def cluster(self, messages, appDatas): if messages is None: raise TypeError("Messages cannot be None") if appDatas is None: raise TypeError("AppDatas cannot be None") if len(messages) == 0: raise TypeError("There should be at least one message.") if len(appDatas) == 0: raise TypeError("There should be at least one applicative data.") for m in messages: if not isinstance(m, AbstractMessage): raise TypeError("At least one message ({0}) is not an AbstractMessage.".format(str(m))) for appData in appDatas: if not isinstance(appData, ApplicativeData): raise TypeError("At least one applicative data ({0}) is not an instance of ApplicativeData.".format(str(appData))) labels = dict() for appData in appDatas: labels[appData.value] = appData.name idMessages = dict() for message in messages: idMessages[message.id] = message messagesPerAppData = dict() for message in messages: messagesPerAppData[message] = set() searchEngine = SearchEngine() searchResults = searchEngine.searchDataInMessages([appData.value for appData in appDatas], messages, inParallel=True, dataLabels=labels) for result in searchResults: searchTask = result.searchTask message = searchTask.properties['message'] label = searchTask.properties['label'] if label not in list(labels.values()): raise ValueError("Found label ({0}) in a result cannot be identified in the original list of searched labels.".format(label)) if message.id not in list(idMessages.keys()): raise ValueError("Found message ({0}) cannot be identified in the original list of searched messages.".format(message.id)) messagesPerAppData[idMessages[message.id]].add(label) # Build clusters clusters = dict() for message, labelsInMessage in list(messagesPerAppData.items()): strAppDatas = ';'.join(sorted(labelsInMessage)) if len(strAppDatas) == 0: strAppDatas = None if strAppDatas in list(clusters.keys()): clusters[strAppDatas].append(message) else: clusters[strAppDatas] = [message] # Build Symbols symbols = [Symbol(name=strAppDatas, messages=msgs) for strAppDatas, msgs in list(clusters.items())] return symbols
def cluster(self, messages, appDatas): if messages is None: raise TypeError("Messages cannot be None") if appDatas is None: raise TypeError("AppDatas cannot be None") if len(messages) == 0: raise TypeError("There should be at least one message.") if len(appDatas) == 0: raise TypeError("There should be at least one applicative data.") for m in messages: if not isinstance(m, AbstractMessage): raise TypeError("At least one message ({0}) is not an AbstractMessage.".format(str(m))) for appData in appDatas: if not isinstance(appData, ApplicativeData): raise TypeError("At least one applicative data ({0}) is not an instance of ApplicativeData.".format(str(appData))) labels = dict() for appData in appDatas: labels[appData.value] = appData.name idMessages = dict() for message in messages: idMessages[message.id] = message messagesPerAppData = dict() for message in messages: messagesPerAppData[message] = set() searchEngine = SearchEngine() searchResults = searchEngine.searchDataInMessages([appData.value for appData in appDatas], messages, inParallel=True, dataLabels=labels) for result in searchResults: searchTask = result.searchTask message = searchTask.properties['message'] label = searchTask.properties['label'] if label not in labels.values(): raise ValueError("Found label ({0}) in a result cannot be identified in the original list of searched labels.".format(label)) if message.id not in idMessages.keys(): raise ValueError("Found message ({0}) cannot be identified in the original list of searched messages.".format(message.id)) messagesPerAppData[idMessages[message.id]].add(label) # Build clusters clusters = dict() for message, labelsInMessage in messagesPerAppData.iteritems(): strAppDatas = ';'.join(sorted(labelsInMessage)) if len(strAppDatas) == 0: strAppDatas = None if strAppDatas in clusters.keys(): clusters[strAppDatas].append(message) else: clusters[strAppDatas] = [message] # Build Symbols symbols = [Symbol(name=strAppDatas, messages=msgs) for strAppDatas, msgs in clusters.iteritems()] return symbols
def __searchApplicativeDataInMessage(self, message): """This internal method search any applicative data that could be identified in the specified message and returns results in a dict that shows the position of the applicative data identified. :parameter message: the message in which we search any applicative data :type message: :class:`netzob.Common.Models.Vocabulary.Messages.AbstractMessage.AbstractMessage` :return: a dict that describes the position of identified applicative data :rtype: :class:`dict` """ if message is None: raise TypeError("Message cannot be None") self._logger.debug("Search app data in {0}".format(message.data)) results = OrderedDict() appValues = OrderedDict() if message.session is not None: for applicativeD in message.session.applicativeData: appValues[applicativeD.value] = applicativeD.name else: self._logger.debug("Message is not attached to a session, so no applicative data will be considered while computing the alignment.") if len(appValues) > 0: searchResults = SearchEngine.searchInMessage(appValues.keys(), message, addTags=False) for searchResult in searchResults: for (startResultRange, endResultRange) in searchResult.ranges: appDataName = appValues[searchResult.searchTask.properties["data"]] for pos in range(startResultRange/4, endResultRange/4): results[pos] = appDataName return results