synapse 2.211.0__py311-none-any.whl → 2.212.0__py311-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of synapse might be problematic. Click here for more details.
- synapse/lib/node.py +7 -2
- synapse/lib/snap.py +8 -2
- synapse/lib/stormlib/json.py +1 -1
- synapse/lib/version.py +2 -2
- synapse/models/inet.py +66 -3
- synapse/tests/test_lib_config.py +8 -2
- synapse/tests/test_lib_layer.py +2 -2
- synapse/tests/test_lib_storm.py +11 -2
- synapse/tests/test_lib_stormhttp.py +6 -6
- synapse/tests/test_lib_stormlib_json.py +4 -1
- synapse/tests/test_model_inet.py +42 -4
- synapse/tests/utils.py +4 -0
- {synapse-2.211.0.dist-info → synapse-2.212.0.dist-info}/METADATA +1 -1
- {synapse-2.211.0.dist-info → synapse-2.212.0.dist-info}/RECORD +17 -17
- {synapse-2.211.0.dist-info → synapse-2.212.0.dist-info}/WHEEL +1 -1
- {synapse-2.211.0.dist-info → synapse-2.212.0.dist-info}/licenses/LICENSE +0 -0
- {synapse-2.211.0.dist-info → synapse-2.212.0.dist-info}/top_level.txt +0 -0
synapse/lib/node.py
CHANGED
|
@@ -207,8 +207,13 @@ class Node:
|
|
|
207
207
|
|
|
208
208
|
embdnode = retn.get(nodepath)
|
|
209
209
|
if embdnode is None:
|
|
210
|
-
|
|
211
|
-
|
|
210
|
+
iden = node.iden()
|
|
211
|
+
# TODO deprecate / remove use of * once we can minver optic
|
|
212
|
+
embdnode = retn[nodepath] = {
|
|
213
|
+
'*': iden,
|
|
214
|
+
'$iden': iden,
|
|
215
|
+
'$form': node.form.name,
|
|
216
|
+
}
|
|
212
217
|
|
|
213
218
|
for relp in relprops:
|
|
214
219
|
embdnode[relp] = node.props.get(relp)
|
synapse/lib/snap.py
CHANGED
|
@@ -746,19 +746,25 @@ class Snap(s_base.Base):
|
|
|
746
746
|
|
|
747
747
|
async def _joinEmbedStor(self, storage, embeds):
|
|
748
748
|
for nodePath, relProps in embeds.items():
|
|
749
|
+
|
|
749
750
|
await asyncio.sleep(0)
|
|
750
|
-
|
|
751
|
+
|
|
752
|
+
iden = relProps.get('$iden')
|
|
751
753
|
if not iden:
|
|
752
754
|
continue
|
|
753
755
|
|
|
754
756
|
stor = await self.view.getStorNodes(s_common.uhex(iden))
|
|
755
757
|
for relProp in relProps.keys():
|
|
758
|
+
|
|
756
759
|
await asyncio.sleep(0)
|
|
757
|
-
|
|
760
|
+
|
|
761
|
+
if relProp[0] in ('*', '$'):
|
|
758
762
|
continue
|
|
759
763
|
|
|
760
764
|
for idx, layrstor in enumerate(stor):
|
|
765
|
+
|
|
761
766
|
await asyncio.sleep(0)
|
|
767
|
+
|
|
762
768
|
props = layrstor.get('props')
|
|
763
769
|
if not props:
|
|
764
770
|
continue
|
synapse/lib/stormlib/json.py
CHANGED
|
@@ -134,7 +134,7 @@ class JsonLib(s_stormtypes.Lib):
|
|
|
134
134
|
|
|
135
135
|
@s_stormtypes.stormfunc(readonly=True)
|
|
136
136
|
async def _jsonSchema(self, schema, use_default=True):
|
|
137
|
-
schema = await s_stormtypes.toprim(schema)
|
|
137
|
+
schema = await s_stormtypes.toprim(schema, use_list=True)
|
|
138
138
|
use_default = await s_stormtypes.tobool(use_default)
|
|
139
139
|
# We have to ensure that we have a valid schema for making the object.
|
|
140
140
|
try:
