def quickFilter(self):
self.timer.stop()
index = self.mode.currentIndex()
if index in xrange(0, 4):
self.filterTH.stopSearch()
if self.query == "":
self.resetFilter()
else:
self.resetFilter()
q = "name matches " + self.filterMode[
index] + self.query + self.filterMode[index]
self.launchFilter(q)
else:
try:
query = self.filterCombo.lineEdit().text()
if query != "":
f = Filter("test")
q = str(unicode(query).encode('utf-8'))
f.compile(q)
self.edit.setStyleSheet(self.greenstyle)
self.resetFilter()
self.launchFilter()
else:
self.resetFilter()
except RuntimeError:
self.edit.setStyleSheet(self.redstyle)
def quickFilter(self):
self.timer.stop()
index = self.mode.currentIndex()
if index in xrange(0,4):
self.filterTH.stopSearch()
if self.query == "":
self.resetFilter()
else:
self.resetFilter()
q = "name matches " + self.filterMode[index] + self.query + self.filterMode[index]
self.launchFilter(q)
else:
try:
query = self.filterCombo.lineEdit().text()
if query != "":
f = Filter("test")
q = str(unicode(query).encode('utf-8'))
f.compile(q)
self.edit.setStyleSheet(self.greenstyle)
self.resetFilter()
self.launchFilter()
else:
self.resetFilter()
except RuntimeError:
self.edit.setStyleSheet(self.redstyle)
def __init__(self, parent=None):
EventHandler.__init__(self)
QThread.__init__(self)
self.__parent = parent
self.nodes = []
self.filters = Filter("search")
self.filters.connection(self)
self.model = None
self.listmode = False
def updateQuery(self, query):
self.timer.start(1000)
if self.mode.currentIndex() in xrange(0,4):
self.query = query
else:
f = Filter("completer")
try:
q = str(unicode(query).encode('utf-8'))
f.compile(q)
self.edit.setStyleSheet(self.greenstyle)
except RuntimeError:
self.edit.setStyleSheet(self.redstyle)
def updateQuery(self, query):
self.timer.start(1000)
if self.mode.currentIndex() in xrange(0, 4):
self.query = query
else:
f = Filter("completer")
try:
q = str(unicode(query).encode('utf-8'))
f.compile(q)
self.edit.setStyleSheet(self.greenstyle)
except RuntimeError:
self.edit.setStyleSheet(self.redstyle)
def start(self, args):
self.nodes = []
self.nodescount = 1
self.oldcur = 0
fname = args["filter_name"].value()
expression = args["expression"].value()
root_node = args["root_node"].value()
if args.has_key("verbose"):
self.verbose = True
else:
self.verbose = False
if args.has_key("recursive"):
recursive = True
else:
recursive = False
f = Filter(fname)
f.connection(self)
try:
f.compile(expression)
except RuntimeError:
self.res["error"] = Variant("provided expression is not valid")
f.process(root_node, recursive)
self.res["total of matching nodes"] = Variant(len(self.nodes))
if args.has_key("save_result"):
si_node = self.vfs.getnode("/Bookmarks")
if si_node == None:
root = self.vfs.getnode("/")
si_node = Node("Bookmarks", 0, root)
si_node.__disown__()
fnode = Node(fname, 0, si_node)
fnode.__disown__()
for node in self.nodes:
vl = VLink(node, fnode, node.name())
vl.__disown__()
def add(self):
filt = Filter(self)
ret = filt.exec_()
if ret == 1:
currow = self.table.rowCount()
self.table.setRowCount(self.table.rowCount() + 1)
name = QTableWidgetItem(QString(filt.name()))
name.setFlags(Qt.ItemIsSelectable | Qt.ItemIsEnabled)
self.table.setItem(currow, 0, name)
check = QCheckBox()
check.setChecked(True)
self.table.setCellWidget(currow, 1, check)
self.filters.append(filt)
self.emit(SIGNAL("filterAdded"))
self.table.horizontalHeader().setResizeMode(
1, QHeaderView.ResizeToContents)
def add(self):
filt = Filter(self)
ret = filt.exec_()
if ret == 1:
currow = self.table.rowCount()
self.table.setRowCount(self.table.rowCount() + 1)
name = QTableWidgetItem(QString(filt.name()))
name.setFlags(Qt.ItemIsSelectable|Qt.ItemIsEnabled)
self.table.setItem(currow, 0, name)
check = QCheckBox()
check.setChecked(True)
self.connect(check, SIGNAL("stateChanged(int)"), self.filterState)
self.table.setCellWidget(currow, 1, check)
self.filters.append(filt)
self.refreshQueryEdit()
self.emit(SIGNAL("filterAdded"))
self.table.horizontalHeader().setResizeMode(1, QHeaderView.ResizeToContents)
def start(self, args):
self.nodes = []
self.nodescount = 1
self.oldcur = 0
fname = args["filter_name"].value()
