def display(self, query, result): new_q = result.make_link(query, '') if not query.has_key('limit'): query['limit'] = 0 dbh = self.DBO(query['case']) fsfd = FileSystem.DBFS(query["case"]) ## If this is a directory, only show the stats if query.has_key('inode_id'): fd = fsfd.open(inode_id=query['inode_id']) fd.inode_id = query['inode_id'] query['inode'] = fd.inode else: fd = fsfd.open(inode=query['inode']) if not fd: return image = Graph.Thumbnailer(fd, 300) ## Make a series of links to each level of this inode - this ## way we can view parents of this inode. tmp = result.__class__(result) tmp.text("Viewing file in inode ", make_inode_link(fd, query, result)) result.heading(tmp) try: result.text("Classified as %s by magic" % image.GetMagic()) except IOError, e: result.text("Unable to classify file, no blocks: %s" % e) image = None
def display(self, value, row, result): dbh = DB.DBO(self.case) fsfd = FileSystem.DBFS(self.case) dbh.execute( "select file.inode_id as inode_id, name from file, webmail_attachments where webmail_attachments.inode_id = %r and file.inode_id = webmail_attachments.attachment", value) for row in dbh: tmp = result.__class__(result) try: fd = fsfd.open(inode_id=row['inode_id']) image = Graph.Thumbnailer(fd, 100) except IOError: pass if image.height > 0: tmp.image(image, width=image.width, height=image.height) else: tmp.image(image, width=image.width) link = result.__class__(result) name = row['name'] if len(name) > 20: name = name[:20] + " ..." tmp.para(name) link.link(tmp, tooltip=row['name'], pane='new', target=FlagFramework.query_type( family="Disk Forensics", report="ViewFile", case=self.case, mode='Summary', inode_id=row['inode_id'])) result.row(link)
def render_html(self, inode_id, table_renderer): ct='' try: fd = self.fsfd.open(inode_id = inode_id) image = Graph.Thumbnailer(fd, 200) inode_filename, ct, fd = table_renderer.make_archive_filename(inode_id) filename, ct, fd = table_renderer.make_archive_filename(inode_id, directory = "thumbnails/") table_renderer.add_file_from_string(filename, image.display()) except IOError,e: print e return "<a href=%r ><img src='images/broken.png' /></a>" % inode_filename
def render_cell(self, inode_id): """ Renders a single inode_id """ filename, ct, fd = self.make_archive_filename(inode_id, directory = "thumbnails/") image = Graph.Thumbnailer(fd, 200) inode_filename,ct, fd = self.make_archive_filename(inode_id) self.add_file_from_string(filename, image.display()) path, inode, inode_id = FileSystem.DBFS(self.case).lookup(inode_id = inode_id) ## Make sure we export the inode dbh = DB.DBO() dbh.insert("jobs", command = "Export", arg1 = self.case, arg2 = inode_id, ) return "<abbr title='%s'><a href='%s'><img src='%s' /></a><br/>"\ "<a href='inodes/%s_explain.html' ><img src=images/question.png /></a>"\ "%s</abbr>" % (\ path, inode_filename, filename, inode_id, fd.inode)
for k, v in istat.iteritems(): left.row('%s:' % k, '', v, align='left') except AttributeError: pass #What did libextractor have to say about this file? dbh = DB.DBO(self.case) dbh.execute("select property,value from xattr where inode_id=%r", istat['inode_id']) for row in dbh: left.row(row['property'], ': ', row['value']) left.end_table() image = Graph.Thumbnailer(self, 300) if image: right = result.__class__(result) right.image(image, width=200) result.start_table(width="100%") result.row(left, right, valign='top', align="left") image.headers = [ ("Content-Disposition", "attachment; filename=%s" % name), ] else: result.start_table(width="100%") result.row(left, valign='top', align="left") class StringIOFile(File): """ This is a File object which is implemented as a StringIO.
