Skip to content

Commit afc1006

Browse files
author
Robin Hayer
committed
Fix KimiNewt#725: Incorrect TShark version parsing when using dissector plugins
1 parent 4517bdf commit afc1006

File tree

1 file changed

+34
-20
lines changed

1 file changed

+34
-20
lines changed

src/pyshark/tshark/tshark.py

Lines changed: 34 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,5 @@
11
"""Module used for the actual running of TShark"""
2+
23
import json
34

45
from packaging import version
@@ -43,8 +44,10 @@ def get_process_path(tshark_path=None, process_name="tshark"):
4344

4445
# Add the user provided path to the search list
4546
if tshark_path is not None:
46-
user_tshark_path = os.path.join(os.path.dirname(tshark_path),
47-
f"{process_name}.exe" if sys.platform.startswith("win") else process_name)
47+
user_tshark_path = os.path.join(
48+
os.path.dirname(tshark_path),
49+
f"{process_name}.exe" if sys.platform.startswith("win") else process_name,
50+
)
4851
possible_paths.insert(0, user_tshark_path)
4952

5053
# Windows search order: configuration file"s path, common paths.
@@ -57,14 +60,13 @@ def get_process_path(tshark_path=None, process_name="tshark"):
5760
)
5861
# Linux, etc. search order: configuration file's path, the system's path
5962
else:
60-
os_path = os.getenv(
61-
"PATH",
62-
"/usr/bin:/usr/sbin:/usr/lib/tshark:/usr/local/bin"
63-
)
63+
os_path = os.getenv("PATH", "/usr/bin:/usr/sbin:/usr/lib/tshark:/usr/local/bin")
6464
for path in os_path.split(":"):
6565
possible_paths.append(os.path.join(path, process_name))
6666
if sys.platform.startswith("darwin"):
67-
possible_paths.append(f"/Applications/Wireshark.app/Contents/MacOS/{process_name}")
67+
possible_paths.append(
68+
f"/Applications/Wireshark.app/Contents/MacOS/{process_name}"
69+
)
6870

6971
for path in possible_paths:
7072
if os.path.exists(path):
@@ -80,14 +82,18 @@ def get_process_path(tshark_path=None, process_name="tshark"):
8082
def get_tshark_version(tshark_path=None):
8183
parameters = [get_process_path(tshark_path), "-v"]
8284
with open(os.devnull, "w") as null:
83-
version_output = subprocess.check_output(parameters, stderr=null).decode("ascii")
85+
version_output = subprocess.check_output(parameters, stderr=null).decode(
86+
"ascii"
87+
)
8488

85-
version_line = version_output.splitlines()[0]
86-
pattern = r'.*\s(\d+\.\d+\.\d+).*' # match " #.#.#" version pattern
87-
m = re.match(pattern, version_line)
89+
# Search all lines for the line that includes 'TShark' and Version String
90+
pattern = ".*TShark.*(\d+\.\d+\.\d+).*" # Match version like 4.4.6
91+
m = re.search(pattern, version_output)
8892
if not m:
89-
raise TSharkVersionException("Unable to parse TShark version from: {}".format(version_line))
90-
version_string = m.groups()[0] # Use first match found
93+
raise TSharkVersionException(
94+
"Unable to parse TShark version from: {}".format(version_output)
95+
)
96+
version_string = m.groups(1) # Use first version match
9197

9298
return version.parse(version_string)
9399

@@ -115,16 +121,24 @@ def get_tshark_interfaces(tshark_path=None):
115121
"""
116122
parameters = [get_process_path(tshark_path), "-D"]
117123
with open(os.devnull, "w") as null:
118-
tshark_interfaces = subprocess.check_output(parameters, stderr=null).decode("utf-8")
124+
tshark_interfaces = subprocess.check_output(parameters, stderr=null).decode(
125+
"utf-8"
126+
)
119127

120-
return [line.split(" ")[1] for line in tshark_interfaces.splitlines() if '\\\\.\\' not in line]
128+
return [
129+
line.split(" ")[1]
130+
for line in tshark_interfaces.splitlines()
131+
if "\\\\.\\" not in line
132+
]
121133

122134

123135
def get_all_tshark_interfaces_names(tshark_path=None):
124136
"""Returns a list of all possible interface names. Some interfaces may have aliases"""
125137
parameters = [get_process_path(tshark_path), "-D"]
126138
with open(os.devnull, "w") as null:
127-
tshark_interfaces = subprocess.check_output(parameters, stderr=null).decode("utf-8")
139+
tshark_interfaces = subprocess.check_output(parameters, stderr=null).decode(
140+
"utf-8"
141+
)
128142

129143
all_interface_names = []
130144
for line in tshark_interfaces.splitlines():
@@ -139,9 +153,7 @@ def get_ek_field_mapping(tshark_path=None):
139153
with open(os.devnull, "w") as null:
140154
mapping = subprocess.check_output(parameters, stderr=null).decode("ascii")
141155

142-
mapping = json.loads(
143-
mapping,
144-
object_pairs_hook=_duplicate_object_hook)["mappings"]
156+
mapping = json.loads(mapping, object_pairs_hook=_duplicate_object_hook)["mappings"]
145157
# If using wireshark 4, the key "mapping" contains what we want,
146158
if "dynamic" in mapping and "properties" in mapping:
147159
pass
@@ -152,7 +164,9 @@ def get_ek_field_mapping(tshark_path=None):
152164
elif "pcap_file" in mapping:
153165
mapping = mapping["pcap_file"]
154166
else:
155-
raise TSharkVersionException(f"Your tshark version does not support elastic-mapping. Please upgrade.")
167+
raise TSharkVersionException(
168+
f"Your tshark version does not support elastic-mapping. Please upgrade."
169+
)
156170

157171
return mapping["properties"]["layers"]["properties"]
158172

0 commit comments

Comments
 (0)