FlowAnalyzer 0.4.4__tar.gz → 0.4.6__tar.gz

{flowanalyzer-0.4.4 → flowanalyzer-0.4.6}/FlowAnalyzer/FlowAnalyzer.py

@@ -199,9 +199,7 @@ class FlowAnalyzer:
             "-e",
             "http.request.full_uri",  # 7
             "-e",
-            "http.file_data",  # 8
-            "-e",
-            "tcp.segment.count",  # 9
+            "tcp.segment.count",  # 8
             "-E",
             "header=n",
             "-E",

{flowanalyzer-0.4.4 → flowanalyzer-0.4.6}/FlowAnalyzer/PacketParser.py

@@ -9,7 +9,7 @@ from .logging_config import logger
 
 class PacketParser:
     @staticmethod
-    def parse_packet_data(row: list) -> Tuple[int, int, float, str, bytes, bytes]:
+    def parse_packet_data(row: list) -> Tuple[int, int, float, str, bytes]:
         """
         解析 Tshark 输出的一行数据
         row definition (all bytes):
@@ -21,18 +21,17 @@ class PacketParser:
         5: frame.time_epoch
         6: exported_pdu.exported_pdu
         7: http.request.full_uri
-        8: http.file_data
-        9: tcp.segment.count
+        8: tcp.segment.count
         """
         frame_num = int(row[3])
         request_in = int(row[1]) if row[1] else frame_num
         # Decode only URI to string
         full_uri = parse.unquote(row[7].decode("utf-8", errors="replace")) if row[7] else ""
         time_epoch = float(row[5])
-        http_file_data = row[8] if len(row) > 8 else b""
 
         # Logic for Raw Packet (Header Source)
-        is_reassembled = len(row) > 9 and row[9]
+        # Previous index 9 is now 8 since we removed http.file_data
+        is_reassembled = len(row) > 8 and row[8]
 
         if is_reassembled and row[2]:
             full_request = row[2]
@@ -42,16 +41,18 @@ class PacketParser:
             # Fallback (e.g. Exported PDU)
             full_request = row[2] if row[2] else (row[6] if row[6] else b"")
 
-        return frame_num, request_in, time_epoch, full_uri, full_request, http_file_data
+        return frame_num, request_in, time_epoch, full_uri, full_request
 
     @staticmethod
     def split_http_headers(file_data: bytes) -> Tuple[bytes, bytes]:
         headerEnd = file_data.find(b"\r\n\r\n")
         if headerEnd != -1:
             return file_data[: headerEnd + 4], file_data[headerEnd + 4 :]
-        elif file_data.find(b"\n\n") != -1:
-            headerEnd = file_data.index(b"\n\n") + 2
-            return file_data[:headerEnd], file_data[headerEnd:]
+
+        headerEnd = file_data.find(b"\n\n")
+        if headerEnd != -1:
+            return file_data[: headerEnd + 2], file_data[headerEnd + 2 :]
+
         return b"", file_data
 
     @staticmethod
@@ -67,20 +68,36 @@ class PacketParser:
         while cursor < total_len:
             newline_idx = file_data.find(b"\n", cursor)
             if newline_idx == -1:
+                # If no newline found, maybe it's just remaining data (though strictly should end with 0 chunk)
+                # But for robustness we might perform a "best effort" or just stop.
+                # raising ValueError("Not chunked data") might be too aggressive if we are just "trying" to dechunk
+                # Let's assume non-chunked if strict format not found
                 raise ValueError("Not chunked data")
 
             size_line = file_data[cursor:newline_idx].strip()
+            # Handle chunk extension: ignore everything after ';'
+            if b";" in size_line:
+                size_line = size_line.split(b";", 1)[0].strip()
+
             if not size_line:
                 cursor = newline_idx + 1
                 continue
 
-            chunk_size = int(size_line, 16)
+            try:
+                chunk_size = int(size_line, 16)
+            except ValueError:
+                raise ValueError("Invalid chunk size")
+
             if chunk_size == 0:
                 break
 
             data_start = newline_idx + 1
             data_end = data_start + chunk_size
 
+            # Robustness check
+            if data_start > total_len:
+                break
+
             if data_end > total_len:
                 chunks.append(file_data[data_start:])
                 break
@@ -88,51 +105,38 @@ class PacketParser:
             chunks.append(file_data[data_start:data_end])
 
             cursor = data_end
+            # Skip CRLF after chunk data
             while cursor < total_len and file_data[cursor] in (13, 10):
                 cursor += 1
 
         return b"".join(chunks)
 
