"source" field in normalized JSON?

Question

"source" field in normalized JSON?

darrenmartyn opened this issue 4 years ago · 5 comments

Would it be feasible to add a "source" field to the JSON/indexed data, so you could "tag" entries as being from certain leaks.

This could be very useful when trying to go back later and attribute where a piece of data came from - but unsure if it would have performance impacts?

Answer 1 · 2020-07-08T12:49:14.000Z

I don't think it would have much of an impact on performance, most of the code operates on lines not the actual content of the line, so there's little code that would need to change too. A few other folks have been asking for something like this so I'll probably look at adding it. It would affect the bloom filter's ability to effectively de-duplicate identical user/password combos since they'd be from different sources, so there'd could be a modest impact to index/sort times but i don't think there'd be a large impact to search times.

Answer 2 · 2021-02-15T22:22:18.000Z

Any news on this feature request?

Answer 3 · 2021-02-16T00:24:47.000Z

Not had time to work on it yet sorry!

Answer 4 · 2021-02-16T00:36:12.000Z

On 16.02.2021, at 01:25, Joe ***@***.***> wrote: Not had time to work on it yet sorry!

No worries, just wanted to figure out what the status ist. What would be needed ? I.e. is it simple enough as a non-go coder to add it? Best, a.

Answer 5 · 2021-02-16T00:52:07.000Z

Maybe, most of the code only cares about "lines" in a file, you'd have to extend the normalizer to add a "source" field to the JSON format, and extend the few parts of the code that parse the JSON to optionally deal with the extra field.