Common Constants

File location

• Bundled implementation: source/client/python/const.py

• Cluster implementation: cluster/app/source/python/const.py

const.ROOT

Type

str

Path to the BroAPT-App framework source codes (absolute path at runtime).

const.CPU_CNT

Type

int

Environ

• Bundled implementation: BROAPT_SCAN_CPU

• Cluster implementation: BROAPT_APP_CPU

Number of BroAPT concurrent processes for extracted file analysis. If not provided, then the number of system CPUs will be used.

const.INTERVAL

Type

int

Environ

• Bundled implementation: BROAPT_INTERVAL

• Cluster implementation: BROAPT_APP_INTERVAL

Wait interval after processing current pool of extracted files.

const.MAX_RETRY

Type

int

Retry times for failed commands.

const.EXIT_SUCCESS = 0

Type

int

Exit code upon success.

const.EXIT_FAILURE = 1

Type

int

Exit code upon failure.

const.LOGS_PATH

Type

str

Environ

BROAPT_LOGS_PATH

Path to system logs.

const.DUMP_PATH

Type

str

Environ

BROAPT_DUMP_PATH

Path to extracted files.

const.API_ROOT

Type

str

Environ

BROAPT_API_ROOT

Path to the API root folder.

const.API_LOGS

Type

str

Environ

BROAPT_API_LOGS

Path to API detection logs.

const.API_DICT

Type

Dict[str, cfgparser.API]

Database for API entries.

See also

cfgparser.parse

const.SERVER_NAME_HOST

Type

str

Environ

BROAPT_NAME_HOST

Hostname of BroAPT-Daemon server.

const.SERVER_NAME_PORT

Type

str

Environ

BROAPT_NAME_PORT

Port number of BroAPT-Daemon server.

const.SERVER_NAME

Type

str

f'http://{SERVER_NAME_HOST}:{SERVER_NAME_PORT}/api/v1.0/scan'

URL for BroAPT-Daemon server’s scanning API.

const.DUMP

Type

str

os.path.join(LOGS_PATH, 'dump.log')

Path to file system database of processed extracted files.

const.FAIL

Type

str

os.path.join(LOGS_PATH, 'fail.log')

Path to file system database of failed processing extracted files.

const.FILE_REGEX

Type

re.Pattern

Availability

bundled implementation

re.compile(r'''
    # protocol prefix
    (?P<protocol>DTLS|FTP_DATA|HTTP|IRC_DATA|SMTP|\S+)
    -
    # file UID
    (?P<fuid>F\w+)
    \.
    # PCAP source
    (?P<pcap>.+?)
    \.
    # media-type
    (?P<media_type>application|audio|example|font|image|message|model|multipart|text|video|\S+)
    \.
    # subtype
    (?P<subtype>\S+)
    \.
    # file extension
    (?P<extension>\S+)
''', re.IGNORECASE | re.VERBOSE)

Regular expression to match and fetch information from extracted files.

See also

__main__.FILE_REGEX

const.MIME_REGEX

Type

re.Pattern

Availability

bundled implementation

re.compile(r'''
    # media-type
    (?P<media_type>application|audio|example|font|image|message|model|multipart|text|video|\S+)
    /
    # subtype
    (?P<subtype>\S+)
''', re.VERBOSE | re.IGNORECASE)

Regular expression to match and fetch information from MIME type.

const.QUEUE_DUMP

Type

multiprocessing.Queue

Availability

bundled implementation

Teleprocess communication queue for extracted files processing.