Feat: Introduce net-localgroup net-user and route-print parsers #602
Conversation
|
This PR seems to have other unrelated files in it (e.g. |
|
I'll get those removed. I branched off of the wrong branch when I started. It'll be up soon |
joehacksalot
force-pushed
the
feat/net-localgroup
branch
from
defa407 to
0f576e8
Compare
|
ok. should be ready now |
jc/parsers/net_localgroup.py
Outdated
| author = 'joehacksalot' | ||
| author_email = 'joehacksalot@gmail.com' | ||
| compatible = ['windows'] | ||
| magic_commands = ['net-localgroup'] |
There was a problem hiding this comment.
I think this should be magic_commands = ['net localgroup']
| Notes: | ||
| [0] - 'lease_expires' and 'lease_obtained' are parsed to ISO8601 format date strings. if the value was unable | ||
| to be parsed by datetime, the fields will be in their raw form | ||
| [1] - 'autoconfigured' under 'ipv4_address' is only providing indication if the ipv4 address was labeled as | ||
| "Autoconfiguration IPv4 Address" vs "IPv4 Address". It does not infer any information from other fields | ||
| [2] - Windows XP uses 'IP Address' instead of 'IPv4 Address'. Both values are parsed to the 'ipv4_address' | ||
| object for consistency |
There was a problem hiding this comment.
I think this section can be deleted.
There was a problem hiding this comment.
I think the information might be helpful to some users. I can delete it if you think that's best.
There was a problem hiding this comment.
Ah, I thought this was left over from the ipconfig parser. I didn't see where these footnotes were referenced in the Schema, so it didn't seem to belong here.
jc/parsers/net_localgroup.py
Outdated
| $ net localgroup Administrators | jc --net-localgroup -p | jq | ||
| $ net localgroup /domain | jc --net-localgroup -p | jq |
There was a problem hiding this comment.
Looks like these examples are missing. no need to pipe through jq when using the -p option.
jc/parsers/net_localgroup.py
Outdated
| Usage (module): | ||
|
|
||
| import jc | ||
| result = jc.parse('net-localgroup', net_localgroup_command_output) |
There was a problem hiding this comment.
Though 'net-localgroup' will work here, it is best to use 'net_localgroup' for python module examples.
| } | ||
|
|
||
| Notes: | ||
| - The `metric` field is typically an integer but can sometimes be set to "Default" |
There was a problem hiding this comment.
Wonder if there is another way of handling this? Could a metric of -1 or even null/None be the "Default"? Or another field called metric_is_default set to True or something?
There was a problem hiding this comment.
When "Default" is present, the interface is using the value currently set as operating system's default metric value. I believe this value is stored somewhere in the registry.
I'm not opposed to a -1 for default. I think I'd prefer that over using null/None since I usually assume if its null/None that it was not present in the original output.
There was a problem hiding this comment.
I started looking into doing this and I found an example where a metric was already set to -1.
{
"interface": 0,
"metric": "4294967295",
"network_destination": "2001:db8::/64",
"gateway": "fe80::1"
}
I only googled quickly, but it looks like it may be used for Windows to automatically optimize routing.
Leaving it as a string for now. Open to discuss further.
There was a problem hiding this comment.
Just seems a shame to have this be a string field because of that one possible value. I sorta like the idea of having it be null/None if it is default and then set the metric_is_default field to True. A bit more work, but fixes this type override issue.
jc/parsers/route_print.py
Outdated
| @@ -0,0 +1,565 @@ | |||
| r"""jc - JSON Convert `route-print` command output parser | |||
jc/parsers/route_print.py
Outdated
| author = 'joehacksalot' | ||
| author_email = 'joehacksalot@gmail.com' | ||
| compatible = ['windows'] | ||
| magic_commands = ['route-print'] |
jc/parsers/route_print.py
Outdated
| return raw_output if raw else _process(raw_output) | ||
| except Exception as e: | ||
| if not quiet: | ||
| jc.utils.warning_message(['Could not parse data due to unexpected format.']) |
There was a problem hiding this comment.
This type of exception handling can make it difficult to troubleshoot. Doing this means the user cannot use jc --route-print -dd to get debug info. Without the exception handling jc should just do the right thing. If you want a custom exception message, it would be better to use jc.exceptions.ParseError:
from jc.exceptions import ParseError
raise ParseError('My custom error here.')
You can find examples in the following parsers: cef.py, csv.py, uname.py, etc.
jc/parsers/net_user.py
Outdated
| return raw_output if raw else _process(raw_output) | ||
| except Exception as e: | ||
| if not quiet: | ||
| jc.utils.warning_message(['Could not parse data due to unexpected format.']) |
There was a problem hiding this comment.
This type of exception handling can make it difficult to troubleshoot. Doing this means the user cannot use jc --route-print -dd to get debug info. Without the exception handling jc should just do the right thing. If you want a custom exception message, it would be better to use jc.exceptions.ParseError:
from jc.exceptions import ParseError
raise ParseError('My custom error here.')
You can find examples in the following parsers: cef.py, csv.py, uname.py, etc.
kellyjonbrazil
added
reviewing
and removed
question
There was a problem hiding this comment.
Should it be deleted? why do you need that file?
There was a problem hiding this comment.
This is part of the unit test
There was a problem hiding this comment.
why do you need that file?
There was a problem hiding this comment.
This is part of the unit test
This PR introduces a new parsers for
net-localgroup,net-userandroute-print[1] windows commands.Tested on:
Windows XP
Windows 7
Windows 10
Windows 11
Windows Server 2008
Windows Server 2016
Note:
[1] - The 'metric' fields are generally integers, and I was processing them as such but found one instance where the value was the string "Default", which after some research, would require looking up the OS default metric currently set to identify the numerical value. For this reason, I changed the schema type to string and left the original value for the end user to interpret.
This closes #600