xbase-util 0.1.0__tar.gz → 0.1.1__tar.gz

Sign up to get free protection for your applications and to get access to all the features.
Files changed (19) hide show
  1. {xbase_util-0.1.0 → xbase_util-0.1.1}/PKG-INFO +1 -1
  2. {xbase_util-0.1.0 → xbase_util-0.1.1}/setup.py +1 -1
  3. xbase_util-0.1.1/xbase_util/geo_util.py +107 -0
  4. xbase_util-0.1.1/xbase_util/xbase_constant.py +5 -0
  5. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/xbase_util.py +3 -7
  6. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/PKG-INFO +1 -1
  7. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/SOURCES.txt +2 -0
  8. {xbase_util-0.1.0 → xbase_util-0.1.1}/README.md +0 -0
  9. {xbase_util-0.1.0 → xbase_util-0.1.1}/setup.cfg +0 -0
  10. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/__init__.py +0 -0
  11. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/es_db_util.py +0 -0
  12. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/esreq.py +0 -0
  13. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/handle_features_util.py +0 -0
  14. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/pcap_util.py +0 -0
  15. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/dependency_links.txt +0 -0
  16. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/not-zip-safe +0 -0
  17. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/top_level.txt +0 -0
  18. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
  19. {xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util_assets/arkimeparse.js +0 -0
{xbase_util-0.1.0 → xbase_util-0.1.1}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase_util
3
- Version: 0.1.0
3
+ Version: 0.1.1
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.1.0 → xbase_util-0.1.1}/setup.py RENAMED
@@ -3,7 +3,7 @@ from distutils.core import setup
3
3
  from setuptools import find_packages
4
4
 
5
5
  setup(name="xbase_util",
6
- version="0.1.0",
6
+ version="0.1.1",
7
7
  description="网络安全基础工具",
8
8
  long_description="包含提取,预测,训练的基础工具",
9
9
  author="xyt",
xbase_util-0.1.1/xbase_util/geo_util.py ADDED
@@ -0,0 +1,107 @@
1
+ import re
2
+
3
+ import geoip2.database
4
+
5
+ from xbase_util.xbase_constant import geo_path
6
+
7
+
8
+ class GeoUtil:
9
+ def __init__(self, reader):
10
+ self.reader = geoip2.database.Reader(geo_path)
11
+ print("初始化:GeoUtil")
12
+
13
+ @staticmethod
14
+ def is_stable_name(ip):
15
+ ip_match = r"^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|0?[0-9]?[1-9]|0?[1-9]0)\.)(?:(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){2}(?:25[0-4]|2[0-4][0-9]|1[0-9][0-9]|0?[0-9]?[1-9]|0?[1-9]0)$"
16
+ if re.match(ip_match, ip):
17
+ # 分割IP地址
18
+ octets = ip.split('.')
19
+ first_octet = int(octets[0])
20
+ second_octet = int(octets[1])
21
+ # 判断是否是本地地址
22
+ if ip == "10.28.0.0" or ip.startswith("10.28.0.") or ip.startswith("10.28.0.0/16"):
23
+ return "LOCAL_ADDRESS"
24
+ # 判断是否是VPN地址
25
+ if ip.startswith("10.28.15"):
26
+ return "VPN_ADDRESS"
27
+ # 判断是否是分支机构地址
28
+ if (192 <= first_octet <= 195) or (first_octet == 192 and 144 <= second_octet <= 255):
29
+ return "DEPARTMENT_ADDRESS"
30
+ else:
31
+ return False
32
+
33
+ @staticmethod
34
+ def fill_geo_empty(value):
35
+ if value == "" or value is None:
36
+ return "IP_GEO_EMPTY"
37
+ else:
38
+ return value
39
+
40
+ def get_geo_by_ip(self, geo_map):
41
+ source_ip = geo_map["source.ip"]
42
+ source_ip_name = self.is_stable_name(source_ip)
43
+ if source_ip_name is not False:
44
+ try:
45
+ response = self.reader.city(source_ip)
46
+ geo_map["source.ip_Country_IsoCode"] = self.fill_geo_empty(response.country.iso_code)
47
+ geo_map['source.ip_Country_Name'] = self.fill_geo_empty(response.country.name)
48
+ geo_map["source.ip_Country_SpecificName"] = self.fill_geo_empty(
49
+ response.subdivisions.most_specific.name)
50
+ geo_map['source.ip_Country_SpecificIsoCode'] = self.fill_geo_empty(
51
+ response.subdivisions.most_specific.iso_code)
52
+ geo_map['source.ip_City_Name'] = self.fill_geo_empty(response.city.name)
53
+ geo_map['source.ip_City_PostalCode'] = self.fill_geo_empty(response.postal.code)
54
+ geo_map['source.ip_Location_Latitude'] = self.fill_geo_empty(response.location.latitude)
55
+ geo_map["source.ip_Location_Longitude"] = self.fill_geo_empty(response.location.longitude)
56
+ except Exception as e:
57
+ geo_map["source.ip_Country_IsoCode"] = "IP_GEO_EMPTY"
58
+ geo_map['source.ip_Country_Name'] = "IP_GEO_EMPTY"
59
+ geo_map["source.ip_Country_SpecificName"] = "IP_GEO_EMPTY"
60
+ geo_map['source.ip_Country_SpecificIsoCode'] = "IP_GEO_EMPTY"
61
+ geo_map['source.ip_City_Name'] = "IP_GEO_EMPTY"
62
+ geo_map['source.ip_City_PostalCode'] = "IP_GEO_EMPTY"
63
+ geo_map['source.ip_Location_Latitude'] = "IP_GEO_EMPTY"
64
+ geo_map["source.ip_Location_Longitude"] = "IP_GEO_EMPTY"
65
+ else:
66
+ geo_map["source.ip_Country_IsoCode"] = source_ip_name
67
+ geo_map['source.ip_Country_Name'] = source_ip_name
68
+ geo_map["source.ip_Country_SpecificName"] = source_ip_name
69
+ geo_map['source.ip_Country_SpecificIsoCode'] = source_ip_name
70
+ geo_map['source.ip_City_Name'] = source_ip_name
71
+ geo_map['source.ip_City_PostalCode'] = source_ip_name
72
+ geo_map['source.ip_Location_Latitude'] = source_ip_name
73
+ geo_map["source.ip_Location_Longitude"] = source_ip_name
74
+ destination_ip = geo_map["destination.ip"]
75
+ destination_ip_name = self.is_stable_name(destination_ip)
76
+ if destination_ip_name is not False:
77
+ try:
78
+ response = self.reader.city(destination_ip)
79
+ geo_map["destination.ip_Country_IsoCode"] = self.fill_geo_empty(response.country.iso_code)
80
+ geo_map['destination.ip_Country_Name'] = self.fill_geo_empty(response.country.name)
81
+ geo_map["destination.ip_Country_SpecificName"] = self.fill_geo_empty(
82
+ response.subdivisions.most_specific.name)
83
+ geo_map['destination.ip_Country_SpecificIsoCode'] = self.fill_geo_empty(
84
+ response.subdivisions.most_specific.iso_code)
85
+ geo_map['destination.ip_City_Name'] = self.fill_geo_empty(response.city.name)
86
+ geo_map['destination.ip_City_PostalCode'] = self.fill_geo_empty(response.postal.code)
87
+ geo_map['destination.ip_Location_Latitude'] = self.fill_geo_empty(response.location.latitude)
88
+ geo_map["destination.ip_Location_Longitude"] = self.fill_geo_empty(response.location.longitude)
89
+ except Exception:
90
+ geo_map["destination.ip_Country_IsoCode"] = "IP_GEO_EMPTY"
91
+ geo_map['destination.ip_Country_Name'] = "IP_GEO_EMPTY"
92
+ geo_map["destination.ip_Country_SpecificName"] = "IP_GEO_EMPTY"
93
+ geo_map['destination.ip_Country_SpecificIsoCode'] = "IP_GEO_EMPTY"
94
+ geo_map['destination.ip_City_Name'] = "IP_GEO_EMPTY"
95
+ geo_map['destination.ip_City_PostalCode'] = "IP_GEO_EMPTY"
96
+ geo_map['destination.ip_Location_Latitude'] = "IP_GEO_EMPTY"
97
+ geo_map["destination.ip_Location_Longitude"] = "IP_GEO_EMPTY"
98
+ else:
99
+ geo_map["destination.ip_Country_IsoCode"] = destination_ip_name
100
+ geo_map['destination.ip_Country_Name'] = destination_ip_name
101
+ geo_map["destination.ip_Country_SpecificName"] = destination_ip_name
102
+ geo_map['destination.ip_Country_SpecificIsoCode'] = destination_ip_name
103
+ geo_map['destination.ip_City_Name'] = destination_ip_name
104
+ geo_map['destination.ip_City_PostalCode'] = destination_ip_name
105
+ geo_map['destination.ip_Location_Latitude'] = destination_ip_name
106
+ geo_map["destination.ip_Location_Longitude"] = destination_ip_name
107
+ return geo_map
xbase_util-0.1.1/xbase_util/xbase_constant.py ADDED
@@ -0,0 +1,5 @@
1
+ import os
2
+
3
+ current_dir = os.path.dirname(__file__)
4
+ parse_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'arkimeparse.js')
5
+ geo_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'GeoLite2-City.mmdb')
{xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util/xbase_util.py RENAMED
@@ -1,12 +1,8 @@
1
- import os
2
1
  import re
3
2
 
