tellaro-query-language 0.2.8__tar.gz → 0.2.11__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/PKG-INFO +1 -1
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/pyproject.toml +1 -1
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/opensearch_operations.py +2 -2
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/dns.py +42 -9
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/LICENSE +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/README.md +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/__init__.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/analyzer.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/cache/__init__.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/cache/base.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/cache/memory.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/cache/redis.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/cli.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/README.md +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/__init__.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/file_operations.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/stats_operations.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/validation_operations.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/evaluator.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/evaluator_components/README.md +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/evaluator_components/__init__.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/evaluator_components/field_access.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/evaluator_components/special_expressions.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/evaluator_components/value_comparison.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/exceptions.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/field_type_inference.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/geoip_normalizer.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutator_analyzer.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/__init__.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/base.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/encoding.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/geo.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/list.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/network.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/security.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/mutators/string.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_components/README.md +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_components/__init__.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_components/field_mapping.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_components/lucene_converter.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_components/query_converter.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_mappings.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_stats.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/README.md +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/__init__.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/ast_builder.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/error_analyzer.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/field_extractor.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/grammar.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/post_processor.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/scripts.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/stats_evaluator.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/stats_transformer.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/streaming_file_processor.py +0 -0
- {tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/validators.py +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[tool.poetry]
|
|
2
2
|
name = "tellaro-query-language"
|
|
3
|
-
version = "0.2.
|
|
3
|
+
version = "0.2.11"
|
|
4
4
|
description = "A flexible, human-friendly query language for searching and filtering structured data"
|
|
5
5
|
authors = ["Justin Henderson <justin@tellaro.io>"]
|
|
6
6
|
license = "Proprietary"
|
|
@@ -813,10 +813,10 @@ class OpenSearchOperations:
|
|
|
813
813
|
# scan_all mode with post-processing - process all results
|
|
814
814
|
processor = QueryPostProcessor()
|
|
815
815
|
|
|
816
|
-
# Extract all documents from
|
|
816
|
+
# Extract all documents from initial_hits (which contains all scrolled results)
|
|
817
817
|
documents = []
|
|
818
818
|
hit_metadata = []
|
|
819
|
-
for hit in
|
|
819
|
+
for hit in initial_hits:
|
|
820
820
|
documents.append(hit["_source"])
|
|
821
821
|
hit_metadata.append(
|
|
822
822
|
{
|
|
@@ -246,20 +246,53 @@ class NSLookupMutator(BaseMutator):
|
|
|
246
246
|
|
|
247
247
|
# Save enrichment if requested
|
|
248
248
|
if save_enrichment:
|
|
249
|
-
#
|
|
249
|
+
# Determine the DNS data field (for full ECS structure)
|
|
250
|
+
# If append_field is like "destination.domain", dns_field is "destination.dns"
|
|
251
|
+
if append_field.endswith(".domain"):
|
|
252
|
+
dns_field = append_field.rsplit(".domain", 1)[0] + ".dns"
|
|
253
|
+
elif append_field == "domain":
|
|
254
|
+
dns_field = "dns"
|
|
255
|
+
else:
|
|
256
|
+
dns_field = append_field + "_dns"
|
|
257
|
+
|
|
250
258
|
if len(queries) == 1 and queries[0] in resolved_results:
|
|
251
|
-
# Single query:
|
|
252
|
-
|
|
259
|
+
# Single query: extract domain names for the domain field
|
|
260
|
+
dns_data = resolved_results[queries[0]]
|
|
261
|
+
answers = dns_data.get("answers", [])
|
|
262
|
+
|
|
263
|
+
# Store domain name(s) in the domain field (string or list of strings)
|
|
264
|
+
if len(answers) == 1:
|
|
265
|
+
append_to_result(record, append_field, answers[0])
|
|
266
|
+
elif len(answers) > 1:
|
|
267
|
+
append_to_result(record, append_field, answers)
|
|
268
|
+
# If no answers, don't set the domain field (leave it unset)
|
|
269
|
+
|
|
270
|
+
# Store full ECS data in the dns field
|
|
271
|
+
append_to_result(record, dns_field, dns_data)
|
|
272
|
+
|
|
253
273
|
elif len(queries) > 1:
|
|
254
|
-
# Multiple queries:
|
|
274
|
+
# Multiple queries: collect all domain names and ECS results
|
|
275
|
+
all_domains = []
|
|
255
276
|
results_array = []
|
|
256
277
|
for query in queries:
|
|
257
278
|
if query in resolved_results:
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
279
|
+
dns_data = resolved_results[query]
|
|
280
|
+
results_array.append(dns_data)
|
|
281
|
+
answers = dns_data.get("answers", [])
|
|
282
|
+
all_domains.extend(answers)
|
|
283
|
+
|
|
284
|
+
# Store unique domain names in the domain field
|
|
285
|
+
if all_domains:
|
|
286
|
+
unique_domains = list(dict.fromkeys(all_domains)) # Preserve order, remove dupes
|
|
287
|
+
if len(unique_domains) == 1:
|
|
288
|
+
append_to_result(record, append_field, unique_domains[0])
|
|
289
|
+
else:
|
|
290
|
+
append_to_result(record, append_field, unique_domains)
|
|
291
|
+
|
|
292
|
+
# Store full ECS data array in the dns field
|
|
293
|
+
if results_array:
|
|
294
|
+
append_to_result(record, dns_field, results_array)
|
|
295
|
+
# If no results, don't set any fields
|
|
263
296
|
|
|
264
297
|
# For enrichment mutators, return data for comparison
|
|
265
298
|
# The full enrichment data is stored via append_to_result above
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/README.md
RENAMED
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/core_components/__init__.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/field_type_inference.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/opensearch_mappings.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/README.md
RENAMED
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/__init__.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/parser_components/grammar.py
RENAMED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
{tellaro_query_language-0.2.8 → tellaro_query_language-0.2.11}/src/tql/streaming_file_processor.py
RENAMED
|
File without changes
|
|
File without changes
|