PyPI - flow.record - Versions diffs - 3.21.dev2__tar.gz → 3.21.dev4__tar.gz - Mend

flow.record 3.21.dev2tar.gz → 3.21.dev4tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: flow.record
-Version: 3.21.dev2
+Version: 3.21.dev4
 Summary: A library for defining and creating structured data (called records) that can be streamed to disk or piped to other tools that use flow.record
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3
@@ -37,10 +37,13 @@ Requires-Dist: duckdb; extra == "duckdb"
 Requires-Dist: pytz; extra == "duckdb"
 Provides-Extra: splunk
 Requires-Dist: httpx; extra == "splunk"
+Provides-Extra: xlsx
+Requires-Dist: openpyxl; extra == "xlsx"
 Provides-Extra: test
 Requires-Dist: flow.record[compression]; extra == "test"
 Requires-Dist: flow.record[avro]; extra == "test"
 Requires-Dist: flow.record[elastic]; extra == "test"
+Requires-Dist: flow.record[xlsx]; extra == "test"
 Requires-Dist: duckdb; (platform_python_implementation != "PyPy" and python_version < "3.12") and extra == "test"
 Requires-Dist: pytz; (platform_python_implementation != "PyPy" and python_version < "3.12") and extra == "test"
 Requires-Dist: tqdm; extra == "test"

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/examples/filesystem.py RENAMED Viewed

@@ -1,10 +1,15 @@
-import os
-import stat
+from __future__ import annotations
-from datetime import datetime
+import stat
+from pathlib import Path
+from typing import TYPE_CHECKING
 from flow.record import RecordDescriptor, RecordWriter
+if TYPE_CHECKING:
+    from collections.abc import Iterator
 descriptor = """
 filesystem/unix/entry
     string path;
@@ -22,34 +27,32 @@ filesystem/unix/entry
 FilesystemFile = RecordDescriptor(descriptor)
-def hash_file(path, t):
-    f = open(path, "rb")
-    while 1:
-        d = f.read(4096)
-        if d == "":
-            break
-    f.close()
+def hash_file(path: str | Path) -> None:
+    with Path(path).open("rb") as f:
+        while True:
+            d = f.read(4096)
+            if not d:
+                break
 class FilesystemIterator:
     basepath = None
-    def __init__(self, basepath):
+    def __init__(self, basepath: str | None):
         self.basepath = basepath
         self.recordType = FilesystemFile
-    def classify(self, source, classification):
+    def classify(self, source: str, classification: str) -> None:
         self.recordType = FilesystemFile.base(_source=source, _classification=classification)
-    def iter(self, path):
-        path = os.path.abspath(path)
-        return self._iter(path)
+    def iter(self, path: str | Path) -> Iterator[FilesystemFile]:
+        return self._iter(Path(path).resolve())
-    def _iter(self, path):
-        if path.startswith("/proc"):
+    def _iter(self, path: Path) -> Iterator[FilesystemFile]:
+        if path.is_relative_to("/proc"):
             return
-        st = os.lstat(path)
+        st = path.lstat()
         abspath = path
         if self.basepath and abspath.startswith(self.basepath):
@@ -59,7 +62,7 @@ class FilesystemIterator:
         link = None
         if ifmt == stat.S_IFLNK:
-            link = os.readlink(path)
+            link = path.readlink()
         yield self.recordType(
             path=abspath,
@@ -69,20 +72,16 @@ class FilesystemIterator:
             size=st.st_size,
             uid=st.st_uid,
             gid=st.st_gid,
-            ctime=datetime.fromtimestamp(st.st_ctime),
-            mtime=datetime.fromtimestamp(st.st_mtime),
-            atime=datetime.fromtimestamp(st.st_atime),
+            ctime=st.st_ctime,
+            mtime=st.st_mtime,
+            atime=st.st_atime,
             link=link,
         )
         if ifmt == stat.S_IFDIR:
-            for i in os.listdir(path):
-                if i in (".", ".."):
-                    continue
-                fullpath = os.path.join(path, i)
-                for e in self.iter(fullpath):
-                    yield e
+            for i in path.iterdir():
+                fullpath = path.joinpath(i)
+                yield from self.iter(fullpath)
 chunk = []

