def quickFilter(self): self.timer.stop() index = self.mode.currentIndex() if index in xrange(0, 4): self.filterTH.stopSearch() if self.query == "": self.resetFilter() else: self.resetFilter() q = "name matches " + self.filterMode[ index] + self.query + self.filterMode[index] self.launchFilter(q) else: try: query = self.filterCombo.lineEdit().text() if query != "": f = Filter("test") q = str(unicode(query).encode('utf-8')) f.compile(q) self.edit.setStyleSheet(self.greenstyle) self.resetFilter() self.launchFilter() else: self.resetFilter() except RuntimeError: self.edit.setStyleSheet(self.redstyle)
def quickFilter(self): self.timer.stop() index = self.mode.currentIndex() if index in xrange(0,4): self.filterTH.stopSearch() if self.query == "": self.resetFilter() else: self.resetFilter() q = "name matches " + self.filterMode[index] + self.query + self.filterMode[index] self.launchFilter(q) else: try: query = self.filterCombo.lineEdit().text() if query != "": f = Filter("test") q = str(unicode(query).encode('utf-8')) f.compile(q) self.edit.setStyleSheet(self.greenstyle) self.resetFilter() self.launchFilter() else: self.resetFilter() except RuntimeError: self.edit.setStyleSheet(self.redstyle)
def __init__(self, parent=None): EventHandler.__init__(self) QThread.__init__(self) self.__parent = parent self.nodes = [] self.filters = Filter("search") self.filters.connection(self) self.model = None self.listmode = False
def updateQuery(self, query): self.timer.start(1000) if self.mode.currentIndex() in xrange(0,4): self.query = query else: f = Filter("completer") try: q = str(unicode(query).encode('utf-8')) f.compile(q) self.edit.setStyleSheet(self.greenstyle) except RuntimeError: self.edit.setStyleSheet(self.redstyle)
def updateQuery(self, query): self.timer.start(1000) if self.mode.currentIndex() in xrange(0, 4): self.query = query else: f = Filter("completer") try: q = str(unicode(query).encode('utf-8')) f.compile(q) self.edit.setStyleSheet(self.greenstyle) except RuntimeError: self.edit.setStyleSheet(self.redstyle)
def start(self, args): self.nodes = [] self.nodescount = 1 self.oldcur = 0 fname = args["filter_name"].value() expression = args["expression"].value() root_node = args["root_node"].value() if args.has_key("verbose"): self.verbose = True else: self.verbose = False if args.has_key("recursive"): recursive = True else: recursive = False f = Filter(fname) f.connection(self) try: f.compile(expression) except RuntimeError: self.res["error"] = Variant("provided expression is not valid") f.process(root_node, recursive) self.res["total of matching nodes"] = Variant(len(self.nodes)) if args.has_key("save_result"): si_node = self.vfs.getnode("/Bookmarks") if si_node == None: root = self.vfs.getnode("/") si_node = Node("Bookmarks", 0, root) si_node.__disown__() fnode = Node(fname, 0, si_node) fnode.__disown__() for node in self.nodes: vl = VLink(node, fnode, node.name()) vl.__disown__()
def add(self): filt = Filter(self) ret = filt.exec_() if ret == 1: currow = self.table.rowCount() self.table.setRowCount(self.table.rowCount() + 1) name = QTableWidgetItem(QString(filt.name())) name.setFlags(Qt.ItemIsSelectable | Qt.ItemIsEnabled) self.table.setItem(currow, 0, name) check = QCheckBox() check.setChecked(True) self.table.setCellWidget(currow, 1, check) self.filters.append(filt) self.emit(SIGNAL("filterAdded")) self.table.horizontalHeader().setResizeMode( 1, QHeaderView.ResizeToContents)
def add(self): filt = Filter(self) ret = filt.exec_() if ret == 1: currow = self.table.rowCount() self.table.setRowCount(self.table.rowCount() + 1) name = QTableWidgetItem(QString(filt.name())) name.setFlags(Qt.ItemIsSelectable|Qt.ItemIsEnabled) self.table.setItem(currow, 0, name) check = QCheckBox() check.setChecked(True) self.connect(check, SIGNAL("stateChanged(int)"), self.filterState) self.table.setCellWidget(currow, 1, check) self.filters.append(filt) self.refreshQueryEdit() self.emit(SIGNAL("filterAdded")) self.table.horizontalHeader().setResizeMode(1, QHeaderView.ResizeToContents)
