def start(self, args):
self.nodes = []
self.nodescount = 1
self.oldcur = 0
fname = args["filter_name"].value()
expression = args["expression"].value()
root_node = args["root_node"].value()
if args.has_key("verbose"):
self.verbose = True
else:
self.verbose = False
if args.has_key("recursive"):
recursive = True
else:
recursive = False
f = Filter(fname)
f.connection(self)
try:
f.compile(expression)
except RuntimeError:
self.res["error"] = Variant("provided expression is not valid")
f.process(root_node, recursive)
self.res["total of matching nodes"] = Variant(len(self.nodes))
if args.has_key("save_result"):
si_node = self.vfs.getnode("/Bookmarks")
if si_node == None:
root = self.vfs.getnode("/")
si_node = Node("Bookmarks", 0, root)
si_node.__disown__()
fnode = Node(fname, 0, si_node)
fnode.__disown__()
for node in self.nodes:
vl = VLink(node, fnode, node.name())
vl.__disown__()
def start(self, args):
self.nodes = []
self.nodescount = 1
self.oldcur = 0
fname = args["filter_name"].value()
expression = args["expression"].value()
root_node = args["root_node"].value()
if args.has_key("verbose"):
self.verbose = True
else:
self.verbose = False
if args.has_key("recursive"):
recursive = True
else:
recursive = False
f = Filter(fname)
f.connection(self)
try:
f.compile(expression)
except RuntimeError:
self.res["error"] = Variant("provided expression is not valid")
f.process(root_node, recursive)
self.res["total of matching nodes"] = Variant(len(self.nodes))
if args.has_key("save_result"):
si_node = self.vfs.getnode("/Bookmarks")
if si_node == None:
root = self.vfs.getnode("/")
si_node = Node("Bookmarks", 0, root)
si_node.__disown__()
fnode = Node(fname, 0, si_node)
fnode.__disown__()
for node in self.nodes:
vl = VLink(node, fnode, node.name())
vl.__disown__()
def findNodes(self, query):
v = vfs.vfs()
rootnode = v.getnode("/")
filters = Filter("")
# query = 'name matches re("^global_history.dat")'
filters.compile(query)
filters.process(rootnode, True)
result = filters.matchedNodes()
return result
def filter(self, pattern, node):
children = self.getDirectories(node)
if len(children) > 0:
f = Filter("completer")
exp = '(name matches re("^'+ pattern +'",i))'
f.compile(exp)
f.process(children)
possible = f.matchedNodes()
return possible
return []
def filter(self, pattern, node):
children = self.getDirectories(node)
if len(children) > 0:
f = Filter("completer")
exp = '(name matches re("^' + pattern + '",i))'
f.compile(exp)
f.process(children)
possible = f.matchedNodes()
return possible
return []
def searchTaggedNode(self):
f = Filter("")
f.compile('tags in ["malware", "suspicious"]')
f.process(self.root)
malwareNodes = f.matchedNodes()
if len(malwareNodes
) != 0: #if get some results we add it to the report
page = self.reportManager.createPage("MyAnalysis", "Files")
page.addNodeList("Malware", malwareNodes)
self.reportManager.addPage(page)
def findMorkFiles(self):
# For Firefox < version 3
filesname = ["formhistory.dat", "history.dat"]
v = vfs.vfs()
rootnode = v.getnode("/")
filters = Filter("")
query = 'type == "database/mork"'
filters.compile(query)
filters.process(rootnode, True)
result = filters.matchedNodes()
return result
def start(self, args):
self.root = self.vfs.getnode("/")
try:
#self.status #searching
filter = Filter("")
query = '(type in["image/jpeg"])'
filter.compile(query)
filter.process(self.root, True)
nodes = filter.matchedNodes()
#self.status getting coord for x on x
for node in nodes:
coord = self.getCoordinates(node)
if coord:
self.nodeCoord[node] = coord
except Exception as e:
print 'Maps module error ', e
def scanJoin(self, root, modulesToApply = None):
modMap = {}
modCount = 0
jobs = []
while not self.empty():
task = self.get()
moduleName = task[1][0]
if modulesToApply != None:
if not module in modulesToApply:
self.task_done()
continue
module = self.loader.modules[moduleName]
try:
filterText = module.scanFilter
if filterText != '':
arguments = task[1][1]
nodeArguments = module.conf.argumentsByType(typeId.Node)
if len(nodeArguments) == 1:
node = arguments[nodeArguments[0].name()].value()
filter = Filter('')
filter.compile(str(filterText))
filter.process(node)
matches = filter.matchedNodes()
if not len(matches):
self.task_done()
continue
except : #filter can throw
pass
try :
modMap[task[1][0]] += 1
except KeyError:
modMap[task[1][0]] = 1