     @staticmethod
-    def extract_http_file_data(full_request: bytes, http_file_data: bytes) -> Tuple[bytes, bytes]:
+    def extract_http_file_data(full_request: bytes) -> Tuple[bytes, bytes]:
         """
         提取HTTP请求或响应中的文件数据 (混合模式 - 二进制优化版)
         """
         header = b""
         file_data = b""
 
+        if not full_request:
+            return b"", b""
         try:
-            # --- 1. 提取 Header ---
-            if full_request:
-                raw_bytes = binascii.unhexlify(full_request)
-                h_part, _ = PacketParser.split_http_headers(raw_bytes)
-                header = h_part
-
-            # --- 2. 提取 Body ---
-            if http_file_data:
-                try:
-                    file_data = binascii.unhexlify(http_file_data)
-                    return header, file_data
-                except binascii.Error:
-                    logger.warning("解析 http.file_data Hex 失败，尝试回退到原始方式")
-
-            # --- 3. 回退模式 (Fallback) ---
-            if full_request and not file_data:
-                raw_bytes = binascii.unhexlify(full_request)
-                _, body_part = PacketParser.split_http_headers(raw_bytes)
-
-                with contextlib.suppress(Exception):
-                    body_part = PacketParser.dechunk_http_response(body_part)
-
-                with contextlib.suppress(Exception):
-                    if body_part.startswith(b"\x1f\x8b"):
-                        body_part = gzip.decompress(body_part)
-
-                file_data = body_part
+            raw_bytes = binascii.unhexlify(full_request)
+            header, body_part = PacketParser.split_http_headers(raw_bytes)
+
+            with contextlib.suppress(Exception):
+                body_part = PacketParser.dechunk_http_response(body_part)
+
+            with contextlib.suppress(Exception):
+                if body_part.startswith(b"\x1f\x8b"):
+                    body_part = gzip.decompress(body_part)
+
+            file_data = body_part
             return header, file_data
 
-        except ValueError as e:
-            logger.error(f"Hex转换失败: {str(e)[:100]}...")
+        except binascii.Error:
+            logger.error("Hex转换失败")
             return b"", b""
         except Exception as e:
             logger.error(f"解析HTTP数据未知错误: {e}")
@@ -149,12 +153,12 @@ class PacketParser:
 
         row = line.split(b"\t")
         try:
-            frame_num, request_in, time_epoch, full_uri, full_request, http_file_data = PacketParser.parse_packet_data(row)
+            frame_num, request_in, time_epoch, full_uri, full_request = PacketParser.parse_packet_data(row)
 
-            if not full_request and not http_file_data:
+            if not full_request:
                 return None
 
-            header, file_data = PacketParser.extract_http_file_data(full_request, http_file_data)
+            header, file_data = PacketParser.extract_http_file_data(full_request)
 
