:py:mod:`flow.record.fieldtypes` ================================ .. py:module:: flow.record.fieldtypes Subpackages ----------- .. toctree:: :titlesonly: :maxdepth: 3 net/index.rst Submodules ---------- .. toctree:: :titlesonly: :maxdepth: 1 credential/index.rst Package Contents ---------------- Classes ~~~~~~~ .. autoapisummary:: flow.record.fieldtypes.FieldType flow.record.fieldtypes.dynamic flow.record.fieldtypes.typedlist flow.record.fieldtypes.dictlist flow.record.fieldtypes.stringlist flow.record.fieldtypes.string flow.record.fieldtypes.bytes flow.record.fieldtypes.datetime flow.record.fieldtypes.varint flow.record.fieldtypes.float flow.record.fieldtypes.uint16 flow.record.fieldtypes.uint32 flow.record.fieldtypes.boolean flow.record.fieldtypes.filesize flow.record.fieldtypes.unix_file_mode flow.record.fieldtypes.digest flow.record.fieldtypes.uri flow.record.fieldtypes.record flow.record.fieldtypes.path flow.record.fieldtypes.posix_path flow.record.fieldtypes.windows_path flow.record.fieldtypes.command flow.record.fieldtypes.posix_command flow.record.fieldtypes.windows_command Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: flow.record.fieldtypes.flow_record_tz flow.record.fieldtypes.defang flow.record.fieldtypes.fieldtype_for_value flow.record.fieldtypes.human_readable_size Attributes ~~~~~~~~~~ .. autoapisummary:: flow.record.fieldtypes.HAS_ZONE_INFO flow.record.fieldtypes.RE_NORMALIZE_PATH flow.record.fieldtypes.NATIVE_UNICODE flow.record.fieldtypes.UTC flow.record.fieldtypes.PY_311 flow.record.fieldtypes.PY_312 flow.record.fieldtypes.TYPE_POSIX flow.record.fieldtypes.TYPE_WINDOWS flow.record.fieldtypes.string_type flow.record.fieldtypes.varint_type flow.record.fieldtypes.bytes_type flow.record.fieldtypes.float_type flow.record.fieldtypes.path_type flow.record.fieldtypes.DISPLAY_TZINFO flow.record.fieldtypes.wstring .. py:data:: HAS_ZONE_INFO :value: True .. py:class:: FieldType .. py:method:: default() :classmethod: Return the default value for the field in the Record template. .. py:data:: RE_NORMALIZE_PATH .. py:data:: NATIVE_UNICODE .. py:data:: UTC .. py:data:: PY_311 .. py:data:: PY_312 .. py:data:: TYPE_POSIX :value: 0 .. py:data:: TYPE_WINDOWS :value: 1 .. py:data:: string_type .. py:data:: varint_type .. py:data:: bytes_type .. py:data:: float_type .. py:data:: path_type .. py:function:: flow_record_tz(*, default_tz: str = 'UTC') -> Optional[zoneinfo.ZoneInfo | UTC] Return a ``ZoneInfo`` object based on the ``FLOW_RECORD_TZ`` environment variable. :param default_tz: Default timezone if ``FLOW_RECORD_TZ`` is not set (default: UTC). :returns: None if ``FLOW_RECORD_TZ=NONE`` otherwise ``ZoneInfo(FLOW_RECORD_TZ)`` or ``UTC`` if ZoneInfo is not found. .. py:data:: DISPLAY_TZINFO .. py:function:: defang(value: str) -> str Defangs the value to make URLs or ip addresses unclickable .. py:function:: fieldtype_for_value(value, default='string') Returns fieldtype name derived from the value. Returns `default` if it cannot be derived. :param value: value to derive the fieldtype from :returns: the field type name or `default` if it cannot be derived :rtype: str .. rubric:: Examples >>> fieldtype_for_value("hello") "string" >>> fieldtype_for_value(1337) "varint" >>> fieldtype_for_value(object(), None) None .. py:class:: dynamic Bases: :py:obj:`flow.record.base.FieldType` .. py:class:: typedlist(values=None) Bases: :py:obj:`list`, :py:obj:`flow.record.base.FieldType` Built-in mutable sequence. If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified. .. py:attribute:: __type__ .. py:method:: default() :classmethod: Override default so the field is always an empty list. .. py:class:: dictlist Bases: :py:obj:`list`, :py:obj:`flow.record.base.FieldType` Built-in mutable sequence. If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified. .. py:class:: stringlist Bases: :py:obj:`list`, :py:obj:`flow.record.base.FieldType` Built-in mutable sequence. If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified. .. py:class:: string Bases: :py:obj:`string_type`, :py:obj:`flow.record.base.FieldType` str(object='') -> str str(bytes_or_buffer[, encoding[, errors]]) -> str Create a new string object from the given object. If encoding or errors is specified, then the object must expose a data buffer that will be decoded using the given encoding and error handler. Otherwise, returns the result of object.