PyPI - xbase-util - Versions diffs - 0.9.5__tar.gz → 0.9.7__tar.gz - Mend

xbase-util 0.9.5tar.gz → 0.9.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

{xbase_util-0.9.5 → xbase_util-0.9.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: xbase_util
-Version: 0.9.5
+Version: 0.9.7
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt

{xbase_util-0.9.5 → xbase_util-0.9.7}/setup.py RENAMED Viewed

@@ -3,7 +3,7 @@ from distutils.core import setup
 from setuptools import find_packages
 setup(name="xbase_util",
-      version="0.9.5",
+      version="0.9.7",
       description="网络安全基础工具",
       long_description="包含提取，预测，训练的基础工具",
       author="xyt",

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/common_util.py RENAMED Viewed

@@ -230,8 +230,8 @@ def get_statistic_fields(packets):
     packet_len_rate = round((packet_len_total_count / total_time) / 1000, 5) if total_time > 0 else 0
     packet_size = [len(p) for p in packets]
     field_map = {
-        "packet_size_mean": float(round(np.mean(packet_size), 5)),
-        "packet_size_variance": float(round(np.var(packet_size), 5)),
+        "packet_size_mean": float(round(np.mean(packet_size), 5)) if len(packet_size) > 0 else -1,
+        "packet_size_variance": float(round(np.var(packet_size), 5)) if len(packet_size) > 0 else -1,
         'packet_len_total_count': packet_len_total_count,
         'packet_len_total_average': packet_len_average,
         'packet_len_total_min': packet_len_min,

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/packet_util.py RENAMED Viewed

@@ -1,8 +1,9 @@
 import copy
+import re
 from xbase_util.xbase_constant import plain_content_type_columns, packetKeyname, src_dst_header, statisticHeader, \
     features_key, plain_body_columns, http_version_pattern, http_req_method_pattern, http_req_path_pattern, \
-    res_status_code_pattern
+    res_status_code_pattern, pcap_flow_text_column, abnormal_features_column
 def content_type_is_plain(packet):
@@ -28,7 +29,8 @@ def get_all_columns(
         contains_statistic_column=False,
         contains_features_column=False,
         contains_plain_body_column=False,
-        contains_pcap_flow_text=False
+        contains_pcap_flow_text=False,
+        contains_abnormal_features_column=False,
 ):
     result_columns = []
     if contains_packet_column:
@@ -42,7 +44,9 @@ def get_all_columns(
     if contains_plain_body_column:
         result_columns += plain_body_columns
     if contains_pcap_flow_text:
-        result_columns.append(contains_pcap_flow_text)
+        result_columns.append(pcap_flow_text_column)
+    if contains_abnormal_features_column:
+        result_columns.append(abnormal_features_column)
     return result_columns
@@ -123,3 +127,42 @@ def get_detail_by_package(publicField, req_header, req_body, res_header, res_bod
             if f"dst_{key}" in src_dst_header:
                 res_field[f"dst_{key}"] = value
     return res_field
+def str_list_in_list(str_list, features_list):
+    for str_item in str_list:
+        if len([item for item in features_list if item in str_item]):
+            return True
+    return False
+def has_dir_penetration(str_list):
+    return str_list_in_list(str_list, features_list=["../", "/..", "..", "%2e%2e", "%2F.."])
+def has_sql_injection(str_list):
+    return str_list_in_list(str_list, features_list=['%20union%20select', '--'])
+def has_xss_injection(str_list):
+    pattern = re.compile(r"<script>alert.*?onerror=alert.*?<script>prompt.*?alert\(")
+    for str_item in str_list:
+        if pattern.search(str_item):
+            return True
+    return False
+def has_templates_injection(str_list):
+    return str_list_in_list(str_list, features_list=["{{", "}}"])
+def has_crlf_injection(str_list):
+    return str_list_in_list(str_list, features_list=["%0D%0A"])
+def has_xxe_attack(str_list):
+    return str_list_in_list(str_list, features_list=['"SYSTEM "'])
+def has_code_injection_or_execute(str_list):
+    return str_list_in_list(str_list, features_list=['command', 'var_dump', 'execute(', 'md5('])