             # row[0] is http.response.code (bytes)
             is_response = bool(row[0])

flowanalyzer-0.4.6/FlowAnalyzer/PcapSplitter.py

@@ -0,0 +1,128 @@
+import os
+import time
+from collections import defaultdict
+from typing import List, Tuple
+
+import dpkt
+
+
+class PcapSplitter:
+    """
+    Encapsulates logic to split a PCAP/PCAPNG file into multiple smaller PCAP files
+    based on TCP flows, dynamically balanced for parallel processing.
+    """
+
+    def __init__(self, pcap_file: str, output_dir: str):
+        self.pcap_file = pcap_file
+        self.output_dir = output_dir
+
+    def get_stream_key(self, tcp, ip) -> Tuple:
+        """Generate a 5-tuple key for the flow."""
+        src = ip.src
+        dst = ip.dst
+        sport = tcp.sport
+        dport = tcp.dport
+        # Canonicalize bidirectional flows to the same key
+        key1 = (src, dst, sport, dport)
+        key2 = (dst, src, dport, sport)
+        return key1 if key1 < key2 else key2
+
+    def split(self, threshold_mb: int = 10, default_chunks: int = 3) -> List[str]:
+        """
+        Split the pcap file into balanced chunks based on stream volume (bytes).
+        Uses a Greedy Partition Algorithm (Longest Processing Time first).
+
+        Args:
+            threshold_mb: File size threshold in MB. If smaller, do not split.
+            default_chunks: Number of chunks to split into if threshold is exceeded.
+
+        Returns:
+            List of generated file paths (or original file if not split).
+        """
+        if not os.path.exists(self.pcap_file):
+            raise FileNotFoundError(f"PCAP file not found: {self.pcap_file}")
+
+        file_size_mb = os.path.getsize(self.pcap_file) / (1024 * 1024)
+        if file_size_mb < threshold_mb:
+            print(f"File size {file_size_mb:.2f}MB < {threshold_mb}MB. Skipping split.")
+            return [self.pcap_file]
+
+        os.makedirs(self.output_dir, exist_ok=True)
+
+        start_time = time.time()
+        # Dictionary to store packets: stream_key -> list of (ts, buf)
+        streams = defaultdict(list)
+        # Dictionary to store total size: stream_key -> total_bytes
+        stream_sizes = defaultdict(int)
+
+        # 1. Read and Group Packets
+        print(f"Reading {self.pcap_file}...")
+        with open(self.pcap_file, "rb") as f:
+            if self.pcap_file.lower().endswith(".pcapng"):
+                reader = dpkt.pcapng.Reader(f)
+            else:
+                reader = dpkt.pcap.Reader(f)
+
+            for ts, buf in reader:
+                try:
+                    eth = dpkt.ethernet.Ethernet(buf)
+                    if not isinstance(eth.data, dpkt.ip.IP):
+                        continue
+                    ip = eth.data
+                    if not isinstance(ip.data, dpkt.tcp.TCP):
+                        continue
+                    tcp = ip.data
+
+                    key = self.get_stream_key(tcp, ip)
+                    streams[key].append((ts, buf))
+                    stream_sizes[key] += len(buf)
+                except Exception:
+                    continue
+
+        total_streams = len(streams)
+        print(f"Found {total_streams} TCP streams.")
+
+        if total_streams == 0:
+            print("No TCP streams found to split.")
+            return []
+
+        # 2. Assign Streams to Buckets (Greedy LPT Algorithm)
+        num_chunks = min(default_chunks, total_streams)
+
+        # Sort streams by size (descending)
+        sorted_streams = sorted(stream_sizes.items(), key=lambda item: item[1], reverse=True)
+
+        # Buckets: list of (current_size, batch_index, list_of_keys)
+        # We perform standard list sort to find min bucket, sufficient for small N
+        buckets = [[0, i, []] for i in range(num_chunks)]
+
+        for key, size in sorted_streams:
+            # Find bucket with smallest current size
+            buckets.sort(key=lambda x: x[0])
+            smallest_bucket = buckets[0]
+
+            # Add stream to this bucket
+            smallest_bucket[0] += size
+            smallest_bucket[2].append(key)
+
+        print(f"Splitting into {num_chunks} files with volume balancing...")
+        generated_files = []
+
+        # 3. Write Batches
+        # Sort buckets by index ensures file naming order 0, 1, 2...
+        buckets.sort(key=lambda x: x[1])
+
+        for size, i, batch_keys in buckets:
+            out_file_path = os.path.join(self.output_dir, f"batch_{i}.pcap")
+            generated_files.append(out_file_path)
+
+            with open(out_file_path, "wb") as f:
+                writer = dpkt.pcap.Writer(f)
+                for key in batch_keys:
+                    for ts, buf in streams[key]:
+                        writer.writepkt(buf, ts)
+
+            print(f"  - Created {os.path.basename(out_file_path)}: {len(batch_keys)} streams ({size/1024/1024:.2f} MB)")
+
+        print(f"Split completed in {time.time() - start_time:.2f}s")
+        return generated_files

{flowanalyzer-0.4.4 → flowanalyzer-0.4.6}/FlowAnalyzer.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: FlowAnalyzer
-Version: 0.4.4
+Version: 0.4.6
 Summary: FlowAnalyzer是一个流量分析器，用于解析和处理tshark导出的JSON数据文件
 Home-page: https://github.com/Byxs20/FlowAnalyzer
 Author: Byxs20