|
synapse/lib/version.py
CHANGED
|
@@ -223,6 +223,6 @@ def reqVersion(valu, reqver,
|
|
|
223
223
|
##############################################################################
|
|
224
224
|
# The following are touched during the release process by bumpversion.
|
|
225
225
|
# Do not modify these directly.
|
|
226
|
-
version = (2,
|
|
226
|
+
version = (2, 212, 0)
|
|
227
227
|
verstring = '.'.join([str(x) for x in version])
|
|
228
|
-
commit = '
|
|
228
|
+
commit = '68ec8184b0e2469fd1ef30cbeb29f5989c60c768'
|
synapse/models/inet.py
CHANGED
|
@@ -35,6 +35,10 @@ ipv4max = 2 ** 32 - 1
|
|
|
35
35
|
|
|
36
36
|
rfc6598 = ipaddress.IPv4Network('100.64.0.0/10')
|
|
37
37
|
|
|
38
|
+
# defined from https://x.com/4A4133/status/1887269972545839559
|
|
39
|
+
ja4_regex = r'^([tqd])([sd\d]\d)([di])(\d{2})(\d{2})([a-zA-Z0-9]{2})_([0-9a-f]{12})_([0-9a-f]{12})$'
|
|
40
|
+
ja4s_regex = r'^([tq])([sd\d]\d)(\d{2})([a-zA-Z0-9]{2})_([0-9a-f]{4})_([0-9a-f]{12})$'
|
|
41
|
+
|
|
38
42
|
def getAddrType(ip):
|
|
39
43
|
|
|
40
44
|
if ip.is_multicast:
|
|
@@ -1678,6 +1682,18 @@ class InetModule(s_module.CoreModule):
|
|
|
1678
1682
|
('inet:tls:handshake', ('guid', {}), {
|
|
1679
1683
|
'doc': 'An instance of a TLS handshake between a server and client.'}),
|
|
1680
1684
|
|
|
1685
|
+
('inet:tls:ja4', ('str', {'strip': True, 'regex': ja4_regex}), {
|
|
1686
|
+
'doc': 'A JA4 TLS client fingerprint.'}),
|
|
1687
|
+
|
|
1688
|
+
('inet:tls:ja4s', ('str', {'strip': True, 'regex': ja4s_regex}), {
|
|
1689
|
+
'doc': 'A JA4S TLS server fingerprint.'}),
|
|
1690
|
+
|
|
1691
|
+
('inet:tls:ja4:sample', ('comp', {'fields': (('client', 'inet:client'), ('ja4', 'inet:tls:ja4'))}), {
|
|
1692
|
+
'doc': 'A JA4 TLS client fingerprint used by a client.'}),
|
|
1693
|
+
|
|
1694
|
+
('inet:tls:ja4s:sample', ('comp', {'fields': (('server', 'inet:server'), ('ja4s', 'inet:tls:ja4s'))}), {
|
|
1695
|
+
'doc': 'A JA4S TLS server fingerprint used by a server.'}),
|
|
1696
|
+
|
|
1681
1697
|
('inet:tls:ja3s:sample', ('comp', {'fields': (('server', 'inet:server'), ('ja3s', 'hash:md5'))}), {
|
|
1682
1698
|
'doc': 'A JA3 sample taken from a server.'}),
|
|
1683
1699
|
|
|
@@ -3565,23 +3581,70 @@ class InetModule(s_module.CoreModule):
|
|
|
3565
3581
|
'doc': 'The server that was sampled to compute the JARM hash.'}),
|
|
3566
3582
|
)),
|
|
3567
3583
|
|
|
3584
|
+
('inet:tls:ja4', {}, ()),
|
|
3585
|
+
('inet:tls:ja4s', {}, ()),
|
|
3586
|
+
|
|
3587
|
+
('inet:tls:ja4:sample', {}, (
|
|
3588
|
+
|
|
3589
|
+
('ja4', ('inet:tls:ja4', {}), {
|
|
3590
|
+
'ro': True,
|
|
3591
|
+
'doc': 'The JA4 TLS client fingerprint.'}),
|
|
3592
|
+
|
|
3593
|
+
('client', ('inet:client', {}), {
|
|
3594
|
+
'ro': True,
|
|
3595
|
+
'doc': 'The client which initiated the TLS handshake with a JA4 fingerprint.'}),
|
|
3596
|
+
)),
|
|
3597
|
+
|
|
3598
|
+
('inet:tls:ja4s:sample', {}, (
|
|
3599
|
+
|
|
3600
|
+
('ja4s', ('inet:tls:ja4s', {}), {
|
|
3601
|
+
'ro': True,
|
|
3602
|
+
'doc': 'The JA4S TLS server fingerprint.'}),
|
|
3603
|
+
|
|
3604
|
+
('server', ('inet:server', {}), {
|
|
3605
|
+
'ro': True,
|
|
3606
|
+
'doc': 'The server which responded to the TLS handshake with a JA4S fingerprint.'}),
|
|
3607
|
+
)),
|
|
3608
|
+
|
|
3568
3609
|
('inet:tls:handshake', {}, (
|
|
3610
|
+
|
|
3569
3611
|
('time', ('time', {}), {
|
|
3570
3612
|
'doc': 'The time the handshake was initiated.'}),
|
|
3613
|
+
|
|
3571
3614
|
('flow', ('inet:flow', {}), {
|
|
3572
3615
|
'doc': 'The raw inet:flow associated with the handshake.'}),
|
|
3616
|
+
|
|
3573
3617
|
('server', ('inet:server', {}), {
|
|
3574
3618
|
'doc': 'The TLS server during the handshake.'}),
|
|
3619
|
+
|
|
3575
3620
|
('server:cert', ('crypto:x509:cert', {}), {
|
|
3576
3621
|
'doc': 'The x509 certificate sent by the server during the handshake.'}),
|
|
3577
|
-
|
|
3578
|
-
|
|
3622
|
+
|
|
3623
|
+
('server:ja3s', ('hash:md5', {}), {
|
|
3624
|
+
'doc': 'The JA3S fingerprint of the server response.'}),
|
|
3625
|
+
|
|
3626
|
+
('server:ja4s', ('inet:tls:ja4s', {}), {
|
|
3627
|
+
'doc': 'The JA4S fingerprint of the server response.'}),
|
|
3628
|
+
|
|
3579
3629
|
('client', ('inet:client', {}), {
|
|
3580
3630
|
'doc': 'The TLS client during the handshake.'}),
|
|
3631
|
+
|
|
3581
3632
|
('client:cert', ('crypto:x509:cert', {}), {
|
|
3582
3633
|
'doc': 'The x509 certificate sent by the client during the handshake.'}),
|
|
3634
|
+
|
|
3635
|
+
('client:ja3', ('hash:md5', {}), {
|
|
3636
|
+
'doc': 'The JA3 fingerprint of the client request.'}),
|
|
3637
|
+
|
|
3638
|
+
('client:ja4', ('inet:tls:ja4', {}), {
|
|
3639
|
+
'doc': 'The JA4 fingerprint of the client request.'}),
|
|
3640
|
+
|
|
3583
3641
|
('client:fingerprint:ja3', ('hash:md5', {}), {
|
|
3584
|
-
'
|
|
3642
|
+
'deprecated': True,
|
|
3643
|
+
'doc': 'Deprecated. Please use :client:ja3.'}),
|
|
3644
|
+
|
|
3645
|
+
('server:fingerprint:ja3', ('hash:md5', {}), {
|
|
3646
|
+
'deprecated': True,
|
|
3647
|
+
'doc': 'Deprecated. Please use :server:ja3s.'}),
|
|
3585
3648
|
)),
|
|
3586
3649
|
|
|
3587
3650
|
('inet:tls:ja3s:sample', {}, (
|
synapse/tests/test_lib_config.py
CHANGED
|
@@ -164,8 +164,8 @@ class ConfTest(s_test.SynTest):
|
|
|
164
164
|
# We can ensure that certain vars are loaded
|
|
165
165
|
self.eq('Funky string time!', conf.req('key:string'))
|
|
166
166
|
# And throw if they are not, or if the requested key isn't even schema valid
|
|
167
|
-
self.raises(s_exc.NeedConfValu, conf.
