Feat: Introduce net-localgroup net-user and route-print parsers #602
Conversation
|
This PR seems to have other unrelated files in it (e.g. |
|
I'll get those removed. I branched off of the wrong branch when I started. It'll be up soon |
joehacksalot
force-pushed
the
feat/net-localgroup
branch
from
defa407
to
0f576e8
Compare
|
ok. should be ready now |
| author = 'joehacksalot' | ||
| author_email = 'joehacksalot@gmail.com' | ||
| compatible = ['windows'] | ||
| magic_commands = ['net-localgroup'] |
There was a problem hiding this comment.
I think this should be magic_commands = ['net localgroup']
| Notes: | ||
| [0] - 'lease_expires' and 'lease_obtained' are parsed to ISO8601 format date strings. if the value was unable | ||
| to be parsed by datetime, the fields will be in their raw form | ||
| [1] - 'autoconfigured' under 'ipv4_address' is only providing indication if the ipv4 address was labeled as | ||
| "Autoconfiguration IPv4 Address" vs "IPv4 Address". It does not infer any information from other fields | ||
| [2] - Windows XP uses 'IP Address' instead of 'IPv4 Address'. Both values are parsed to the 'ipv4_address' | ||
| object for consistency |
There was a problem hiding this comment.
I think this section can be deleted.
| $ net localgroup Administrators | jc --net-localgroup -p | jq | ||
| $ net localgroup /domain | jc --net-localgroup -p | jq |
There was a problem hiding this comment.
Looks like these examples are missing. no need to pipe through jq when using the -p option.
| Usage (module): | ||
|
|
||
| import jc | ||
| result = jc.parse('net-localgroup', net_localgroup_command_output) |
There was a problem hiding this comment.
Though 'net-localgroup' will work here, it is best to use 'net_localgroup' for python module examples.
| Usage (module): | ||
| import jc | ||
| result = jc.parse('net-user', net_user_command_output) |
There was a problem hiding this comment.
Should use 'net_user' instead of 'net-user' here. Also, change to 'net-users' if the parser name changes.
| } | ||
| Notes: | ||
| - The `metric` field is typically an integer but can sometimes be set to "Default" |
There was a problem hiding this comment.
Wonder if there is another way of handling this? Could a metric of -1 or even null/None be the "Default"? Or another field called metric_is_default set to True or something?
| @@ -0,0 +1,565 @@ | |||
| r"""jc - JSON Convert `route-print` command output parser | |||
| author = 'joehacksalot' | ||
| author_email = 'joehacksalot@gmail.com' | ||
| compatible = ['windows'] | ||
| magic_commands = ['route-print'] |
| return raw_output if raw else _process(raw_output) | ||
| except Exception as e: | ||
| if not quiet: | ||
| jc.utils.warning_message(['Could not parse data due to unexpected format.']) |
There was a problem hiding this comment.
This type of exception handling can make it difficult to troubleshoot. Doing this means the user cannot use jc --route-print -dd to get debug info. Without the exception handling jc should just do the right thing. If you want a custom exception message, it would be better to use jc.exceptions.ParseError:
from jc.exceptions import ParseError
raise ParseError('My custom error here.')
You can find examples in the following parsers: cef.py, csv.py, uname.py, etc.
| return raw_output if raw else _process(raw_output) | ||
| except Exception as e: | ||
| if not quiet: | ||
| jc.utils.warning_message(['Could not parse data due to unexpected format.']) |
There was a problem hiding this comment.
This type of exception handling can make it difficult to troubleshoot. Doing this means the user cannot use jc --route-print -dd to get debug info. Without the exception handling jc should just do the right thing. If you want a custom exception message, it would be better to use jc.exceptions.ParseError:
from jc.exceptions import ParseError
raise ParseError('My custom error here.')
You can find examples in the following parsers: cef.py, csv.py, uname.py, etc.
kellyjonbrazil
added
reviewing
and removed
question
This PR introduces a new parsers for
net-localgroup,net-userandroute-print[1] windows commands.Tested on:
Windows XP
Windows 7
Windows 10
Windows 11
Windows Server 2008
Windows Server 2016
Note:
[1] - The 'metric' fields are generally integers, and I was processing them as such but found one instance where the value was the string "Default", which after some research, would require looking up the OS default metric currently set to identify the numerical value. For this reason, I changed the schema type to string and left the original value for the end user to interpret.
This closes #600