示例#1
0
文件: Filter.py 项目: PanSpagetka/BP
def applyTmpFilter(filePath, filterContent, caseName):
    currentFilter = helper.getFilter(caseName, helper.getDBNameFromPath(filePath), type = 'file')
    filteredFileName = applyFilterOnFile(filePath, filterContent, caseName, True)
    if not os.path.isfile(CASES_DIR + caseName + TMP_DIR + filteredFileName):
        return None
    summFilter = currentFilter + ' && ' + filterContent if currentFilter != 'None' else filterContent
    conn = sqlite3.connect(DATABASE)
    conn.execute('pragma foreign_keys=ON')
    # crete new fitler in db
    conn.execute("INSERT INTO FILTERS VALUES(null, ?, \'\', \'\')",(summFilter,))
    q = conn.execute('SELECT max(ID) FROM FILTERS')
    filterID = q.fetchone()[0]
    q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?",(caseName,))
    IDs = q.fetchone()
    caseID = IDs[0]
    if SQLHelper.getFileID(helper.getDBNameFromPath(CASES_DIR + caseName + TMP_DIR + filteredFileName), caseName) is not None:
        conn.commit()
        conn.close()
        helper.updateFile(CASES_DIR + caseName + TMP_DIR + filteredFileName, caseName, filterID)
    else:
        sourceFile = helper.getDBNameFromPath(filePath)
        fileSize = os.path.getsize(CASES_DIR + caseName + TMP_DIR + filteredFileName)
        dateTimes = helper.getDateTimeFromFile(CASES_DIR + caseName + TMP_DIR + filteredFileName)
        conn.execute("INSERT INTO FILES VALUES (null, ?, ?, ?, ?, ?, ?, ?, ?, ?)", ("tmp/"+filteredFileName, "tmp", caseID, filterID, fileSize, dateTimes[0], dateTimes[1], sourceFile,'description',))
        #conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+filteredFileName+"\',\'tmp\',"+str(caseID)+","+str(filterID)+","+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')")
        conn.commit()
        conn.close()
    return filteredFileName
示例#2
0
文件: Filter.py 项目: PanSpagetka/BP
def applyTimeFilterOnFile(filePath, caseName, start = '', end = '', override = False):
    syslog.syslog("PCAP APP: applyTimeFilterOnFile: "+filePath+" started: "+str(datetime.datetime.now()))
    if start == '' and end == '':
        return None
    tmpF = tempfile.NamedTemporaryFile(delete=True)
    outputFileName = os.path.basename(tmpF.name + '.pcap') 
    outputFilePath = CASES_DIR + caseName + TMP_DIR + outputFileName
    subprocess.call(['editcap','-A', start, '-B',end, filePath,outputFilePath])
    if not os.path.isfile(outputFilePath):
        return None
    if override:
        os.rename(outputFilePath, filePath)
        outputFilePath = filePath
        outputFileName = helper.getDBNameFromPath(filePath)
    conn = sqlite3.connect(DATABASE)
    conn.execute('pragma foreign_keys=ON')
    # crete new fitler in db
    q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?", (caseName,))
    IDs = q.fetchone()
    caseID = IDs[0]
    if SQLHelper.getFileID(helper.getDBNameFromPath(outputFilePath), caseName) is not None:
        conn.commit()
        conn.close()
        helper.updateFile(outputFilePath, caseName, 'null')
    else:
        sourceFile = helper.getDBNameFromPath(filePath)
        fileSize = os.path.getsize(outputFilePath)
        dateTimes = helper.getDateTimeFromFile(outputFilePath)
        conn.execute("INSERT INTO FILES VALUES (null, ?, ?, ?, null, ?, ?, ?, ?, ?)", ("tmp/"+outputFileName, "tmp", caseID, fileSize, dateTimes[0], dateTimes[1], sourceFile,'description',))
#        conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+outputFileName+"\',\'tmp\',"+str(caseID)+",null,"+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')")
        conn.commit()
        conn.close()
    syslog.syslog("PCAP APP: applyTimeFilterOnFile: "+filePath+"   ended: "+str(datetime.datetime.now()))
