xbase-util 0.6.9__tar.gz → 0.7.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {xbase_util-0.6.9 → xbase_util-0.7.1}/PKG-INFO +1 -1
- {xbase_util-0.6.9 → xbase_util-0.7.1}/setup.py +1 -1
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/packet_util.py +31 -30
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/xbase_constant.py +2 -2
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util.egg-info/PKG-INFO +1 -1
- {xbase_util-0.6.9 → xbase_util-0.7.1}/README.md +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/setup.cfg +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/__init__.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/add_column_util.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/dangerous_util.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/__init__.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/bean/ConfigBean.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/bean/CurrentConfigBean.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/bean/FlowBean.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/bean/TaskTemplateBean.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/bean/__init__.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/dao/ConfigDao.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/dao/CurrentConfigDao.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/dao/FlowDao.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/dao/TaskTemplateDao.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/dao/__init__.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/db/initsqlite3.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/es_db_util.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/esreq.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/geo_util.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/handle_features_util.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/pcap_util.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/segment.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util/xbase_util.py +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util.egg-info/SOURCES.txt +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util.egg-info/dependency_links.txt +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util.egg-info/not-zip-safe +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util.egg-info/top_level.txt +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util_assets/GeoLite2-City.mmdb +0 -0
- {xbase_util-0.6.9 → xbase_util-0.7.1}/xbase_util_assets/arkimeparse.js +0 -0
|
@@ -22,6 +22,7 @@ def content_type_is_plain(packet):
|
|
|
22
22
|
if ":" not in item:
|
|
23
23
|
continue
|
|
24
24
|
content_type = item.split(":")[1].replace("\r", "").strip()
|
|
25
|
+
print(content_type)
|
|
25
26
|
return content_type in plain_content_type_columns
|
|
26
27
|
return False
|
|
27
28
|
|
|
@@ -71,34 +72,34 @@ http_req_path = re.compile(r"(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH)\s+(\/[^\
|
|
|
71
72
|
res_status_code_pattern = re.compile(r"HTTP\/\d\.\d\s+(\d{3})\s+.*")
|
|
72
73
|
|
|
73
74
|
|
|
74
|
-
def get_all_packets_by_reg(packets):
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
75
|
+
# def get_all_packets_by_reg(packets):
|
|
76
|
+
# http_Req_Raw = {}
|
|
77
|
+
# http_methods = ("POST /", "PUT /", "OPTIONS /", "DELETE /", "GET /")
|
|
78
|
+
# for packet in packets:
|
|
79
|
+
# if TCP in packet and Raw in packet:
|
|
80
|
+
# data = packet[Raw].load
|
|
81
|
+
# ack = packet[TCP].ack
|
|
82
|
+
# next_ack = packet[TCP].seq + len(data)
|
|
83
|
+
# if ack not in http_Req_Raw:
|
|
84
|
+
# http_Req_Raw[ack] = {"time": [float(packet.time)], "data": data, "next_ack": next_ack}
|
|
85
|
+
# else:
|
|
86
|
+
# http_Req_Raw[ack]["time"].append(float(packet.time))
|
|
87
|
+
# http_Req_Raw[ack]["data"] += data
|
|
88
|
+
# http_Req_Raw[ack]["next_ack"] = next_ack
|
|
89
|
+
# packet_list = [
|
|
90
|
+
# {
|
|
91
|
+
# 'req_data': item['data'],
|
|
92
|
+
# 'res_data': http_Req_Raw[item['next_ack']]['data'],
|
|
93
|
+
# 'req_text': filter_visible_chars(item['data']),
|
|
94
|
+
# 'res_text': filter_visible_chars(http_Req_Raw[item['next_ack']]['data']),
|
|
95
|
+
# 'req_time': item['time'],
|
|
96
|
+
# 'res_time': http_Req_Raw[item['next_ack']]['time']
|
|
97
|
+
# }
|
|
98
|
+
# for ack, item in http_Req_Raw.items()
|
|
99
|
+
# if item['next_ack'] in http_Req_Raw # 检查 next_ack 是否存在
|
|
100
|
+
# and any(method in filter_visible_chars(item['data']) for method in http_methods)
|
|
101
|
+
# ]
|
|
102
|
+
# return packet_list
|
|
102
103
|
|
|
103
104
|
|
|
104
105
|
def get_header_value(header_set, value):
|
|
@@ -139,9 +140,9 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
|
|
|
139
140
|
res_field['plain_body_src'] = ""
|
|
140
141
|
res_field['plain_body_dst'] = ""
|
|
141
142
|
if content_type_is_plain(req_header):
|
|
142
|
-
res_field['plain_body_src'] = req_body
|
|
143
|
+
res_field['plain_body_src'] = f"{req_body}"
|
|
143
144
|
if content_type_is_plain(res_header):
|
|
144
|
-
res_field['plain_body_dst'] = res_body
|
|
145
|
+
res_field['plain_body_dst'] = f"{res_body}"
|
|
145
146
|
|
|
146
147
|
http_server_version_res = http_version.findall(res_header)
|
|
147
148
|
res_field['http.serverVersion'] = http_server_version_res[0] if len(http_server_version_res) > 0 else ""
|
|
@@ -223,14 +223,14 @@ regex_patterns = {
|
|
|
223
223
|
re.IGNORECASE)
|
|
224
224
|
}
|
|
225
225
|
# 可见的content-type值
|
|
226
|
-
plain_content_type_columns = ['text/json;charset=gbk',
|
|
226
|
+
plain_content_type_columns = ['text/json;charset=gbk','text/javascript','text/css','text/html;charset=gb2312',
|
|
227
227
|
'application/xml;charset=gbk', 'application/xml;charset=utf_8', 'application/tlt_notify',
|
|
228
228
|
'application/json;charset=gbk', 'text/xml;charset=utf_8', 'application/json',
|
|
229
229
|
'text/csv;charset=utf_8', 'application/json;charse=utf_8',
|
|
230
230
|
'application/soap+xml;charset=utf_8;action="urn:dopricetaxseparated"',
|
|
231
231
|
'text/xml;charset=gbk', 'text/xml', 'application/x_cm_json;charset=utf_8',
|
|
232
232
|
'application/xml;tz=utc', 'text/xml;charset="utf_8"', 'application/x_java_archive',
|
|
233
|
-
'application/msword', '
|
|
233
|
+
'application/msword', 'application/xml',
|
|
234
234
|
'application/x_stapler_method_invocation;charset=utf_8', 'text/plain;charset=iso_8859_1',
|
|
235
235
|
'application/x_www_form_urlencoded;charset=utf_8', 'text/plain;charset=gbk',
|
|
236
236
|
'application/octet_stream;charset=utf_8', 'application/x_tika_ooxml',
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|