def jdbc_test():
"""LJG: zxJDBC를 사용하면 한글처리가 에러나는데 JDBC를 직접 사용하면 한글처리가 성공한다
추후 시간을 갖고 한글관련 문제를 처리하자.오늘은 여기까지 새벽 3시다.. 정말 한글이 싫다.ㅋㅋ
"""
import sys
import java
from java.lang import Class
from java.sql import DriverManager, SQLException
jdbc_user = "******"
jdbc_password = "******"
jdbc_url = "jdbc:mysql://14.63.161.143/cdp"
DriverManager.registerDriver(Class.forName("com.mysql.jdbc.Driver").newInstance())
connection = DriverManager.getConnection(jdbc_url, jdbc_user, jdbc_password)
statement = connection.createStatement()
sql = "select * from test_sample"
rs = statement.executeQuery(sql)
while rs.next():
row = rs.getString(2)
print row
def connectToDB(driver, url, user, password):
try:
cls = Class.forName(driver)
DriverManager.registerDriver(cls.newInstance())
conn = DriverManager.getConnection(url, user, password)
return conn
except SQLException, desc:
raise desc
def simpleXmlUpdate(strArgs, caller):
DriverManager.registerDriver(
Class.forName(caller.jdbc_driver).newInstance())
connection = DriverManager.getConnection(caller.jdbc_url, caller.jdbc_user,
caller.jdbc_pass)
statement = connection.createStatement()
results = statement.executeUpdate(strArgs)
res = str(results)
return res
def simpleXmlQuery(strArgs, caller):
DriverManager.registerDriver(
Class.forName(caller.jdbc_driver).newInstance())
connection = DriverManager.getConnection(caller.jdbc_url, caller.jdbc_user,
caller.jdbc_pass)
statement = connection.createStatement()
results = statement.executeQuery(strArgs)
res = '<xml>\n' + "\n".join(XmlRowGenerator(results)) + '\n</xml>'
return res
def singleApduQuery(strArgs):
jdbc_url = "jdbc:sqlite:/root/test.db"
DriverManager.registerDriver(
Class.forName("org.sqlite.JDBC").newInstance())
connection = DriverManager.getConnection(jdbc_url, "", "")
statement = connection.createStatement()
results = statement.executeQuery(strArgs)
res = rowGenerator(results, lambda x: x.pop())
return res
def connectToDB(driver, url, user, password):
LogInfo("Going to connect to database...")
try:
cls = Class.forName(driver)
DriverManager.registerDriver(cls.newInstance())
conn = DriverManager.getConnection(url, user, password)
return conn
except Exception, desc:
LogError("Cannot connect to database with the username: " + user)
raise desc
def simpleQuery(strArgs):
jdbc_url = "jdbc:sqlite:/root/test.db"
DriverManager.registerDriver(
Class.forName("org.sqlite.JDBC").newInstance())
connection = DriverManager.getConnection(jdbc_url, "", "")
statement = connection.createStatement()
results = statement.executeQuery(strArgs)
#res= "\n".join (rowGenerator(results, '|'.join))
#res= "\n".join (rowGenerator(results, lambda x: str(len (x))))
res = "\n".join(stringRowGenerator(results, sep='\n'))
return res
def _jdbc_connect_jython(jclassname, jars, libs, props, *args):
if _jdbc_name_to_const is None:
from java.sql import Types
types = Types
types_map = {}
const_re = re.compile('[A-Z][A-Z_]*$')
for i in dir(types):
if const_re.match(i):
types_map[i] = getattr(types, i)
_init_types(types_map)
global _java_array_byte
if _java_array_byte is None:
import jarray
def _java_array_byte(data):
return jarray.array(data, 'b')
# register driver for DriverManager
jpackage = jclassname[:jclassname.rfind('.')]
dclassname = jclassname[jclassname.rfind('.') + 1:]
# print jpackage
# print dclassname
# print jpackage
from java.lang import Class
from java.lang import ClassNotFoundException
try:
Class.forName(jclassname).newInstance()
except ClassNotFoundException:
if not jars:
raise
_jython_set_classpath(jars)
Class.forName(jclassname).newInstance()
from java.sql import DriverManager
return DriverManager.getConnection(*args)
def process(self, file):
try:
if(filename):
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % filename)
stmt = dbConn.createStatement()
path = file.getParentPath()+file.getName()
resultSet = stmt.executeQuery("SELECT * FROM META WHERE Path == '%s'" % path)
if(resultSet.next()):
temp = "Future Improvement"
else:
art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(),
MatchMetaInfoIngestModuleFactory.moduleName, "Unknown Meta")
art.addAttribute(att)
IngestServices.getInstance().fireModuleDataEvent(
ModuleDataEvent(MatchMetaInfoIngestModuleFactory.moduleName,
BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, None));
stmt.close()
dbConn.close()
except:
pass
return IngestModule.ProcessResult.OK
def check_Database_entries(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\gui_Settings.db3"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = 'Select Protocol, cuckoo_host, cuckoo_port from cuckoo_server'
resultSet = stmt.executeQuery(SQL_Statement)
while resultSet.next():
self.Protocol_TF.setText(resultSet.getString("Protocol"))
self.IP_Address_TF.setText(resultSet.getString("cuckoo_host"))
self.Port_Number_TF.setText(resultSet.getString("cuckoo_port"))
self.local_settings.setProtocol(resultSet.getString("Protocol"))
self.local_settings.setIP_Address(resultSet.getString("cuckoo_host"))
self.local_settings.setPort_Number(resultSet.getString("cuckoo_port"))
self.Error_Message.setText("Settings Read successfully!")
except SQLException as e:
self.Error_Message.setText("Error Reading Settings Database")
stmt.close()
dbConn.close()
def get_profiles(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\GUI_Settings.db3"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
settings_db)
self.Error_Message.setText("Database opened")
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = "select profile_name from profiles where volatility_version = '" + self.Version_CB.getSelectedItem(
) + "';"
resultSet = stmt.executeQuery(SQL_Statement)
profile_list = []
while resultSet.next():
profile_list.append(resultSet.getString("profile_name"))
stmt.close()
dbConn.close()
return profile_list
except SQLException as e:
self.Error_Message.setText("Error Reading plugins")
stmt.close()
dbConn.close()
return "Error"
def check_Database_entries(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = os.path.join(head, "GUI_Settings.db3")
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = 'Select Setting_Name, Setting_Value from settings;'
resultSet = stmt.executeQuery(SQL_Statement)
while resultSet.next():
if resultSet.getString("Setting_Name") == "Program_Exec_Name":
self.Program_Executable_TF.setText(resultSet.getString("Setting_Value"))
self.local_settings.setSetting('ExecFile', resultSet.getString("Setting_Value"))
self.local_settings.setSetting('Exec_Prog_Flag', 'true')
self.Exec_Program_CB.setSelected(True)
self.Program_Executable_TF.setEnabled(True)
self.Find_Program_Exec_BTN.setEnabled(True)
self.Error_Message.setText("Settings Read successfully!")