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/examples/passivedns.py RENAMED Viewed

@@ -1,18 +1,21 @@
 #!/usr/bin/env pypy
-import record
+from __future__ import annotations
 import sys
-import datetime
+from datetime import datetime, timezone
 import net.ipv4
+import record
 from fileprocessing import DirectoryProcessor
+UTC_TIMEZONE = timezone.utc
-def ts(s):
-    return datetime.datetime.fromtimestamp(float(s))
+def ts(s: float) -> datetime:
+    return datetime.fromtimestamp(float(s), tz=UTC_TIMEZONE)
-def ip(s):
+def ip(s: str) -> net.ipv4.Address:
     return net.ipv4.Address(s)
@@ -21,7 +24,7 @@ class SeparatedFile:
     seperator = None
     format = None
-    def __init__(self, fp, seperator, format):
+    def __init__(self, fp: list[str], seperator: str | None, format: list[tuple]):
         self.fp = fp
         self.seperator = seperator
         self.format = format
@@ -46,7 +49,7 @@ class SeparatedFile:
             yield recordtype(**r)
-def PassiveDnsFile(fp):
+def PassiveDnsFile(fp: list[str]) -> SeparatedFile:
     return SeparatedFile(fp, "||", PASSIVEDNS_FORMAT)
@@ -63,7 +66,7 @@ PASSIVEDNS_FORMAT = [
 ]
-def main():
+def main() -> None:
     rs = record.RecordOutput(sys.stdout)
     for r in DirectoryProcessor(sys.argv[1], PassiveDnsFile, r"\.log\.gz"):
         rs.write(r)

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/examples/tcpconn.py RENAMED Viewed

@@ -1,8 +1,10 @@
 import random
+from datetime import datetime, timezone
-from datetime import datetime
 from flow import record
+UTC_TIMEZONE = timezone.utc
 descriptor = """
 network/traffic/tcp/connection
     datetime ts;
@@ -32,9 +34,9 @@ port_list = [
 rs = record.RecordWriter()
-for i in range(500):
+for _ in range(500):
     r = conn(
-        ts=datetime.now(),
+        ts=datetime.now(tz=UTC_TIMEZONE),
         src=random.choice(ip_list),
         srcport=random.choice(port_list),
         dst=random.choice(ip_list),

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/adapter/csvfile.py RENAMED Viewed

@@ -9,7 +9,7 @@ from flow.record import RecordDescriptor
 from flow.record.adapter import AbstractReader, AbstractWriter
 from flow.record.base import Record, normalize_fieldname
 from flow.record.selector import make_selector
-from flow.record.utils import is_stdout
+from flow.record.utils import boolean_argument, is_stdout
 if TYPE_CHECKING:
     from collections.abc import Iterator
@@ -17,11 +17,12 @@ if TYPE_CHECKING:
 __usage__ = """
 Comma-separated values (CSV) adapter
 ---
-Write usage: rdump -w csvfile://[PATH]?lineterminator=[TERMINATOR]
+Write usage: rdump -w csvfile://[PATH]?lineterminator=[TERMINATOR]&header=[HEADER]
 Read usage: rdump csvfile://[PATH]?fields=[FIELDS]
 [PATH]: path to file. Leave empty or "-" to output to stdout
 Optional parameters:
+    [HEADER]: if set to false, it will not print the CSV header (default: true)
     [TERMINATOR]: line terminator, default is \\r\\n
     [FIELDS]: comma-separated list of CSV fields (in case of missing CSV header)
 """
@@ -34,6 +35,7 @@ class CsvfileWriter(AbstractWriter):
         fields: str | list[str] | None = None,
         exclude: str | list[str] | None = None,
         lineterminator: str = "\r\n",
+        header: str = "true",
         **kwargs,
     ):
         self.fp = None
@@ -52,13 +54,16 @@ class CsvfileWriter(AbstractWriter):
             self.fields = self.fields.split(",")
         if isinstance(self.exclude, str):
             self.exclude = self.exclude.split(",")
+        self.header = boolean_argument(header)
     def write(self, r: Record) -> None:
         rdict = r._asdict(fields=self.fields, exclude=self.exclude)
         if not self.desc or self.desc != r._desc:
             self.desc = r._desc
             self.writer = csv.DictWriter(self.fp, rdict, lineterminator=self.lineterminator)
-            self.writer.writeheader()
+            if self.header:
+                # Write header only if it is requested
+                self.writer.writeheader()
         self.writer.writerow(rdict)
     def flush(self) -> None:

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/adapter/elastic.py RENAMED Viewed

@@ -6,6 +6,8 @@ import queue
 import threading
 from typing import TYPE_CHECKING
+import urllib3
 try:
     import elasticsearch
     import elasticsearch.helpers
@@ -19,6 +21,7 @@ from flow.record.adapter import AbstractReader, AbstractWriter
 from flow.record.base import Record, RecordDescriptor
 from flow.record.fieldtypes import fieldtype_for_value
 from flow.record.jsonpacker import JsonRecordPacker
+from flow.record.utils import boolean_argument
 if TYPE_CHECKING:
     from collections.abc import Iterator
@@ -72,9 +75,9 @@ class ElasticWriter(AbstractWriter):
         self.index = index
         self.uri = uri
-        verify_certs = str(verify_certs).lower() in ("1", "true")
-        http_compress = str(http_compress).lower() in ("1", "true")
-        self.hash_record = str(hash_record).lower() in ("1", "true")
+        verify_certs = boolean_argument(verify_certs)
+        http_compress = boolean_argument(http_compress)
+        self.hash_record = boolean_argument(hash_record)
         queue_size = int(queue_size)
         if not uri.lower().startswith(("http://", "https://")):
@@ -102,8 +105,6 @@ class ElasticWriter(AbstractWriter):
         if not verify_certs:
             # Disable InsecureRequestWarning of urllib3, caused by the verify_certs flag.
-            import urllib3
             urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
         self.metadata_fields = {}
@@ -216,8 +217,8 @@ class ElasticReader(AbstractReader):
         self.index = index
         self.uri = uri
         self.selector = selector
-        verify_certs = str(verify_certs).lower() in ("1", "true")
-        http_compress = str(http_compress).lower() in ("1", "true")
+        verify_certs = boolean_argument(verify_certs)
+        http_compress = boolean_argument(http_compress)
         if not uri.lower().startswith(("http://", "https://")):
             uri = "http://" + uri
@@ -234,8 +235,6 @@ class ElasticReader(AbstractReader):
         if not verify_certs:
             # Disable InsecureRequestWarning of urllib3, caused by the verify_certs flag.
-            import urllib3
             urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
     def __iter__(self) -> Iterator[Record]:

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/adapter/jsonfile.py RENAMED Viewed

@@ -8,7 +8,7 @@ from flow.record import JsonRecordPacker
 from flow.record.adapter import AbstractReader, AbstractWriter
 from flow.record.fieldtypes import fieldtype_for_value
 from flow.record.selector import make_selector
-from flow.record.utils import is_stdout
+from flow.record.utils import boolean_argument, is_stdout
 if TYPE_CHECKING:
     from collections.abc import Iterator
@@ -33,7 +33,7 @@ class JsonfileWriter(AbstractWriter):
     def __init__(
         self, path: str | Path | BinaryIO, indent: str | int | None = None, descriptors: bool = True, **kwargs
     ):
-        self.descriptors = str(descriptors).lower() in ("true", "1")
+        self.descriptors = boolean_argument(descriptors)
         self.fp = record.open_path_or_stream(path, "w")
         if isinstance(indent, str):
             indent = int(indent)

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/adapter/splunk.py RENAMED Viewed

