flow.record.fieldtypes

Subpackages

• flow.record.fieldtypes.net
  • flow.record.fieldtypes.net.ip
  • flow.record.fieldtypes.net.ipv4
  • flow.record.fieldtypes.net.tcp
  • flow.record.fieldtypes.net.udp

Submodules

• flow.record.fieldtypes.credential

Package Contents

Classes

FieldType
dynamic
typedlist	Built-in mutable sequence.
dictlist	Built-in mutable sequence.
stringlist	Built-in mutable sequence.
string	str(object='') -> str
bytes	bytes(iterable_of_ints) -> bytes
datetime	datetime(year, month, day[, hour[, minute[, second[, microsecond[,tzinfo]]]]])
varint	int([x]) -> integer
float	Convert a string or number to a floating point number, if possible.
uint16	int([x]) -> integer
uint32	int([x]) -> integer
boolean	int([x]) -> integer
filesize	int([x]) -> integer
unix_file_mode	int([x]) -> integer
digest
uri	str(object='') -> str
record
path	Base class for manipulating paths without I/O.
posix_path	PurePath subclass for non-Windows systems.
windows_path	PurePath subclass for Windows systems.
command
posix_command
windows_command

Functions

flow_record_tz	Return a ZoneInfo object based on the FLOW_RECORD_TZ environment variable.
defang	Defangs the value to make URLs or ip addresses unclickable
fieldtype_for_value	Returns fieldtype name derived from the value. Returns default if it cannot be derived.
human_readable_size

Attributes

HAS_ZONE_INFO
RE_NORMALIZE_PATH
NATIVE_UNICODE
UTC
PY_311
PY_312
TYPE_POSIX
TYPE_WINDOWS
string_type
varint_type
bytes_type
float_type
path_type
DISPLAY_TZINFO
wstring

flow.record.fieldtypes.HAS_ZONE_INFO = True

class flow.record.fieldtypes.FieldType

classmethod default()

Return the default value for the field in the Record template.

flow.record.fieldtypes.RE_NORMALIZE_PATH

flow.record.fieldtypes.NATIVE_UNICODE

flow.record.fieldtypes.UTC

flow.record.fieldtypes.PY_311

flow.record.fieldtypes.PY_312

flow.record.fieldtypes.TYPE_POSIX = 0

flow.record.fieldtypes.TYPE_WINDOWS = 1

flow.record.fieldtypes.string_type

flow.record.fieldtypes.varint_type

flow.record.fieldtypes.bytes_type

flow.record.fieldtypes.float_type

flow.record.fieldtypes.path_type

flow.record.fieldtypes.flow_record_tz(*, default_tz: str = 'UTC') → zoneinfo.ZoneInfo | UTC | None

Return a ZoneInfo object based on the FLOW_RECORD_TZ environment variable.

Parameters:

default_tz – Default timezone if FLOW_RECORD_TZ is not set (default: UTC).

Returns:

None if FLOW_RECORD_TZ=NONE otherwise ZoneInfo(FLOW_RECORD_TZ) or UTC if ZoneInfo is not found.

flow.record.fieldtypes.DISPLAY_TZINFO

flow.record.fieldtypes.defang(value: str) → str

Defangs the value to make URLs or ip addresses unclickable

flow.record.fieldtypes.fieldtype_for_value(value, default='string')

Returns fieldtype name derived from the value. Returns default if it cannot be derived.

Parameters:

value – value to derive the fieldtype from

Returns:

the field type name or default if it cannot be derived

Return type:

str

Examples

>>> fieldtype_for_value("hello")
"string"
>>> fieldtype_for_value(1337)
"varint"
>>> fieldtype_for_value(object(), None)
None

class flow.record.fieldtypes.dynamic

Bases: flow.record.base.FieldType

class flow.record.fieldtypes.typedlist(values=None)

Bases: list, flow.record.base.FieldType

Built-in mutable sequence.

If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

__type__

classmethod default()

Override default so the field is always an empty list.

class flow.record.fieldtypes.dictlist

Bases: list, flow.record.base.FieldType

Built-in mutable sequence.

If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

class flow.record.fieldtypes.stringlist

Bases: list, flow.record.base.FieldType

Built-in mutable sequence.

If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

class flow.record.fieldtypes.string

Bases: string_type, flow.record.base.FieldType

str(object=’’) -> str str(bytes_or_buffer[, encoding[, errors]]) -> str

Create a new string object from the given object. If encoding or errors is specified, then the object must expose a data buffer that will be decoded using the given encoding and error handler. Otherwise, returns the result of object.__str__() (if defined) or repr(object). encoding defaults to sys.getdefaultencoding(). errors defaults to ‘strict’.

