`flow.record.fieldtypes`#

Subpackages#

flow.record.fieldtypes.net

Submodules#

flow.record.fieldtypes.credential

Package Contents#

Classes#

`FieldType`
`dynamic`
`typedlist`	Built-in mutable sequence.
`dictlist`	Built-in mutable sequence.
`stringlist`	Built-in mutable sequence.
`string`	str(object='') -> str
`bytes`	bytes(iterable_of_ints) -> bytes
`datetime`	datetime(year, month, day[, hour[, minute[, second[, microsecond[,tzinfo]]]]])
`varint`	int([x]) -> integer
`float`	Convert a string or number to a floating point number, if possible.
`uint16`	int([x]) -> integer
`uint32`	int([x]) -> integer
`boolean`	int([x]) -> integer
`filesize`	int([x]) -> integer
`unix_file_mode`	int([x]) -> integer
`digest`
`uri`	str(object='') -> str
`record`
`path`	Base class for manipulating paths without I/O.
`posix_path`	PurePath subclass for non-Windows systems.
`windows_path`	PurePath subclass for Windows systems.

Functions#

`flow_record_tz`	Return a `ZoneInfo` object based on the `FLOW_RECORD_TZ` environment variable.
`defang`	Defangs the value to make URLs or ip addresses unclickable
`fieldtype_for_value`	Returns fieldtype name derived from the value. Returns default if it cannot be derived.
`human_readable_size`

Attributes#

`RE_NORMALIZE_PATH`
`RE_STRIP_NANOSECS`
`NATIVE_UNICODE`
`UTC`
`ISO_FORMAT`
`ISO_FORMAT_WITH_MS`
`PY_311`
`PATH_POSIX`
`PATH_WINDOWS`
`string_type`
`varint_type`
`bytes_type`
`float_type`
`path_type`
`DISPLAY_TZINFO`
`wstring`

class flow.record.fieldtypes.FieldType#

classmethod default()#: Return the default value for the field in the Record template.

flow.record.fieldtypes.RE_NORMALIZE_PATH#

flow.record.fieldtypes.RE_STRIP_NANOSECS#

flow.record.fieldtypes.NATIVE_UNICODE#

flow.record.fieldtypes.UTC#

flow.record.fieldtypes.ISO_FORMAT = '%Y-%m-%dT%H:%M:%S%z'#

flow.record.fieldtypes.ISO_FORMAT_WITH_MS = '%Y-%m-%dT%H:%M:%S.%f%z'#

flow.record.fieldtypes.PY_311#

flow.record.fieldtypes.PATH_POSIX = 0#

flow.record.fieldtypes.PATH_WINDOWS = 1#

flow.record.fieldtypes.string_type#

flow.record.fieldtypes.varint_type#

flow.record.fieldtypes.bytes_type#

flow.record.fieldtypes.float_type#

flow.record.fieldtypes.path_type#

flow.record.fieldtypes.flow_record_tz(*, default_tz: str = 'UTC') → zoneinfo.ZoneInfo | UTC | None#

Return a ZoneInfo object based on the FLOW_RECORD_TZ environment variable.

Parameters:: default_tz – Default timezone if FLOW_RECORD_TZ is not set (default: UTC).
Returns:: None if FLOW_RECORD_TZ=NONE otherwise ZoneInfo(FLOW_RECORD_TZ) or UTC if ZoneInfo is not found.

flow.record.fieldtypes.DISPLAY_TZINFO#

flow.record.fieldtypes.defang(value: str) → str#: Defangs the value to make URLs or ip addresses unclickable

flow.record.fieldtypes.fieldtype_for_value(value, default='string')#

Returns fieldtype name derived from the value. Returns default if it cannot be derived.

Parameters:: value – value to derive the fieldtype from
Returns:: the field type name or default if it cannot be derived
Return type:: str

Examples

>>> fieldtype_for_value("hello")
"string"
>>> fieldtype_for_value(1337)
"varint"
>>> fieldtype_for_value(object(), None)
None

class flow.record.fieldtypes.dynamic#: Bases: flow.record.base.FieldType

class flow.record.fieldtypes.typedlist(values=None)#

Bases: list, flow.record.base.FieldType

Built-in mutable sequence.

If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

__type__#

classmethod default()#: Override default so the field is always an empty list.

class flow.record.fieldtypes.dictlist#

Bases: list, flow.record.base.FieldType

Built-in mutable sequence.

If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

class flow.record.fieldtypes.stringlist#

Bases: list, flow.record.base.FieldType

Built-in mutable sequence.

If no argument is given, the constructor creates a new empty list. The argument must be an iterable if specified.

class flow.record.fieldtypes.string#

Bases: string_type, flow.record.base.FieldType

str(object=’’) -> str str(bytes_or_buffer[, encoding[, errors]]) -> str

Create a new string object from the given object. If encoding or errors is specified, then the object must expose a data buffer that will be decoded using the given encoding and error handler. Otherwise, returns the result of object.__str__() (if defined) or repr(object). encoding defaults to sys.getdefaultencoding(). errors defaults to ‘strict’.