@@ -18,7 +18,7 @@ except ImportError:
 from flow.record.adapter import AbstractReader, AbstractWriter
 from flow.record.jsonpacker import JsonRecordPacker
-from flow.record.utils import to_base64, to_bytes, to_str
+from flow.record.utils import boolean_argument, to_base64, to_bytes, to_str
 if TYPE_CHECKING:
     from flow.record.base import Record
@@ -218,7 +218,7 @@ class SplunkWriter(AbstractWriter):
                 self.token = f"Splunk {self.token}"
             # Assume verify=True unless specified otherwise.
-            self.verify = str(ssl_verify).lower() not in ("0", "false")
+            self.verify = boolean_argument(ssl_verify)
             if not self.verify:
                 log.warning("Certificate verification is disabled")

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/base.py RENAMED Viewed

@@ -186,6 +186,7 @@ class Record:
         return OrderedDict((k, getattr(self, k)) for k in self.__slots__ if k not in exclude)
     if TYPE_CHECKING:
         def __getattr__(self, name: str) -> Any: ...
     def __setattr__(self, k: str, v: Any) -> None:

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/tools/rdump.py RENAMED Viewed

@@ -1,6 +1,7 @@
 #!/usr/bin/env python
 from __future__ import annotations
+import argparse
 import logging
 import sys
 from importlib import import_module
@@ -69,8 +70,6 @@ def list_adapters() -> None:
 @catch_sigpipe
 def main(argv: list[str] | None = None) -> int:
-    import argparse
     parser = argparse.ArgumentParser(
         description="Record dumper, a tool that can read, write and filter records",
         formatter_class=argparse.ArgumentDefaultsHelpFormatter,
@@ -107,7 +106,11 @@ def main(argv: list[str] | None = None) -> int:
     output.add_argument("--skip", metavar="COUNT", type=int, default=0, help="Skip the first COUNT records")
     output.add_argument("-w", "--writer", metavar="OUTPUT", default=None, help="Write records to output")
     output.add_argument(
-        "-m", "--mode", default=None, choices=("csv", "json", "jsonlines", "line", "line-verbose"), help="Output mode"
+        "-m",
+        "--mode",
+        default=None,
+        choices=("csv", "csv-no-header", "json", "jsonlines", "line", "line-verbose"),
+        help="Output mode",
     )
     output.add_argument(
         "--split", metavar="COUNT", default=None, type=int, help="Write record files smaller than COUNT records"
@@ -180,6 +183,15 @@ def main(argv: list[str] | None = None) -> int:
         default=argparse.SUPPRESS,
         help="Short for --mode=line-verbose",
     )
+    aliases.add_argument(
+        "-Cn",
+        "--csv-no-header",
+        action="store_const",
+        const="csv-no-header",
+        dest="mode",
+        default=argparse.SUPPRESS,
+        help="Short for --mode=csv-no-header",
+    )
     args = parser.parse_args(argv)
@@ -198,6 +210,7 @@ def main(argv: list[str] | None = None) -> int:
     if not args.writer:
         mode_to_uri = {
             "csv": "csvfile://",
+            "csv-no-header": "csvfile://?header=false",
             "json": "jsonfile://?indent=2&descriptors=false",
             "jsonlines": "jsonfile://?descriptors=false",
             "line": "line://",
@@ -210,7 +223,7 @@ def main(argv: list[str] | None = None) -> int:
             "format_spec": args.format,
         }
         query = urlencode({k: v for k, v in qparams.items() if v})
-        uri += "&" if urlparse(uri).query else "?" + query
+        uri += f"&{query}" if urlparse(uri).query else f"?{query}"
     if args.split:
         if not args.writer:
@@ -221,7 +234,7 @@ def main(argv: list[str] | None = None) -> int:
         query_dict = dict(parse_qsl(parsed.query))
         query_dict.update({"count": args.split, "suffix-length": args.suffix_length})
         query = urlencode(query_dict)
-        uri = parsed.scheme + "://" + parsed.netloc + parsed.path + "?" + query
+        uri = f"{parsed.scheme}://{parsed.netloc}{parsed.path}?{query}"
     record_field_rewriter = None
     if fields or fields_to_exclude or args.exec_expression:

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/utils.py RENAMED Viewed

@@ -117,3 +117,32 @@ class EventHandler:
     def __call__(self, *args, **kwargs) -> None:
         for h in self.handlers:
             h(*args, **kwargs)
+def boolean_argument(value: str | bool | int) -> bool:
+    """Convert a string, boolean, or integer to a boolean value.
+    This function interprets various string representations of boolean values,
+    such as "true", "false", "1", "0", "yes", "no".
+    It also accepts boolean and integer values directly.
+    Arguments:
+        value: The value to convert. Can be a string, boolean, or integer.
+    Returns:
+        bool: The converted boolean value.
+    Raises:
+        ValueError: If the value cannot be interpreted as a boolean.
+    """
+    if isinstance(value, bool):
+        return value
+    if isinstance(value, int):
+        return bool(value)
+    if isinstance(value, str):
+        value = value.lower()
+        if value in ("true", "1", "y", "yes", "on"):
+            return True
+        if value in ("false", "0", "n", "no", "off"):
+            return False
+    raise ValueError(f"Invalid boolean argument: {value}")

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow/record/version.py RENAMED Viewed

@@ -17,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
-__version__ = version = '3.21.dev2'
-__version_tuple__ = version_tuple = (3, 21, 'dev2')
+__version__ = version = '3.21.dev4'
+__version_tuple__ = version_tuple = (3, 21, 'dev4')

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow.record.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: flow.record
-Version: 3.21.dev2
+Version: 3.21.dev4
 Summary: A library for defining and creating structured data (called records) that can be streamed to disk or piped to other tools that use flow.record
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3
@@ -37,10 +37,13 @@ Requires-Dist: duckdb; extra == "duckdb"
 Requires-Dist: pytz; extra == "duckdb"
 Provides-Extra: splunk
 Requires-Dist: httpx; extra == "splunk"
+Provides-Extra: xlsx
+Requires-Dist: openpyxl; extra == "xlsx"
 Provides-Extra: test
 Requires-Dist: flow.record[compression]; extra == "test"
 Requires-Dist: flow.record[avro]; extra == "test"
 Requires-Dist: flow.record[elastic]; extra == "test"
+Requires-Dist: flow.record[xlsx]; extra == "test"
 Requires-Dist: duckdb; (platform_python_implementation != "PyPy" and python_version < "3.12") and extra == "test"
 Requires-Dist: pytz; (platform_python_implementation != "PyPy" and python_version < "3.12") and extra == "test"
 Requires-Dist: tqdm; extra == "test"

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow.record.egg-info/SOURCES.txt RENAMED Viewed

@@ -5,6 +5,7 @@ MANIFEST.in
 README.md
 pyproject.toml
 tox.ini
+examples/__init__.py
 examples/filesystem.py
 examples/passivedns.py
 examples/records.json
@@ -77,6 +78,7 @@ tests/test_regression.py
 tests/test_selector.py
 tests/test_splunk_adapter.py
 tests/test_sqlite_duckdb_adapter.py
+tests/test_utils.py
 tests/test_xlsx_adapter.py
 tests/docs/Makefile
 tests/docs/conf.py

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/flow.record.egg-info/requires.txt RENAMED Viewed

@@ -34,8 +34,12 @@ httpx
 flow.record[compression]
 flow.record[avro]
 flow.record[elastic]
+flow.record[xlsx]
 tqdm
 [test:platform_python_implementation != "PyPy" and python_version < "3.12"]
 duckdb
 pytz
+[xlsx]
+openpyxl

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/pyproject.toml RENAMED Viewed

@@ -56,10 +56,14 @@ duckdb = [
 splunk = [
     "httpx",
 ]
+xlsx = [
+    "openpyxl",
+]
 test = [
     "flow.record[compression]",
     "flow.record[avro]",
     "flow.record[elastic]",
+    "flow.record[xlsx]",
     "duckdb; platform_python_implementation != 'PyPy' and python_version < '3.12'", # duckdb
     "pytz; platform_python_implementation != 'PyPy' and python_version < '3.12'", # duckdb
     "tqdm",

flow_record-3.21.dev4/tests/__init__.py ADDED Viewed

File without changes

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/tests/standalone_test.py RENAMED Viewed