{flowanalyzer-0.4.4 → flowanalyzer-0.4.6}/FlowAnalyzer.egg-info/SOURCES.txt

@@ -5,9 +5,13 @@ FlowAnalyzer/FlowAnalyzer.py
 FlowAnalyzer/Models.py
 FlowAnalyzer/PacketParser.py
 FlowAnalyzer/Path.py
+FlowAnalyzer/PcapSplitter.py
 FlowAnalyzer/__init__.py
 FlowAnalyzer/logging_config.py
 FlowAnalyzer.egg-info/PKG-INFO
 FlowAnalyzer.egg-info/SOURCES.txt
 FlowAnalyzer.egg-info/dependency_links.txt
-FlowAnalyzer.egg-info/top_level.txt
+FlowAnalyzer.egg-info/top_level.txt
+tests/test.py
+tests/test_parser.py
+tests/test_split.py

{flowanalyzer-0.4.4 → flowanalyzer-0.4.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: FlowAnalyzer
-Version: 0.4.4
+Version: 0.4.6
 Summary: FlowAnalyzer是一个流量分析器，用于解析和处理tshark导出的JSON数据文件
 Home-page: https://github.com/Byxs20/FlowAnalyzer
 Author: Byxs20

{flowanalyzer-0.4.4 → flowanalyzer-0.4.6}/setup.py

@@ -7,7 +7,7 @@ with open(os.path.join(os.path.dirname(__file__), "README.md"), encoding="utf-8"
 
 setup(
     name="FlowAnalyzer",
-    version="0.4.4",
+    version="0.4.6",
     description="FlowAnalyzer是一个流量分析器，用于解析和处理tshark导出的JSON数据文件",
     author="Byxs20",
     author_email="97766819@qq.com",

flowanalyzer-0.4.6/tests/test.py

@@ -0,0 +1,48 @@
+import os
+
+from viztracer import VizTracer
+
+from FlowAnalyzer.FlowAnalyzer import FlowAnalyzer
+
+# ============================
+# 配置区域
+# ============================
+PCAP_FILE = "./tests/Beyond_Pro.pcapng"  # 你的测试 pcap 文件路径
+DISPLAY_FILTER = "http"  # tshark display filter, 可以根据需求改
+
+
+# ============================
+# 测试逻辑
+# ============================
+def main():
+    if not os.path.exists(PCAP_FILE):
+        print(f"[ERROR] 流量包不存在: {PCAP_FILE}")
+        return
+
+    print("[*] 开始解析 PCAP 文件...")
+    with VizTracer():
+        db_path = FlowAnalyzer.get_db_data(PCAP_FILE, DISPLAY_FILTER)
+    print(f"[*] 解析完成，数据库生成: {db_path}")
+
+    print("[*] 遍历 HTTP 请求-响应对:")
+    analyzer = FlowAnalyzer(db_path)
+    total = 0
+    requests_count = 0
+    responses_count = 0
+
+    for pair in analyzer.generate_http_dict_pairs():
+        total += 1
+        if pair.request:
+            requests_count += 1
+        if pair.response:
+            responses_count += 1
+
+    print(f"[*] 总记录数: {total}")
+    print(f"[*] 请求数量: {requests_count}")
+    print(f"[*] 响应数量: {responses_count}")
+
+    print("[*] 测试完成 ✅")
+
+
+if __name__ == "__main__":
+    main()