|
|
168
|
-
self.raises(s_exc.BadArg, conf.
|
|
167
|
+
self.raises(s_exc.NeedConfValu, conf.req, 'key:bool:nodefval')
|
|
168
|
+
self.raises(s_exc.BadArg, conf.req, 'key:newp')
|
|
169
169
|
|
|
170
170
|
# Since we're an Mutable mapping, we have some dict methods available to us
|
|
171
171
|
self.len(8, conf) # __len__
|
|
@@ -380,6 +380,12 @@ class ConfTest(s_test.SynTest):
|
|
|
380
380
|
self.eq(item['key:number'], 123)
|
|
381
381
|
self.notin('key:string', item)
|
|
382
382
|
|
|
383
|
+
item = validator({'key:multi': 123})
|
|
384
|
+
self.eq(item['key:multi'], 123)
|
|
385
|
+
|
|
386
|
+
item = validator({'key:multi': '123'})
|
|
387
|
+
self.eq(item['key:multi'], '123')
|
|
388
|
+
|
|
383
389
|
async def test_config_ref_handler(self):
|
|
384
390
|
|
|
385
391
|
filename = pathlib.Path(s_data.path(
|
synapse/tests/test_lib_layer.py
CHANGED
|
@@ -1399,8 +1399,8 @@ class LayerTest(s_t_utils.SynTest):
|
|
|
1399
1399
|
self.len(1, nodes)
|
|
1400
1400
|
self.eq(nodes[0].ndef, ('inet:ipv4', 0x01020304))
|
|
1401
1401
|
self.eq(nodes[0].get('asn'), 33)
|
|
1402
|
-
self.
|
|
1403
|
-
self.
|
|
1402
|
+
self.eq(nodes[0].getTag('foo.bar'), (None, None))
|
|
1403
|
+
self.eq(nodes[0].getTagProp('foo.bar', 'confidence'), 100)
|
|
1404
1404
|
|
|
1405
1405
|
self.eq(10004, await core.count('.created'))
|
|
1406
1406
|
self.len(2, await core.nodes('syn:tag~=foo'))
|
synapse/tests/test_lib_storm.py
CHANGED
|
@@ -2251,16 +2251,18 @@ class StormTest(s_t_utils.SynTest):
|
|
|
2251
2251
|
nodes = [m[1] for m in msgs if m[0] == 'node']
|
|
2252
2252
|
|
|
2253
2253
|
node = nodes[0]
|
|
2254
|
+
self.eq('inet:asn', node[1]['embeds']['asn']['$form'])
|
|
2254
2255
|
self.eq('hehe', node[1]['embeds']['asn']['name'])
|
|
2255
|
-
self.eq('796d67b92a6ffe9b88fa19d115b46ab6712d673a06ae602d41de84b1464782f2', node[1]['embeds']['asn']['
|
|
2256
|
+
self.eq('796d67b92a6ffe9b88fa19d115b46ab6712d673a06ae602d41de84b1464782f2', node[1]['embeds']['asn']['$iden'])
|
|
2256
2257
|
|
|
2257
2258
|
opts = {'embeds': {'ou:org': {'hq::email': ('user',)}}}
|
|
2258
2259
|
msgs = await core.stormlist('[ ou:org=* :country=* :hq=* ] { -> ps:contact [ :email=visi@vertex.link ] }', opts=opts)
|
|
2259
2260
|
nodes = [m[1] for m in msgs if m[0] == 'node']
|
|
2260
2261
|
node = nodes[0]
|
|
2261
2262
|
|
|
2263
|
+
self.eq('inet:email', node[1]['embeds']['hq::email']['$form'])
|
|
2262
2264
|
self.eq('visi', node[1]['embeds']['hq::email']['user'])
|
|
2263
|
-
self.eq('2346d7bed4b0fae05e00a413bbf8716c9e08857eb71a1ecf303b8972823f2899', node[1]['embeds']['hq::email']['
|
|
2265
|
+
self.eq('2346d7bed4b0fae05e00a413bbf8716c9e08857eb71a1ecf303b8972823f2899', node[1]['embeds']['hq::email']['$iden'])
|
|
2264
2266
|
|
|
2265
2267
|
fork = await core.callStorm('return($lib.view.get().fork().iden)')
|
|
2266
2268
|
|
|
@@ -2373,10 +2375,17 @@ class StormTest(s_t_utils.SynTest):
|
|
|
2373
2375
|
self.eq(['inet:service:rule', 'risk:vulnerable'], [n[0][0] for n in nodes])
|
|
2374
2376
|
|
|
2375
2377
|
embeds = nodes[0][1]['embeds']
|
|
2378
|
+
|
|
2379
|
+
self.nn(embeds['object']['$iden'])
|
|
2380
|
+
self.eq('risk:vulnerable', embeds['object']['$form'])
|
|
2376
2381
|
self.eq(1, embeds['object']['mitigated'])
|
|
2377
2382
|
self.eq(None, embeds['object']['newp'])
|
|
2383
|
+
|
|
2384
|
+
self.nn(embeds['object::node']['$iden'])
|
|
2385
|
+
self.eq('it:prod:hardware', embeds['object::node']['$form'])
|
|
2378
2386
|
self.eq('foohw', embeds['object::node']['name'])
|
|
2379
2387
|
self.eq(None, embeds['object::node']['newp'])
|
|
2388
|
+
self.eq('inet:service:account', embeds['grantee']['$form'])
|
|
2380
2389
|
self.eq('foocon', embeds['grantee']['id'])
|
|
2381
2390
|
self.eq(None, embeds['grantee']['newp'])
|
|
2382
2391
|
|
|
@@ -642,9 +642,9 @@ class StormHttpTest(s_test.SynTest):
|
|
|
642
642
|
self.isin('connect to proxy 127.0.0.1:1', resp['mesg'])
|
|
643
643
|
|
|
644
644
|
q = '$resp=$lib.inet.http.get("http://vertex.link") return(($resp.code, $resp.err))'
|
|
645
|
-
code, (errname,
|
|
645
|
+
code, (errname, errinfo) = await core.callStorm(q)
|
|
646
646
|
self.eq(code, -1)
|
|
647
|
-
self.