@@ -1,5 +1,6 @@
 from __future__ import annotations
+import traceback
 from typing import Callable
@@ -14,6 +15,5 @@ def main(glob: dict[str, Callable[..., None]]) -> None:
             print("PASSED")
         except Exception:
             print("FAILED")
-            import traceback
             traceback.print_exc()

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/tests/test_fieldtypes.py RENAMED Viewed

@@ -376,15 +376,21 @@ def test_uri_type() -> None:
     assert r.path.protocol == "http"
     assert r.path.hostname == "example.com"
-    with pytest.warns(DeprecationWarning):
+    with pytest.warns(
+        DeprecationWarning, match=r"Do not use class uri\(...\) for filesystem paths, use class path\(...\)"
+    ):
         r = TestRecord(uri.from_windows(r"c:\windows\program files\Fox-IT B.V\flow.exe"))
     assert r.path.filename == "flow.exe"
     r = TestRecord()
-    with pytest.warns(DeprecationWarning):
+    with pytest.warns(
+        DeprecationWarning, match=r"Do not use class uri\(...\) for filesystem paths, use class path\(...\)"
+    ):
         r.path = uri.normalize(r"c:\Users\Fox-IT\Downloads\autoruns.exe")
     assert r.path.filename == "autoruns.exe"
-    with pytest.warns(DeprecationWarning):
+    with pytest.warns(
+        DeprecationWarning, match=r"Do not use class uri\(...\) for filesystem paths, use class path\(...\)"
+    ):
         assert r.path.dirname == uri.normalize(r"\Users\Fox-IT\Downloads")
     assert r.path.dirname == "/Users/Fox-IT/Downloads"

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/tests/test_packer.py RENAMED Viewed

@@ -22,7 +22,7 @@ def test_uri_packing() -> None:
         ],
     )
-    # construct with an url
+    # Construct with an url
     record = TestRecord("http://www.google.com/evil.bin")
     data = packer.pack(record)
     record = packer.unpack(data)
@@ -30,8 +30,9 @@ def test_uri_packing() -> None:
     assert record.path.filename == "evil.bin"
     assert record.path.dirname == "/"
-    # construct from uri() -> for windows=True
-    with pytest.warns(DeprecationWarning):
+    with pytest.warns(
+        DeprecationWarning, match=r"Do not use class uri\(...\) for filesystem paths, use class path\(...\)"
+    ):
         path = uri.from_windows(r"c:\Program Files\Fox-IT\flow is awesome.exe")
     record = TestRecord(path)
     data = packer.pack(record)
@@ -40,8 +41,9 @@ def test_uri_packing() -> None:
     assert record.path.filename == "flow is awesome.exe"
     assert record.path.dirname == "/Program Files/Fox-IT"
-    # construct using uri.from_windows()
-    with pytest.warns(DeprecationWarning):
+    with pytest.warns(
+        DeprecationWarning, match=r"Do not use class uri\(...\) for filesystem paths, use class path\(...\)"
+    ):
         path = uri.from_windows(r"c:\Users\Hello World\foo.bar.exe")
     record = TestRecord(path)
     data = packer.pack(record)

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/tests/test_rdump.py RENAMED Viewed

@@ -17,6 +17,7 @@ import pytest
 import flow.record.fieldtypes
 from flow.record import RecordDescriptor, RecordReader, RecordWriter
+from flow.record.adapter.line import field_types_for_record_descriptor
 from flow.record.fieldtypes import flow_record_tz
 from flow.record.tools import rdump
@@ -681,8 +682,6 @@ def test_rdump_line_verbose(tmp_path: Path, capsys: pytest.CaptureFixture, rdump
         writer.write(TestRecord(counter=2))
         writer.write(TestRecord(counter=3))
-    from flow.record.adapter.line import field_types_for_record_descriptor
     field_types_for_record_descriptor.cache_clear()
     assert field_types_for_record_descriptor.cache_info().currsize == 0
     rdump.main([str(record_path), *rdump_params])

