]:
raw_output.extend(item)
return parse_post(raw_output) return parse_post(raw_output)