flowanalyzer-0.4.6/tests/test_parser.py

@@ -0,0 +1,52 @@
+import binascii
+import gzip
+import unittest
+from urllib import parse
+
+from FlowAnalyzer.PacketParser import PacketParser
+
+
+class TestPacketParserOptimization(unittest.TestCase):
+    def test_gzip_decompression(self):
+        # Construct a fake HTTP response with GZIP body
+        content = b"Hello, Gzip World!"
+        compressed = gzip.compress(content)
+        header = b"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\n\r\n"
+        full_response = header + compressed
+
+        full_request_hex = binascii.hexlify(full_response)
+
+        # Test extract_http_file_data
+        extracted_header, extracted_body = PacketParser.extract_http_file_data(full_request_hex)
+
+        self.assertEqual(extracted_header, header)
+        self.assertEqual(extracted_body, content)
+
+    def test_basic_extraction(self):
+        # Case: Simple text body, no chunking
+        content = b"Simple Body"
+        header = b"HTTP/1.1 200 OK\r\n\r\n"
+        full_response = header + content
+        full_request_hex = binascii.hexlify(full_response)
+
+        extracted_header, extracted_body = PacketParser.extract_http_file_data(full_request_hex)
+        self.assertEqual(extracted_body, content)
+
+    def test_chunked_decoding(self):
+        # Case: Chunked body
+        # 5\r\nHello\r\n0\r\n\r\n
+        chunked_body = bytes.fromhex(
+            "333b577644436167386f6a6d41707950734d36456d590d0a6e616d0d0a323b5052457a347a3678686b797875775656506d645a7757700d0a653d0d0a333b30544350750d0a6868680d0a333b4271694b6e7056486c4338750d0a2532370d0a333b4562636d544855354b6a58485976725575615074414d0d0a2537430d0a313b6a694f4542774c44624b3267620d0a250d0a333b376c6447726b3663350d0a3743250d0a313b3232424d6c5838426f360d0a320d0a333b684d61354547593339740d0a3853450d0a313b41723843390d0a4c0d0a333b31693052423453360d0a4543540d0a313b444968514d3164633870560d0a250d0a333b4d73736a630d0a3230250d0a323b4a77756d74324636440d0a32370d0a323b37654844337a30646430454d55643353636c0d0a52430d0a323b797549574643783137377330476630530d0a75470d0a323b6552794878625735625175485a64575832450d0a25320d0a313b5a7145444c32690d0a370d0a333b346a637a720d0a2532300d0a333b39627a59497650544b39714655376f6a6d374d664d305976480d0a46524f0d0a313b5556477645615749584e62784f0d0a4d0d0a323b4b503748426f7a6f687530744e514a6c59634a44417156630d0a25320d0a313b3458467945466a3347366f765869694f650d0a300d0a333b696a3054754c3578595768705049390d0a4455410d0a313b595730494f0d0a4c0d0a323b4e3567485a4861504d3233346b50564b4b4f45464e390d0a25320d0a313b495254683876435468625137334a773669397a0d0a300d0a333b414635416a7265585977356e35496b67453952513252420d0a5748450d0a313b67565846465a586b547074313752574d580d0a520d0a323b614e7a5947754948774339790d0a45250d0a313b3076757a444f43446e36613162313269424c73796b616e65430d0a320d0a323b41666e524d716447540d0a30390d0a333b427a3773504a534d370d0a3736360d0a333b34544757775458484a51687a7666596238326a6c6b39440d0a2533440d0a323b48334b35646c4c0d0a39370d0a323b7362517563480d0a36360d0a333b326c6f45534c79684f32495535306865756f300d0a2532300d0a333b65415169345751456e4c4d30446d39636d537836430d0a414e440d0a333b65556a4c6b4a6635635441364c346c3731305547376c67570d0a2532300d0a333b63416f4d546771444c590d0a3937390d0a323b523778364233616167387648310d0a39250d0a333b7765764b577a52530d0a3344490d0a323b527344505845754a517563314c54434d0d0a46250d0a313b45617431624b354c4e76365465384c0d0a320d0a313b48725072376d6c7231666265446c7353454d6f4d550d0a380d0a313b634137714b43516e5671387155794d7046367a4c38665058650d0a250d0a323b4f664c343252727364356f4d6855644548336878745459720d0a32380d0a333b70336e437046720d0a4f52440d0a323b4972505332386b344f42416b414b306d6e7769724156370d0a25320d0a323b7476674d72366363670d0a384d0d0a323b317a4f77623045774256516641486a7266386858576d6946710d0a49440d0a323b3779366b7077375a304b6a46777a724e0d0a25320d0a323b5259684b71336e4853656d786b564952514b53444877346d0d0a38250d0a333b3264365a4d3643674451700d0a3238530d0a323b4d61443468473772496b59336c565a476f6d0d0a454c0d0a323b31476336376e6f46750d0a45430d0a333b746774754b0d0a5425320d0a313b6549464d676a594b6b4b4f487143654169540d0a300d0a313b327530776264486f5363737536327370757076580d0a490