|
|
647
|
+
self.isin("connect to proxy 127.0.0.1:1", errinfo.get('mesg'))
|
|
648
648
|
|
|
649
649
|
msgs = await core.stormlist('$resp=$lib.inet.http.get("http://vertex.link", proxy=(null)) $lib.print($resp.err)')
|
|
650
650
|
self.stormIsInWarn('HTTP proxy argument to $lib.null is deprecated', msgs)
|
|
@@ -669,7 +669,7 @@ class StormHttpTest(s_test.SynTest):
|
|
|
669
669
|
self.stormIsInErr(errmsg.format(perm='storm.lib.inet.http.proxy'), msgs)
|
|
670
670
|
|
|
671
671
|
resp = await core.callStorm('return($lib.inet.http.get(http://vertex.link, proxy=socks5://user:pass@127.0.0.1:1))')
|
|
672
|
-
self.
|
|
672
|
+
self.isin("connect to proxy 127.0.0.1:1", resp['err'][1].get('mesg'))
|
|
673
673
|
|
|
674
674
|
# test $lib.axon proxy API
|
|
675
675
|
asvisi = {'user': visi.iden}
|
|
@@ -748,13 +748,13 @@ class StormHttpTest(s_test.SynTest):
|
|
|
748
748
|
opts = {'vars': {'proxy': 'socks5://user:pass@127.0.0.1:1'}, 'user': visi.iden}
|
|
749
749
|
|
|
750
750
|
resp = await core.callStorm(q1, opts=opts)
|
|
751
|
-
self.
|
|
751
|
+
self.isin("connect to proxy 127.0.0.1:1", resp['err'][1].get('mesg'))
|
|
752
752
|
|
|
753
753
|
resp = await core.callStorm(q2, opts=opts)
|
|
754
|
-
self.
|
|
754
|
+
self.isin("connect to proxy 127.0.0.1:1", resp['err'][1].get('mesg'))
|
|
755
755
|
|
|
756
756
|
resp = await core.callStorm(q3, opts=opts)
|
|
757
|
-
self.
|
|
757
|
+
self.isin("connect to proxy 127.0.0.1:1", resp['err'][1].get('mesg'))
|
|
758
758
|
|
|
759
759
|
opts = {'vars': {'proxy': False}, 'user': visi.iden}
|
|
760
760
|
|
|
@@ -46,11 +46,13 @@ class JsonTest(s_test.SynTest):
|
|
|
46
46
|
q = '''$schemaObj = $lib.json.schema($schema)
|
|
47
47
|
$item=({})
|
|
48
48
|
$item."key:integer"=(4)
|
|
49
|
+
$item."key:multi"=(4)
|
|
49
50
|
return ( $schemaObj.validate($item) )
|
|
50
51
|
'''
|
|
51
52
|
isok, valu = await core.callStorm(q, opts=opts)
|
|
52
53
|
self.true(isok)
|
|
53
54
|
self.eq(4, valu.get('key:integer'))
|
|
55
|
+
self.eq(4, valu.get('key:multi'))
|
|
54
56
|
self.eq('Default string!', valu.get('key:string'))
|
|
55
57
|
|
|
56
58
|
q = '''$schemaObj = $lib.json.schema($schema)
|
|
@@ -68,12 +70,13 @@ class JsonTest(s_test.SynTest):
|
|
|
68
70
|
|
|
69
71
|
q = '''
|
|
70
72
|
$schemaObj = $lib.json.schema($schema, use_default=$lib.false)
|
|
71
|
-
$item = ({"key:integer": 4})
|
|
73
|
+
$item = ({"key:integer": 4, "key:multi": "4"})
|
|
72
74
|
return($schemaObj.validate($item))
|
|
73
75
|
'''
|
|
74
76
|
isok, valu = await core.callStorm(q, opts={'vars': {'schema': s_test.test_schema}})
|
|
75
77
|
self.true(isok)
|
|
76
78
|
self.eq(4, valu.get('key:integer'))
|
|
79
|
+
self.eq('4', valu.get('key:multi'))
|
|
77
80
|
self.notin('key:string', valu)
|
|
78
81
|
|
|
79
82
|
# Print a json schema obj
|
synapse/tests/test_model_inet.py
CHANGED
|
@@ -2908,10 +2908,10 @@ class InetModelTest(s_t_utils.SynTest):
|
|
|
2908
2908
|
:flow=*
|
|
2909
2909
|
:server=$server
|
|
2910
2910
|
:server:cert=*
|
|
2911
|
-
:server:
|
|
2911
|
+
:server:ja3s=$ja3s
|
|
2912
2912
|
:client=$client
|
|
2913
2913
|
:client:cert=*
|
|
2914
|
-
:client:
|
|
2914
|
+
:client:ja3=$ja3
|
|
2915
2915
|
]
|
|
2916
2916
|
''', opts={'vars': props})
|
|
2917
2917
|
self.len(1, nodes)
|
|
@@ -2920,8 +2920,8 @@ class InetModelTest(s_t_utils.SynTest):
|
|
|
2920
2920
|
self.nn(nodes[0].get('server:cert'))
|
|
2921
2921
|
self.nn(nodes[0].get('client:cert'))
|
|
2922
2922
|
|
|
2923
|
-
