def applyTmpFilter(filePath, filterContent, caseName): currentFilter = helper.getFilter(caseName, helper.getDBNameFromPath(filePath), type = 'file') filteredFileName = applyFilterOnFile(filePath, filterContent, caseName, True) if not os.path.isfile(CASES_DIR + caseName + TMP_DIR + filteredFileName): return None summFilter = currentFilter + ' && ' + filterContent if currentFilter != 'None' else filterContent conn = sqlite3.connect(DATABASE) conn.execute('pragma foreign_keys=ON') # crete new fitler in db conn.execute("INSERT INTO FILTERS VALUES(null, ?, \'\', \'\')",(summFilter,)) q = conn.execute('SELECT max(ID) FROM FILTERS') filterID = q.fetchone()[0] q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?",(caseName,)) IDs = q.fetchone() caseID = IDs[0] if SQLHelper.getFileID(helper.getDBNameFromPath(CASES_DIR + caseName + TMP_DIR + filteredFileName), caseName) is not None: conn.commit() conn.close() helper.updateFile(CASES_DIR + caseName + TMP_DIR + filteredFileName, caseName, filterID) else: sourceFile = helper.getDBNameFromPath(filePath) fileSize = os.path.getsize(CASES_DIR + caseName + TMP_DIR + filteredFileName) dateTimes = helper.getDateTimeFromFile(CASES_DIR + caseName + TMP_DIR + filteredFileName) conn.execute("INSERT INTO FILES VALUES (null, ?, ?, ?, ?, ?, ?, ?, ?, ?)", ("tmp/"+filteredFileName, "tmp", caseID, filterID, fileSize, dateTimes[0], dateTimes[1], sourceFile,'description',)) #conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+filteredFileName+"\',\'tmp\',"+str(caseID)+","+str(filterID)+","+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')") conn.commit() conn.close() return filteredFileName
def applyTimeFilterOnFile(filePath, caseName, start = '', end = '', override = False): syslog.syslog("PCAP APP: applyTimeFilterOnFile: "+filePath+" started: "+str(datetime.datetime.now())) if start == '' and end == '': return None tmpF = tempfile.NamedTemporaryFile(delete=True) outputFileName = os.path.basename(tmpF.name + '.pcap') outputFilePath = CASES_DIR + caseName + TMP_DIR + outputFileName subprocess.call(['editcap','-A', start, '-B',end, filePath,outputFilePath]) if not os.path.isfile(outputFilePath): return None if override: os.rename(outputFilePath, filePath) outputFilePath = filePath outputFileName = helper.getDBNameFromPath(filePath) conn = sqlite3.connect(DATABASE) conn.execute('pragma foreign_keys=ON') # crete new fitler in db q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?", (caseName,)) IDs = q.fetchone() caseID = IDs[0] if SQLHelper.getFileID(helper.getDBNameFromPath(outputFilePath), caseName) is not None: conn.commit() conn.close() helper.updateFile(outputFilePath, caseName, 'null') else: sourceFile = helper.getDBNameFromPath(filePath) fileSize = os.path.getsize(outputFilePath) dateTimes = helper.getDateTimeFromFile(outputFilePath) conn.execute("INSERT INTO FILES VALUES (null, ?, ?, ?, null, ?, ?, ?, ?, ?)", ("tmp/"+outputFileName, "tmp", caseID, fileSize, dateTimes[0], dateTimes[1], sourceFile,'description',)) # conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+outputFileName+"\',\'tmp\',"+str(caseID)+",null,"+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')") conn.commit() conn.close() syslog.syslog("PCAP APP: applyTimeFilterOnFile: "+filePath+" ended: "+str(datetime.datetime.now())) return outputFilePath
def applyTimeFilterOnFile(filePath, caseName, start='', end='', override=False): syslog.syslog("PCAP APP: applyTimeFilterOnFile: " + filePath + " started: " + str(datetime.datetime.now())) if start == '' and end == '': return None tmpF = tempfile.NamedTemporaryFile(delete=True) outputFileName = os.path.basename(tmpF.name + '.pcap') outputFilePath = CASES_DIR + caseName + TMP_DIR + outputFileName subprocess.call( ['editcap', '-A', start, '-B', end, filePath, outputFilePath]) if not os.path.isfile(outputFilePath): return None if override: os.rename(outputFilePath, filePath) outputFilePath = filePath outputFileName = helper.getDBNameFromPath(filePath) conn = sqlite3.connect(DATABASE) conn.execute('pragma foreign_keys=ON') # crete new fitler in db q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?", (caseName, )) IDs = q.fetchone() caseID = IDs[0] if SQLHelper.getFileID(helper.getDBNameFromPath(outputFilePath), caseName) is not None: conn.commit() conn.close() helper.updateFile(outputFilePath, caseName, 'null') else: sourceFile = helper.getDBNameFromPath(filePath) fileSize = os.path.getsize(outputFilePath) dateTimes = helper.getDateTimeFromFile(outputFilePath) conn.execute( "INSERT INTO FILES VALUES (null, ?, ?, ?, null, ?, ?, ?, ?, ?)", ( "tmp/" + outputFileName, "tmp", caseID, fileSize, dateTimes[0], dateTimes[1], sourceFile, 'description', )) # conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+outputFileName+"\',\'tmp\',"+str(caseID)+",null,"+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')") conn.commit() conn.close() syslog.syslog("PCAP APP: applyTimeFilterOnFile: " + filePath + " ended: " + str(datetime.datetime.now())) return outputFilePath
def applyTmpFilter(filePath, filterContent, caseName): currentFilter = helper.getFilter(caseName, helper.getDBNameFromPath(filePath), type='file') filteredFileName = applyFilterOnFile(filePath, filterContent, caseName, True) if not os.path.isfile(CASES_DIR + caseName + TMP_DIR + filteredFileName): return None summFilter = currentFilter + ' && ' + filterContent if currentFilter != 'None' else filterContent conn = sqlite3.connect(DATABASE) conn.execute('pragma foreign_keys=ON') # crete new fitler in db conn.execute("INSERT INTO FILTERS VALUES(null, ?, \'\', \'\')", (summFilter, )) q = conn.execute('SELECT max(ID) FROM FILTERS') filterID = q.fetchone()[0] q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?", (caseName, )) IDs = q.fetchone() caseID = IDs[0] if SQLHelper.getFileID( helper.getDBNameFromPath(CASES_DIR + caseName + TMP_DIR + filteredFileName), caseName) is not None: conn.commit() conn.close() helper.updateFile(CASES_DIR + caseName + TMP_DIR + filteredFileName, caseName, filterID) else: sourceFile = helper.getDBNameFromPath(filePath) fileSize = os.path.getsize(CASES_DIR + caseName + TMP_DIR + filteredFileName) dateTimes = helper.getDateTimeFromFile(CASES_DIR + caseName + TMP_DIR + filteredFileName) conn.execute( "INSERT INTO FILES VALUES (null, ?, ?, ?, ?, ?, ?, ?, ?, ?)", ( "tmp/" + filteredFileName, "tmp", caseID, filterID, fileSize, dateTimes[0], dateTimes[1], sourceFile, 'description', )) #conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+filteredFileName+"\',\'tmp\',"+str(caseID)+","+str(filterID)+","+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')") conn.commit() conn.close() return filteredFileName