def findNodes(self, query): v = vfs.vfs() rootnode = v.getnode("/") filters = Filter("") # query = 'name matches re("^global_history.dat")' filters.compile(query) filters.process(rootnode, True) result = filters.matchedNodes() return result
def filter(self, pattern, node): children = self.getDirectories(node) if len(children) > 0: f = Filter("completer") exp = '(name matches re("^' + pattern + '",i))' f.compile(exp) f.process(children) possible = f.matchedNodes() return possible return []
def searchTaggedNode(self): f = Filter("") f.compile('tags in ["malware", "suspicious"]') f.process(self.root) malwareNodes = f.matchedNodes() if len(malwareNodes ) != 0: #if get some results we add it to the report page = self.reportManager.createPage("MyAnalysis", "Files") page.addNodeList("Malware", malwareNodes) self.reportManager.addPage(page)
def findMorkFiles(self): # For Firefox < version 3 filesname = ["formhistory.dat", "history.dat"] v = vfs.vfs() rootnode = v.getnode("/") filters = Filter("") query = 'type == "database/mork"' filters.compile(query) filters.process(rootnode, True) result = filters.matchedNodes() return result
def addFilter(self, name, query): filt = Filter(self, name, query) currow = self.table.rowCount() self.table.setRowCount(self.table.rowCount() + 1) name = QTableWidgetItem(QString(name)) name.setFlags(Qt.ItemIsSelectable | Qt.ItemIsEnabled) self.table.setItem(currow, 0, name) check = QCheckBox() check.setChecked(True) self.filters.append(filt) self.emit(SIGNAL("filterAdded")) self.table.horizontalHeader().setResizeMode( 1, QHeaderView.ResizeToContents)
def filter(self, pattern, node): children = self.getDirectories(node) if len(children) > 0: f = Filter("completer") exp = '(name matches re("^'+ pattern +'",i))' f.compile(exp) f.process(children) possible = f.matchedNodes() return possible return []
def start(self, args): self.root = self.vfs.getnode("/") try: #self.status #searching filter = Filter("") query = '(type in["image/jpeg"])' filter.compile(query) filter.process(self.root, True) nodes = filter.matchedNodes() #self.status getting coord for x on x for node in nodes: coord = self.getCoordinates(node) if coord: self.nodeCoord[node] = coord except Exception as e: print 'Maps module error ', e
def scanJoin(self, root, modulesToApply = None): modMap = {} modCount = 0 jobs = [] while not self.empty(): task = self.get() moduleName = task[1][0] if modulesToApply != None: if not module in modulesToApply: self.task_done() continue module = self.loader.modules[moduleName] try: filterText = module.scanFilter if filterText != '': arguments = task[1][1] nodeArguments = module.conf.argumentsByType(typeId.Node) if len(nodeArguments) == 1: node = arguments[nodeArguments[0].name()].value() filter = Filter('') filter.compile(str(filterText)) filter.process(node) matches = filter.matchedNodes() if not len(matches): self.task_done() continue except : #filter can throw pass try : modMap[task[1][0]] += 1 except KeyError: modMap[task[1][0]] = 1 job2 = (self.task_done_scan, (root, task[1][0],)) job = (task, job2) jobs.append(job) modCount += 1 if modCount: self.displayItem(root, modCount, modMap) for job in jobs: sched.enqueue(job) self.join() self.refresh()
def searchQuery(self, query, node): filters = Filter("") filters.compile(query) filters.process(node) return filters.matchedNodes()