self.eq(props['ja3'], nodes[0].get('client:
|
|
2924
|
-
self.eq(props['ja3s'], nodes[0].get('server:
|
|
2923
|
+
self.eq(props['ja3'], nodes[0].get('client:ja3'))
|
|
2924
|
+
self.eq(props['ja3s'], nodes[0].get('server:ja3s'))
|
|
2925
2925
|
|
|
2926
2926
|
self.eq(props['client'], nodes[0].get('client'))
|
|
2927
2927
|
self.eq(props['server'], nodes[0].get('server'))
|
|
@@ -3498,3 +3498,41 @@ class InetModelTest(s_t_utils.SynTest):
|
|
|
3498
3498
|
self.len(1, await core.nodes('inet:service:subscription -> inet:service:subscription:level:taxonomy'))
|
|
3499
3499
|
self.len(1, await core.nodes('inet:service:subscription :pay:instrument -> econ:bank:account'))
|
|
3500
3500
|
self.len(1, await core.nodes('inet:service:subscription :subscriber -> inet:service:tenant'))
|
|
3501
|
+
|
|
3502
|
+
async def test_model_inet_tls_ja4(self):
|
|
3503
|
+
|
|
3504
|
+
async with self.getTestCore() as core:
|
|
3505
|
+
|
|
3506
|
+
nodes = await core.nodes('[ inet:tls:ja4:sample=(1.2.3.4, t13d190900_9dc949149365_97f8aa674fd9) ]')
|
|
3507
|
+
self.len(1, nodes)
|
|
3508
|
+
self.eq(nodes[0].get('ja4'), 't13d190900_9dc949149365_97f8aa674fd9')
|
|
3509
|
+
self.eq(nodes[0].get('client'), 'tcp://1.2.3.4')
|
|
3510
|
+
self.len(1, await core.nodes('inet:tls:ja4:sample -> inet:client'))
|
|
3511
|
+
self.len(1, await core.nodes('inet:tls:ja4:sample -> inet:tls:ja4'))
|
|
3512
|
+
|
|
3513
|
+
nodes = await core.nodes('[ inet:tls:ja4s:sample=(1.2.3.4:443, t130200_1301_a56c5b993250) ]')
|
|
3514
|
+
self.len(1, nodes)
|
|
3515
|
+
self.eq(nodes[0].get('ja4s'), 't130200_1301_a56c5b993250')
|
|
3516
|
+
self.eq(nodes[0].get('server'), 'tcp://1.2.3.4:443')
|
|
3517
|
+
self.len(1, await core.nodes('inet:tls:ja4s:sample -> inet:server'))
|
|
3518
|
+
self.len(1, await core.nodes('inet:tls:ja4s:sample -> inet:tls:ja4s'))
|
|
3519
|
+
|
|
3520
|
+
nodes = await core.nodes('''[
|
|
3521
|
+
inet:tls:handshake=*
|
|
3522
|
+
:client:ja4=t13d190900_9dc949149365_97f8aa674fd9
|
|
3523
|
+
:server:ja4s=t130200_1301_a56c5b993250
|
|
3524
|
+
]''')
|
|
3525
|
+
self.len(1, nodes)
|
|
3526
|
+
self.eq(nodes[0].get('client:ja4'), 't13d190900_9dc949149365_97f8aa674fd9')
|
|
3527
|
+
self.eq(nodes[0].get('server:ja4s'), 't130200_1301_a56c5b993250')
|
|
3528
|
+
self.len(1, await core.nodes('inet:tls:handshake :client:ja4 -> inet:tls:ja4'))
|
|
3529
|
+
self.len(1, await core.nodes('inet:tls:handshake :server:ja4s -> inet:tls:ja4s'))
|
|
3530
|
+
|
|
3531
|
+
ja4_t = core.model.type('inet:tls:ja4')
|
|
3532
|
+
ja4s_t = core.model.type('inet:tls:ja4s')
|
|
3533
|
+
self.eq('t13d1909Tg_9dc949149365_97f8aa674fd9', ja4_t.norm(' t13d1909Tg_9dc949149365_97f8aa674fd9 ')[0])
|
|
3534
|
+
self.eq('t1302Tg_1301_a56c5b993250', ja4s_t.norm(' t1302Tg_1301_a56c5b993250 ')[0])
|
|
3535
|
+
with self.raises(s_exc.BadTypeValu):
|
|
3536
|
+
ja4_t.norm('t13d190900_9dc949149365_97f8aa674fD9')
|
|
3537
|
+
with self.raises(s_exc.BadTypeValu):
|
|
3538
|
+
ja4s_t.norm('t130200_1301_a56c5B993250')
|
synapse/tests/utils.py
CHANGED
|
@@ -125,7 +125,7 @@ synapse/lib/modules.py,sha256=xHNrGBWLOSTSqn7GMMnm6iiw3Df-Q11h5gOUw84Ax7E,1282
|
|
|
125
125
|
synapse/lib/msgpack.py,sha256=IEYF1sv0UoYq1BpqfZUzf30bAlWveC6ZArXBeY68vuI,7895
|
|
126
126
|
synapse/lib/multislabseqn.py,sha256=cxNN1UdQPD3TDvGnNJcITkssAk5Y3pBsbd89sVd8qJw,15221
|
|
127
127
|
synapse/lib/nexus.py,sha256=CrdOco9bcAzV1-93h1DlvZeqLP_kCIJvZRvb1Rwxgfk,23687
|
|
128
|
-
synapse/lib/node.py,sha256=
|
|
128
|
+
