Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Analyzer framework #72

Open
wants to merge 26 commits into
base: master
Choose a base branch
from
Open

Analyzer framework #72

Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
442341c
analyzer skeleton
yampelo Nov 14, 2019
1b7f705
Begins working on rule system, adds field lookups.
yampelo Nov 15, 2019
47cd6ad
Adds tests for selecting a NodeWithProps in NetworkX
yampelo Nov 15, 2019
63e24b1
Adds conditionals for matching
yampelo Nov 15, 2019
7f78477
Fixes not_null wrapper
yampelo Nov 15, 2019
f82339e
Adds operator overloading to lookups
yampelo Nov 15, 2019
39c3dcf
Moves statements to work on nx.Graph objects instead of NetworkX Back…
yampelo Nov 15, 2019
3cbae4f
EdgeByProps: Adds statement to return subgraph that contains a matchi…
yampelo Nov 15, 2019
f2dc414
Filter node and return ancestors/descendants/all reachable.
yampelo Nov 15, 2019
024b7b5
Moves test graphs to fixture files
yampelo Nov 15, 2019
6adb2e1
ChainedStatement: Adds ability to perform statement1 | statement2
yampelo Nov 15, 2019
26ac070
FindProcess: adds processs queries
yampelo Nov 15, 2019
46c3dad
Splits Node/Edge statements into seperate files
yampelo Nov 16, 2019
56d1e2c
Adds statement chaining using >> or << operators
yampelo Nov 16, 2019
e01203d
adds intermediate statements, allowing to chain actions
yampelo Nov 16, 2019
349d2da
classmethod -> staticmethod
yampelo Nov 17, 2019
7a71a65
Analyzer: Class to execute statements
yampelo Nov 17, 2019
1fc6e3d
Fixes unit tests
yampelo Nov 17, 2019
db98490
Tests edges with tree structures graphs
yampelo Nov 17, 2019
f6b6027
Renames Statement as Query
yampelo Nov 17, 2019
e2205a5
Adds FindProcess.that_was_launched
yampelo Nov 17, 2019
22e7043
Adds query factory for Files
yampelo Nov 17, 2019
460e1d9
All queries can now be intermediary by default.
yampelo Nov 18, 2019
cfea7bd
FindFile: finishes file queries
yampelo Nov 18, 2019
55404f3
SummaryQuery: adds ability to summarize information gathered
yampelo Nov 18, 2019
b93049e
Merge branch 'master' into analyzer-framework
yampelo Nov 23, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
classmethod -> staticmethod
  • Loading branch information
@yampelo
yampelo committed Nov 17, 2019
commit 349d2da67043cf9a0204a8c2e8bffb88be1379c2
42 changes: 24 additions & 18 deletions beagle/analyzers/statements/process.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,54 +10,60 @@
class FindProcess(FactoryMixin):
"""Executes statements relevant to a Process"""

@classmethod
@staticmethod
def with_command_line(
cls: Type["FindProcess"], command_line: Union[str, FieldLookup]
command_line: Union[str, FieldLookup]
) -> NodeByPropsReachable: # pragma: no cover

return NodeByPropsReachable(node_type=Process, props={"command_line": command_line})

@classmethod
@staticmethod
def with_process_name(
cls: Type["FindProcess"], process_image: Union[str, FieldLookup]
process_image: Union[str, FieldLookup]
) -> NodeByPropsReachable: # pragma: no cover

return NodeByPropsReachable(node_type=Process, props={"process_image": process_image})

@classmethod
@staticmethod
def with_process_path(
cls: Type["FindProcess"], process_path: Union[str, FieldLookup]
process_path: Union[str, FieldLookup]
) -> NodeByPropsReachable: # pragma: no cover

return NodeByPropsReachable(node_type=Process, props={"process_path": process_path})

@classmethod
@staticmethod
def with_process_image_path(
cls: Type["FindProcess"], process_image_path: Union[str, FieldLookup]
process_image_path: Union[str, FieldLookup]
) -> NodeByPropsReachable: # pragma: no cover

return NodeByPropsReachable(
node_type=Process, props={"process_image_path": process_image_path}
)

@classmethod
def with_user(cls: Type["FindProcess"], user: Union[str, FieldLookup]) -> NodeByPropsReachable:
@staticmethod
def with_user(user: Union[str, FieldLookup]) -> NodeByPropsReachable:

return NodeByPropsReachable(node_type=Process, props={"user": user})

@classmethod
@staticmethod
def with_md5_hash(
cls: Type["FindProcess"], md5hash: Union[str, FieldLookup]
md5hash: Union[str, FieldLookup]
) -> NodeByPropsReachable: # pragma: no cover

return NodeByPropsReachable(node_type=Process, props={"hashes": {"md5": md5hash}})

@classmethod
@staticmethod
def with_sha256_hash(
cls: Type["FindProcess"], md5hash: Union[str, FieldLookup]
sha256hash: Union[str, FieldLookup]
) -> NodeByPropsReachable: # pragma: no cover
return NodeByPropsReachable(node_type=Process, props={"hashes": {"sha256": md5hash}})

@classmethod
return NodeByPropsReachable(node_type=Process, props={"hashes": {"sha256": sha256hash}})

@staticmethod
def with_sha1_hash(
cls: Type["FindProcess"], md5hash: Union[str, FieldLookup]
sha1hash: Union[str, FieldLookup]
) -> NodeByPropsReachable: # pragma: no cover
return NodeByPropsReachable(node_type=Process, props={"hashes": {"sha1": md5hash}})

return NodeByPropsReachable(node_type=Process, props={"hashes": {"sha1": sha1hash}})

def launched_by():