def findNodes(self, query):
v = vfs.vfs()
rootnode = v.getnode("/")
filters = Filter("")
# query = 'name matches re("^global_history.dat")'
filters.compile(query)
filters.process(rootnode, True)
result = filters.matchedNodes()
return result
def filter(self, pattern, node):
children = self.getDirectories(node)
if len(children) > 0:
f = Filter("completer")
exp = '(name matches re("^'+ pattern +'",i))'
f.compile(exp)
f.process(children)
possible = f.matchedNodes()
return possible
return []
def filter(self, pattern, node):
children = self.getDirectories(node)
if len(children) > 0:
f = Filter("completer")
exp = '(name matches re("^' + pattern + '",i))'
f.compile(exp)
f.process(children)
possible = f.matchedNodes()
return possible
return []
def searchTaggedNode(self):
f = Filter("")
f.compile('tags in ["malware", "suspicious"]')
f.process(self.root)
malwareNodes = f.matchedNodes()
if len(malwareNodes
) != 0: #if get some results we add it to the report
page = self.reportManager.createPage("MyAnalysis", "Files")
page.addNodeList("Malware", malwareNodes)
self.reportManager.addPage(page)
def findMorkFiles(self):
# For Firefox < version 3
filesname = ["formhistory.dat", "history.dat"]
v = vfs.vfs()
rootnode = v.getnode("/")
filters = Filter("")
query = 'type == "database/mork"'
filters.compile(query)
filters.process(rootnode, True)
result = filters.matchedNodes()
return result
def start(self, args):
self.root = self.vfs.getnode("/")
try:
#self.status #searching
filter = Filter("")
query = '(type in["image/jpeg"])'
filter.compile(query)
filter.process(self.root, True)
nodes = filter.matchedNodes()
#self.status getting coord for x on x
for node in nodes:
coord = self.getCoordinates(node)
if coord:
self.nodeCoord[node] = coord
except Exception as e:
print 'Maps module error ', e
def scanJoin(self, root, modulesToApply = None):
modMap = {}
modCount = 0
jobs = []
while not self.empty():
task = self.get()
moduleName = task[1][0]
if modulesToApply != None:
if not module in modulesToApply:
self.task_done()
continue
module = self.loader.modules[moduleName]
try:
filterText = module.scanFilter
if filterText != '':
arguments = task[1][1]
nodeArguments = module.conf.argumentsByType(typeId.Node)
if len(nodeArguments) == 1:
node = arguments[nodeArguments[0].name()].value()
filter = Filter('')
filter.compile(str(filterText))
filter.process(node)
matches = filter.matchedNodes()
if not len(matches):
self.task_done()
continue
except : #filter can throw
pass
try :
modMap[task[1][0]] += 1
except KeyError:
modMap[task[1][0]] = 1
job2 = (self.task_done_scan, (root, task[1][0],))
job = (task, job2)
jobs.append(job)
modCount += 1
if modCount:
self.displayItem(root, modCount, modMap)
for job in jobs:
sched.enqueue(job)
self.join()
self.refresh()
def search(self, query):
filters = Filter("")
filters.compile(query)
filters.process(self.root, True)
return filters.matchedNodes()
def searchQuery(self, query, node):
filters = Filter("")
filters.compile(query)
filters.process(node)
return filters.matchedNodes()
