From fa416083f290a379c7c30a1d49d0f05abe304606 Mon Sep 17 00:00:00 2001 From: Hamza Saht <74961214+Luigi31415@users.noreply.github.com> Date: Tue, 19 Nov 2024 21:28:32 +0300 Subject: [PATCH] Fix/spaces in program name (#608) * fix: enforce word boundaries while checking state presence * fix: add tests for the special netstat case with space in process name --------- Co-authored-by: Kelly Brazil --- jc/parsers/netstat_linux.py | 3 +- .../ubuntu-18.04/netstat-sudo-lnp-space.json | 1 + .../ubuntu-18.04/netstat-sudo-lnp-space.out | 51 +++++++++++++++++++ tests/test_netstat.py | 12 +++++ 4 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.json create mode 100644 tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.out diff --git a/jc/parsers/netstat_linux.py b/jc/parsers/netstat_linux.py index 222f2944..216a94e1 100644 --- a/jc/parsers/netstat_linux.py +++ b/jc/parsers/netstat_linux.py @@ -1,5 +1,6 @@ r"""jc - JSON Convert Linux netstat Parser""" import string +import re def normalize_headers(header): @@ -38,7 +39,7 @@ def parse_network(headers, entry): ] # split entry based on presence of value in "State" column - contains_state = any(state in entry for state in LIST_OF_STATES) + contains_state = any(re.search(rf"\b{re.escape(state)}\b", entry) for state in LIST_OF_STATES) split_modifier = 1 if contains_state else 2 entry = entry.split(maxsplit=len(headers) - split_modifier) diff --git a/tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.json b/tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.json new file mode 100644 index 00000000..835325ee --- /dev/null +++ b/tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.json @@ -0,0 +1 @@ +[{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"pgpool","kind":"network","pid":1178,"local_port":"9898","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":9898},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"192.168.68.116","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"bareos-fd","kind":"network","pid":584,"local_port":"9102","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":9102},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"sshd: /usr/sbin","kind":"network","pid":600,"local_port":"22","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":22},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"pgpool","kind":"network","pid":1178,"local_port":"5432","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":5432},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"postgres","kind":"network","pid":1676,"local_port":"5433","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":5433},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"127.0.0.1","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"exim4","kind":"network","pid":928,"local_port":"25","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":25},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"zabbix_agen","kind":"network","pid":1817931,"local_port":"10050","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":10050},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"pgpool: watchd","kind":"network","pid":1187,"local_port":"9000","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":9000},{"proto":"tcp6","recv_q":0,"send_q":0,"local_address":"::","foreign_address":"::","state":"LISTEN","program_name":"pgpool","kind":"network","pid":1178,"local_port":"9898","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv6","local_port_num":9898},{"proto":"tcp6","recv_q":0,"send_q":0,"local_address":"::","foreign_address":"::","state":"LISTEN","program_name":"sshd: /usr/sbin","kind":"network","pid":600,"local_port":"22","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv6","local_port_num":22},{"proto":"tcp6","recv_q":0,"send_q":0,"local_address":"::","foreign_address":"::","state":"LISTEN","program_name":"pgpool","kind":"network","pid":1178,"local_port":"5432","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv6","local_port_num":5432},{"proto":"tcp6","recv_q":0,"send_q":0,"local_address":"::","foreign_address":"::","state":"LISTEN","program_name":"postgres","kind":"network","pid":1676,"local_port":"5433","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv6","local_port_num":5433},{"proto":"tcp6","recv_q":0,"send_q":0,"local_address":"::","foreign_address":"::","state":"LISTEN","program_name":"zabbix_agen","kind":"network","pid":1817931,"local_port":"10050","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv6","local_port_num":10050},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":null,"program_name":"dhclient","kind":"network","pid":535,"local_port":"68","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":68},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":null,"program_name":"pgpool: heartb","kind":"network","pid":1204,"local_port":"37300","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":37300},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":null,"program_name":"pgpool: heartb","kind":"network","pid":1205,"local_port":"9694","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":9694},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":null,"program_name":"pgpool: heartb","kind":"network","pid":1203,"local_port":"9694","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":9694},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":null,"program_name":"pgpool: heartb","kind":"network","pid":1206,"local_port":"44649","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":44649},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":null,"program_name":"rsyslogd","kind":"network","pid":494,"local_port":"52868","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":52868},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"127.0.0.1","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"containerd","kind":"network","pid":1112,"local_port":"42351","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":42351},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"127.0.0.53","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"systemd-resolve","kind":"network","pid":885,"local_port":"53","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":53},{"proto":"tcp","recv_q":0,"send_q":0,"local_address":"0.0.0.0","foreign_address":"0.0.0.0","state":"LISTEN","program_name":"sshd","kind":"network","pid":1127,"local_port":"22","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv4","local_port_num":22},{"proto":"tcp6","recv_q":0,"send_q":0,"local_address":"::","foreign_address":"::","state":"LISTEN","program_name":"sshd","kind":"network","pid":1127,"local_port":"22","foreign_port":"*","transport_protocol":"tcp","network_protocol":"ipv6","local_port_num":22},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"127.0.0.53","foreign_address":"0.0.0.0","state":null,"program_name":"systemd-resolve","kind":"network","pid":885,"local_port":"53","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":53},{"proto":"udp","recv_q":0,"send_q":0,"local_address":"192.168.71.131","foreign_address":"0.0.0.0","state":null,"program_name":"systemd-network","kind":"network","pid":867,"local_port":"68","foreign_port":"*","transport_protocol":"udp","network_protocol":"ipv4","local_port_num":68},{"proto":"raw6","recv_q":0,"send_q":0,"local_address":"::","foreign_address":"::","state":"7","program_name":"systemd-network","kind":"network","pid":867,"local_port":"58","foreign_port":"*","transport_protocol":null,"network_protocol":"ipv6","local_port_num":58},{"proto":"unix","refcnt":2,"flags":"ACC","type":"SEQPACKET","state":"LISTENING","inode":20812,"program_name":"init","path":"/run/udev/control","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":33765,"program_name":"systemd","path":"/run/user/1000/systemd/private","kind":"socket","pid":1723},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":33808,"program_name":"systemd","path":"/run/user/1000/gnupg/S.gpg-agent.ssh","kind":"socket","pid":1723},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":33809,"program_name":"systemd","path":"/run/user/1000/gnupg/S.dirmngr","kind":"socket","pid":1723},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":33810,"program_name":"systemd","path":"/run/user/1000/gnupg/S.gpg-agent.browser","kind":"socket","pid":1723},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":33811,"program_name":"systemd","path":"/run/user/1000/gnupg/S.gpg-agent","kind":"socket","pid":1723},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":33812,"program_name":"systemd","path":"/run/user/1000/gnupg/S.gpg-agent.extra","kind":"socket","pid":1723},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":20655,"program_name":"init","path":"/run/systemd/private","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":20662,"program_name":"init","path":"/run/lvm/lvmetad.socket","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":20664,"program_name":"init","path":"/run/systemd/journal/stdout","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":20891,"program_name":"init","path":"/run/lvm/lvmpolld.socket","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27473,"program_name":"init","path":"/run/acpid.socket","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27443,"program_name":"init","path":"/run/snapd.socket","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27445,"program_name":"init","path":"/run/snapd-snap.socket","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27475,"program_name":"init","path":"/run/uuidd/request","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27481,"program_name":"init","path":"/var/run/docker.sock","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27489,"program_name":"init","path":"/var/run/dbus/system_bus_socket","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27468,"program_name":"init","path":"/var/lib/lxd/unix.socket","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":30726,"program_name":"containerd","path":"/run/containerd/containerd.sock","kind":"socket","pid":1112},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":27436,"program_name":"init","path":"@ISCSIADM_ABSTRACT_NAMESPACE","kind":"socket","pid":1},{"proto":"unix","refcnt":2,"flags":"ACC","type":"STREAM","state":"LISTENING","inode":25548,"program_name":"VGAuthService","path":"/var/run/vmware/guestServicePipe","kind":"socket","pid":607}] diff --git a/tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.out b/tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.out