class SearchThread(QThread, EventHandler): def __init__(self, parent=None): EventHandler.__init__(self) QThread.__init__(self) self.__parent = parent self.nodes = [] self.filters = Filter("search") self.filters.connection(self) self.model = None self.listmode = False def setListContext(self, query, nodelist, targetmodel): self.listmode = True self.nodes = VecNode() for node in nodelist: self.nodes.append(node) self.model = targetmodel try: self.filters.compile(query) return True except: box = QMessageBox( QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), QMessageBox.NoButton, self.__parent, ) box.setDetailedText(QString.fromUtf8(query)) box.exec_() return False def setContext(self, query, rootnode, targetmodel): self.listmode = False self.rootnode = rootnode self.model = targetmodel try: self.filters.compile(query) return True except Exception as e: print e box = QMessageBox( QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), QMessageBox.NoButton, self.__parent, ) box.setDetailedText(QString.fromUtf8(query)) box.exec_() return False def Event(self, e): if e != None: if e.value != None: if e.type == Filter.EndOfProcessing: self.emit(SIGNAL("finished")) if e.type == Filter.TotalNodesToProcess: self.total = e.value.value() if e.type == Filter.ProcessedNodes: self.processed += 1 if e.type == Filter.NodeMatched: self.match += 1 val = e.value.value() self.model.emit(SIGNAL("appendList"), val) self.emit(SIGNAL("match")) pc = self.processed * 100 / self.total try: if pc > self.percent: self.percent = pc self.emit(SIGNAL("count"), self.percent) except: self.percent = 0 def run(self): self.emit(SIGNAL("started")) self.match = 0 self.processed = 0 self.total = 0 self.percent = 0 try: if not self.listmode: self.filters.process(self.rootnode, True) else: self.filters.process(self.nodes) except: pass def stopSearch(self): e = event() e.thisown = False e.type = Filter.StopProcessing self.filters.Event(e)
class SearchThread(QThread, EventHandler): def __init__(self, parent=None): EventHandler.__init__(self) QThread.__init__(self) self.__parent = parent self.nodes = [] self.filters = Filter("search") self.filters.connection(self) self.model = None self.listmode = False def setListContext(self, query, nodelist, targetmodel): self.listmode = True self.nodes = VecNode() for node in nodelist: self.nodes.append(node) self.model = targetmodel try: self.filters.compile(query) return True except: box = QMessageBox(QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), \ QMessageBox.NoButton, self.__parent) box.setDetailedText(QString.fromUtf8(query)) box.exec_() return False def setContext(self, query, rootnode, targetmodel): self.listmode = False self.rootnode = rootnode self.model = targetmodel try: self.filters.compile(query) return True except Exception as e: print e box = QMessageBox(QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), \ QMessageBox.NoButton, self.__parent) box.setDetailedText(QString.fromUtf8(query)) box.exec_() return False def Event(self, e): if e != None: if e.value != None: if e.type == Filter.EndOfProcessing: self.emit(SIGNAL("finished")) if e.type == Filter.TotalNodesToProcess: self.total = e.value.value() if e.type == Filter.ProcessedNodes: self.processed += 1 if e.type == Filter.NodeMatched: self.match += 1 val = e.value.value() self.model.emit(SIGNAL("appendList"), val) self.emit(SIGNAL("match")) pc = self.processed * 100 / self.total try: if pc > self.percent: self.percent = pc self.emit(SIGNAL("count"), self.percent) except: self.percent = 0 def run(self): self.emit(SIGNAL("started")) self.match = 0 self.processed = 0 self.total = 0 self.percent = 0 try: if not self.listmode: self.filters.process(self.rootnode, True) else: self.filters.process(self.nodes) except: pass def stopSearch(self): e = event() e.thisown = False e.type = Filter.StopProcessing self.filters.Event(e)
def search(self, query): filters = Filter("") filters.compile(query) filters.process(self.root, True) return filters.matchedNodes()