def collect(self): for root, dirs, files in os.walk(self.plugin_args.root): for d in dirs + files: full_path = os.path.join(root, d) result = common.FileFactory(full_path, session=self.session) if result: yield (result.st_mode, result.st_size, result)
def collect(self): for full_path in self.plugin_args.paths: result = common.FileFactory(full_path, session=self.session) if result: yield dict(Perms=result.st_mode, Size=result.st_size, Path=result)
def collect(self): for path in self.plugin_args.paths: file_info = common.FileFactory(path) if not file_info.st_mode.is_dir(): yield dict(Hashes=self.calculate_hashes( self.plugin_args.hash, file_info), Path=file_info)
def filter(self, path): # For case insensitive filesystems we can just try to open the # component. if self.case_insensitive_filesystem(): result_pathspec = path.add(self.component) stat = self.stat(result_pathspec) if stat: return [stat.filename] else: return [] # Since we must match a case insensitve filename we need to # list all the files and find the best match. stat = common.FileFactory(path) if not stat: return [] children = {} for x in stat.list_names(): children.setdefault(x.lower(), []).append(x) return [ stat.filename.add(x) for x in children.get(self.component.lower(), []) ]
def stat(self, path): key = unicode(path) try: return self.component_cache[key] except KeyError: stat = common.FileFactory(path) self.component_cache.Put(key, stat) return stat
def collect_globs(self, globs): expanded_globs = [] for glob in globs: expanded_globs.extend(self._interpolate_grouping(glob)) component_tree = {} for glob in expanded_globs: node = component_tree for component in self.convert_glob_into_path_components(glob): node = node.setdefault(component, {}) for path in self._filter(component_tree, self.plugin_args.root): yield common.FileFactory(path, session=self.session)
def collect_globs(self, globs): root_spec = common.FileSpec( self.plugin_args.root, filesystem=self.plugin_args.filesystem, path_sep=self.plugin_args.path_sep) expanded_globs = [] for glob in globs: expanded_globs.extend(self._interpolate_grouping(glob)) component_tree = {} for glob in expanded_globs: node = component_tree for component in self.convert_glob_into_path_components(glob): node = node.setdefault(component, {}) root_file = common.FileFactory(root_spec, session=self.session) for item in self._filter(component_tree, root_file): yield item
def filter(self, file_info): # For case insensitive filesystems we can just try to open the # component. if self.case_insensitive_filesystem(): result = common.FileFactory( file_info.filename.add(self.component), session=self.session) if result: return [result] return [] key = self.component.lower() try: cache = self.component_cache.Get(file_info.filename.name) except KeyError: cache = self._build_cache(file_info) return cache.get(key, [])
def collect(self): count = 0 for path in self.plugin_args.paths: file_info = common.FileFactory(path, session=self.session) run = addrspace.Run(start=0, end=file_info.st_size, file_offset=0, address_space=standard.FDAddressSpace( session=self.session, fhandle=file_info.open())) for rule, address, _, _ in self.generate_hits(run): count += 1 if count >= self.plugin_args.hits: break yield (file_info, rule, address, utils.HexDumpedString( run.address_space.read( address - self.plugin_args.pre_context, self.plugin_args.context + self.plugin_args.pre_context)), None)
def collect_globs(self, globs): component_tree = self.make_component_tree(globs) root = common.FileSpec(self.plugin_args.root, path_sep=self.plugin_args.path_sep) for path in self._filter(component_tree, root): yield common.FileFactory(path, session=self.session)