__str__() (if defined) or repr(object). encoding defaults to sys.getdefaultencoding(). errors defaults to 'strict'. .. py:method:: __format__(spec) Return a formatted version of the string as described by format_spec. .. py:data:: wstring .. py:class:: bytes(value) Bases: :py:obj:`bytes_type`, :py:obj:`flow.record.base.FieldType` bytes(iterable_of_ints) -> bytes bytes(string, encoding[, errors]) -> bytes bytes(bytes_or_buffer) -> immutable copy of bytes_or_buffer bytes(int) -> bytes object of size given by the parameter initialized with null bytes bytes() -> empty bytes object Construct an immutable array of bytes from: - an iterable yielding integers in range(256) - a text string encoded using the specified encoding - any object implementing the buffer API. - an integer .. py:attribute:: value .. py:method:: __repr__() Return repr(self). .. py:method:: __format__(spec) Default object formatter. .. py:class:: datetime Bases: :py:obj:`datetime.datetime`, :py:obj:`flow.record.base.FieldType` datetime(year, month, day[, hour[, minute[, second[, microsecond[,tzinfo]]]]]) The year, month and day arguments are required. tzinfo may be None, or an instance of a tzinfo subclass. The remaining arguments may be ints. .. py:method:: __str__() Convert to string, for str(). .. py:method:: __repr__() Convert to formal string, for repr(). .. py:method:: __hash__() Hash. .. py:class:: varint Bases: :py:obj:`varint_type`, :py:obj:`flow.record.base.FieldType` int([x]) -> integer int(x, base=10) -> integer Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero. If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by '+' or '-' and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int('0b100', base=0) 4 .. py:class:: float Bases: :py:obj:`float`, :py:obj:`flow.record.base.FieldType` Convert a string or number to a floating point number, if possible. .. py:class:: uint16(value) Bases: :py:obj:`int`, :py:obj:`flow.record.base.FieldType` int([x]) -> integer int(x, base=10) -> integer Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero. If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by '+' or '-' and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int('0b100', base=0) 4 .. py:attribute:: value .. py:method:: __repr__() Return repr(self). .. py:class:: uint32(value) Bases: :py:obj:`int`, :py:obj:`flow.record.base.FieldType` int([x]) -> integer int(x, base=10) -> integer Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero. If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by '+' or '-' and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int('0b100', base=0) 4 .. py:attribute:: value .. py:class:: boolean(value) Bases: :py:obj:`int`, :py:obj:`flow.record.base.FieldType` int([x]) -> integer int(x, base=10) -> integer Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero. If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by '+' or '-' and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int('0b100', base=0) 4 .. py:attribute:: value .. py:method:: __str__() Return str(self). .. py:method:: __repr__() Return repr(self). .. py:function:: human_readable_size(x) .. py:class:: filesize Bases: :py:obj:`varint` int([x]) -> integer int(x, base=10) -> integer Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero. If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by '+' or '-' and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int('0b100', base=0) 