xbase-util 0.1.0__tar.gz → 0.1.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. {xbase_util-0.1.0 → xbase_util-0.1.1}/PKG-INFO +1 -1
  2. {xbase_util-0.1.0 → xbase_util-0.1.1}/setup.py +1 -1
  3. xbase_util-0.1.1/xbase_util/geo_util.py +107 -0
  4. xbase_util-0.1.1/xbase_util/xbase_constant.py +5 -0
  5. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/xbase_util.py +3 -7
  6. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/PKG-INFO +1 -1
  7. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/SOURCES.txt +2 -0
  8. {xbase_util-0.1.0 → xbase_util-0.1.1}/README.md +0 -0
  9. {xbase_util-0.1.0 → xbase_util-0.1.1}/setup.cfg +0 -0
  10. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/__init__.py +0 -0
  11. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/es_db_util.py +0 -0
  12. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/esreq.py +0 -0
  13. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/handle_features_util.py +0 -0
  14. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/pcap_util.py +0 -0
  15. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/dependency_links.txt +0 -0
  16. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/not-zip-safe +0 -0
  17. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/top_level.txt +0 -0
  18. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  19. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util_assets/arkimeparse.js +0 -0
{xbase_util-0.1.0 → xbase_util-0.1.1}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.1.0
3
+ Version: 0.1.1
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.1.0 → xbase_util-0.1.1}/setup.py RENAMED
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.1.0",
6
+ version="0.1.1",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
xbase_util-0.1.1/xbase_util/geo_util.py ADDED
@@ -0,0 +1,107 @@
1
+ import re
2
+
3
+ import geoip2.database
4
+
5
+ from xbase_util.xbase_constant import geo_path
6
+
7
+
8
+ class GeoUtil:
9
+ def __init__(self, reader):
10
+ self.reader = geoip2.database.Reader(geo_path)
11
+ print("初始化:GeoUtil")
12
+
13
+ @staticmethod
14
+ def is_stable_name(ip):
15
+ ip_match = r"^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|0?[0-9]?[1-9]|0?[1-9]0)\.)(?:(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(?:25[0-4]|2[0-4][0-9]|1[0-9][0-9]|0?[0-9]?[1-9]|0?[1-9]0)$"
16
+ if re.match(ip_match, ip):
17
+ # 分割IP地址
18
+ octets = ip.split('.')
19
+ first_octet = int(octets[0])
20
+ second_octet = int(octets[1])
21
+ # 判断是否是本地地址
22
+ if ip == "10.28.0.0" or ip.startswith("10.28.0.") or ip.startswith("10.28.0.0/16"):
23
+ return "LOCAL_ADDRESS"
24
+ # 判断是否是VPN地址
25
+ if ip.startswith("10.28.15"):
26
+ return "VPN_ADDRESS"
27
+ # 判断是否是分支机构地址
28
+ if (192 <= first_octet <= 195) or (first_octet == 192 and 144 <= second_octet <= 255):
29
+ return "DEPARTMENT_ADDRESS"
30
+ else:
31
+ return False
32
+
33
+ @staticmethod
34
+ def fill_geo_empty(value):
35
+ if value == "" or value is None:
36
+ return "IP_GEO_EMPTY"
37
+ else:
38
+ return value
39
+
40
+ def get_geo_by_ip(self, geo_map):
41
+ source_ip = geo_map["source.ip"]
42
+ source_ip_name = self.is_stable_name(source_ip)
43
+ if source_ip_name is not False:
44
+ try:
45
+ response = self.reader.city(source_ip)
46
+ geo_map["source.ip_Country_IsoCode"] = self.fill_geo_empty(response.country.iso_code)
47
+ geo_map['source.ip_Country_Name'] = self.fill_geo_empty(response.country.name)
48
+ geo_map["source.ip_Country_SpecificName"] = self.fill_geo_empty(
49
+ response.subdivisions.most_specific.name)
50
+ geo_map['source.ip_Country_SpecificIsoCode'] = self.fill_geo_empty(
51
+ response.subdivisions.most_specific.iso_code)
52
+ geo_map['source.ip_City_Name'] = self.fill_geo_empty(response.city.name)
53
+ geo_map['source.ip_City_PostalCode'] = self.fill_geo_empty(response.postal.code)
54
+ geo_map['source.ip_Location_Latitude'] = self.fill_geo_empty(response.location.latitude)
55
+ geo_map["source.ip_Location_Longitude"] = self.fill_geo_empty(response.location.longitude)
56
+ except Exception as e:
57
+ geo_map["source.ip_Country_IsoCode"] = "IP_GEO_EMPTY"
58
+ geo_map['source.ip_Country_Name'] = "IP_GEO_EMPTY"
59
+ geo_map["source.ip_Country_SpecificName"] = "IP_GEO_EMPTY"
60
+ geo_map['source.ip_Country_SpecificIsoCode'] = "IP_GEO_EMPTY"
61
+ geo_map['source.ip_City_Name'] = "IP_GEO_EMPTY"
62
+ geo_map['source.ip_City_PostalCode'] = "IP_GEO_EMPTY"
63
+ geo_map['source.ip_Location_Latitude'] = "IP_GEO_EMPTY"
64
+ geo_map["source.ip_Location_Longitude"] = "IP_GEO_EMPTY"
65
+ else:
66
+ geo_map["source.ip_Country_IsoCode"] = source_ip_name
67
+ geo_map['source.ip_Country_Name'] = source_ip_name
68
+ geo_map["source.ip_Country_SpecificName"] = source_ip_name
69
+ geo_map['source.ip_Country_SpecificIsoCode'] = source_ip_name
70
+ geo_map['source.ip_City_Name'] = source_ip_name
71
+ geo_map['source.ip_City_PostalCode'] = source_ip_name
72
+ geo_map['source.ip_Location_Latitude'] = source_ip_name
73
+ geo_map["source.ip_Location_Longitude"] = source_ip_name
74
+ destination_ip = geo_map["destination.ip"]
75
+ destination_ip_name = self.is_stable_name(destination_ip)
76
+ if destination_ip_name is not False:
77
+ try:
78
+ response = self.reader.city(destination_ip)
79
+ geo_map["destination.ip_Country_IsoCode"] = self.fill_geo_empty(response.country.iso_code)
80
+ geo_map['destination.ip_Country_Name'] = self.fill_geo_empty(response.country.name)
81
+ geo_map["destination.ip_Country_SpecificName"] = self.fill_geo_empty(
82
+ response.subdivisions.most_specific.name)
83
+ geo_map['destination.ip_Country_SpecificIsoCode'] = self.fill_geo_empty(
84
+ response.subdivisions.most_specific.iso_code)
85
+ geo_map['destination.ip_City_Name'] = self.fill_geo_empty(response.city.name)
86
+ geo_map['destination.ip_City_PostalCode'] = self.fill_geo_empty(response.postal.code)
87
+ geo_map['destination.ip_Location_Latitude'] = self.fill_geo_empty(response.location.latitude)
88
+ geo_map["destination.ip_Location_Longitude"] = self.fill_geo_empty(response.location.longitude)
89
+ except Exception:
90
+ geo_map["destination.ip_Country_IsoCode"] = "IP_GEO_EMPTY"
91
+ geo_map['destination.ip_Country_Name'] = "IP_GEO_EMPTY"
92
+ geo_map["destination.ip_Country_SpecificName"] = "IP_GEO_EMPTY"
93
+ geo_map['destination.ip_Country_SpecificIsoCode'] = "IP_GEO_EMPTY"
94
+ geo_map['destination.ip_City_Name'] = "IP_GEO_EMPTY"
95
+ geo_map['destination.ip_City_PostalCode'] = "IP_GEO_EMPTY"
96
+ geo_map['destination.ip_Location_Latitude'] = "IP_GEO_EMPTY"
97
+ geo_map["destination.ip_Location_Longitude"] = "IP_GEO_EMPTY"
98
+ else:
99
+ geo_map["destination.ip_Country_IsoCode"] = destination_ip_name
100
+ geo_map['destination.ip_Country_Name'] = destination_ip_name
101
+ geo_map["destination.ip_Country_SpecificName"] = destination_ip_name
102
+ geo_map['destination.ip_Country_SpecificIsoCode'] = destination_ip_name
103
+ geo_map['destination.ip_City_Name'] = destination_ip_name
104
+ geo_map['destination.ip_City_PostalCode'] = destination_ip_name
105
+ geo_map['destination.ip_Location_Latitude'] = destination_ip_name
106
+ geo_map["destination.ip_Location_Longitude"] = destination_ip_name
107
+ return geo_map
xbase_util-0.1.1/xbase_util/xbase_constant.py ADDED
@@ -0,0 +1,5 @@
1
+ import os
2
+
3
+ current_dir = os.path.dirname(__file__)
4
+ parse_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'arkimeparse.js')
5
+ geo_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'GeoLite2-City.mmdb')
{xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/xbase_util.py RENAMED
@@ -1,12 +1,8 @@
1
- import os
2
1
  import re
3
2
 