synapse/lib/node.py,sha256=XwcgKbouFHMt79Hmju3vo6xd3jTrLu5Ai5zFqpU_HuA,31474
|
|
129
129
|
synapse/lib/oauth.py,sha256=xgJNXyt4uWymt5xaoXpCAeZmrSiJV7XVwl9h3Pm92zg,20367
|
|
130
130
|
synapse/lib/output.py,sha256=MARscREHja4h8PQN7GZxHGvF36RoOkUyw3vfhmFzMTk,890
|
|
131
131
|
synapse/lib/parser.py,sha256=Tjk1aYa5ucQLzGGUf14dmNFpxfLiKu00ZWj8SgAf324,29471
|
|
@@ -139,7 +139,7 @@ synapse/lib/scrape.py,sha256=-TLjUrerHCGiuCOeuGOGA6IpQdaFGW6LvwZtp1xOCnw,23785
|
|
|
139
139
|
synapse/lib/share.py,sha256=wE0WE77QxJTbfcZmVLn_9hHbXMsptj6e2I4KbTho9_Q,605
|
|
140
140
|
synapse/lib/slaboffs.py,sha256=Fd0RrIRBMjh159aQz5y1ONmzw0NvV040kVX_jZjQW6I,815
|
|
141
141
|
synapse/lib/slabseqn.py,sha256=LJ2SZEsZlROBAD3mdS-3JxNVVPXXkBW8GIJXsW0OGG8,10287
|
|
142
|
-
synapse/lib/snap.py,sha256=
|
|
142
|
+
synapse/lib/snap.py,sha256=NbFCkISq_UZPjdRUzxAG_You0_rLP9_USAgYi3wAE44,63709
|
|
143
143
|
synapse/lib/spooled.py,sha256=BQHIW-qZvEcvhEf8PpXhbDDGzq1go4TH63D6kn-1anM,6021
|
|
144
144
|
synapse/lib/storm.lark,sha256=8RxsM4xYhBpJbGpS2Yfft74eQyvFvD0FbSbaSkLcL20,27412
|
|
145
145
|
synapse/lib/storm.py,sha256=zda0wgsophZ52T9hgLbiORJHcZHiS2nU3opGoeL5F88,205526
|
|
@@ -158,7 +158,7 @@ synapse/lib/time.py,sha256=bk_1F6_MDuCWJ1ToPJ-XHkeTWVw5b4SE7cCixBqVxXo,9435
|
|
|
158
158
|
synapse/lib/trigger.py,sha256=mnfkoBHB88JfqPoxb5oflvAaBKZpNvYdxP247YS53fE,20697
|
|
159
159
|
synapse/lib/types.py,sha256=plPuYWNaJmCWjYIOWIkDhh8NhTONATZD6d85qf2NUfM,69740
|
|
160
160
|
synapse/lib/urlhelp.py,sha256=ljhnF91z9ihyOLdZZ6OoQYCN1WYjOj1imukD45xiKU0,3320
|
|
161
|
-
synapse/lib/version.py,sha256=
|
|
161
|
+
synapse/lib/version.py,sha256=2X2VgCdTdapLJHREDFMzUWioAzaYw_MTPVwCZRgAbMM,7162
|
|
162
162
|
synapse/lib/view.py,sha256=lidWNualB8Imtz1x6aWo70bntdv9Sf9tpG78cliDKjI,62682
|
|
163
163
|
synapse/lib/crypto/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
164
164
|
synapse/lib/crypto/coin.py,sha256=_dhlkzIrHT8BvHdJOWK7PDThz3sK3dDRnWAUqjRpZJc,4910
|
|
@@ -194,7 +194,7 @@ synapse/lib/stormlib/index.py,sha256=f92Yn3nhojFhxbp7SUu9T-lRTGw-_miazfwMqG7QO14
|
|
|
194
194
|
synapse/lib/stormlib/infosec.py,sha256=sV3kKfQuu832--rXUSENXA3n6TrfhynxUZE-WlZQCVM,30377
|
|
195
195
|
synapse/lib/stormlib/ipv6.py,sha256=Ik50Hpd6T-XCc7gVzJqmYqGQF8jfIwFIQvNCDPCMtLs,1557
|
|
196
196
|
synapse/lib/stormlib/iters.py,sha256=TnceDb1bTCpDT2RgaFJ3rpXETZp2GyPzlId6iyah0Os,3159
|
|
197
|
-
synapse/lib/stormlib/json.py,sha256=
|
|
197
|
+
synapse/lib/stormlib/json.py,sha256=QR9ytaGbAnKv7qsxnXa3v3yO5cI-jZi1uuwLmcjyG6g,5999
|
|
198
198
|
synapse/lib/stormlib/log.py,sha256=wdV-lqzQMM0C3GXNJKJKvkSKjk0CBsUfjd-Cl06LOtE,7034
|
|
199
199
|
synapse/lib/stormlib/macro.py,sha256=7iQ18mCaNZcslmfXGQvOmGQ71HxD7JeDp0HDmu5-EKM,8807
|
|
200
200
|
synapse/lib/stormlib/math.py,sha256=3RKHj40GkYFiJSINa2AZZOAA-GqqeEP98bWw2JNity8,1149
|
|
@@ -239,7 +239,7 @@ synapse/models/entity.py,sha256=loHKByGwv2xyz6cYWWUpwk12mxWNzC06BKgDgWfX6ek,1617
|
|
|
239
239
|
synapse/models/files.py,sha256=4nA0LGK2gKEjErzTnFfIX7kxNn8c_C7xWAfiwWFz5zY,34396
|
|
240
240
|
synapse/models/geopol.py,sha256=1DGxLJ60QlnSIe3WxxViYQ3KFSwm89vvGc534bbSNBo,11304
|
|
241
241
|
synapse/models/geospace.py,sha256=Ix54xGdGRZNqLI0r6r9OA1t6vqB3XM1lkoy86Vjt5XA,21155
|
|
242
|
-
synapse/models/inet.py,sha256=
|
|
242
|
+
synapse/models/inet.py,sha256=FadF1-21JUjOJfPXJluTzYHNnJgQdKitTFbKDMzOrrs,180518
|
|
243
243
|
synapse/models/infotech.py,sha256=Hrv51zXxXGRLiitgbByM7BK_Y_mX18uL5mizZXn2lZA,153163
|
|
244
244
|
synapse/models/language.py,sha256=hBVVIf5kc_FSIV7HZhWnberoc9ssxuqeff4fqC9iz4o,3640