4 .. py:method:: __repr__() Return repr(self). .. py:class:: unix_file_mode Bases: :py:obj:`varint` int([x]) -> integer int(x, base=10) -> integer Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero. If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by '+' or '-' and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int('0b100', base=0) 4 .. py:method:: __repr__() Return repr(self). .. py:class:: digest(value=None, **kwargs) Bases: :py:obj:`flow.record.base.FieldType` .. py:property:: md5 .. py:property:: sha1 .. py:property:: sha256 .. py:method:: default() :classmethod: Override default so the field is always a digest() instance. .. py:method:: __repr__() Return repr(self). .. py:class:: uri(value) Bases: :py:obj:`string`, :py:obj:`flow.record.base.FieldType` str(object='') -> str str(bytes_or_buffer[, encoding[, errors]]) -> str Create a new string object from the given object. If encoding or errors is specified, then the object must expose a data buffer that will be decoded using the given encoding and error handler. Otherwise, returns the result of object.__str__() (if defined) or repr(object). encoding defaults to sys.getdefaultencoding(). errors defaults to 'strict'. .. py:property:: scheme .. py:property:: protocol .. py:property:: netloc .. py:property:: path .. py:property:: params .. py:property:: query .. py:property:: args .. py:property:: fragment .. py:property:: username .. py:property:: password .. py:property:: hostname .. py:property:: port .. py:property:: filename .. py:property:: dirname .. py:method:: normalize(path) :staticmethod: Normalize Windows paths to posix. c:\windows\system32\cmd.exe -> c:/windows/system32/cmd.exe .. py:method:: from_windows(path) :classmethod: Initialize a uri instance from a windows path. .. py:class:: record Bases: :py:obj:`flow.record.base.FieldType` .. py:class:: path Bases: :py:obj:`pathlib.PurePath`, :py:obj:`flow.record.base.FieldType` Base class for manipulating paths without I/O. PurePath represents a filesystem path and offers operations which don't imply any actual filesystem I/O. Depending on your system, instantiating a PurePath will return either a PurePosixPath or a PureWindowsPath object. You can also instantiate either of these classes directly, regardless of your system. .. py:method:: __eq__(other: Any) -> bool Return self==value. .. py:method:: __repr__() -> str Return repr(self). .. py:method:: from_posix(path_: str) :classmethod: Initialize a path instance from a posix path string using / as a separator. .. py:method:: from_windows(path_: str) :classmethod: Initialize a path instance from a windows path string using \ or / as a separator. .. py:class:: posix_path Bases: :py:obj:`pathlib.PurePosixPath`, :py:obj:`path` PurePath subclass for non-Windows systems. On a POSIX system, instantiating a PurePath should return this object. However, you can also instantiate it directly on any system. .. py:class:: windows_path Bases: :py:obj:`pathlib.PureWindowsPath`, :py:obj:`path` PurePath subclass for Windows systems. On a Windows system, instantiating a PurePath should return this object. However, you can also instantiate it directly on any system. .. py:method:: __repr__() -> str Return repr(self). .. py:class:: command(value: str | tuple[str, tuple[str]] | None) Bases: :py:obj:`flow.record.base.FieldType` .. py:attribute:: executable :type: Optional[path] .. py:attribute:: args :type: Optional[list[str]] .. py:method:: __repr__() -> str Return repr(self). .. py:method:: __eq__(other: Any) -> bool Return self==value. .. py:method:: from_posix(value: str) -> command :classmethod: .. py:method:: from_windows(value: str) -> command :classmethod: .. py:class:: posix_command(value: str | tuple[str, tuple[str]] | None) Bases: :py:obj:`command` .. py:class:: windows_command(value: str | tuple[str, tuple[str]] | None) Bases: :py:obj:`command`