except SQLException as e:
self.Error_Message.setText("Error Reading Settings Database")
stmt.close()
dbConn.close()
def connect_db(jdbc_url, driverName):
try:
Class.forName(driverName).newInstance()
dbConn = DriverManager.getConnection(jdbc_url)
except Exception, msg:
print msg
sys.exit(1)
def SaveSettings(self, e):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\GUI_Settings.db3"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings")
try:
stmt = dbConn.createStatement()
SQL_Statement = ""
SQL_Statement = 'Update cuckoo_server set Protocol = "' + self.Protocol_TF.getText() + '", ' + \
' Cuckoo_Host = "' + self.IP_Address_TF.getText() + '", ' + \
' Cuckoo_port = "' + self.Port_Number_TF.getText() + '";'
#self.Error_Message.setText(SQL_Statement)
stmt.execute(SQL_Statement)
self.Error_Message.setText("Cuckoo settings Saved")
#self.local_settings.setCuckoo_Directory(self.Program_Executable_TF.getText())
except SQLException as e:
self.Error_Message.setText(e.getMessage())
stmt.close()
dbConn.close()
def get_profiles(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = os.path.join(head, "GUI_Settings.db3")
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % settings_db)
self.Error_Message.setText("Database opened")
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = "select profile_name from profiles where volatility_version = '" + self.Version_CB.getSelectedItem() + "';"
resultSet = stmt.executeQuery(SQL_Statement)
profile_list = []
while resultSet.next():
profile_list.append(resultSet.getString("profile_name"))
stmt.close()
dbConn.close()
return profile_list
except SQLException as e:
self.Error_Message.setText("Error Reading plugins")
stmt.close()
dbConn.close()
return "Error"
def check_Database_entries(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\GUI_Settings.db3"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = 'Select Setting_Name, Setting_Value from settings;'
resultSet = stmt.executeQuery(SQL_Statement)
while resultSet.next():
if resultSet.getString(
"Setting_Name") == "Volatility_Executable_Directory":
self.Program_Executable_TF.setText(
resultSet.getString("Setting_Value"))
self.local_settings.setVolatility_Directory(
resultSet.getString("Setting_Value"))
self.local_settings.setVolatility_Dir_Found(True)
if resultSet.getString("Setting_Name") == "Volatility_Version":
self.Version_CB.setSelectedItem(
resultSet.getString("Setting_Value"))
self.Error_Message.setText("Settings Read successfully!")
except SQLException as e:
self.Error_Message.setText("Error Reading Settings Database")
stmt.close()
dbConn.close()
def SaveSettings(self, e):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\GUI_Settings.db3"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings")
try:
stmt = dbConn.createStatement()
SQL_Statement = 'UPDATE settings SET Setting_Value = "' + self.API_Key_TF.getText() + '" WHERE Setting_Name = "API_Key";'
resultSet = stmt.executeQuery(SQL_Statement)
except:
pass
try:
if self.local_settings.getPrivate():
SQL_Statement = 'UPDATE settings SET Setting_Value = "1" WHERE Setting_Name = "Private";'
resultSet = stmt.executeQuery(SQL_Statement)
else:
SQL_Statement = 'UPDATE settings SET Setting_Value = "0" WHERE Setting_Name = "Private";'
resultSet = stmt.executeQuery(SQL_Statement)
except:
pass
self.Error_Message.setText("Settings Saved")
stmt.close()
dbConn.close()
def get_plugins(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = os.path.join(head, "GUI_Settings.db3")
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
settings_db)
self.Error_Message.setText("Database opened")
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = "select plugin_name from plugins where volatility_version = '" + self.Version_CB.getSelectedItem() + "' and " + \
" plugin_name in ('dumpcerts', 'dumpfiles', 'dumpregistry', 'linux_librarydump', 'linux_procdump', 'mac_dump_file', 'mac_procdump', 'moddump', 'procdump', 'vaddump');"
resultSet = stmt.executeQuery(SQL_Statement)
plugin_list = []
while resultSet.next():
plugin_list.append(resultSet.getString("plugin_name"))
stmt.close()
dbConn.close()
return plugin_list
except SQLException as e:
self.Error_Message.setText("Error Reading plugins")
stmt.close()
dbConn.close()
return "Error"
def _jdbc_connect_jython(jclassname, jars, libs, *args):
if _converters is None:
from java.sql import Types
types = Types
types_map = {}
const_re = re.compile('[A-Z][A-Z_]*$')
for i in dir(types):
if const_re.match(i):
types_map[i] = getattr(types, i)
_init_converters(types_map)
global _java_array_byte
if _java_array_byte is None:
import jarray
def _java_array_byte(data):
return jarray.array(data, 'b')
# register driver for DriverManager
jpackage = jclassname[:jclassname.rfind('.')]
dclassname = jclassname[jclassname.rfind('.') + 1:]
# print jpackage
# print dclassname
# print jpackage
from java.lang import Class
from java.lang import ClassNotFoundException
try:
Class.forName(jclassname).newInstance()
except ClassNotFoundException:
if not jars:
raise
_jython_set_classpath(jars)
Class.forName(jclassname).newInstance()
from java.sql import DriverManager
return DriverManager.getConnection(*args)
def SaveSettings(self, e):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\GUI_Settings.db3"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings")
try:
stmt = dbConn.createStatement()
SQL_Statement = ""
if (self.local_settings.getVolatility_Dir_Found()):
SQL_Statement = 'Update settings set Setting_Value = "' + self.Program_Executable_TF.getText() + '"' + \
' where setting_name = "Volatility_Executable_Directory";'
SQL_Statement2 = 'Update settings set Setting_Value = "' + self.Version_CB.getSelectedItem() + '"' + \
' where setting_name = "Volatility_Version";'
else:
SQL_Statement = 'Insert into settings (Setting_Name, Setting_Value) values ("Volatility_Executable_Directory", "' + \
self.Program_Executable_TF.getText() + '");'
SQL_Statement2 = 'Insert into settings (Setting_Name, Setting_Value) values ("Volatility_Version", "' + \
self.Version_CB.getSelectedItem() + '");'
stmt.execute(SQL_Statement)
stmt.execute(SQL_Statement2)
self.Error_Message.setText("Volatility Executable Directory Saved")
self.local_settings.setVolatility_Directory(
self.Program_Executable_TF.getText())
except SQLException as e:
self.Error_Message.setText(e.getMessage())
stmt.close()
dbConn.close()
def shutDown(self):
noDupes = list(set(md5))
try:
if (filename):
uniquePath = os.path.join(
Case.getCurrentCase().getCaseDirectory(),
"NewLowHangingFruit.txt")
uniqueFile = open(uniquePath, 'w')
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
filename)
stmt = dbConn.createStatement()
for line in noDupes:
resultSet = stmt.executeQuery(
"SELECT * FROM MD5 where md5 == '%s'" % line)
if (resultSet.next()):
temp = "Future Improvement"
else:
uniqueFile.write(line + '\n')
stmt.close()
dbConn.close()
uniqueFile.close()
except:
allPath = os.path.join(Case.getCurrentCase().getCaseDirectory(),
"AllLowHangingFruit.txt")
allFile = open(allPath, 'w')
for line in noDupes:
allFile.write(line + '\n')
allFile.close()
def __init__(self, connectURI, username, password, pool_name):
self.connectionPool = GenericObjectPool(None)
self._pool_name = pool_name
source = BasicDataSource()
source.setUrl(connectURI)
source.setUsername(username)
source.setPassword(password)
source.setInitialSize(1) # Number of connections to start with
source.setMinIdle(5) # Allow a bottom of 5 idle connections
source.setMaxActive(10) # Max of 10 database connection
source.setDefaultTransactionIsolation(Connection.TRANSACTION_READ_COMMITTED)
source.setMinEvictableIdleTimeMillis(500)
self.connectionFactory = DataSourceConnectionFactory(source)
# Now we'll create the PoolableConnectionFactory, which wraps
# the "real" Connections created by the ConnectionFactory with
# the classes that implement the pooling functionality.
self.poolableConnectionFactory = PoolableConnectionFactory(self.connectionFactory,
self.connectionPool,
None,
None,
False,
True)