__format__(spec)#: Return a formatted version of the string as described by format_spec.

flow.record.fieldtypes.wstring#

class flow.record.fieldtypes.bytes(value)#

Bases: bytes_type, flow.record.base.FieldType

bytes(iterable_of_ints) -> bytes bytes(string, encoding[, errors]) -> bytes bytes(bytes_or_buffer) -> immutable copy of bytes_or_buffer bytes(int) -> bytes object of size given by the parameter initialized with null bytes bytes() -> empty bytes object

Construct an immutable array of bytes from:

an iterable yielding integers in range(256)
a text string encoded using the specified encoding
any object implementing the buffer API.
an integer

value#

__repr__()#: Return repr(self).

__format__(spec)#: Default object formatter.

class flow.record.fieldtypes.datetime#

Bases: datetime.datetime, flow.record.base.FieldType

datetime(year, month, day[, hour[, minute[, second[, microsecond[,tzinfo]]]]])

The year, month and day arguments are required. tzinfo may be None, or an instance of a tzinfo subclass. The remaining arguments may be ints.

__str__()#: Convert to string, for str().

__repr__()#: Convert to formal string, for repr().

__hash__()#: Hash.

class flow.record.fieldtypes.varint#

Bases: varint_type, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

If x is not a number or if base is given, then x must be a string, bytes, or bytearray instance representing an integer literal in the given base. The literal can be preceded by ‘+’ or ‘-’ and be surrounded by whitespace. The base defaults to 10. Valid bases are 0 and 2-36. Base 0 means to interpret the base from the string as an integer literal. >>> int(‘0b100’, base=0) 4

class flow.record.fieldtypes.float#

Bases: float, flow.record.base.FieldType

Convert a string or number to a floating point number, if possible.

class flow.record.fieldtypes.uint16(value)#

Bases: int, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

value#

__repr__()#: Return repr(self).

class flow.record.fieldtypes.uint32(value)#

Bases: int, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

value#

class flow.record.fieldtypes.boolean(value)#

Bases: int, flow.record.base.FieldType

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

value#

__str__()#: Return str(self).

__repr__()#: Return repr(self).

flow.record.fieldtypes.human_readable_size(x)#

class flow.record.fieldtypes.filesize#

Bases: varint

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

__repr__()#: Return repr(self).

class flow.record.fieldtypes.unix_file_mode#

Bases: varint

int([x]) -> integer int(x, base=10) -> integer

Convert a number or string to an integer, or return 0 if no arguments are given. If x is a number, return x.__int__(). For floating point numbers, this truncates towards zero.

__repr__()#: Return repr(self).

class flow.record.fieldtypes.digest(value=None, **kwargs)#

Bases: flow.record.base.FieldType

property md5#

property sha1#

property sha256#

classmethod default()#: Override default so the field is always a digest() instance.

__repr__()#: Return repr(self).

class flow.record.fieldtypes.uri(value)#

Bases: string, flow.record.base.FieldType

str(object=’’) -> str str(bytes_or_buffer[, encoding[, errors]]) -> str

property scheme#

property protocol#

property netloc#

property path#

property params#

property query#

property args#

property fragment#

property username#

property password#

property hostname#

property port#

property filename#

property dirname#

static normalize(path)#

Normalize Windows paths to posix.

c:windowssystem32cmd.exe -> c:/windows/system32/cmd.exe

classmethod from_windows(path)#: Initialize a uri instance from a windows path.

class flow.record.fieldtypes.record#: Bases: flow.record.base.FieldType

class flow.record.fieldtypes.path#

Bases: pathlib.PurePath, flow.record.base.FieldType

Base class for manipulating paths without I/O.

PurePath represents a filesystem path and offers operations which don’t imply any actual filesystem I/O. Depending on your system, instantiating a PurePath will return either a PurePosixPath or a PureWindowsPath object. You can also instantiate either of these classes directly, regardless of your system.

__eq__(other: Any) → bool#: Return self==value.

__repr__() → str#: Return repr(self).

classmethod from_posix(path_: str)#: Initialize a path instance from a posix path string using / as a separator.

classmethod from_windows(path_: str)#: Initialize a path instance from a windows path string using or / as a separator.

class flow.record.fieldtypes.posix_path#

Bases: pathlib.PurePosixPath, path

PurePath subclass for non-Windows systems.

On a POSIX system, instantiating a PurePath should return this object. However, you can also instantiate it directly on any system.

class flow.record.fieldtypes.windows_path#

Bases: pathlib.PureWindowsPath, path

PurePath subclass for Windows systems.

On a Windows system, instantiating a PurePath should return this object. However, you can also instantiate it directly on any system.

__repr__() → str#: Return repr(self).

flow.record.fieldtypes#

Subpackages#

Submodules#

Package Contents#

Classes#

Functions#

Attributes#

`flow.record.fieldtypes`#