|
|
245
245
|
synapse/models/material.py,sha256=UvmnBEkbhBbdbnvWtTlgGJAJlKDrx9E-YSQ3K49ws5M,5405
|
|
@@ -293,7 +293,7 @@ synapse/tests/test_lib_cell.py,sha256=FbeM8WiKx-jXUZsPvESfLO1GvOZ4xGz7kGWgZlLL5p
|
|
|
293
293
|
synapse/tests/test_lib_certdir.py,sha256=d5X1lvp0DnBRigXYLbofZAXakZp440-bjaMH30PlGsI,42728
|
|
294
294
|
synapse/tests/test_lib_chop.py,sha256=LkrM_pQU_KS88aVRPD4DI97qSdhxmw6EUA_jb-UJpww,6238
|
|
295
295
|
synapse/tests/test_lib_cli.py,sha256=B8qGx9KtTWp31RlCMtfFMzhJ0TzaaO9ph7RCK2jHtx4,9283
|
|
296
|
-
synapse/tests/test_lib_config.py,sha256=
|
|
296
|
+
synapse/tests/test_lib_config.py,sha256=a_c6MuFaVaMa3cIhOLzqfs39tCc0CsyRp1CeaocawGc,16691
|
|
297
297
|
synapse/tests/test_lib_const.py,sha256=qatZeo6C9WbpXPoV3dxvbLyDOnsj1U05tEJVrHGnkVc,873
|
|
298
298
|
synapse/tests/test_lib_coro.py,sha256=tQ8RiLml0hF5K_4s9DEdVSuRn-jfZMcnt6kZPhwsPTI,6132
|
|
299
299
|
synapse/tests/test_lib_crypto_coin.py,sha256=gMhkItWv4P3JVGlqEt5T35O6aHUMeSyX_vEetP73sZY,419
|
|
@@ -313,7 +313,7 @@ synapse/tests/test_lib_httpapi.py,sha256=fJcnNWMtBEOlU5be5-Zji8wgvEAZUqu1kggGhDk
|
|
|
313
313
|
synapse/tests/test_lib_interval.py,sha256=PNEU24XXEGdlW7WkiYJGbhGljwBJpAWen9yTOqlNikQ,839
|
|
314
314
|
synapse/tests/test_lib_json.py,sha256=Xno2FVQDsOeGLWLNvU76VskxvmJHtQufJpW0Cg3IMqQ,8757
|
|
315
315
|
synapse/tests/test_lib_jsonstor.py,sha256=ToLp5xdCOfqi1bWrPRxMsNewtGOd89zyX9Zn3VT5o9I,5950
|
|
316
|
-
synapse/tests/test_lib_layer.py,sha256=
|
|
316
|
+
synapse/tests/test_lib_layer.py,sha256=FPPN-5fzPya8DYtJJ8-LQzJ3tGwe_YjvaVakKTQRd1I,94545
|
|
317
317
|
synapse/tests/test_lib_link.py,sha256=NkNPvfWaO22IoVRkmPPLtrHrK2gluFp1gipr1fbSbWE,10297
|
|
318
318
|
synapse/tests/test_lib_lmdbslab.py,sha256=2R80A17AoErvrt5cW5KattFlAdQrxMXzG02o82uD5So,67693
|
|
319
319
|
synapse/tests/test_lib_modelrev.py,sha256=DK9ueo4WCUFagGFBP2xqEHvLqA9gnQLdbJTuKQmJs5k,81055
|
|
@@ -334,10 +334,10 @@ synapse/tests/test_lib_slaboffs.py,sha256=FHQ8mGZ27dGqVwGk6q2UJ4gkPRZN22eIVzS8hM
|
|
|
334
334
|
synapse/tests/test_lib_slabseqn.py,sha256=74V6jU7DRTsy_hqUFDuT4C6dPlJ6ObNnjmI9qhbbyVc,5230
|
|
335
335
|
synapse/tests/test_lib_snap.py,sha256=OviJtj9N5LhBV-56TySkWvRly7f8VH9d-VBcNFLAtmg,27805
|
|
336
336
|
synapse/tests/test_lib_spooled.py,sha256=Ki9UnzTPUtw7devwN_M0a8uwOst81fGQtGSVqSSh1u8,4002
|
|
337
|
-
synapse/tests/test_lib_storm.py,sha256=
|
|
337
|
+
synapse/tests/test_lib_storm.py,sha256=GLLbgQ7sztaykAcM5p_n9uyDZ3qad1thG5719sBBjB8,245310
|
|
338
338
|
synapse/tests/test_lib_storm_format.py,sha256=tEZgQMmKAeG8FQZE5HUjOT7bnKawVTpNaVQh_3Wa630,277
|
|
339
339
|
synapse/tests/test_lib_stormctrl.py,sha256=1vY7PGjgmz3AibgSiGcp_G4NSYl9YNifWdjPB0CDf1g,2877
|
|
340
|
-
synapse/tests/test_lib_stormhttp.py,sha256=
|
|
340
|
+
synapse/tests/test_lib_stormhttp.py,sha256=rhZ9xLTIzLm4GlJUFDieFqAcrhE0EFTDi2erGltPm0I,46056
|
|
341
341
|
synapse/tests/test_lib_stormlib_aha.py,sha256=XhBokRnanwe2vWZf0PcwyZgJE3mu-7V4xKNhFf7Go4U,17782
|
|
342
342
|
synapse/tests/test_lib_stormlib_auth.py,sha256=-y7bZwmeM8Qz-hqw115UdBT_c2m-wIUS26Oau-IJuH8,61338
|
|
343
343
|
synapse/tests/test_lib_stormlib_backup.py,sha256=3ZYE3swQ4A8aYJyVueFXzbekCdoKMC7jsHLoq0hTKGI,1644
|
|
@@ -358,7 +358,7 @@ synapse/tests/test_lib_stormlib_index.py,sha256=qz2pIJ1oZAyN3IEpIqYewiB4FVvKSfVL
|
|
|
358
358
|
synapse/tests/test_lib_stormlib_infosec.py,sha256=uDaJ5WjTsujvALShSf-RDAOP4HhuddQcXfANTyIJkp4,27375
|
|
359
359
|
synapse/tests/test_lib_stormlib_ipv6.py,sha256=sJDIM4lKayYct2qAGjRwgadmxzgegzSn8I3UxNRFF4M,877