# Finally, we create the PoolingDriver itself...
Class.forName("org.apache.commons.dbcp.PoolingDriver")
driver = DriverManager.getDriver("jdbc:apache:commons:dbcp:")
# ...and register our pool with it.
driver.registerPool(self._pool_name, self.connectionPool)
def _jdbc_connect_jython(jclassname, additional_classpath, *args):
if _converters is None:
from java.sql import Types
types = Types
types_map = {}
const_re = re.compile('[A-Z][A-Z_]*$')
for i in dir(types):
if const_re.match(i):
types_map[i] = getattr(types, i)
_init_converters(types_map)
# optionally, add driver jar
if (additional_classpath is not None):
import sys
sys.path.append(additional_classpath)
# register driver for DriverManager
__import__(jclassname)
global _java_array_byte
if _java_array_byte is None:
import jarray
def _java_array_byte(data):
return jarray.array(data, 'b')
from java.sql import DriverManager
return DriverManager.getConnection(*args)
def check_Database_entries(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\GUI_Settings.db3"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = 'Select Setting_Name, Setting_Value from settings;'
resultSet = stmt.executeQuery(SQL_Statement)
while resultSet.next():
if resultSet.getString("Setting_Name") == "API_Key":
self.local_settings.setAPI_Key(resultSet.getString("Setting_Value"))
self.API_Key_TF.setText(resultSet.getString("Setting_Value"))
if resultSet.getString("Setting_Name") == "Private":
private = resultSet.getString("Setting_Value")
if private == "1":
self.local_settings.setPrivate(True)
else:
self.local_settings.setPrivate(False)
self.Error_Message.setText("Settings Read successfully!")
except SQLException as e:
self.Error_Message.setText("Error Reading Settings Database")
stmt.close()
dbConn.close()
def check_Database_entries(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = os.path.join(head, "GUI_Settings.db3")
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
try:
stmt = dbConn.createStatement()
SQL_Statement = 'Select Setting_Name, Setting_Value from settings;'
resultSet = stmt.executeQuery(SQL_Statement)
while resultSet.next():
if resultSet.getString("Setting_Name") == "Program_Exec_Name":
self.Program_Executable_TF.setText(
resultSet.getString("Setting_Value"))
self.local_settings.setSetting(
'ExecFile', resultSet.getString("Setting_Value"))
self.local_settings.setSetting('Exec_Prog_Flag', 'true')
self.Exec_Program_CB.setSelected(True)
self.Program_Executable_TF.setEnabled(True)
self.Find_Program_Exec_BTN.setEnabled(True)
self.Error_Message.setText("Settings Read successfully!")
except SQLException as e:
self.Error_Message.setText("Error Reading Settings Database")
stmt.close()
dbConn.close()
def shutDown(self):
noDupes = list(set(md5))
try:
if(filename):
uniquePath = os.path.join(Case.getCurrentCase().getCaseDirectory(), "NewLowHangingFruit.txt")
uniqueFile = open(uniquePath,'w')
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % filename)
stmt = dbConn.createStatement()
for line in noDupes:
resultSet = stmt.executeQuery("SELECT * FROM MD5 where md5 == '%s'" % line)
if(resultSet.next()):
temp = "Future Improvement"
else:
uniqueFile.write(line+'\n')
stmt.close()
dbConn.close()
uniqueFile.close()
except:
allPath = os.path.join(Case.getCurrentCase().getCaseDirectory(), "AllLowHangingFruit.txt")
allFile = open(allPath,'w')
for line in noDupes:
allFile.write(line+'\n')
allFile.close()
def __findGeoLocationsInDB(self, databasePath, abstractFile):
if not databasePath:
return
try:
Class.forName("org.sqlite.JDBC") # load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
statement = connection.createStatement()
except (ClassNotFoundException, SQLException) as ex:
self._logger.log(Level.SEVERE, "Error opening database", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
return
try:
resultSet = statement.executeQuery(
"SELECT time, dest_lat, dest_lng, dest_title, dest_address, source_lat, source_lng FROM destination_history;")
while resultSet.next():
time = Long.valueOf(resultSet.getString("time")) / 1000
dest_title = resultSet.getString("dest_title")
dest_address = resultSet.getString("dest_address")
dest_lat = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("dest_lat"))
dest_lng = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("dest_lng"))
source_lat = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lat"))
source_lng = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lng"))
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE)
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, general.MODULE_NAME, "Destination"))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, time))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END, general.MODULE_NAME, dest_lat))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END, general.MODULE_NAME, dest_lng))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START, general.MODULE_NAME, source_lat))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START, general.MODULE_NAME, source_lng))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, dest_title))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION, general.MODULE_NAME, dest_address))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Google Maps History"))
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard()
blackboard.indexArtifact(artifact)
except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
MessageNotifyUtil.Notify.error("Failed to index GPS route artifact for keyword search.", artifact.getDisplayName())
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Google map locations to the blackboard", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
finally:
try:
if resultSet is not None:
resultSet.close()
statement.close()
connection.close()
except Exception as ex:
self._logger.log(Level.SEVERE, "Error closing the database", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
def __init__(self, global_config):
BasePlugin.BasePlugin.__init__(self, global_config, self.required_config, self.plugin_scope)
self.dbfile = self.global_config[self.plugin_name]['output_file']
self.dburl = "jdbc:sqlite:" + self.dbfile
dbdriver = "org.sqlite.JDBC"
Class.forName(dbdriver)
if (os.path.isfile(self.dbfile) == True):
#use existing db schema
self.logger.info("%s already exists, will be appending to database" % (self.dbfile))
self.db = DriverManager.getConnection(self.dburl)
stmt = self.db.createStatement()
else:
#create db file
self.logger.info("creating db file %s" % (self.dbfile))
self.db = DriverManager.getConnection(self.dburl)
stmt = self.db.createStatement()
stmt.executeUpdate('''CREATE TABLE IF NOT EXISTS "hiccuplog" (ref INTEGER, type BOOLEAN, url TEXT, headers TEXT, content BLOB)''')
def shrink_db(db_path, tables):
conn = DriverManager.getConnection(db_url(db_path), "", "")
for table in tables:
logger.info("Shrinking table %s" % table)
cs = conn.prepareCall("CALL SYSCS_UTIL.SYSCS_COMPRESS_TABLE('APP', '%s', 1)" % table)
cs.execute()
cs.close()
conn.close()
def __findGeoLocationsInDB(self, databasePath, abstractFile):
if not databasePath:
return
try:
Class.forName("org.sqlite.JDBC") #load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
statement = connection.createStatement()
except (ClassNotFoundException) as ex:
self._logger.log(Level.SEVERE, "Error loading JDBC driver", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
return
except (SQLException) as ex:
# Error connecting to SQL databse.
return
resultSet = None
try:
resultSet = statement.executeQuery("SELECT timestamp, latitude, longitude, accuracy FROM CachedPosition;")
while resultSet.next():
timestamp = Long.valueOf(resultSet.getString("timestamp")) / 1000
latitude = Double.valueOf(resultSet.getString("latitude"))
longitude = Double.valueOf(resultSet.getString("longitude"))
attributes = ArrayList()
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
# NOTE: originally commented out
artifact.addAttributes(attributes);
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard()
blackboard.indexArtifact(artifact)
except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
MessageNotifyUtil.Notify.error("Failed to index GPS trackpoint artifact for keyword search.", artifact.getDisplayName())
except SQLException as ex:
# Unable to execute browser location SQL query against database.
pass
except Exception as ex:
self._logger.log(Level.SEVERE, "Error putting artifacts to blackboard", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
finally:
try:
if resultSet is not None:
resultSet.close()
statement.close()
connection.close()
except Exception as ex:
# Error closing database.
pass
def startUp(self, context):
try:
if(filename):
global dbConn
global stmt
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % filename)
stmt = dbConn.createStatement()
except:
pass
def shrink_db(db_path, tables):
conn = DriverManager.getConnection(db_url(db_path), "", "")
for table in tables:
logger.info("Shrinking table %s" % table)
cs = conn.prepareCall(
"CALL SYSCS_UTIL.SYSCS_COMPRESS_TABLE('APP', '%s', 1)" % table)
cs.execute()
cs.close()
conn.close()
def connect(self, database_path):
try:
Class.forName('org.sqlite.JDBC')
self._connection = DriverManager.getConnection('jdbc:sqlite:%s' % database_path)
self._connection.setAutoCommit(True)
except ClassNotFoundException as e:
self._log_error(e.getMessage())
except SQLException as e:
self._log_error(e.getMessage())
def get_db_connection():
from java.lang import Class
from java.sql import DriverManager
Class.forName("com.mysql.jdbc.Driver").newInstance()
######################################### 경 로 ####################################
#newConn = DriverManager.getConnection("jdbc:mysql://203.255.81.47:3306/stackoverflow?useUnicode=yes&characterEncoding=utf8&user=test")
newConn = DriverManager.getConnection("jdbc:mysql://203.255.81.42:3306/stackoverflow?autoReconnect=true", "seal", "sel535424")
newConn.setAutoCommit(True)
return newConn
def get_db_connection():
from java.lang import Class
from java.sql import DriverManager
Class.forName("com.mysql.jdbc.Driver").newInstance()
newConn = DriverManager.getConnection(
"jdbc:mysql://0.0.0.0:3306/stackoverflow?autoReconnect=true", "root",
"1234")
newConn.setAutoCommit(True)
return newConn
def connect(dburl="jdbc:mysql://localhost:3306/mtgo", dbuser="******", dbpass=None):
try:
try:
Class.forName("com.mysql.jdbc.Driver").newInstance()
except NameError:
raise ErrorHandler("Internal MySQL error")
conn = DriverManager.getConnection(dburl, dbuser, dbpass)
except SQLException, error:
raise ErrorHandler("MySQL error: %s" % str(error))
def change_text(event):
lq1 = "SYSIBM"
aq1 = "%s.SQLSCHEMAS" % lq1
aq2 = "%s.SQLTABLES" % lq1
aq3 = "%s.SQLCOLUMNS" % lq1
aq4 = "select * from qsys2/systables select * from qsys2/syscolumns select * from qsys2/sysindexes"
DriverManager.registerDriver(AS400JDBCDriver())
logger.debug("Connecting...")
server = "AS400XO.noceast.dws.disney.com"
lq2 = "DVDSFIL"
tq1 = "%s.CTCMPF" % lq2
con = DriverManager.getConnection("jdbc:as400://%s/apilib;naming=sql;errors=full;date format=iso;extended dynamic=true;package=JDBCExa;package library=apilib" % server,
name, pwd)
logger.debug("Established Connection with: %s" % server)
query = "SELECT TABLE_NAME, TABLE_TEXT FROM %s where TABLE_SCHEM = '%s'" % (aq2, lq2)
#query = "SELECT COLUMN_NAME, COLUMN_TEXT, TYPE_NAME FROM %s where TABLE_SCHEM = '%s'" % (aq3, lq2)
logger.debug("Query: %s" % query)
stmnt = con.prepareStatement(query)
results = stmnt.executeQuery()
i = 0
while results.next():
i += 1
#logger.debug("%s" % results)
logger.debug("%s : %s" % (results.getString("TABLE_NAME"), results.getString("TABLE_TEXT")))
#logger.debug("%s : %s [%s]" % (results.getString("COLUMN_NAME"), results.getString("COLUMN_TEXT"), results.getString("TYPE_NAME")))
if i == 1000:
exit()
logger.debug("Success!")
def startUp(self, context):
try:
if (filename):
global dbConn
global stmt
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
filename)
stmt = dbConn.createStatement()
except:
pass
def __init__(self, database, pragma=True):
self.database = database
if jython:
self.dbConn = DriverManager.getConnection("jdbc:sqlite:{}".format(
self.database))
else:
self.dbConn = sqlite3.connect(self.database)
if pragma:
self.execute_pragma()
def processFbChat(self, extractedFile):
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
extractedFile)
except SQLException as e:
self.log(
Level.INFO, "Could not open database file (not SQLite) " +
extractedFile + " (" + e.getMessage() + ")")
return IngestModule.ProcessResult.OK
self.getFBOwner(dbConn)
# Query the autopsy_chat table in the database.
try:
stmt = dbConn.createStatement()
resultSet = stmt.executeQuery("select message_id, user_id, sender_id, message||' '||attachment_description||' '||attachment_href message, " + \
" sender_name, receiver_name, dttm from autopsy_chat;")
self.log(Level.INFO, "query Autopsy_chat table")
except SQLException as e:
self.log(
Level.INFO, "Error querying database for messages table (" +
e.getMessage() + ") extractedFile ==> " + extractedFile)
return IngestModule.ProcessResult.OK
# Cycle through each row and create FB Chat List
# message_id, user_id, sender_id, Message||' '||attachment_description||' '||attachment_href, sender_name, receiver_name, Recvd Dttm
while resultSet.next():
try:
chatMessage = []
chatMessage.append(resultSet.getString("message_Id"))
chatMessage.append(resultSet.getInt("user_Id"))
chatMessage.append(resultSet.getInt("sender_Id"))
chatMessage.append(resultSet.getString("message"))
chatMessage.append(resultSet.getString("sender_name"))
chatMessage.append(resultSet.getString("receiver_name"))
chatMessage.append(resultSet.getInt("dttm"))
# chatMessage.append(cMessage[0])
self.chatMessages.append(chatMessage)
self._logger.log(Level.INFO,
"Chat Message ==> " + str(chatMessage))
except SQLException as e:
#pass
self.log(
Level.INFO, "Error getting values from recipent table (" +
e.getMessage() + ")")
# Close the database statement
try:
stmt.close()
dbConn.close()
except:
pass
def dbOpen(self):
self.database = "exp.db"
driver = "org.sqlite.JDBC"
self.url = "jdbc:sqlite:" + self.database
Class.forName(driver)
try:
self.db = DriverManager.getConnection(self.url);
self.stat = self.db.createStatement()
self.stat.executeUpdate("CREATE TABLE IF NOT EXISTS " + self.TABLENAME + " (" + self.EMAIL + " TEXT, " + self.HOST + " TEXT, " + self.NICK + " TEXT, " + self.EXP + " INTEGER);");
except SQLException, e:
self.requestAdd("ERROR : OPEN")
def __init__(self):
#define the JDBC url
db_file = '/var/lib/tomcat7/webapps/jythondemo/products.db'
url = "jdbc:sqlite:%s" % db_file
#connect to the database and get cursor object
try:
self.c = DriverManager.getConnection(url)
except Exception, e:
print("Could not find %s in %s" % (db_file, os.cwd))
def connnectToManifestDb(self, dbFile):
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % dbFile)
except SQLException as e:
self.log(
Level.INFO, "Could not open database file (not SQLite) " +
extractedFile + " (" + e.getMessage() + ")")
return IngestModule.ProcessResult.OK
return dbConn
def dbOpen(self):
self.database = "CustomMsg.db"
driver = "org.sqlite.JDBC"
self.url = "jdbc:sqlite:" + self.database
Class.forName(driver)
try:
self.db = DriverManager.getConnection(self.url);
self.stat = self.db.createStatement()
self.stat.executeUpdate("CREATE TABLE IF NOT EXISTS " + self.TABLENAME + " ("+ self.HOST + " TEXT PRIMARY KEY, "+ self.MSG + " TEXT);");
except SQLException, e:
self.requestAdd("ERROR")
def dbOpen(self):
self.database = "MACard.db"
driver = "org.sqlite.JDBC"
self.url = "jdbc:sqlite:" + self.database
Class.forName(driver)
try:
self.db = DriverManager.getConnection(self.url);
self.stat = self.db.createStatement()
self.stat.executeUpdate("CREATE TABLE IF NOT EXISTS " + self.TABLENAME + " ("+ self.CARDID + " INTEGER, " + self.COUNTRY + " TEXT, "+ self.CARDURL + " TEXT, " + self.CARDNAME + " TEXT, "+ self.CARDALTERNATIVE + " TEXT);");
except SQLException, e:
self.requestAdd("DB OPEN ERROR")
def check_Database_entries(self):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = head + "\\config.db"
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" %
settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings DB!")