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/tests/test_record_adapter.py RENAMED Viewed

@@ -242,7 +242,7 @@ def test_record_adapter_archive(tmp_path: Path) -> None:
     # defaults to always archive by /YEAR/MONTH/DAY/ dir structure
     outdir = tmp_path.joinpath(f"{dt:%Y/%m/%d}")
-    assert len(list(outdir.iterdir()))
+    assert list(outdir.iterdir())
     # read the archived records and test filename and counts
     count2 = 0

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/tests/test_regression.py RENAMED Viewed

@@ -8,6 +8,7 @@ import subprocess
 import sys
 from datetime import datetime, timezone
 from io import BytesIO
+from pathlib import Path
 from typing import Callable
 from unittest.mock import MagicMock, patch
@@ -691,5 +692,24 @@ def test_record_writer_default_stdout(capsysbinary: pytest.CaptureFixture) -> No
     assert stdout.startswith(b"\x00\x00\x00\x0f\xc4\rRECORDSTREAM\n")
+def test_rdump_selected_fields(capsysbinary: pytest.CaptureFixture) -> None:
+    """Test rdump regression where selected fields was not propagated properly to adapter."""
+    # Pastebin record used for this test
+    example_records_json_path = Path(__file__).parent.parent / "examples" / "records.json"
+    # rdump --fields key,title,syntax --csv
+    rdump.main([str(example_records_json_path), "--fields", "key,title,syntax", "--csv"])
+    captured = capsysbinary.readouterr()
+    assert captured.err == b""
+    assert captured.out == b"key,title,syntax\r\nQ42eWSaF,A sample pastebin record,text\r\n"
+    # rdump --fields key,title,syntax --csv
+    rdump.main([str(example_records_json_path), "--fields", "key,title,syntax", "--csv-no-header"])
+    captured = capsysbinary.readouterr()
+    assert captured.err == b""
+    assert captured.out == b"Q42eWSaF,A sample pastebin record,text\r\n"
 if __name__ == "__main__":
     __import__("standalone_test").main(globals())

flow_record-3.21.dev4/tests/test_utils.py ADDED Viewed

@@ -0,0 +1,25 @@
+import pytest
+from flow.record.utils import boolean_argument
+def test_boolean_argument() -> None:
+    assert boolean_argument("True") is True
+    assert boolean_argument("true") is True
+    assert boolean_argument("trUe") is True
+    assert boolean_argument("False") is False
+    assert boolean_argument("false") is False
+    assert boolean_argument("1") is True
+    assert boolean_argument("0") is False
+    assert boolean_argument("yes") is True
+    assert boolean_argument("no") is False
+    assert boolean_argument("y") is True
+    assert boolean_argument("n") is False
+    assert boolean_argument("on") is True
+    assert boolean_argument("off") is False
+    assert boolean_argument(True) is True
+    assert boolean_argument(False) is False
+    assert boolean_argument(1) is True
+    assert boolean_argument(0) is False
+    with pytest.raises(ValueError, match="Invalid boolean argument: .*"):
+        boolean_argument("maybe")

{flow_record-3.21.dev2 → flow_record-3.21.dev4}/tests/test_xlsx_adapter.py RENAMED Viewed

@@ -9,6 +9,7 @@ from unittest.mock import MagicMock
 import pytest
 from flow.record import fieldtypes
+from flow.record.adapter.xlsx import sanitize_fieldvalues
 if TYPE_CHECKING:
     from collections.abc import Iterator
@@ -27,8 +28,6 @@ def mock_openpyxl_package(monkeypatch: pytest.MonkeyPatch) -> Iterator[MagicMock
 def test_sanitize_field_values(mock_openpyxl_package: MagicMock) -> None:
-    from flow.record.adapter.xlsx import sanitize_fieldvalues
     assert list(
         sanitize_fieldvalues(
             [