Fix ss output parsing and add unit tests#5
Open
umakarem82 wants to merge 1 commit into
Open
Conversation
- Use correct ss -tunHp column indexes (4=local, 5=peer) so the remote address is no longer mis-read from the Send-Q column. - Join the trailing process columns with spaces (not concatenated) so users:((...)) is parsed correctly. - Add _is_unspecified_ip() helper covering 0.0.0.0, ::, and ss '*' wildcards via ipaddress.is_unspecified, and use it in classify_basic. - Drop unused 'field' import from dataclasses. - Add test_net_watch_plus.py covering the parser and wildcard detection.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Applies the changes from
didactic_robot_fix.patchand verifies them with new unit tests.Changes
net_watch_plus.pyfieldimport fromdataclasses._is_unspecified_ip()helper that covers0.0.0.0,::, and the ss*wildcard viaipaddress.is_unspecified. Malformed strings returnFalseso they don't get falsely flagged here (they're still filtered by_is_private_or_special()elsewhere)._collect_via_ss()column indexing.ss -tunHpcolumns areNetid State Recv-Q Send-Q LocalAddr PeerAddr Process, so local/peer live at indexes 4 and 5 (not 3 and 4). Also requirelen(parts) >= 6and join the trailing process columns with a space instead of concatenating them, sousers:((...))parses correctly.classify_basic()to use the parsed remote IP with_is_unspecified_ip()instead of brittlestartswith("0.0.0.0")/startswith("[::]")checks.test_net_watch_plus.py(new)test_collect_via_ss_uses_peer_address_columnmockssubprocess.runand asserts the parser correctly extracts local/peer/pid/proc and that classify flags port 3389 asrdp.test_unspecified_remote_detection_handles_wildcardsverifies*:*is classified asunspecified-remote.Test results
Note on the patch file
The original
didactic_robot_fix.patchcould not be fed togit applydirectly — the first hunk header declared@@ -42,7 +42,7 @@but only contained 6 context lines (off-by-one), sogit applyrejected it as a corrupt patch. The intent was unambiguous, so the edits were re-applied by hand and the resulting tree exactly matches the patch's stated end state.Note
Low Risk
Low risk: targeted fixes to
ssoutput parsing and unspecified-remote classification, covered by new unit tests.Overview
Fixes Linux
ss -tunHpparsing by reading local/peer addresses from the correct columns and preserving the process blob spacing so PID/process extraction works reliably.Improves unspecified-remote detection by adding
_is_unspecified_ip()(handles0.0.0.0,::, and*) and wiring it intoclassify_basic(). Addsunittestcoverage for both thessparser and wildcard remote classification.Reviewed by Cursor Bugbot for commit 99211d7. Bugbot is set up for automated code reviews on this repo. Configure here.