if os.path.exists(settings_db):
try:
stmt = dbConn.createStatement()
SQL_Statement = 'Select Key_Name, Key_Value from CONFIG;'
resultSet = stmt.executeQuery(SQL_Statement)
while resultSet.next():
if resultSet.getString("Key_Name") == "BUCKET":
self.local_settings.setBucket(
resultSet.getString("Key_Value"))
self.Bucket_TF.setText(
resultSet.getString("Key_Value"))
if resultSet.getString("Key_Name") == "ACCESS_KEY":
self.local_settings.setAccessKey(
resultSet.getString("Key_Value"))
self.Access_Key_TF.setText(
resultSet.getString("Key_Value"))
if resultSet.getString("Key_Name") == "SECRET_KEY":
self.local_settings.setSecretKey(
resultSet.getString("Key_Value"))
self.Secret_Key_TF.setText(
resultSet.getString("Key_Value"))
if resultSet.getString("Key_Name") == "AWS_REGION":
self.local_settings.setRegion(
resultSet.getString("Key_Value"))
self.Region_TF.setText(
resultSet.getString("Key_Value"))
self.Error_Message.setText("Settings Read successfully!")
except SQLException as e:
self.Error_Message.setText("Error Reading Settings Database")
else:
try:
stmt = dbConn.createStatement()
SQL_Statement = 'CREATE TABLE CONFIG ( Setting_Name Text, Setting_Value Text)'
resultSet = stmt.executeQuery(SQL_Statement)
except SQLException as e:
self.Error_Message.setText("Error Creating Settings Database")
stmt.close()
dbConn.close()
def __findTangoMessagesInDB(self, databasePath, abstractFile):
if not databasePath:
return
try:
Class.forName("org.sqlite.JDBC") # load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
statement = connection.createStatement()
except (ClassNotFoundException, SQLException) as ex:
self._logger.log(Level.SEVERE, "Error opening database", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
return
try:
resultSet = statement.executeQuery(
"SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")
while resultSet.next():
conv_id = resultSet.getString("conv_id") # seems to wrap around the message found in payload after decoding from base-64
create_time = Long.valueOf(resultSet.getString("create_time")) / 1000
if resultSet.getString("direction") == "1": # 1 incoming, 2 outgoing
direction = "Incoming"
else:
direction = "Outgoing"
payload = resultSet.getString("payload")
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) #create a call log and then add attributes from result set.
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, create_time))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, direction))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, TangoMessageAnalyzer.decodeMessage(conv_id, payload)))
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Tango Message"))
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard()
blackboard.indexArtifact(artifact)
except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
MessageNotifyUtil.Notify.error("Failed to index Tango message artifact for keyword search.", artifact.getDisplayName())
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Tango messages to the blackboard", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
finally:
try:
if resultSet is not None:
resultSet.close()
statement.close()
connection.close()
except Exception as ex:
self._logger.log(Level.SEVERE, "Error closing database", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
def __init__(self, release, db_url, username, password, jdbc_driver):
self.jdbc_driver = jdbc_driver
self.password = password
self.username = username
self.db_url = db_url
Class.forName(jdbc_driver)
self._conn = DriverManager.getConnection(db_url, username, password)
wrapped_release = self.wrap_dict_as_obj(release)
self.release = wrapped_release
self.release_id = self.convert_id(wrapped_release.id)
if "originTemplateId" in release and release['originTemplateId'] is not None:
self.template_id = self.convert_id(wrapped_release.originTemplateId)
else:
self.template_id = "No Template"
def __init__(self, dbType):
log_file_name = "history_%s.log" % datetime.now().strftime("%Y%m%d")
self.logger = Logger.getLog(log_file_name)
self.conn = None
self.__stmt__ = None
self.__rs__ = None
config = dbType
if config:
try:
Class.forName(config["DRIVER"]).newInstance()
self.conn = DriverManager.getConnection(config["URL"], config["USER"], config["PASSWD"])
except SQLException, e:
self.logger.error("(db.py => __init__)Get %s connection error! \n %s" % (dbType, str(e)))
raise Exception
def registerExtenderCallbacks(self, callbacks):
global statement,con
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("SQLite Logger")
# select sqlite jdbc jar file
c = classPathHacker()
c.addFile("C:\\sqlite-jdbc-3.8.11.2.jar")
# database filename.
jdbc_url = "jdbc:sqlite:database" + str(datetime.date.today()) + ".db"
driver = "org.sqlite.JDBC"
Class.forName(driver).newInstance()
con = DriverManager.getConnection(jdbc_url)
# create table
self.sql = "CREATE TABLE if not exists log(host text,path text,method text,request text,response text,time text);"
statement = con.prepareStatement(self.sql)
statement.executeUpdate()
self._log = ArrayList()
self._lock = Lock()
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
callbacks.addSuiteTab(self)
callbacks.registerHttpListener(self)
return
def test_java_sql(self):
"""
regression test
example and library from: http://www.zentus.com/sqlitejdbc/
"""
conn = None
try:
from java.sql import DriverManager
conn = DriverManager.getConnection(self.jdbc_url)
stat = conn.createStatement()
stat.executeUpdate("drop table if exists people")
stat.executeUpdate("create table people (name, occupation)")
prep = conn.prepareStatement("insert into people values (?, ?)")
