def start(self, args): self.nodes = [] self.nodescount = 1 self.oldcur = 0 fname = args["filter_name"].value() expression = args["expression"].value() root_node = args["root_node"].value() if args.has_key("verbose"): self.verbose = True else: self.verbose = False if args.has_key("recursive"): recursive = True else: recursive = False f = Filter(fname) f.connection(self) try: f.compile(expression) except RuntimeError: self.res["error"] = Variant("provided expression is not valid") f.process(root_node, recursive) self.res["total of matching nodes"] = Variant(len(self.nodes)) if args.has_key("save_result"): si_node = self.vfs.getnode("/Bookmarks") if si_node == None: root = self.vfs.getnode("/") si_node = Node("Bookmarks", 0, root) si_node.__disown__() fnode = Node(fname, 0, si_node) fnode.__disown__() for node in self.nodes: vl = VLink(node, fnode, node.name()) vl.__disown__()
def quickFilter(self): self.timer.stop() index = self.mode.currentIndex() if index in xrange(0, 4): self.filterTH.stopSearch() if self.query == "": self.resetFilter() else: self.resetFilter() q = "name matches " + self.filterMode[ index] + self.query + self.filterMode[index] self.launchFilter(q) else: try: query = self.filterCombo.lineEdit().text() if query != "": f = Filter("test") q = str(unicode(query).encode('utf-8')) f.compile(q) self.edit.setStyleSheet(self.greenstyle) self.resetFilter() self.launchFilter() else: self.resetFilter() except RuntimeError: self.edit.setStyleSheet(self.redstyle)
def __init__(self, parent=None): EventHandler.__init__(self) QThread.__init__(self) self.__parent = parent self.nodes = [] self.filters = Filter("search") self.filters.connection(self) self.model = None self.listmode = False
def findNodes(self, query): v = vfs.vfs() rootnode = v.getnode("/") filters = Filter("") # query = 'name matches re("^global_history.dat")' filters.compile(query) filters.process(rootnode, True) result = filters.matchedNodes() return result
def filter(self, pattern, node): children = self.getDirectories(node) if len(children) > 0: f = Filter("completer") exp = '(name matches re("^' + pattern + '",i))' f.compile(exp) f.process(children) possible = f.matchedNodes() return possible return []
def searchTaggedNode(self): f = Filter("") f.compile('tags in ["malware", "suspicious"]') f.process(self.root) malwareNodes = f.matchedNodes() if len(malwareNodes ) != 0: #if get some results we add it to the report page = self.reportManager.createPage("MyAnalysis", "Files") page.addNodeList("Malware", malwareNodes) self.reportManager.addPage(page)
def findMorkFiles(self): # For Firefox < version 3 filesname = ["formhistory.dat", "history.dat"] v = vfs.vfs() rootnode = v.getnode("/") filters = Filter("") query = 'type == "database/mork"' filters.compile(query) filters.process(rootnode, True) result = filters.matchedNodes() return result
def updateQuery(self, query): self.timer.start(1000) if self.mode.currentIndex() in xrange(0, 4): self.query = query else: f = Filter("completer") try: q = str(unicode(query).encode('utf-8')) f.compile(q) self.edit.setStyleSheet(self.greenstyle) except RuntimeError: self.edit.setStyleSheet(self.redstyle)
def addFilter(self, name, query): filt = Filter(self, name, query) currow = self.table.rowCount() self.table.setRowCount(self.table.rowCount() + 1) name = QTableWidgetItem(QString(name)) name.setFlags(Qt.ItemIsSelectable | Qt.ItemIsEnabled) self.table.setItem(currow, 0, name) check = QCheckBox() check.setChecked(True) self.filters.append(filt) self.emit(SIGNAL("filterAdded")) self.table.horizontalHeader().setResizeMode( 1, QHeaderView.ResizeToContents)
def start(self, args): self.root = self.vfs.getnode("/") try: #self.status #searching filter = Filter("") query = '(type in["image/jpeg"])' filter.compile(query) filter.process(self.root, True) nodes = filter.matchedNodes() #self.status getting coord for x on x for node in nodes: coord = self.getCoordinates(node) if coord: self.nodeCoord[node] = coord except Exception as e: print 'Maps module error ', e
def add(self): filt = Filter(self) ret = filt.exec_() if ret == 1: currow = self.table.rowCount() self.table.setRowCount(self.table.rowCount() + 1) name = QTableWidgetItem(QString(filt.name())) name.setFlags(Qt.ItemIsSelectable | Qt.ItemIsEnabled) self.table.setItem(currow, 0, name) check = QCheckBox() check.setChecked(True) self.table.setCellWidget(currow, 1, check) self.filters.append(filt) self.emit(SIGNAL("filterAdded")) self.table.horizontalHeader().setResizeMode( 1, QHeaderView.ResizeToContents)
def scanJoin(self, root, modulesToApply = None): modMap = {} modCount = 0 jobs = [] while not self.empty(): task = self.get() moduleName = task[1][0] if modulesToApply != None: if not module in modulesToApply: self.task_done() continue module = self.loader.modules[moduleName] try: filterText = module.scanFilter if filterText != '': arguments = task[1][1] nodeArguments = module.conf.argumentsByType(typeId.Node) if len(nodeArguments) == 1: node = arguments[nodeArguments[0].name()].value() filter = Filter('') filter.compile(str(filterText)) filter.process(node) matches = filter.matchedNodes() if not len(matches): self.task_done() continue except : #filter can throw pass try : modMap[task[1][0]] += 1 except KeyError: modMap[task[1][0]] = 1 job2 = (self.task_done_scan, (root, task[1][0],)) job = (task, job2) jobs.append(job) modCount += 1 if modCount: self.displayItem(root, modCount, modMap) for job in jobs: sched.enqueue(job) self.join() self.refresh()
def search(self, query): filters = Filter("") filters.compile(query) filters.process(self.root, True) return filters.matchedNodes()
def searchQuery(self, query, node): filters = Filter("") filters.compile(query) filters.process(node) return filters.matchedNodes()