|
|
360
360
|
synapse/tests/test_lib_stormlib_iters.py,sha256=cL4YZ1D8lsoMI1LF3_HcbdQbsEGTVk9Sv-qFVSg_G1E,4452
|
|
361
|
-
synapse/tests/test_lib_stormlib_json.py,sha256=
|
|
361
|
+
synapse/tests/test_lib_stormlib_json.py,sha256=ULqYofzDYHPfjSDVBsI3w0DGbTPf6WpaupCwLgjiUtA,3959
|
|
362
362
|
synapse/tests/test_lib_stormlib_log.py,sha256=1utRgbOcLYGE70fIBubffgTg-vFPq-Xqq6Y4I3QIw1c,2778
|
|
363
363
|
synapse/tests/test_lib_stormlib_macro.py,sha256=LJwjSXmX5BuoBsfp3uOhUODCdSpt5_F92XuV6ImswtM,18514
|
|
364
364
|
synapse/tests/test_lib_stormlib_mime.py,sha256=ozBJ70XxdrErOmycStWdh1xkBHVnM0BTPHvaP4faC0g,1510
|
|
@@ -408,7 +408,7 @@ synapse/tests/test_model_geospace.py,sha256=8ATsx662mrcKzurMpQGbshnQPYOWqO7wxOWp
|
|
|
408
408
|
synapse/tests/test_model_gov_cn.py,sha256=FnfKNM_wnvmScLm4cYFSQXZ21kVaTPPDusiCD79awBA,675
|
|
409
409
|
synapse/tests/test_model_gov_intl.py,sha256=mHYK056C2R0aDH-5-TnUxtH0ZlKnEOoSd9ODIMasmow,780
|
|
410
410
|
synapse/tests/test_model_gov_us.py,sha256=kvZ9DudBrbKtZmqGm8X-b_IOw4oJ7XZMnvTgiDkzsrY,1525
|
|
411
|
-
synapse/tests/test_model_inet.py,sha256=
|
|
411
|
+
synapse/tests/test_model_inet.py,sha256=Q6z0mC0yr-F57BryaxcvKahwIFEd9ULVnefBO0bH-aM,159269
|
|
412
412
|
synapse/tests/test_model_infotech.py,sha256=utLzSeQc7ZOcC0HrXPkMh8pUmustP_Kb6u19EkUjHr8,114072
|
|
413
413
|
synapse/tests/test_model_language.py,sha256=49stF1B8_EwWJB67Xa5VXCG563Zfbr6S85iKN9Iom48,3046
|
|
414
414
|
synapse/tests/test_model_material.py,sha256=Hkd8BJh6FdQE0RuFMV2NO6fGqw9kOCb5AeIuTYtwCEM,2723
|
|
@@ -461,7 +461,7 @@ synapse/tests/test_tools_storm.py,sha256=xCDr3RumtBpFsxq0BhI0rRd6S83zoFI0oHeb6Vl
|
|
|
461
461
|
synapse/tests/test_utils.py,sha256=L77-3no2UIZcBFx9kI2j-uUidILGPNUpnLiytayB0ig,9948
|
|
462
462
|
synapse/tests/test_utils_getrefs.py,sha256=Cv0LT0DF-tCGwBmOXsYUVNIJdXQA73yRBgdSWxFL3oA,2623
|
|
463
463
|
synapse/tests/test_utils_stormcov.py,sha256=H9p1vFH8kNE6qMLrGzSV0eH7KOgdZFh7QuarFe47FtU,6149
|
|
464
|
-
synapse/tests/utils.py,sha256=
|
|
464
|
+
synapse/tests/utils.py,sha256=C7zqziOYwnX1samDcccDJZSaEg5L9_MjKLZ_MIrRy-o,78676
|
|
465
465
|
synapse/tests/files/TestUtilsGetrefs.test_basics.yaml,sha256=Ch8cEGFYfDUCZTEvzAqW5Ir79OnYb49pq4i9OJ7K9T0,8257
|
|
466
466
|
synapse/tests/files/__init__.py,sha256=G0DpSelVbC5S6PncHNL3QjgFvjCfaq7Kb1GgksJgEO4,1774
|
|
467
467
|
synapse/tests/files/cpedata.json,sha256=e_wajnxn4ZClQ3-hwlOxK-2MWzLQwrqgtWVUV5dUVF4,13799445
|
|
@@ -619,8 +619,8 @@ synapse/vendor/xrpl/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJW
|
|
|
619
619
|
synapse/vendor/xrpl/tests/test_codec.py,sha256=Zwq6A5uZUK_FWDL3BA932c5b-rL3hnC6efobWHSLC4o,6651
|
|
620
620
|
synapse/vendor/xrpl/tests/test_main.py,sha256=kZQwWk7I6HrP-PMvLdsUUN4POvWD9I-iXDHOwdeF090,4299
|
|
621
621
|
synapse/vendor/xrpl/tests/test_main_test_cases.py,sha256=vTlUM4hJD2Hd2wCIdd9rfsvcMZZZQmNHWdCTTFeGz2Y,4221
|
|
622
|
-
synapse-2.
|
|
623
|
-
synapse-2.
|
|
624
|
-
synapse-2.
|
|
625
|
-
synapse-2.
|
|
626
|
-
synapse-2.
|
|
622
|
+
synapse-2.212.0.dist-info/licenses/LICENSE,sha256=xllut76FgcGL5zbIRvuRc7aezPbvlMUTWJPsVr2Sugg,11358
|
|
623
|
+
synapse-2.212.0.dist-info/METADATA,sha256=uu4iQLjVHqvjrVyCxz7C-OP7Y6Ruh4G-KHxKxYh9xcg,4623
|
|
624
|
+
synapse-2.212.0.dist-info/WHEEL,sha256=cRWFNt_CJSuf6BnJKAdKunDXUJxjAbWvbt_kstDCs1I,93
|
|
625
|
+
synapse-2.212.0.dist-info/top_level.txt,sha256=v_1YsqjmoSCzCKs7oIhzTNmWtSYoORiBMv1TJkOhx8A,8
|
|
626
|
+
synapse-2.212.0.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|