def dump_blocks(self):
## Read all the data into a single string
data_blocks = []
## Open another read handle to the file private to our thread
fd = oracle.open(self.in_urn, 'r')
try:
for block, length in self.blocks:
fd.seek(block)
data_blocks.append(fd.read(length))
finally:
fd.cache_return()
data = ''.join(data_blocks)
## If there is not enough data here, we just write it to the
## miscelaneous stream
if len(data) < self.MIN_SIZE:
return self.dump_to_misc(data)
## Calculate the hash
m = hashlib.sha1()
m.update(data)
hashed_urn = pyaff4.RDFURN("aff4://" + m.hexdigest())
## Check if the hashed file already exists
if self.check_corpus(m.digest()):
log("Skipping.... %s" % hashed_urn.value)
else:
compression = pyaff4.XSDInteger(self.compression)
## Save a copy of the data
out_fd = oracle.create(pyaff4.AFF4_IMAGE)
out_fd.urn.set(hashed_urn.value)
out_fd.set(pyaff4.AFF4_STORED, self.volume_urn)
out_fd.set(pyaff4.AFF4_COMPRESSION, compression)
out_fd = out_fd.finish()
out_fd.write(data)
self.add_to_corpus(m.digest(),
self.attributes.get(FILENAME_URN, '1'))
## Attach the attributes for this new object
#pdb.set_trace()
if self.attributes:
for k, v in self.attributes.items():
try:
out_fd.set(k, v)
except:
out_fd.set(k, pyaff4.XSDString(str(v)))
out_fd.close()
if self.inode:
string = pyaff4.XSDString(self.inode)
log("Setting %s filename %s" % (hashed_urn.value, self.inode))
oracle.add_value(hashed_urn,
pyaff4.PREDICATE_NAMESPACE + "filename", string)
self.add_block_run(hashed_urn)
def score(self, fd, data):
hint = pyaff4.XSDString()
if oracle.resolve_value(fd.urn, pyaff4.AFF4_FILE_TYPE, hint):
self.type = hint.value
return 50
return 0
def tree_cb(path):
child = pyaff4.XSDString()
urn = pyaff4.RDFURN()
urn.set(pyaff4.AFF4_NAVIGATION_ROOT)
urn.add(path)
iter = oracle.get_iter(urn, pyaff4.AFF4_NAVIGATION_CHILD)
while oracle.iter_next(iter, child):
yield (child.value, child.value, 'branch')
def do_resolve(self, line):
globs = shlex.split(line)
attribute = pyaff4.XSDString()
subject = pyaff4.RDFURN()
iter = pyaff4.RESOLVER_ITER()
subject.set(globs[0])
try:
attribute.set(globs[1])
print attribute.value
self._display_attribute(iter)
except IndexError:
## Just display all the attributes
while oracle.attributes_iter(subject, attribute, iter):
print attribute.value
self._display_attribute(iter)
def populate_tree(self, node):
## Make sure to clear previous children
try:
children = self.tree.get_children(node)
for child in children:
self.tree.delete(child)
except: pass
child = pyaff4.XSDString()
urn = pyaff4.RDFURN()
urn.set(self.tree.set(node, 'url'))
path = self.tree.set(node, "path")
iter = oracle.get_iter(urn, pyaff4.AFF4_NAVIGATION_CHILD)
while oracle.iter_next(iter, child):
new_path = path + "/" + child.value
self.tree.insert(node, "end", text=child.value,
values=[new_path, urn.value + "/" + child.value])
import pyaff4
import time
time.sleep(1)
oracle = pyaff4.Resolver()
URN = "aff4://navigation/root"
URN = "aff4://69581d02-36ae-47a4-b0ba-888368dc2e11/192.168.1.34-192.168.1.1/38099-25/reverse"
urn = pyaff4.RDFURN()
urn.set(URN)
attribute = pyaff4.XSDString()
iter = pyaff4.RESOLVER_ITER()
next = 0
while oracle.attributes_iter(urn, attribute, iter):
print
print attribute.value
while 1:
obj = oracle.alloc_from_iter(iter)
if not obj: break
print " -> type (%s) " % (obj.dataType)
print " -> data (%s) " % (obj.serialise(urn))
## Note that this method is called in the proxy class, but ends up
## calling the RDFSpecial class instance:
value.set("foobar")
## Make up some URI to attach to:
urn = pyaff4.RDFURN()
urn.set("hello")
## We make up an attribute within the aff4 namespace
attr = pyaff4.PREDICATE_NAMESPACE + "sample_attribute"
## Now we can use it in the resolver as normal
oracle.set_value(urn, attr, value)
## Now set the same value using an alternative dataType:
value2 = pyaff4.XSDString()
value2.set("foobar")
## note that the same attribute can have multiple values encoded using
## different dataTypes:
oracle.add_value(urn, attr, value2)
## Print out all the attributes
iter = oracle.get_iter(urn, attr)
while 1:
obj = oracle.alloc_from_iter(iter)
if not obj: break
print "%s - Resolved value: %r" % (obj, obj.encode(None))
## Now we want to write everything to an RDF serialization. This is
oracle = pyaff4.Resolver()
volume = oracle.create(pyaff4.AFF4_ZIP_VOLUME)
volume.set(pyaff4.AFF4_STORED, urn)
volume = volume.finish()
volume_urn = volume.urn
volume.cache_return()
## Now make a new graph object
graph = oracle.create(pyaff4.AFF4_GRAPH)
graph.set(pyaff4.AFF4_STORED, volume_urn)
graph = graph.finish()
## Just put in some data:
data = pyaff4.XSDString()
data.set("world")
graph.set_triple(volume_urn, "hello", data)
data.set("world2")
graph.set_triple(volume_urn, "hello", data)
data.set("world3")
graph.set_triple(volume_urn, "hello", data)
## Close everything.
graph.close()
volume = oracle.open(volume_urn, 'w')
volume.close()
def __init__(self, navigation_graph_urn, *args, **kwargs):
self.URL = pyaff4.RDFURN()
self.STR = pyaff4.XSDString()
self.navigation_graph_urn = navigation_graph_urn
Store.FastStore.__init__(self, limit=500, *args, **kwargs)
if not inode_id:
raise IOError("Unknown URN %s" % urn)
## Is it already in the type table?
import pyflag.FileSystem as FileSystem
fsfd = FileSystem.DBFS(case)
fd = fsfd.open(inode_id = inode_id)
max_score, scores = self.estimate_type(fd)
return max_score[1].type_str(), max_score[1].mime_str(), scores
def set_magic(case, inode_id, magic, mime=None):
""" Set the magic string on the inode """
urn = pyaff4.RDFURN()
xsd_magic = pyaff4.XSDString()
xsd_magic.set(magic)
oracle.get_urn_by_id(inode_id, urn)
oracle.set_value(urn, pyaff4.AFF4_FILE_TYPE, xsd_magic)
class Magic:
""" This is the base class for all Magic handlers. """
## The default type and mime strings
type = None
mime = 'application/octet-stream'
default_score = 100
## Note that these must be unique to this Magic instance since the
## indexer uses the unique IDs to identify this class. This might
## be a future limitation.