Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
An RFC 2622 conformant Routing Policy Specification Language (RPSL) parser with a focus on speed and correctness.
An RFC 2622 conformant Routing Policy Specification Language (RPSL) parser with a focus on speed and correctness.
⚡️ Outperforms other parsers by a factor of 33-60x
📰 Complete implementation for multiline RPSL values
💬 Able to parse objects directly from whois server responses
🧠 Low memory footprint by leveraging zero-copy
🧪 Robust parsing of any valid input ensured by Property Based Tests
A string containing an object in RPSL notation can be parsed to a tuple with attribute name-value pairs.
from rpsl_parser import parse_rpsl_object
role_acme = """
role: ACME Company
address: Packet Street 6
address: 128 Series of Tubes
address: Internet
email: rpsl-parser@github.com
nic-hdl: RPSL1-RIPE
source: RIPE
"""
parsed = parse_rpsl_object(role_acme)
print(parsed)
(('role', ('ACME Company',)),
('address', ('Packet Street 6',)),
('address', ('128 Series of Tubes',)),
('address', ('Internet',)),
('email', ('rpsl-parser@github.com',)),
('nic-hdl', ('RPSL1-RIPE',)),
('source', ('RIPE',)))
Since RPSL attribute values may be spread over multiple lines and values consisting only of whitespace are valid, the tuple[str | None, ...]
type is used to represent them.
Whois servers often respond to queres with multiple objects.
An example ARIN query for AS32934
will return with the requested ASNumber
object first, followed by it's associated OrgName
:
$ whois -h whois.arin.net AS32934
ASNumber: 32934
ASName: FACEBOOK
ASHandle: AS32934
RegDate: 2004-08-24
Updated: 2012-02-24
Comment: Please send abuse reports to abuse@facebook.com
Ref: https://rdap.arin.net/registry/autnum/32934
OrgName: Facebook, Inc.
OrgId: THEFA-3
Address: 1601 Willow Rd.
City: Menlo Park
StateProv: CA
PostalCode: 94025
Country: US
RegDate: 2004-08-11
Updated: 2012-04-17
Ref: https://rdap.arin.net/registry/entity/THEFA-3
To extract each individual object, the parse_whois_server_response function can be used as such:
from rpsl_parser import parse_whois_server_response
parsed = parse_whois_server_response(AS32934)
print(parsed)
((('ASNumber', ('32934',)),
('ASName', ('FACEBOOK',)),
('ASHandle', ('AS32934',)),
('RegDate', ('2004-08-24',)),
('Updated', ('2012-02-24',)),
('Comment', ('Please send abuse reports to abuse@facebook.com',)),
('Ref', ('https://rdap.arin.net/registry/autnum/32934',))),
(('OrgName', ('Facebook, Inc.',)),
('OrgId', ('THEFA-3',)),
('Address', ('1601 Willow Rd.',)),
('City', ('Menlo Park',)),
('StateProv', ('CA',)),
('PostalCode', ('94025',)),
('Country', ('US',)),
('RegDate', ('2004-08-11',)),
('Updated', ('2012-04-17',)),
('Ref', ('https://rdap.arin.net/registry/entity/THEFA-3',))))
Using PyPI:
pip3 install rpsl-parser
FAQs
An RFC 2622 conformant Routing Policy Specification Language (RPSL) parser with a focus on speed and correctness.
We found that rpsl-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.