__format__(spec)

Return a formatted version of the string as described by format_spec.

flow.record.fieldtypes.wstring

class flow.record.fieldtypes.bytes(value)

Bases: bytes_type, flow.record.base.FieldType

bytes(iterable_of_ints) -> bytes bytes(string, encoding[, errors]) -> bytes bytes(bytes_or_buffer) -> immutable copy of bytes_or_buffer bytes(int) -> bytes object of size given by the parameter initialized with null bytes bytes() -> empty bytes object

Construct an immutable array of bytes from:

• an iterable yielding integers in range(256)

• a text string encoded using the specified encoding

• any object implementing the buffer API.

• an integer

value

__repr__()

Return repr(self).

__format__(spec)

Default object formatter.

class flow.record.fieldtypes.datetime

Bases: datetime.datetime, flow.record.base.FieldType

datetime(year, month, day[, hour[, minute[, second[, microsecond[,tzinfo]]]]])

The year, month and day arguments are required. tzinfo may be None, or an instance of a tzinfo subclass. The remaining arguments may be ints.

__str__()

Convert to string, for str().

__repr__()

Convert to formal string, for repr().

__hash__()

Hash.

class flow.record.fieldtypes.varint

Bases: varint_type, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4

class flow.record.fieldtypes.float

Bases: float, flow.record.base.FieldType

Convert a string or number to a floating point number, if possible.

class flow.record.fieldtypes.uint16(value)

Bases: int, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4

value

__repr__()

Return repr(self).

class flow.record.fieldtypes.uint32(value)

Bases: int, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4

value

class flow.record.fieldtypes.boolean(value)

Bases: int, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4

value

__str__()

Return str(self).

__repr__()

Return repr(self).

flow.record.fieldtypes.human_readable_size(x)

class flow.record.fieldtypes.filesize

Bases: varint

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4

__repr__()

Return repr(self).

class flow.record.fieldtypes.unix_file_mode

Bases: varint

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4

__repr__()

Return repr(self).

class flow.record.fieldtypes.digest(value=None, **kwargs)

Bases: flow.record.base.FieldType

property md5

property sha1

property sha256

classmethod default()

Override default so the field is always a digest() instance.

__repr__()

Return repr(self).

class flow.record.fieldtypes.uri(value)

Bases: string, flow.record.base.FieldType

str(object=’’) -> str str(bytes_or_buffer[, encoding[, errors]]) -> str

Create a new string object from the given object. If encoding or errors is specified, then the object must expose a data buffer that will be decoded using the given encoding and error handler. Otherwise, returns the result of object.__str__() (if defined) or repr(object). encoding defaults to sys.getdefaultencoding(). errors defaults to ‘strict’.

property scheme

property protocol

property netloc

property path

property params

property query

property args

property fragment

property username

property password

property hostname

property port

property filename

property dirname

static normalize(path)

Normalize Windows paths to posix.

c:windowssystem32cmd.exe -> c:/windows/system32/cmd.exe

classmethod from_windows(path)

Initialize a uri instance from a windows path.

class flow.record.fieldtypes.record

Bases: flow.record.base.FieldType

class flow.record.fieldtypes.path

Bases: pathlib.PurePath, flow.record.base.FieldType

Base class for manipulating paths without I/O.

PurePath represents a filesystem path and offers operations which don’t imply any actual filesystem I/O. Depending on your system, instantiating a PurePath will return either a PurePosixPath or a PureWindowsPath object. You can also instantiate either of these classes directly, regardless of your system.

__eq__(other: Any) → bool

Return self==value.

__repr__() → str

Return repr(self).

classmethod from_posix(path_: str)

Initialize a path instance from a posix path string using / as a separator.

classmethod from_windows(path_: str)

Initialize a path instance from a windows path string using or / as a separator.

class flow.record.fieldtypes.posix_path

Bases: pathlib.PurePosixPath, path

PurePath subclass for non-Windows systems.

On a POSIX system, instantiating a PurePath should return this object. However, you can also instantiate it directly on any system.

class flow.record.fieldtypes.windows_path

Bases: pathlib.PureWindowsPath, path

PurePath subclass for Windows systems.

On a Windows system, instantiating a PurePath should return this object. However, you can also instantiate it directly on any system.

__repr__() → str

Return repr(self).

class flow.record.fieldtypes.command(value: str | tuple[str, tuple[str]] | None)

Bases: flow.record.base.FieldType

executable: path | None

args: list[str] | None

__repr__() → str

Return repr(self).

__eq__(other: Any) → bool

Return self==value.

classmethod from_posix(value: str) → command

classmethod from_windows(value: str) → command

class flow.record.fieldtypes.posix_command(value: str | tuple[str, tuple[str]] | None)

Bases: command

class flow.record.fieldtypes.windows_command(value: str | tuple[str, tuple[str]] | None)

Bases: command