new file mode 100644 index 00000000..0152b9fa --- /dev/null +++ b/tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.out @@ -0,0 +1,51 @@ +Active Internet connections (only servers) +Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name +tcp 0 0 0.0.0.0:9898 0.0.0.0:* LISTEN 1178/pgpool +tcp 0 0 192.168.68.116:9102 0.0.0.0:* LISTEN 584/bareos-fd +tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 600/sshd: /usr/sbin +tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 1178/pgpool +tcp 0 0 0.0.0.0:5433 0.0.0.0:* LISTEN 1676/postgres +tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 928/exim4 +tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 1817931/zabbix_agen +tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 1187/pgpool: watchd +tcp6 0 0 :::9898 :::* LISTEN 1178/pgpool +tcp6 0 0 :::22 :::* LISTEN 600/sshd: /usr/sbin +tcp6 0 0 :::5432 :::* LISTEN 1178/pgpool +tcp6 0 0 :::5433 :::* LISTEN 1676/postgres +tcp6 0 0 :::10050 :::* LISTEN 1817931/zabbix_agen +udp 0 0 0.0.0.0:68 0.0.0.0:* 535/dhclient +udp 0 0 0.0.0.0:37300 0.0.0.0:* 1204/pgpool: heartb +udp 0 0 0.0.0.0:9694 0.0.0.0:* 1205/pgpool: heartb +udp 0 0 0.0.0.0:9694 0.0.0.0:* 1203/pgpool: heartb +udp 0 0 0.0.0.0:44649 0.0.0.0:* 1206/pgpool: heartb +udp 0 0 0.0.0.0:52868 0.0.0.0:* 494/rsyslogd +tcp 0 0 127.0.0.1:42351 0.0.0.0:* LISTEN 1112/containerd +tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 885/systemd-resolve +tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1127/sshd +tcp6 0 0 :::22 :::* LISTEN 1127/sshd +udp 0 0 127.0.0.53:53 0.0.0.0:* 885/systemd-resolve +udp 0 0 192.168.71.131:68 0.0.0.0:* 867/systemd-network +raw6 0 0 :::58 :::* 7 867/systemd-network +Active UNIX domain sockets (only servers) +Proto RefCnt Flags Type State I-Node PID/Program name Path +unix 2 [ ACC ] SEQPACKET LISTENING 20812 1/init /run/udev/control +unix 2 [ ACC ] STREAM LISTENING 33765 1723/systemd /run/user/1000/systemd/private +unix 2 [ ACC ] STREAM LISTENING 33808 1723/systemd /run/user/1000/gnupg/S.gpg-agent.ssh +unix 2 [ ACC ] STREAM LISTENING 33809 1723/systemd /run/user/1000/gnupg/S.dirmngr +unix 2 [ ACC ] STREAM LISTENING 33810 1723/systemd /run/user/1000/gnupg/S.gpg-agent.browser +unix 2 [ ACC ] STREAM LISTENING 33811 1723/systemd /run/user/1000/gnupg/S.gpg-agent +unix 2 [ ACC ] STREAM LISTENING 33812 1723/systemd /run/user/1000/gnupg/S.gpg-agent.extra +unix 2 [ ACC ] STREAM LISTENING 20655 1/init /run/systemd/private +unix 2 [ ACC ] STREAM LISTENING 20662 1/init /run/lvm/lvmetad.socket +unix 2 [ ACC ] STREAM LISTENING 20664 1/init /run/systemd/journal/stdout +unix 2 [ ACC ] STREAM LISTENING 20891 1/init /run/lvm/lvmpolld.socket +unix 2 [ ACC ] STREAM LISTENING 27473 1/init /run/acpid.socket +unix 2 [ ACC ] STREAM LISTENING 27443 1/init /run/snapd.socket +unix 2 [ ACC ] STREAM LISTENING 27445 1/init /run/snapd-snap.socket +unix 2 [ ACC ] STREAM LISTENING 27475 1/init /run/uuidd/request +unix 2 [ ACC ] STREAM LISTENING 27481 1/init /var/run/docker.sock +unix 2 [ ACC ] STREAM LISTENING 27489 1/init /var/run/dbus/system_bus_socket +unix 2 [ ACC ] STREAM LISTENING 27468 1/init /var/lib/lxd/unix.socket +unix 2 [ ACC ] STREAM LISTENING 30726 1112/containerd /run/containerd/containerd.sock +unix 2 [ ACC ] STREAM LISTENING 27436 1/init @ISCSIADM_ABSTRACT_NAMESPACE +unix 2 [ ACC ] STREAM LISTENING 25548 607/VGAuthService /var/run/vmware/guestServicePipe diff --git a/tests/test_netstat.py b/tests/test_netstat.py index 75531825..54392ddb 100644 --- a/tests/test_netstat.py +++ b/tests/test_netstat.py @@ -37,6 +37,9 @@ class MyTests(unittest.TestCase): with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/ubuntu-18.04/netstat-sudo-lnp.out'), 'r', encoding='utf-8') as f: ubuntu_18_4_netstat_sudo_lnp = f.read() + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.out'), 'r', encoding='utf-8') as f: + ubuntu_18_4_netstat_sudo_lnp_space = f.read() + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/centos-7.7/netstat-sudo-aeep.out'), 'r', encoding='utf-8') as f: centos_7_7_netstat_sudo_aeep = f.read() @@ -164,6 +167,9 @@ class MyTests(unittest.TestCase): with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/ubuntu-18.04/netstat-sudo-lnp.json'), 'r', encoding='utf-8') as f: ubuntu_18_4_netstat_sudo_lnp_json = json.loads(f.read()) + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/ubuntu-18.04/netstat-sudo-lnp-space.json'), 'r', encoding='utf-8') as f: + ubuntu_18_4_netstat_sudo_lnp_space_json = json.loads(f.read()) + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/centos-7.7/netstat-sudo-aeep.json'), 'r', encoding='utf-8') as f: centos_7_7_netstat_sudo_aeep_json = json.loads(f.read()) @@ -317,6 +323,12 @@ class MyTests(unittest.TestCase): """ self.assertEqual(jc.parsers.netstat.parse(self.ubuntu_18_4_netstat_sudo_lnp, quiet=True), self.ubuntu_18_4_netstat_sudo_lnp_json) + def test_netstat_sudo_lnp_ubuntu_18_4(self): + """ + Test 'sudo netstat -lnp' on Ubuntu 18.4 with a space in the process name(special case) + """ + self.assertEqual(jc.parsers.netstat.parse(self.ubuntu_18_4_netstat_sudo_lnp_space, quiet=True), self.ubuntu_18_4_netstat_sudo_lnp_space_json) + def test_netstat_sudo_aeep_centos_7_7(self): """ Test 'sudo netstat -aeep' on Centos 7.7