4
3
  import execjs
5
- import geoip2.database
6
4
 
7
- current_dir = os.path.dirname(__file__)
8
- parse_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'arkimeparse.js')
9
- geo_path = os.path.join(current_dir, '..', 'xbase_util_assets', 'GeoLite2-City.mmdb')
5
+ from xbase_util.xbase_constant import parse_path
10
6
 
11
7
 
12
8
  def parse_expression(expression):
@@ -18,8 +14,8 @@ def parse_expression(expression):
18
14
  return None
19
15
 
20
16
 
21
- def geo_reader():
22
- return geoip2.database.Reader(geo_path)
17
+ # def geo_reader():
18
+ # return geoip2.database.Reader(geo_path)
23
19
 
24
20
 
25
21
  def split_samples(sample, per_subsection):
{xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: xbase-util
3
- Version: 0.1.0
3
+ Version: 0.1.1
4
4
  Summary: 网络安全基础工具
5
5
  Home-page: https://gitee.com/jimonik/xbase_util.git
6
6
  Author: xyt
{xbase_util-0.1.0 → xbase_util-0.1.1}/xbase_util.egg-info/SOURCES.txt RENAMED
@@ -3,8 +3,10 @@ setup.py
3
3
  xbase_util/__init__.py
4
4
  xbase_util/es_db_util.py
5
5
  xbase_util/esreq.py
6
+ xbase_util/geo_util.py
6
7
  xbase_util/handle_features_util.py
7
8
  xbase_util/pcap_util.py
9
+ xbase_util/xbase_constant.py
8
10
  xbase_util/xbase_util.py
9
11
  xbase_util.egg-info/PKG-INFO
10
12
  xbase_util.egg-info/SOURCES.txt
{xbase_util-0.1.0 → xbase_util-0.1.1}/README.md RENAMED
File without changes
{xbase_util-0.1.0 → xbase_util-0.1.1}/setup.cfg RENAMED
File without changes