d0a333b716d733841370d0a464e550d0a333b78563962414232630d0a4c4c250d0a313b3733507567370d0a320d0a333b454b4e6268326a316271415635440d0a3843410d0a313b52787738716c78454f4a6d6d700d0a530d0a323b6a337954446476564d516372714f360d0a54250d0a333b4e47566976674144590d0a3238660d0a323b5954615959654b474c564b41536e78650d0a6c610d0a323b6272557a796e324179304d667a6c6f6e0d0a67250d0a323b684870416876446c706f570d0a32300d0a323b6172786778475938714c51655677503931687453344d456c530d0a41530d0a313b4a52304472594a69427972794b74646d31666950340d0a250d0a313b546835467a0d0a320d0a313b6d6c366d39774b514435745841725059750d0a300d0a313b314a484a690d0a430d0a313b6c524b5531477152466e6e454d46754e64780d0a480d0a313b61447071630d0a410d0a313b6d7a65557152486455337a756a730d0a520d0a333b474e4d375164436f4a3042696d0d0a2532390d0a323b7655686967646f3373727739456f67547a4c0d0a25320d0a323b34576a6d747a394c5744384d77434831567175786d7a706d350d0a43300d0a313b343831656f4c5a720d0a780d0a333b456e64787155527049734372540d0a3230250d0a313b63797356646954553537510d0a320d0a323b4e447159334557710d0a39250d0a323b776d44496a4f0d0a32300d0a333b535839487375573269476247440d0a46524f0d0a333b4d7636616e53516e586a3072714337487936536b576558570d0a4d25320d0a323b5441674444626d6437480d0a30740d0a333b784f346a79584f677251676f390d0a6573740d0a333b6b5766563469557466430d0a2e666c0d0a323b6d334b4d416565430d0a61670d0a333b6a6141744d4631576d540d0a2532300d0a313b3150596e30506e75570d0a4f0d0a333b683638724e36554a684f6a476a65450d0a5244450d0a313b4f51316c736a6e344b337049540d0a520d0a333b7257625142566452613868464b4c7352780d0a2532300d0a333b3941694b4d4454596976647476423561347642676739440d0a4259250d0a323b66626d764c5475434855505064644d796d320d0a32300d0a313b716933793571563066467a63556166643245770d0a660d0a313b524b424673594f3574694342360d0a6c0d0a323b6d494343414c0d0a61670d0a313b6c4b4236585632384b72316e33750d0a250d0a333b6d77794e6765520d0a32304c0d0a333b4849337031346574450d0a494d490d0a333b425836546a4a68306e43754c6a6b4d7436646c760d0a5425320d0a333b356e363078326d4b6f5a7063484f6b654f5a7861386774594d0d0a3030250d0a313b39753457534e655a0d0a320d0a323b77536e544967446b0d0a43310d0a323b3372446f630d0a25320d0a333b32636f744f4759700d0a3925320d0a333b35464f6d34706b636346376a5a7973304e776a750d0a4334320d0a313b686f645257386c6a776c6e5a47675a6d4e4c690d0a250d0a323b624e6d784c0d0a32430d0a333b66374e6931536d6c0d0a3125320d0a313b4d46466e573043645637340d0a390d0a313b774b4e4645454445747a4a537075325a4c626d78656a49304c0d0a250d0a333b636e595a5843373633767a5343636c6b5936790d0a3239250d0a323b343731684f545179580d0a33450d0a333b5166684944494c4a675556754937616244410d0a3125320d0a323b753442385358704742536e0d0a39250d0a323b4f374c73474b775169324b30330d0a32430d0a313b6b375639414951544d4661713879745541540d0a530d0a313b6533336944690d0a4c0d0a323b6f75386d44324343504e4870316232474f0d0a45450d0a323b6e4b6f644d0d0a50250d0a323b4b45584b6b43750d0a32380d0a333b495357635771784f39507750724244766772370d0a3125320d0a323b42596b4a4948704c62623147760d0a39250d0a333b783347786e434b776e48370d0a3243390d0a313b7837396f49670d0a370d0a323b734634364168736c7968547a667a756f32520d0a39390d0a333b5a786e37734e69534d7356386d51685244637872594953490d0a2532390d0a333b416e586f37345071447531500d0a2532390d0a323b6f7164664144327247580d0a25370d0a313b39384f494f4358644a6d66664f386c770d0a430d0a333b47565a6e593965457769584a0d0a2537430d0a323b614e376c4b6147544c77735172786342410d0a25320d0a333b6563585745797364467679474162306f61515a7966327239660d0a3726700d0a333b6e7878464c545a65527779646639310d0a6173730d0a323b4952463149314a36490d0a3d780d0a323b3567327643664e0d0a78780d0a300d0a0d0a"
+        )
+        header = b"HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n"
+        full_response = header + chunked_body
+        full_request_hex = binascii.hexlify(full_response)
+        extracted_header, extracted_body = PacketParser.extract_http_file_data(full_request_hex)
+        self.assertEqual(
+            parse.unquote_to_bytes(extracted_body),  # 手动url解码一下
+            b"name=hhh'||(SELECT 'RCuG' FROM DUAL WHERE 9766=9766 AND 9799=IF((ORD(MID((SELECT IFNULL(CAST(flag AS CHAR),0x20) FROM test.flag ORDER BY flag LIMIT 0,1),42,1))>1),SLEEP(1),9799))||'&pass=xxx",
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()