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/pcap_util.py RENAMED Viewed

@@ -334,7 +334,7 @@ def reassemble_session_pcap(reassemble_tcp_res, skey, session_id='none'):
 def reassemble_tcp_pcap(p):
-    packets = [{'pkt': item} for item in p if TCP in item and Raw in item]
+    packets = [{'pkt': item} for item in p if TCP in item and Raw in item and IP in item]
     packets2 = []
     info = {}
     keys = []

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/xbase_constant.py RENAMED Viewed

@@ -223,7 +223,7 @@ regex_patterns = {
         re.IGNORECASE)
 }
 # 可见的content-type值
-plain_content_type_columns = ['text/json;charset=gbk','text/javascript','text/css','text/html;charset=gb2312',
+plain_content_type_columns = ['text/json;charset=gbk', 'text/javascript', 'text/css', 'text/html;charset=gb2312',
                               'application/xml;charset=gbk', 'application/xml;charset=utf_8', 'application/tlt_notify',
                               'application/json;charset=gbk', 'text/xml;charset=utf_8', 'application/json',
                               'text/csv;charset=utf_8', 'application/json;charse=utf_8',
@@ -285,6 +285,10 @@ packetKeyname = ['id', 'segmentCnt', 'tcpflags.rst', 'tcpflags.ack', 'tcpflags.s
                  "ua_duplicate_count"]
 plain_body_columns = ["plain_body_src",
                       "plain_body_dst"]
+abnormal_features_column = ['abnormal_has_xff', 'abnormal_has_dir_penetration', 'abnormal_has_templates_injection',
+                            'abnormal_has_crlf_injection', 'abnormal_has_xxe_attack',
+                            'abnormal_has_code_injection_or_execute', 'abnormal_has_sql_injection']
+pcap_flow_text_column = ['pcap_flow_text']
 pattern_chuncked = re.compile(rb"Transfer-Encoding:\s*chunked", re.IGNORECASE)
 pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
@@ -292,4 +296,4 @@ pattern_gzip = re.compile(rb"Content-Encoding:\s*gzip", re.IGNORECASE)
 http_version_pattern = re.compile(r"HTTP\/(\d\.\d)")
 http_req_method_pattern = re.compile(r"(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \/[^\s]* HTTP\/\d\.\d")
 http_req_path_pattern = re.compile(r"(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH)\s+(\/[^\s]*)\s+HTTP\/\d\.\d")
-res_status_code_pattern = re.compile(r"HTTP\/\d\.\d\s+(\d{3})\s+.*")
+res_status_code_pattern = re.compile(r"HTTP\/\d\.\d\s+(\d{3})\s+.*")

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
-Name: xbase-util
-Version: 0.9.5
+Name: xbase_util
+Version: 0.9.7
 Summary: 网络安全基础工具
 Home-page: https://gitee.com/jimonik/xbase_util.git
 Author: xyt

{xbase_util-0.9.5 → xbase_util-0.9.7}/README.md RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/setup.cfg RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/add_column_util.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/dangerous_util.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/bean/ConfigBean.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/bean/CurrentConfigBean.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/bean/FlowBean.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/bean/TaskTemplateBean.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/bean/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/dao/ConfigDao.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/dao/CurrentConfigDao.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/dao/FlowDao.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/dao/TaskTemplateDao.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/dao/__init__.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/db/initsqlite3.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/es_db_util.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/esreq.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/geo_util.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util/handle_features_util.py RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util.egg-info/not-zip-safe RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util.egg-info/top_level.txt RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util_assets/GeoLite2-City.mmdb RENAMED Viewed

File without changes

{xbase_util-0.9.5 → xbase_util-0.9.7}/xbase_util_assets/arkimeparse.js RENAMED Viewed

File without changes

xbase-util 0.9.5__tar.gz → 0.9.7__tar.gz

xbase-util 0.9.5tar.gz → 0.9.7tar.gz