Skip to content

Commit e1d6357

Browse files
AlyaGomaaAlyaGomaa
committed
fix prolem parsing argus header
1 parent 8ad878e commit e1d6357

2 files changed

Lines changed: 62 additions & 6 deletions

File tree

slips_files/core/input_profilers/argus.py

Lines changed: 23 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,10 @@ def process_line(self, new_line: dict) -> Tuple[bool, str]:
3333
line = new_line["data"]
3434
nline = line.strip().split(self.separator)
3535

36+
if self.is_header_line(nline):
37+
self.define_columns(new_line)
38+
return False, "Done defining columns"
39+
3640
def get_value_of(field_name, default_=False):
3741
"""field_name is used to get the index of
3842
the field from the column_idx dict"""
@@ -42,6 +46,13 @@ def get_value_of(field_name, default_=False):
4246
except (IndexError, KeyError):
4347
return default_
4448

49+
def get_int_value_of(field_name) -> int:
50+
value = get_value_of(field_name, 0)
51+
try:
52+
return int(value)
53+
except (TypeError, ValueError):
54+
return 0
55+
4556
self.flow: ArgusConn = ArgusConn(
4657
starttime=utils.convert_to_datetime(get_value_of("starttime")),
4758
endtime=get_value_of("endtime"),
@@ -54,12 +65,12 @@ def get_value_of(field_name, default_=False):
5465
daddr=get_value_of("daddr"),
5566
dport=get_value_of("dport"),
5667
state=get_value_of("state"),
57-
pkts=int(get_value_of("pkts")),
58-
spkts=int(get_value_of("spkts")),
59-
dpkts=int(get_value_of("dpkts")),
60-
bytes=int(get_value_of("bytes")),
61-
sbytes=int(get_value_of("sbytes")),
62-
dbytes=int(get_value_of("dbytes")),
68+
pkts=get_int_value_of("pkts"),
69+
spkts=get_int_value_of("spkts"),
70+
dpkts=get_int_value_of("dpkts"),
71+
bytes=get_int_value_of("bytes"),
72+
sbytes=get_int_value_of("sbytes"),
73+
dbytes=get_int_value_of("dbytes"),
6374
interface="default",
6475
)
6576

@@ -137,3 +148,9 @@ def define_columns(self, new_line: dict) -> dict:
137148
)
138149
self.print(traceback.format_exc(), 0, 1)
139150
sys.exit(1)
151+
152+
def is_header_line(self, nline) -> bool:
153+
"""Return True when the current line looks like an Argus header."""
154+
header_tokens = {"starttime", "time", "srcaddr", "dstaddr", "totpkts"}
155+
normalized_fields = {field.strip().lower() for field in nline}
156+
return bool(header_tokens.intersection(normalized_fields))

tests/unit/slips_files/core/input/test_argus_input_profiler.py

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
# SPDX-FileCopyrightText: 2021 Sebastian Garcia <sebastian.garcia@agents.fel.cvut.cz>
2+
# SPDX-License-Identifier: GPL-2.0-only
3+
4+
from unittest.mock import Mock
5+
6+
from slips_files.core.input_profilers.argus import Argus
7+
8+
9+
def test_argus_parser_skips_repeated_headers_and_parses_short_binetflow():
10+
parser = Argus(Mock())
11+
header = {
12+
"data": (
13+
"StartTime,Dur,Proto,SrcAddr,Sport,Dir,DstAddr,Dport,"
14+
"State,sTos,dTos,TotPkts,TotBytes,SrcBytes,Label"
15+
)
16+
}
17+
flow_line = {
18+
"data": (
19+
"2018/09/27 22:40:52.362768,193.831726,tcp,192.168.2.1,52893,"
20+
" <?>,192.168.2.12,22,CON,16,16,35,3766,1224,"
21+
)
22+
}
23+
24+
flow, err = parser.process_line(header)
25+
assert flow is False
26+
assert err == "Defined Columns"
27+
28+
flow, err = parser.process_line(header)
29+
assert flow is False
30+
assert err == "Defined Columns"
31+
32+
flow, err = parser.process_line(flow_line)
33+
assert err == ""
34+
assert flow.pkts == 35
35+
assert flow.bytes == 3766
36+
assert flow.sbytes == 1224
37+
assert flow.dbytes == 0
38+
assert flow.spkts == 0
39+
assert flow.dpkts == 0

0 commit comments

Comments
 (0)