    return outputFilePath
示例#3
0
def applyTimeFilterOnFile(filePath,
                          caseName,
                          start='',
                          end='',
                          override=False):
    syslog.syslog("PCAP APP: applyTimeFilterOnFile: " + filePath +
                  " started: " + str(datetime.datetime.now()))
    if start == '' and end == '':
        return None
    tmpF = tempfile.NamedTemporaryFile(delete=True)
    outputFileName = os.path.basename(tmpF.name + '.pcap')
    outputFilePath = CASES_DIR + caseName + TMP_DIR + outputFileName
    subprocess.call(
        ['editcap', '-A', start, '-B', end, filePath, outputFilePath])
    if not os.path.isfile(outputFilePath):
        return None
    if override:
        os.rename(outputFilePath, filePath)
        outputFilePath = filePath
        outputFileName = helper.getDBNameFromPath(filePath)
    conn = sqlite3.connect(DATABASE)
    conn.execute('pragma foreign_keys=ON')
    # crete new fitler in db
    q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?", (caseName, ))
    IDs = q.fetchone()
    caseID = IDs[0]
    if SQLHelper.getFileID(helper.getDBNameFromPath(outputFilePath),
                           caseName) is not None:
        conn.commit()
        conn.close()
        helper.updateFile(outputFilePath, caseName, 'null')
    else:
        sourceFile = helper.getDBNameFromPath(filePath)
        fileSize = os.path.getsize(outputFilePath)
        dateTimes = helper.getDateTimeFromFile(outputFilePath)
        conn.execute(
            "INSERT INTO FILES VALUES (null, ?, ?, ?, null, ?, ?, ?, ?, ?)", (
                "tmp/" + outputFileName,
                "tmp",
                caseID,
                fileSize,
                dateTimes[0],
                dateTimes[1],
                sourceFile,
                'description',
            ))
        #        conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+outputFileName+"\',\'tmp\',"+str(caseID)+",null,"+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')")
        conn.commit()
        conn.close()
    syslog.syslog("PCAP APP: applyTimeFilterOnFile: " + filePath +
                  "   ended: " + str(datetime.datetime.now()))
    return outputFilePath
示例#4
0
def applyTmpFilter(filePath, filterContent, caseName):
    currentFilter = helper.getFilter(caseName,
                                     helper.getDBNameFromPath(filePath),
                                     type='file')
    filteredFileName = applyFilterOnFile(filePath, filterContent, caseName,
                                         True)
    if not os.path.isfile(CASES_DIR + caseName + TMP_DIR + filteredFileName):
        return None
    summFilter = currentFilter + ' && ' + filterContent if currentFilter != 'None' else filterContent
    conn = sqlite3.connect(DATABASE)
    conn.execute('pragma foreign_keys=ON')
    # crete new fitler in db
    conn.execute("INSERT INTO FILTERS VALUES(null, ?, \'\', \'\')",
                 (summFilter, ))
    q = conn.execute('SELECT max(ID) FROM FILTERS')
    filterID = q.fetchone()[0]
    q = conn.execute("SELECT ID FROM CASES WHERE CASES.NAME = ?", (caseName, ))
    IDs = q.fetchone()
    caseID = IDs[0]
    if SQLHelper.getFileID(
            helper.getDBNameFromPath(CASES_DIR + caseName + TMP_DIR +
                                     filteredFileName), caseName) is not None:
        conn.commit()
        conn.close()
        helper.updateFile(CASES_DIR + caseName + TMP_DIR + filteredFileName,
                          caseName, filterID)
    else:
        sourceFile = helper.getDBNameFromPath(filePath)