expression = args["expression"].value()
root_node = args["root_node"].value()
if args.has_key("verbose"):
self.verbose = True
else:
self.verbose = False
if args.has_key("recursive"):
recursive = True
else:
recursive = False
f = Filter(fname)
f.connection(self)
try:
f.compile(expression)
except RuntimeError:
self.res["error"] = Variant("provided expression is not valid")
f.process(root_node, recursive)
self.res["total of matching nodes"] = Variant(len(self.nodes))
if args.has_key("save_result"):
si_node = self.vfs.getnode("/Bookmarks")
if si_node == None:
root = self.vfs.getnode("/")
si_node = Node("Bookmarks", 0, root)
si_node.__disown__()
fnode = Node(fname, 0, si_node)
fnode.__disown__()
for node in self.nodes:
vl = VLink(node, fnode, node.name())
vl.__disown__()
def __init__(self, parent=None):
EventHandler.__init__(self)
QThread.__init__(self)
self.__parent = parent
self.nodes = []
self.filters = Filter("search")
self.filters.connection(self)
self.model = None
self.listmode = False
def findNodes(self, query):
v = vfs.vfs()
rootnode = v.getnode("/")
filters = Filter("")
# query = 'name matches re("^global_history.dat")'
filters.compile(query)
filters.process(rootnode, True)
result = filters.matchedNodes()
return result
def filter(self, pattern, node):
children = self.getDirectories(node)
if len(children) > 0:
f = Filter("completer")
exp = '(name matches re("^' + pattern + '",i))'
f.compile(exp)
f.process(children)
possible = f.matchedNodes()
return possible
return []
def searchTaggedNode(self):
f = Filter("")
f.compile('tags in ["malware", "suspicious"]')
f.process(self.root)
malwareNodes = f.matchedNodes()
if len(malwareNodes
) != 0: #if get some results we add it to the report
page = self.reportManager.createPage("MyAnalysis", "Files")
page.addNodeList("Malware", malwareNodes)
self.reportManager.addPage(page)
def findMorkFiles(self):
# For Firefox < version 3
filesname = ["formhistory.dat", "history.dat"]
v = vfs.vfs()
rootnode = v.getnode("/")
filters = Filter("")
query = 'type == "database/mork"'
filters.compile(query)
filters.process(rootnode, True)
result = filters.matchedNodes()
return result
def addFilter(self, name, query):
filt = Filter(self, name, query)
currow = self.table.rowCount()
self.table.setRowCount(self.table.rowCount() + 1)
name = QTableWidgetItem(QString(name))
name.setFlags(Qt.ItemIsSelectable | Qt.ItemIsEnabled)
self.table.setItem(currow, 0, name)
check = QCheckBox()
check.setChecked(True)
self.filters.append(filt)
self.emit(SIGNAL("filterAdded"))
self.table.horizontalHeader().setResizeMode(
1, QHeaderView.ResizeToContents)
def filter(self, pattern, node):
children = self.getDirectories(node)
if len(children) > 0:
f = Filter("completer")
exp = '(name matches re("^'+ pattern +'",i))'
f.compile(exp)
f.process(children)
possible = f.matchedNodes()
return possible
return []
def start(self, args):
self.root = self.vfs.getnode("/")
try:
#self.status #searching
filter = Filter("")
query = '(type in["image/jpeg"])'
filter.compile(query)
filter.process(self.root, True)
nodes = filter.matchedNodes()
#self.status getting coord for x on x
for node in nodes:
coord = self.getCoordinates(node)
if coord:
self.nodeCoord[node] = coord
except Exception as e:
print 'Maps module error ', e
def scanJoin(self, root, modulesToApply = None):
modMap = {}
modCount = 0
jobs = []
while not self.empty():
task = self.get()
moduleName = task[1][0]
if modulesToApply != None:
if not module in modulesToApply:
self.task_done()
continue
module = self.loader.modules[moduleName]
try:
filterText = module.scanFilter
if filterText != '':
arguments = task[1][1]
nodeArguments = module.conf.argumentsByType(typeId.Node)
if len(nodeArguments) == 1:
node = arguments[nodeArguments[0].name()].value()
filter = Filter('')
filter.compile(str(filterText))
filter.process(node)
matches = filter.matchedNodes()
if not len(matches):
self.task_done()
continue
except : #filter can throw
pass
try :
modMap[task[1][0]] += 1
except KeyError:
modMap[task[1][0]] = 1
job2 = (self.task_done_scan, (root, task[1][0],))
job = (task, job2)
jobs.append(job)
modCount += 1
if modCount:
self.displayItem(root, modCount, modMap)