prep.setString(1, "Gandhi")
prep.setString(2, "politics")
prep.addBatch()
prep.setString(1, "Turing")
prep.setString(2, "computers")
prep.addBatch()
prep.setString(1, "Wittgenstein")
prep.setString(2, "smartypants")
prep.addBatch()
conn.setAutoCommit(False)
prep.executeBatch()
conn.setAutoCommit(True)
rs = stat.executeQuery("select * from people")
self.assertTrue(rs.next())
self.assertEqual('Gandhi', rs.getString('name'))
self.assertTrue(rs.next())
self.assertEqual('Turing', rs.getString('name'))
self.assertTrue(rs.next())
self.assertEqual('Wittgenstein', rs.getString('name'))
self.assertFalse(rs.next())
self.assertFalse(rs.next())
self.assertFalse(rs.next())
rs.close()
prep.close()
stat.close()
finally:
if conn:
conn.close()
def _jdbc_connect_jython(jclassname, *args):
if _converters is None:
from java.sql import Types
types = Types
types_map = {}
const_re = re.compile('[A-Z][A-Z_]*$')
for i in dir(types):
if const_re.match(i):
types_map[i] = getattr(types, i)
_init_converters(types_map)
# register driver for DriverManager
__import__(jclassname)
global _java_array_byte
if _java_array_byte is None:
import jarray
def _java_array_byte(data):
return jarray.array(data, 'b')
from java.sql import DriverManager
return DriverManager.getConnection(*args)
def sqlite3_write_proc (sqlite3_file,dict_aa):
java.lang.Class.forName("org.sqlite.JDBC")
#
url="jdbc:sqlite:" + sqlite3_file
user = ""
password = ""
conn = DriverManager.getConnection (url,user, password)
stmt = conn.createStatement ()
#
drop_table_proc (conn)
create_table_proc (conn)
#
table_insert_proc (conn,dict_aa)
#
display_proc (conn)
#
conn.close ()
def _connect(self, user=None, password=None):
if self.conn is not None:
raise RuntimeError("You are already connected")
if user is not None or password is not None:
if user is None or password is None:
raise ValueError("Send either both or neither of user password")
else:
f = os.path.join(os.environ["HOME"], ".desdb_pass")
data = open(f).readlines()
if len(data) != 2:
raise ValueError("Expected first line user second line pass in %s" % f)
user = data[0].strip()
password = data[1].strip()
self.user = user
self.url = _url_template % (self.host, self.port, self.dbname)
self.conn = DriverManager.getConnection(self.url, user, password)
self.conn.setDefaultRowPrefetch(self.row_prefetch)
def SaveSettings(self, e):
head, tail = os.path.split(os.path.abspath(__file__))
settings_db = os.path.join(head, "GUI_Settings.db3")
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % settings_db)
except SQLException as e:
self.Error_Message.setText("Error Opening Settings")
try:
stmt = dbConn.createStatement()
SQL_Statement = 'Insert into settings (Setting_Name, Setting_Value) values ("Program_Exec_Name", "' + \
self.Program_Executable_TF.getText() + '");'
resultSet = stmt.executeQuery(SQL_Statement)
self.Error_Message.setText("Settings Saved")
except SQLException as e:
self.Error_Message.setText("Error Inserting Settings " + str(e))
stmt.close()
dbConn.close()
def _jdbc_connect_jython(jclassname, url, driver_args, jars, libs):
if _jdbc_name_to_const is None:
from java.sql import Types
types = Types
types_map = {}
const_re = re.compile('[A-Z][A-Z_]*$')
for i in dir(types):
if const_re.match(i):
types_map[i] = getattr(types, i)
_init_types(types_map)
global _java_array_byte
if _java_array_byte is None:
import jarray
def _java_array_byte(data):
return jarray.array(data, 'b')
# register driver for DriverManager
jpackage = jclassname[:jclassname.rfind('.')]
dclassname = jclassname[jclassname.rfind('.') + 1:]
# print jpackage
# print dclassname
# print jpackage
from java.lang import Class
from java.lang import ClassNotFoundException
try:
Class.forName(jclassname).newInstance()
except ClassNotFoundException:
if not jars:
raise
_jython_set_classpath(jars)
Class.forName(jclassname).newInstance()
from java.sql import DriverManager
if isinstance(driver_args, dict):
from java.util import Properties
info = Properties()
for k, v in driver_args.items():
info.setProperty(k, v)
dargs = [ info ]
else:
dargs = driver_args
return DriverManager.getConnection(url, *dargs)
conf = {}
fp = open(os.path.join(os.environ['HOME'],'.catmaid-db'))
for line in fp:
line = line.strip()
if len(line) == 0:
continue
m = re.search('(\S*)\s*:\s*(\S*)', line)
if m:
conf[m.group(1)] = m.group(2)
fp.close()
database_url = "jdbc:postgresql://%s/%s" % (conf['host'], conf['database'])
c = DriverManager.getConnection(database_url,
conf['username'],
conf['password'])
required_classes = [
"skeleton",
"label",
"root",
"synapse",
"neuron",
"group",
"presynaptic terminal",
"postsynaptic terminal" ]
# Fetch all the class names and IDs:
class_to_class_id = {}
s = c.createStatement()
preppedStmt.close() i = i + 1 j = 0 except SQLException, msg: print msg dbConn.rollback() return False return True def getConnection(jdbc_url, driverName): try: Class.forName(driverName).newInstance() except Exception, msg: print msg sys.exit(-1) try: dbConn = DriverManager.getConnection(jdbc_url) except SQLException, msg: print msg sys.exit(-1) return dbConn def randomWord(length): return '' . join(random.choice(string.lowercase) for i in range(length)) if __name__ == '__main__': main()
def process(self, dataSource, progressBar):
#Check to see if event logs were selected, if not then send message and error out else process events selected
self.log(Level.INFO, "List Of Events ==> " + str(self.List_Of_Events) + " <== Number of Events ==> " + str(len(self.List_Of_Events)))
if len(self.List_Of_Events) < 1:
message = IngestMessage.createMessage(IngestMessage.MessageType.DATA, "ParseEvtx", " No Event Logs Selected to Parse " )
IngestServices.getInstance().postMessage(message)
return IngestModule.ProcessResult.ERROR
else:
# Check to see if the artifacts exist and if not then create it, also check to see if the attributes
# exist and if not then create them
skCase = Case.getCurrentCase().getSleuthkitCase();
skCase_Tran = skCase.beginTransaction()
try:
self.log(Level.INFO, "Begin Create New Artifacts")
artID_evtx = skCase.addArtifactType( "TSK_EVTX_LOGS", "Windows Event Logs")
except:
self.log(Level.INFO, "Artifacts Creation Error, some artifacts may not exist now. ==> ")
artID_evtx = skCase.getArtifactTypeID("TSK_EVTX_LOGS")
try:
self.log(Level.INFO, "Begin Create New Artifacts")
artID_evtx_Long = skCase.addArtifactType( "TSK_EVTX_LOGS_BY_ID", "Windows Event Logs By Event Id")
except:
self.log(Level.INFO, "Artifacts Creation Error, some artifacts may not exist now. ==> ")
artID_evtx_Long = skCase.getArtifactTypeID("TSK_EVTX_LOGS_BY_ID")
try:
attID_ev_fn = skCase.addArtifactAttributeType("TSK_EVTX_FILE_NAME", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Event Log File Name")
except:
self.log(Level.INFO, "Attributes Creation Error, Event Log File Name. ==> ")
try:
attID_ev_rc = skCase.addArtifactAttributeType("TSK_EVTX_RECOVERED_RECORD", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Recovered Record")
except:
self.log(Level.INFO, "Attributes Creation Error, Recovered Record. ==> ")
try:
attID_ev_cn = skCase.addArtifactAttributeType("TSK_EVTX_COMPUTER_NAME", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Computer Name")
except:
self.log(Level.INFO, "Attributes Creation Error, Computer Name. ==> ")
try:
attID_ev_ei = skCase.addArtifactAttributeType("TSK_EVTX_EVENT_IDENTIFIER", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG, "Event Identiifier")
except:
self.log(Level.INFO, "Attributes Creation Error, Event Log File Name. ==> ")
try:
attID_ev_eiq = skCase.addArtifactAttributeType("TSK_EVTX_EVENT_IDENTIFIER_QUALIFERS", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Event Identifier Qualifiers")
except:
self.log(Level.INFO, "Attributes Creation Error, Event Identifier Qualifiers. ==> ")
try:
attID_ev_el = skCase.addArtifactAttributeType("TSK_EVTX_EVENT_LEVEL", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Event Level")
except:
self.log(Level.INFO, "Attributes Creation Error, Event Level. ==> ")
try:
attID_ev_oif = skCase.addArtifactAttributeType("TSK_EVTX_OFFSET_IN_FILE", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Event Offset In File")
except:
self.log(Level.INFO, "Attributes Creation Error, Event Offset In File. ==> ")
try:
attID_ev_id = skCase.addArtifactAttributeType("TSK_EVTX_IDENTIFIER", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Identifier")
except:
self.log(Level.INFO, "Attributes Creation Error, Identifier. ==> ")
try:
attID_ev_sn = skCase.addArtifactAttributeType("TSK_EVTX_SOURCE_NAME", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Source Name")
except:
self.log(Level.INFO, "Attributes Creation Error, Source Name. ==> ")
try:
attID_ev_usi = skCase.addArtifactAttributeType("TSK_EVTX_USER_SECURITY_ID", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "User Security ID")
except:
self.log(Level.INFO, "Attributes Creation Error, User Security ID. ==> ")
try:
attID_ev_et = skCase.addArtifactAttributeType("TSK_EVTX_EVENT_TIME", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Event Time")
except:
self.log(Level.INFO, "Attributes Creation Error, Event Time. ==> ")
try:
attID_ev_ete = skCase.addArtifactAttributeType("TSK_EVTX_EVENT_TIME_EPOCH", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Event Time Epoch")
except:
self.log(Level.INFO, "Attributes Creation Error, Identifier. ==> ")
try:
attID_ev_dt = skCase.addArtifactAttributeType("TSK_EVTX_EVENT_DETAIL_TEXT", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Event Detail")
except:
self.log(Level.INFO, "Attributes Creation Error, Event Detail. ==> ")
try:
attID_ev_cnt = skCase.addArtifactAttributeType("TSK_EVTX_EVENT_ID_COUNT", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG, "Event Id Count")
except:
self.log(Level.INFO, "Attributes Creation Error, Event ID Count. ==> ")
#self.log(Level.INFO, "Get Artifacts after they were created.")
# Get the new artifacts and attributes that were just created
artID_evtx = skCase.getArtifactTypeID("TSK_EVTX_LOGS")
artID_evtx_evt = skCase.getArtifactType("TSK_EVTX_LOGS")
artID_evtx_Long = skCase.getArtifactTypeID("TSK_EVTX_LOGS_BY_ID")
artID_evtx_Long_evt = skCase.getArtifactType("TSK_EVTX_LOGS_BY_ID")
attID_ev_fn = skCase.getAttributeType("TSK_EVTX_FILE_NAME")
attID_ev_rc = skCase.getAttributeType("TSK_EVTX_RECOVERED_RECORD")
attID_ev_cn = skCase.getAttributeType("TSK_EVTX_COMPUTER_NAME")
attID_ev_ei = skCase.getAttributeType("TSK_EVTX_EVENT_IDENTIFIER")
attID_ev_eiq = skCase.getAttributeType("TSK_EVTX_EVENT_IDENTIFIER_QUALIFERS")
attID_ev_el = skCase.getAttributeType("TSK_EVTX_EVENT_LEVEL")
attID_ev_oif = skCase.getAttributeType("TSK_EVTX_OFFSET_IN_FILE")
attID_ev_id = skCase.getAttributeType("TSK_EVTX_IDENTIFIER")
attID_ev_sn = skCase.getAttributeType("TSK_EVTX_SOURCE_NAME")
attID_ev_usi = skCase.getAttributeType("TSK_EVTX_USER_SECURITY_ID")
attID_ev_et = skCase.getAttributeType("TSK_EVTX_EVENT_TIME")
attID_ev_ete = skCase.getAttributeType("TSK_EVTX_EVENT_TIME_EPOCH")
attID_ev_dt = skCase.getAttributeType("TSK_EVTX_EVENT_DETAIL_TEXT")
attID_ev_cnt = skCase.getAttributeType("TSK_EVTX_EVENT_ID_COUNT")
# we don't know how much work there is yet
progressBar.switchToIndeterminate()
# Find the Windows Event Log Files
files = []
fileManager = Case.getCurrentCase().getServices().getFileManager()
files = fileManager.findFiles(dataSource, "%.evtx")
# if self.List_Of_Events[0] == 'ALL':
# files = fileManager.findFiles(dataSource, "%.evtx")
# else:
# for eventlog in self.List_Of_Events:
# file_name = fileManager.findFiles(dataSource, eventlog)
# files.extend(file_name)
#self.log(Level.INFO, "found " + str(file_name) + " files")
#self.log(Level.INFO, "found " + str(files) + " files")
numFiles = len(files)
self.log(Level.INFO, "found " + str(numFiles) + " files")
progressBar.switchToDeterminate(numFiles)
fileCount = 0;
# Create Event Log directory in temp directory, if it exists then continue on processing
Temp_Dir = Case.getCurrentCase().getTempDirectory()
self.log(Level.INFO, "create Directory " + Temp_Dir)
temp_dir = os.path.join(Temp_Dir, "EventLogs")
try:
os.mkdir(temp_dir)
except:
self.log(Level.INFO, "Event Log Directory already exists " + temp_dir)
# Write out each Event Log file to the temp directory
for file in files:
# Check if the user pressed cancel while we were busy
if self.context.isJobCancelled():
return IngestModule.ProcessResult.OK
#self.log(Level.INFO, "Processing file: " + file.getName())
fileCount += 1
# Save the DB locally in the temp folder. use file id as name to reduce collisions
lclDbPath = os.path.join(temp_dir, file.getName())
ContentUtils.writeToFile(file, File(lclDbPath))
# Run the EXE, saving output to a sqlite database
self.log(Level.INFO, "Running program on data source " + self.path_to_exe + " parm 1 ==> " + temp_dir + " Parm 2 ==> " + os.path.join(Temp_Dir,"\EventLogs.db3"))
subprocess.Popen([self.path_to_exe, temp_dir, os.path.join(Temp_Dir, "EventLogs.db3")]).communicate()[0]
# Set the database to be read to the one created by the Event_EVTX program
lclDbPath = os.path.join(Case.getCurrentCase().getTempDirectory(), "EventLogs.db3")
self.log(Level.INFO, "Path to the Eventlogs database file created ==> " + lclDbPath)
# Open the DB using JDBC
try:
Class.forName("org.sqlite.JDBC").newInstance()
dbConn = DriverManager.getConnection("jdbc:sqlite:%s" % lclDbPath)
except SQLException as e:
self.log(Level.INFO, "Could not open database file (not SQLite) " + file.getName() + " (" + e.getMessage() + ")")
return IngestModule.ProcessResult.OK
# files = []
# fileManager = Case.getCurrentCase().getServices().getFileManager()
# if self.List_Of_Events[0] == 'ALL':
# files = fileManager.findFiles(dataSource, "%.evtx")
# else:
# for eventlog in self.List_Of_Events:
# file_name = fileManager.findFiles(dataSource, eventlog)
# files.extend(file_name)
for file in files:
file_name = file.getName()
self.log(Level.INFO, "File To process in SQL " + file_name + " <<=====")