        fileSize = os.path.getsize(CASES_DIR + caseName + TMP_DIR +
                                   filteredFileName)
        dateTimes = helper.getDateTimeFromFile(CASES_DIR + caseName + TMP_DIR +
                                               filteredFileName)
        conn.execute(
            "INSERT INTO FILES VALUES (null, ?, ?, ?, ?, ?, ?, ?, ?, ?)", (
                "tmp/" + filteredFileName,
                "tmp",
                caseID,
                filterID,
                fileSize,
                dateTimes[0],
                dateTimes[1],
                sourceFile,
                'description',
            ))
        #conn.execute("INSERT INTO FILES VALUES (null,\'"+"tmp/"+filteredFileName+"\',\'tmp\',"+str(caseID)+","+str(filterID)+","+str(fileSize)+",\'"+dateTimes[0]+"\',\'"+ dateTimes[1]+"\',\'"+sourceFile+"\')")
        conn.commit()
        conn.close()
    return filteredFileName
示例#5
0
文件: Filter.py 项目: PanSpagetka/BP
def applyFilterOnCase(caseName, newFilter, mode = "edit", start = '', end = ''):
    syslog.syslog("PCAP APP: applyFilterOnCase: "+caseName+" started: "+str(datetime.datetime.now()))
    IDs = SQLHelper.getCaseAndFilterIDs(caseName)
    if IDs is None:
        return
    caseID = IDs[0]
    filterID = IDs[1]
    conn = sqlite3.connect(DATABASE)
    conn.execute('pragma foreign_keys=ON')
    if mode == "edit":
        if filterID:
            q = conn.execute("UPDATE FILTERS SET CONTENT = ?, START_DATETIME = ?, END_DATETIME = ? WHERE FILTERS.ID = ?", (newFilter, start, end, filterID,))
            #q = conn.execute("UPDATE FILTERS SET CONTENT = \'"+newFilter+"\', START_DATETIME = \'"+start+"\', end_DATETIME = \'"+end+"\' WHERE FILTERS.ID = "+str(filterID))
        else:
            q = conn.execute("INSERT INTO FILTERS VALUES(null, ?, ?, ?)",(newFilter, start, end,))
            q = conn.execute('SELECT max(ID) FROM FILTERS')
            filterID = q.fetchone()[0]
            q = conn.execute("UPDATE CASES SET FILTERID = ? WHERE CASES.ID = ?", (filterID, caseID))
        q = conn.execute("SELECT FILENAME FROM FILES WHERE FILES.TYPE = ? AND FILES.CASEID = ?", ('origin', caseID,))
    else:
        #q = conn.execute("SELECT CONTENT FROM FILTERS WHERE FILTERS.ID = ?", (filterID,))
        #currentFilter = q.fetchone()
        #currentFilter = currentFilter[0]
        #if newFilter:
        #        newFilter = currentFilter + " && " + newFilter if currentFilter else newFilter
        #else:
        #newFilter = currentFilter
        q = conn.execute("UPDATE FILTERS SET CONTENT = ?, START_DATETIME = ?, end_DATETIME = ? WHERE FILTERS.ID = ?", (newFilter, start, end, filterID,))
        q = conn.execute("SELECT FILENAME FROM FILES WHERE FILES.TYPE = ? AND FILES.CASEID = ?", ('filtered', caseID))
    files = []
    for row in q:
        files.append(CASES_DIR + caseName + PCAP_DIR + row[0])
    conn.commit()
    conn.close()
    for file in files:
        filteredFileName = applyFilterOnFile(file, newFilter, caseName, override = True)
        if not os.path.isfile(CASES_DIR + caseName + PCAP_DIR + filteredFileName):
            f = open(CASES_DIR + caseName + PCAP_DIR + filteredFileName, 'w')
            f.write("")
            f.close()
        if mode == "append":
            os.rename(CASES_DIR + caseName + PCAP_DIR + filteredFileName, file)
            filteredFileName = os.path.basename(file)
        applyTimeFilterOnFile(CASES_DIR + caseName + PCAP_DIR + filteredFileName, caseName, start, end, override = True)
        helper.updateFile(CASES_DIR + caseName + PCAP_DIR + filteredFileName, caseName, filterID)
    helper.clearTmp(caseName)