job2 = (self.task_done_scan, (root, task[1][0],))
job = (task, job2)
jobs.append(job)
modCount += 1
if modCount:
self.displayItem(root, modCount, modMap)
for job in jobs:
sched.enqueue(job)
self.join()
self.refresh()
def search(self, query):
filters = Filter("")
filters.compile(query)
filters.process(self.root, True)
return filters.matchedNodes()
class SearchThread(QThread, EventHandler):
def __init__(self, parent=None):
EventHandler.__init__(self)
QThread.__init__(self)
self.__parent = parent
self.nodes = []
self.filters = Filter("search")
self.filters.connection(self)
self.model = None
self.listmode = False
def setListContext(self, query, nodelist, targetmodel):
self.listmode = True
self.nodes = VecNode()
for node in nodelist:
self.nodes.append(node)
self.model = targetmodel
try:
self.filters.compile(query)
return True
except:
box = QMessageBox(QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), \
QMessageBox.NoButton, self.__parent)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def setContext(self, query, rootnode, targetmodel):
self.listmode = False
self.rootnode = rootnode
self.model = targetmodel
try:
self.filters.compile(query)
return True
except Exception as e:
print e
box = QMessageBox(QMessageBox.Critical, self.tr("Error"), self.tr("Error compiling query"), \
QMessageBox.NoButton, self.__parent)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def Event(self, e):
if e != None:
if e.value != None:
if e.type == Filter.EndOfProcessing:
self.emit(SIGNAL("finished"))
if e.type == Filter.TotalNodesToProcess:
self.total = e.value.value()
if e.type == Filter.ProcessedNodes:
self.processed += 1
if e.type == Filter.NodeMatched:
self.match += 1
val = e.value.value()
self.model.emit(SIGNAL("appendList"), val)
self.emit(SIGNAL("match"))
pc = self.processed * 100 / self.total
try:
if pc > self.percent:
self.percent = pc
self.emit(SIGNAL("count"), self.percent)
except:
self.percent = 0
def run(self):
self.emit(SIGNAL("started"))
self.match = 0
self.processed = 0
self.total = 0
self.percent = 0
try:
if not self.listmode:
self.filters.process(self.rootnode, True)
else:
self.filters.process(self.nodes)
except:
pass
def stopSearch(self):
e = event()
e.thisown = False
e.type = Filter.StopProcessing
self.filters.Event(e)
def searchQuery(self, query, node):
filters = Filter("")
filters.compile(query)
filters.process(node)
return filters.matchedNodes()
class SearchThread(QThread, EventHandler):
def __init__(self, parent=None):
EventHandler.__init__(self)
QThread.__init__(self)
self.__parent = parent
self.nodes = []
self.filters = Filter("search")
self.filters.connection(self)
self.model = None
self.listmode = False
def setListContext(self, query, nodelist, targetmodel):
self.listmode = True
self.nodes = VecNode()
for node in nodelist:
self.nodes.append(node)
self.model = targetmodel
try:
self.filters.compile(query)
return True
except:
box = QMessageBox(
QMessageBox.Critical,
self.tr("Error"),
self.tr("Error compiling query"),
QMessageBox.NoButton,
self.__parent,
)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def setContext(self, query, rootnode, targetmodel):
self.listmode = False
self.rootnode = rootnode
self.model = targetmodel
try:
self.filters.compile(query)
return True
except Exception as e:
print e
box = QMessageBox(
QMessageBox.Critical,
self.tr("Error"),
self.tr("Error compiling query"),
QMessageBox.NoButton,
self.__parent,
)
box.setDetailedText(QString.fromUtf8(query))
box.exec_()
return False
def Event(self, e):
if e != None:
if e.value != None:
if e.type == Filter.EndOfProcessing:
self.emit(SIGNAL("finished"))
if e.type == Filter.TotalNodesToProcess:
self.total = e.value.value()
if e.type == Filter.ProcessedNodes:
self.processed += 1
if e.type == Filter.NodeMatched:
self.match += 1
val = e.value.value()
self.model.emit(SIGNAL("appendList"), val)
self.emit(SIGNAL("match"))
pc = self.processed * 100 / self.total
try:
if pc > self.percent:
self.percent = pc
self.emit(SIGNAL("count"), self.percent)
except:
self.percent = 0
def run(self):
self.emit(SIGNAL("started"))
self.match = 0
self.processed = 0
self.total = 0
self.percent = 0
try:
if not self.listmode:
self.filters.process(self.rootnode, True)
else:
self.filters.process(self.nodes)
except:
pass
def stopSearch(self):
e = event()
e.thisown = False
e.type = Filter.StopProcessing
self.filters.Event(e)