# Query the contacts table in the database and get all columns.
if self.List_Of_Events[0] != 'ALL':
try:
stmt = dbConn.createStatement()
SQL_Statement = "SELECT File_Name, Recovered_Record, Computer_name, Event_Identifier, " + \
" Event_Identifier_Qualifiers, Event_Level, Event_offset, Identifier, " + \
" Event_source_Name, Event_User_Security_Identifier, Event_Time, " + \
" Event_Time_Epoch, Event_Detail_Text FROM Event_Logs where upper(File_Name) = upper('" + file_name + "')" + \
" and Event_Identifier in ('" + self.Event_Id_List + "');"
self.log(Level.INFO, "SQL Statement " + SQL_Statement + " <<=====")
resultSet = stmt.executeQuery(SQL_Statement)
except SQLException as e:
self.log(Level.INFO, "Error querying database for EventLogs table (" + e.getMessage() + ")")
return IngestModule.ProcessResult.OK
# Cycle through each row and create artifacts
while resultSet.next():
try:
#File_Name = resultSet.getString("File_Name")
#Recovered_Record = resultSet.getString("Recovered_Record")
Computer_Name = resultSet.getString("Computer_Name")
Event_Identifier = resultSet.getInt("Event_Identifier")
#Event_Identifier_Qualifiers = resultSet.getString("Event_Identifier_Qualifiers")
Event_Level = resultSet.getString("Event_Level")
#Event_Offset = resultSet.getString("Event_Offset")
#Identifier = resultSet.getString("Identifier")
Event_Source_Name = resultSet.getString("Event_Source_Name")
Event_User_Security_Identifier = resultSet.getString("Event_User_Security_Identifier")
Event_Time = resultSet.getString("Event_Time")
#Event_Time_Epoch = resultSet.getString("Event_Time_Epoch")
Event_Detail_Text = resultSet.getString("Event_Detail_Text")
except SQLException as e:
self.log(Level.INFO, "Error getting values from contacts table (" + e.getMessage() + ")")
# Make an artifact on the blackboard, TSK_PROG_RUN and give it attributes for each of the fields
# Make artifact for TSK_EVTX_LOGS
art = file.newArtifact(artID_evtx)
art.addAttributes(((BlackboardAttribute(attID_ev_cn, ParseEvtxByEventIDIngestModuleFactory.moduleName, Computer_Name)), \
(BlackboardAttribute(attID_ev_ei, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Identifier)), \
(BlackboardAttribute(attID_ev_el, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Level)), \
(BlackboardAttribute(attID_ev_sn, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Source_Name)), \
(BlackboardAttribute(attID_ev_usi, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_User_Security_Identifier)), \
(BlackboardAttribute(attID_ev_et, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Time)), \
(BlackboardAttribute(attID_ev_dt, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Detail_Text))))
# These attributes may also be added in the future
#art.addAttribute(BlackboardAttribute(attID_ev_fn, ParseEvtxByEventIDIngestModuleFactory.moduleName, File_Name))
#art.addAttribute(BlackboardAttribute(attID_ev_rc, ParseEvtxByEventIDIngestModuleFactory.moduleName, Recovered_Record))
#art.addAttribute(BlackboardAttribute(attID_ev_eiq, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Identifier_Qualifiers))
#art.addAttribute(BlackboardAttribute(attID_ev_oif, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Offset))
#art.addAttribute(BlackboardAttribute(attID_ev_id, ParseEvtxByEventIDIngestModuleFactory.moduleName, Identifier))
#art.addAttribute(BlackboardAttribute(attID_ev_ete, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Time_Epoch))
else:
try:
stmt_1 = dbConn.createStatement()
SQL_Statement_1 = "select event_identifier, file_name, count(*) 'Number_Of_Events' " + \
" FROM Event_Logs where upper(File_Name) = upper('" + file_name + "')" + \
" group by event_identifier, file_name order by 3;"
self.log(Level.INFO, "SQL Statement " + SQL_Statement_1 + " <<=====")
resultSet_1 = stmt_1.executeQuery(SQL_Statement_1)
except SQLException as e:
self.log(Level.INFO, "Error querying database for EventLogs table (" + e.getMessage() + ")")
return IngestModule.ProcessResult.OK
self.log(Level.INFO, "This is the to see what the FU is")
# Cycle through each row and create artifacts
while resultSet_1.next():
try:
self.log(Level.INFO, "This is the to see what the FU is 2")
#File_Name = resultSet.getString("File_Name")
#Recovered_Record = resultSet.getString("Recovered_Record")
Event_Identifier = resultSet_1.getInt("Event_Identifier")
Event_ID_Count = resultSet_1.getInt("Number_Of_Events")
except SQLException as e:
self.log(Level.INFO, "Error getting values from contacts table (" + e.getMessage() + ")")
self.log(Level.INFO, "This is the to see what the FU is 3")
# Make an artifact on the blackboard, TSK_PROG_RUN and give it attributes for each of the fields
# Make artifact for TSK_EVTX_LOGS
art_1 = file.newArtifact(artID_evtx_Long)
self.log(Level.INFO, "Type of Object is ==> " + str(type(Event_ID_Count)))
art_1.addAttributes(((BlackboardAttribute(attID_ev_ei, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_Identifier)), \
(BlackboardAttribute(attID_ev_cnt, ParseEvtxByEventIDIngestModuleFactory.moduleName, Event_ID_Count))))
# Fire an event to notify the UI and others that there are new artifacts
IngestServices.getInstance().fireModuleDataEvent(
ModuleDataEvent(ParseEvtxByEventIDIngestModuleFactory.moduleName, artID_evtx_evt, None))
IngestServices.getInstance().fireModuleDataEvent(
ModuleDataEvent(ParseEvtxByEventIDIngestModuleFactory.moduleName, artID_evtx_Long_evt, None))
# Clean up
try:
if self.List_Of_Events[0] != 'ALL':
stmt.close()
else:
stmt_1.close()
dbConn.close()
os.remove(lclDbPath)
except:
self.log(Level.INFO, "Error closing the statment, closing the database or removing the file")
#Clean up EventLog directory and files
for file in files:
try:
os.remove(os.path.join(temp_dir,file.getName()))
except:
self.log(Level.INFO, "removal of Event Log file failed " + Temp_Dir + "\\" + file.getName())
try:
os.rmdir(temp_dir)
except:
self.log(Level.INFO, "removal of Event Logs directory failed " + Temp_Dir)
# Fire an event to notify the UI and others that there are new artifacts
IngestServices.getInstance().fireModuleDataEvent(
ModuleDataEvent(ParseEvtxByEventIDIngestModuleFactory.moduleName, artID_evtx_evt, None))
# After all databases, post a message to the ingest messages in box.
message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
"ParseEvtx", " Event Logs have been parsed " )
IngestServices.getInstance().postMessage(message)
# Fire an event to notify the UI and others that there are new artifacts
IngestServices.getInstance().fireModuleDataEvent(
ModuleDataEvent(ParseEvtxByEventIDIngestModuleFactory.moduleName, artID_evtx_evt, None))
return IngestModule.ProcessResult.OK