    syslog.syslog("PCAP APP: applyFilterOnCase: "+caseName+"   ended: "+str(datetime.datetime.now()))
示例#6
0
def applyFilterOnCase(caseName, newFilter, mode="edit", start='', end=''):
    syslog.syslog("PCAP APP: applyFilterOnCase: " + caseName + " started: " +
                  str(datetime.datetime.now()))
    IDs = SQLHelper.getCaseAndFilterIDs(caseName)
    if IDs is None:
        return
    caseID = IDs[0]
    filterID = IDs[1]
    conn = sqlite3.connect(DATABASE)
    conn.execute('pragma foreign_keys=ON')
    if mode == "edit":
        if filterID:
            q = conn.execute(
                "UPDATE FILTERS SET CONTENT = ?, START_DATETIME = ?, END_DATETIME = ? WHERE FILTERS.ID = ?",
                (
                    newFilter,
                    start,
                    end,
                    filterID,
                ))
            #q = conn.execute("UPDATE FILTERS SET CONTENT = \'"+newFilter+"\', START_DATETIME = \'"+start+"\', end_DATETIME = \'"+end+"\' WHERE FILTERS.ID = "+str(filterID))
        else:
            q = conn.execute("INSERT INTO FILTERS VALUES(null, ?, ?, ?)", (
                newFilter,
                start,
                end,
            ))
            q = conn.execute('SELECT max(ID) FROM FILTERS')
            filterID = q.fetchone()[0]
            q = conn.execute(
                "UPDATE CASES SET FILTERID = ? WHERE CASES.ID = ?",
                (filterID, caseID))
        q = conn.execute(
            "SELECT FILENAME FROM FILES WHERE FILES.TYPE = ? AND FILES.CASEID = ?",
            (
                'origin',
                caseID,
            ))
    else:
        #q = conn.execute("SELECT CONTENT FROM FILTERS WHERE FILTERS.ID = ?", (filterID,))
        #currentFilter = q.fetchone()
        #currentFilter = currentFilter[0]
        #if newFilter:
        #        newFilter = currentFilter + " && " + newFilter if currentFilter else newFilter
        #else:
        #newFilter = currentFilter
        q = conn.execute(
            "UPDATE FILTERS SET CONTENT = ?, START_DATETIME = ?, end_DATETIME = ? WHERE FILTERS.ID = ?",
            (
                newFilter,
                start,
                end,
                filterID,
            ))
        q = conn.execute(
            "SELECT FILENAME FROM FILES WHERE FILES.TYPE = ? AND FILES.CASEID = ?",
            ('filtered', caseID))
    files = []
    for row in q:
        files.append(CASES_DIR + caseName + PCAP_DIR + row[0])
    conn.commit()
    conn.close()
    for file in files:
        filteredFileName = applyFilterOnFile(file,
                                             newFilter,
                                             caseName,
                                             override=True)
        if not os.path.isfile(CASES_DIR + caseName + PCAP_DIR +
                              filteredFileName):
            f = open(CASES_DIR + caseName + PCAP_DIR + filteredFileName, 'w')
            f.write("")
            f.close()
        if mode == "append":
            os.rename(CASES_DIR + caseName + PCAP_DIR + filteredFileName, file)
            filteredFileName = os.path.basename(file)
        applyTimeFilterOnFile(CASES_DIR + caseName + PCAP_DIR +
                              filteredFileName,
                              caseName,
                              start,
                              end,
                              override=True)
        helper.updateFile(CASES_DIR + caseName + PCAP_DIR + filteredFileName,
                          caseName, filterID)
    helper.clearTmp(caseName)
    syslog.syslog("PCAP APP: applyFilterOnCase: " + caseName + "   ended: " +
                  str(datetime.datetime.now()))