for job in jobs:
sched.enqueue(job)
self.join()
self.refresh()
def searchQuery(self, query, node):
filters = Filter("")
filters.compile(query)
filters.process(node)
return filters.matchedNodes()
class SearchThread(QThread, EventHandler):
def __init__(self, parent=None):
EventHandler.__init__(self)
QThread.__init__(self)
self.__parent = parent
self.nodes = []
self.filters = Filter("search")
self.filters.connection(self)
self.model = None
self.listmode = False
def setListContext(self, query, nodelist, targetmodel):
self.listmode = True
self.nodes = VecNode()
for node in nodelist:
self.nodes.append(node)
self.model = targetmodel
try:
self.filters.compile(query)
return True
except:
box = QMessageBox(
QMessageBox.Critical,
self.tr("Error"),
self.tr("Error compiling query"),
QMessageBox.NoButton,
self.__parent,
)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def setContext(self, query, rootnode, targetmodel):
self.listmode = False
self.rootnode = rootnode
self.model = targetmodel
try:
self.filters.compile(query)
return True
except Exception as e:
print e
box = QMessageBox(
QMessageBox.Critical,
self.tr("Error"),
self.tr("Error compiling query"),
QMessageBox.NoButton,
self.__parent,
)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def Event(self, e):
if e != None:
if e.value != None:
if e.type == Filter.EndOfProcessing:
self.emit(SIGNAL("finished"))
if e.type == Filter.TotalNodesToProcess:
self.total = e.value.value()
if e.type == Filter.ProcessedNodes:
self.processed += 1
if e.type == Filter.NodeMatched:
self.match += 1
val = e.value.value()
self.model.emit(SIGNAL("appendList"), val)
self.emit(SIGNAL("match"))
pc = self.processed * 100 / self.total
try:
if pc > self.percent:
self.percent = pc
self.emit(SIGNAL("count"), self.percent)
except:
self.percent = 0
def run(self):
self.emit(SIGNAL("started"))
self.match = 0
self.processed = 0
self.total = 0
self.percent = 0
try:
if not self.listmode:
self.filters.process(self.rootnode, True)
else:
self.filters.process(self.nodes)
except:
pass
def stopSearch(self):
e = event()
e.thisown = False
e.type = Filter.StopProcessing
self.filters.Event(e)
class SearchThread(QThread, EventHandler):
def __init__(self, parent=None):
EventHandler.__init__(self)
QThread.__init__(self)
self.__parent = parent
self.nodes = []
self.filters = Filter("search")
self.filters.connection(self)
self.model = None
self.listmode = False
def setListContext(self, query, nodelist, targetmodel):
self.listmode = True
self.nodes = VecNode()
for node in nodelist:
self.nodes.append(node)
self.model = targetmodel
try:
self.filters.compile(query)
return True
except:
box = QMessageBox(QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), \
QMessageBox.NoButton, self.__parent)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def setContext(self, query, rootnode, targetmodel):
self.listmode = False
self.rootnode = rootnode
self.model = targetmodel
try:
self.filters.compile(query)
return True
except Exception as e:
print e
box = QMessageBox(QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), \
QMessageBox.NoButton, self.__parent)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def Event(self, e):
if e != None:
if e.value != None:
if e.type == Filter.EndOfProcessing:
self.emit(SIGNAL("finished"))
if e.type == Filter.TotalNodesToProcess:
self.total = e.value.value()
if e.type == Filter.ProcessedNodes:
self.processed += 1
if e.type == Filter.NodeMatched:
self.match += 1
val = e.value.value()
self.model.emit(SIGNAL("appendList"), val)
self.emit(SIGNAL("match"))
pc = self.processed * 100 / self.total
try:
if pc > self.percent:
self.percent = pc
self.emit(SIGNAL("count"), self.percent)
except:
self.percent = 0
def run(self):
self.emit(SIGNAL("started"))
self.match = 0
self.processed = 0
self.total = 0
self.percent = 0
try:
if not self.listmode:
self.filters.process(self.rootnode, True)
else:
self.filters.process(self.nodes)
except:
pass
def stopSearch(self):
e = event()
e.thisown = False
e.type = Filter.StopProcessing
self.filters.Event(e)
def search(self, query):
filters = Filter("")
filters.compile(query)
filters.process(self.root, True)
return filters.matchedNodes()