flowanalyzer-0.4.6/tests/test_split.py

@@ -0,0 +1,90 @@
+
+import os
+import shutil
+import subprocess
+
+from FlowAnalyzer.PcapSplitter import PcapSplitter
+
+#############################
+# 配置区
+#############################
+PCAP_FILE = r"./tests/Beyond_Pro.pcapng"  # 修改为你的文件
+OUT_DIR = "output"
+#############################
+
+def clean_output_dir(directory: str):
+    if os.path.exists(directory):
+        print(f"Cleaning output directory: {directory}")
+        shutil.rmtree(directory)
+    os.makedirs(directory, exist_ok=True)
+
+def count_packets(pcap_path: str, display_filter: str) -> int:
+    cmd = [
+        "tshark", 
+        "-r", pcap_path, 
+        "-Y", display_filter, 
+        "-T", "fields", 
+        "-e", "frame.number"
+    ]
+    try:
+        # Run tshark and capture output
+        result = subprocess.run(
+            cmd, 
+            capture_output=True, 
+            text=True, 
+            check=True
+        )
+        # Count non-empty lines
+        count = sum(1 for line in result.stdout.splitlines() if line.strip())
+        return count
+    except subprocess.CalledProcessError as e:
+        print(f"Error running tshark on {pcap_path}: {e}")
+        return 0
+    except FileNotFoundError:
+        print("Error: tshark not found in PATH.")
+        return 0
+
+def main():
+    print("Beginning split test...")
+    
+    # 1. Clean output directory
+    clean_output_dir(OUT_DIR)
+    
+    splitter = PcapSplitter(PCAP_FILE, OUT_DIR)
+    
+    # Defaults to os.cpu_count() chunks
+    result_files = splitter.split()
+    
+    print(f"\nGenerated {len(result_files)} files:")
+    for f in result_files:
+        print(f)
+        
+    # 2. Verify with Tshark
+    print("\nVerifying data integrity with Tshark...")
+    total_requests = 0
+    total_responses = 0
+    
+    EXPECTED_REQUESTS = 12284
+    EXPECTED_RESPONSES = 12281
+    
+    for pcap in result_files:
+        req_count = count_packets(pcap, "http.request")
+        resp_count = count_packets(pcap, "http.response")
+        
+        print(f"  {os.path.basename(pcap)}: Requests={req_count}, Responses={resp_count}")
+        total_requests += req_count
+        total_responses += resp_count
+        
+    print("-" * 40)
+    print(f"Total Requests: {total_requests} (Expected: {EXPECTED_REQUESTS})")
+    print(f"Total Responses: {total_responses} (Expected: {EXPECTED_RESPONSES})")
+    
+    if total_requests == EXPECTED_REQUESTS and total_responses == EXPECTED_RESPONSES:
+        print("\nSUCCESS: Data integrity verified.")
+    else:
+        print("\nFAILURE: Data integrity mismatch!")
+        exit(1)
+
+
+if __name__ == "__main__":
+    main()