def plot(self, gen, query, result, figure_args=None, plot_args=None, *args): color_list = ['b', 'r', 'm', 'c', 'burlywood'] if not figure_args: figure_args = {} if not plot_args: plot_args = {} timestamp = figure_args.pop("timestamp", False) fig = figure.Figure(**figure_args) ax = fig.add_subplot(111) x = [] y = [] for a, b in gen: x.append(a) y.append(b) if 'color' not in plot_args: plot_args['color'] = 'k' if timestamp: # Special case to allow plotting the x axis as time ax.get_xaxis().set_major_formatter( dates.DateFormatter("%d-%m-%Y\n%H:%M:%S")) ax.get_xaxis().set_major_locator(MaxNLocator(6)) #x = [dates.epoch2num(i) for i in x] x = dates.epoch2num(x) ax.plot(x, y, '.', **plot_args) ax.grid() for i, arg in enumerate(args): i = [] j = [] plot_args['zorder'] = i if 'color' in plot_args: del plot_args['color'] if len(color_list) > 0: plot_args['color'] = color_list.pop(0) if 'markersize' in plot_args: plot_args['markersize'] *= 1.3 else: plot_args['markersize'] = matplotlib.defaultParams[ 'lines.markersize'][0] * 1.3 for a, b in arg: i.append(a) j.append(b) if timestamp: i = dates.epoch2num(i) ax.plot(i, j, '.', **plot_args) ## Make a temporary file name: fd = tempfile.TemporaryFile() canvas = FigureCanvas(fig) canvas.print_figure(fd) fd.seek(0) if not query.has_key("download"): image = Graph.Image(fd.read()) result.image(image) else: result.generator.content_type = "image/png" result.generator.generator = [ fd.read(), ]
def display(self, query, result): dbh = self.DBO(query['case']) try: bin_size = int(query['bin_size']) except KeyError: bin_size = 60 query['bin_size'] = str(bin_size) result.heading("Bandwidth estimate from log %s" % query['logtable']) result.start_table() result.start_form(query) result.textfield('Bin Size (Seconds):', 'bin_size') result.end_form(None) result.end_table() if query.has_key('graph'): new_query = query.clone() del new_query['graph'] del new_query['limit'] result.link("Click here to view table", new_query) params = { 'timestamp': query['timestamp'], 'bin_size': bin_size, 'size': query['size'], 'logtable': query['logtable'] } try: start = int(query['limit']) if not start: raise KeyError except KeyError: dbh.execute( 'select unix_timestamp(min(%(timestamp)s)) as `min` from %(logtable)s' % params) start = dbh.fetch()['min'] params['start'] = start result.para("") dbh.execute( 'select unix_timestamp(%(timestamp)s) as `timestamp`,floor(unix_timestamp(%(timestamp)s)/%(bin_size)s)*%(bin_size)s as `Unix Timestamp`,from_unixtime(floor(unix_timestamp(%(timestamp)s)/%(bin_size)s)*%(bin_size)s) as `DateTime`,sum(%(size)s) as `Count` from %(logtable)s where `%(timestamp)s`>from_unixtime("%(start)s") and `%(timestamp)s`<from_unixtime("%(start)s"+100*%(bin_size)s) group by `Unix Timestamp` order by `Unix Timestamp` asc limit 0, 100' % params) x = [] y = [] z = [] for row in dbh: x.append(row['DateTime']) y.append(row['Count']) z.append(row['timestamp']) try: result.next = z[-1] result.previous = z[0] - 100 * bin_size except IndexError: del query['limit'] result.refresh(0, query) import pyflag.Graph as Graph graph = Graph.Graph() graph.hist(x, y, xlabels='yes', stubvert='yes', xlbl="Timestamp Bin", ylbl="Bytes per Bin", ylbldet="adjust=-0.15,0", xlbldet="adjust=0,-1.1") result.image(graph) return result.link("Click here to view graph", query, graph=1) result.table( columns=('floor(unix_timestamp(%s)/%s)*%s' % (query['timestamp'], bin_size, bin_size), 'from_unixtime(floor(unix_timestamp(%s)/%s)*%s)' % (query['timestamp'], bin_size, bin_size), 'sum(%s)' % query['size']), names=('Unix Timestamp', 'DateTime', 'Count'), links=[], table=query['logtable'], case=query['case'], groupby='`Unix Timestamp`')