import pyaff4 import time time.sleep(1) oracle = pyaff4.Resolver() URN = "aff4://navigation/root" URN = "aff4://69581d02-36ae-47a4-b0ba-888368dc2e11/192.168.1.34-192.168.1.1/38099-25/reverse" urn = pyaff4.RDFURN() urn.set(URN) attribute = pyaff4.XSDString() iter = pyaff4.RESOLVER_ITER() next = 0 while oracle.attributes_iter(urn, attribute, iter): print print attribute.value while 1: obj = oracle.alloc_from_iter(iter) if not obj: break print " -> type (%s) " % (obj.dataType) print " -> data (%s) " % (obj.serialise(urn))
def worker_startup(self, dbh, case): if FlagFramework.job_tdb: FlagFramework.job_tdb.close() FlagFramework.job_tdb = None oracle = pyaff4.Resolver()
import time, pdb time.sleep(1) """ This program demonstrates how to install a new RDFValue handler. We need to define a python class with the minimum required methods. In order for the resolver to be able to use a python object we need to wrap it in a proxy. The proxy class builds a C class which proxies the python object - this means that when a c function calls the object's method, the proxy will translate it into a python call for the class method. Once we register the class as an RDFValue implementation, we can obtain new instances from the resolver by naming its dataType. """ oracle = pyaff4.Resolver(pyaff4.RESOLVER_MODE_NONPERSISTANT) class RDFSpecial: """ This is a do nothing class to demonstate python serialization. We demonstrate it by encoding the value using hex (its basically equivalent to xsd:hexBinary) """ # Our dataType is the name which we will use to serialise this # type - this field is mandatory and must be globally unique dataType = pyaff4.PREDICATE_NAMESPACE + "RDFSpecial" value = '' def encode(self, subject): """ This method will be called when we are required to encode
def __init__(self): threading.Thread.__init__(self) self.resolver = pyaff4.Resolver() self.logger = Logger() self.resolver.register_logger(self.logger)
import pypcap, reassembler import time import pyaff4, os, pdb time.sleep(1) import gc gc.set_debug(gc.DEBUG_LEAK) oracle = pyaff4.Resolver(pyaff4.RESOLVER_MODE_DEBUG_MEMORY) image_urn = pyaff4.RDFURN() image_urn.set("/var/tmp/uploads/testimages/stdcapture_0.4.pcap") image_urn.set("/var/tmp/uploads/a5912_01_03.pcap") image = oracle.open(image_urn, 'r') pcap_file = pypcap.PyPCAP(image) ## Create a new volume on the output file outfile = pyaff4.RDFURN() outfile.set("/tmp/output.aff4") try: os.unlink(outfile.parser.query) except: pass volume = oracle.create(pyaff4.AFF4_ZIP_VOLUME) volume.set(pyaff4.AFF4_STORED, outfile) volume = volume.finish() volume_urn = volume.urn oracle.cache_return(volume)