4
3
  import execjs
5
- import geoip2.database
6
4
 
7
- current_dir = os.path.dirname(__file__)
8
- parse_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'arkimeparse.js')
9
- geo_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'GeoLite2-City.mmdb')
5
+ from xbase_util.xbase_constant import parse_path
10
6
 
11
7
 
12
8
  def parse_expression(expression):
@@ -18,8 +14,8 @@ def parse_expression(expression):
18
14
  return None
19
15
 
20
16
 
21
- def geo_reader():
22
- return geoip2.database.Reader(geo_path)
17
+ # def geo_reader():
18
+ # return geoip2.database.Reader(geo_path)
23
19
 
24
20
 
25
21
  def split_samples(sample, per_subsection):
{xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.1.0
3
+ Version: 0.1.1
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/SOURCES.txt RENAMED
@@ -3,8 +3,10 @@ setup.py
3
3
  xbase_util/__init__.py
4
4
  xbase_util/es_db_util.py
5
5
  xbase_util/esreq.py
6
+ xbase_util/geo_util.py
6
7
  xbase_util/handle_features_util.py
7
8
  xbase_util/pcap_util.py
9
+ xbase_util/xbase_constant.py
8
10
  xbase_util/xbase_util.py
9
11
  xbase_util.egg-info/PKG-INFO
10
12
  xbase_util.egg-info/SOURCES.txt
{xbase_util-0.1.0 → xbase_util-0.1.1}/README.md RENAMED
File without changes
{xbase_util-0.1.0 → xbase_util-0.1.1}/setup.cfg RENAMED
File without changes