Hi,
I have written a custom search command in Python for Splunk which utilizes bcrypt library and to match password hash.
When I try to run the Python code in PyCharm it runs fine, but when run in Splunk's custom command it consumes 10 mins for just 7 records.
It's too slow.
the code is :
import sys, os, csv
from bcrypt import bcrypt
try:
# set max field size to max
# with open('C:\New folder\passwordhash.csv', 'rb') as f:
reader = csv.reader(sys.stdin)
rownum = 0
updated_rows = [ ]
# for each row
for row in reader:
if rownum == 0:
row.append('status')
header = row
#updated_rows.append(row)
else:
colnum = 0
email = ''
md5_hash = ''
ca_hash = ''
ca_salt = ''
for col in row:
if header[ colnum ] == "email":
email = col
elif header[ colnum ] == "hash":
md5_hash = col
elif header[ colnum ] == "password":
ca_hash = col
elif header[ colnum ] == "ca_salt":
ca_salt = col
colnum += 1
bcrypt_hash = bcrypt.hashpw(md5_hash, ca_salt)
if bcrypt_hash == ca_hash:
row.append("success")
else:
row.append("fail")
updated_rows.append(row)
rownum += 1
csv.writer(sys.stdout).writerows(updated_rows)
exit(0)
except Exception, e:
h = [ "ERROR" ]
results = [ {"ERROR": e} ]
dw = csv.DictWriter(sys.stdout, h)
dw.writerow(dict(zip(h, h)))
dw.writerows(results)
exit(-1)
The stanza in commands.conf is :
[language]
filename = language.py
enableheader = false
streaming = true
local=true
streaming_preop =true
↧