-
Notifications
You must be signed in to change notification settings - Fork 27
/
globs.py
105 lines (92 loc) · 4.43 KB
/
globs.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
'''
this file contains global values and variables used throughout the application
'''
#***************************************
# Imports
#***************************************
import sqlite3
import multiprocessing as mp
from importlib import util
#***************************************
# Global Constants
#***************************************
# shared connection to db
DBCONN = sqlite3.connect("WSUS_Update_Data.db",
check_same_thread=False, isolation_level=None)
DBCONN2 = sqlite3.connect("BAM_Post_Data.db",
check_same_thread=False, isolation_level=None)
DBWSUSCONN = None
DBCONN.execute("pragma journal_mode=wal")
DBCONN.execute("pragma synchronous=NORMAL")
DBCONN2.execute("pragma journal_mode=wal")
DBCONN2.execute("pragma synchronous=NORMAL")
# WSUS-related
server = 'np:\\\\.\\pipe\\MICROSOFT##WID\\tsql\\query'
database = 'SUSDB'
connstr = 'DRIVER={ODBC Driver 17 for SQL Server};SERVER='+server+';DATABASE='+database+';'
# to view column names
DBCONN.row_factory = sqlite3.Row
DBCONN2.row_factory = sqlite3.Row
# table names
UPDATEFILESDBNAME = "UpdateFiles"
SYMBOLFILESDBNAME = "SymbolFiles"
PATCHEDFILESDBNAME = "PatchedFiles"
PATCHEDFILETSTMT = ("CREATE TABLE IF NOT EXISTS PatchedFiles " +
"(FileName text, OperatingSystemVersion text, Architecture text," +
" Signature text, SHA256 text, SHA1 text, Age integer, " +
"PdbFilename text, DiskPath text, SymbolObtained integer, " +
"SymbolPath text, FileExtension text, Type text, " +
"OriginalFilename text, FileDescription text, ProductName text, " +
"Comments text, CompanyName text, FileVersion text, " +
"ProductVersion text, IsDebug integer, IsPatched integer, " +
"IsPreReleased integer, IsPrivate integer, " +
"IsSpecialBuild integer, Language text, PrivateBuild text, " +
"SpecialBuild text, BuiltwithDbgInfo text, StrippedPE integer," +
"UpdateId text, Ignored integer);")
UPDATEFILETSTMT = ("CREATE TABLE IF NOT EXISTS UpdateFiles " +
"(FileName text, " +
"SHA256 text, SHA1 text, " +
"Extracted integer, SymbolsObtained integer, Seceding text, " +
"SecededBy text, " +
"DiskPath text, " +
"InsertionTime text);")
SYMBOLFILETSTMT = ("CREATE TABLE IF NOT EXISTS SymbolFiles " +
"(FileName text, Architecture text, Signature text, " +
"SHA256 text, SHA1 text, " +
"PublicSymbol integer, " +
"PrivateSymbol integer, SymContains integer, " +
"structSize integer, base integer, imageSize integer, " +
"symDate integer, checksum integer, numsyms integer, " +
"symtype text, modname text, imagename text, " +
"loadedimage text, pdb text, CV text, CVDWORD integer, " +
"CVData text, PDB20Sig text, PDB70Sig text, Age integer, " +
"PDBMatched integer, DBGMatched integer, " +
"LineNumber integer, Globalsyms integer, TypeInfo integer, " +
"SymbolCheckVersionUsed integer, DbgFileName text, " +
"DbgTimeDatestamp integer, DbgSizeOfTime integer, " +
"DbgChecksum integer, PdbDbiAgeFullPdbFilename text, " +
"PdbSignature text, PdbDbiAge integer, Source text, " +
"Result integer, Ignored integer, IgnoredReason text, " +
"SymbolObtained integer);")
BINSKIMTABLE = ("CREATE TABLE IF NOT EXISTS BinSkimFiles " +
"(FileName text, SHA256 text, SHA1 text, RuleId text," +
"Result text, MessageId text, Message text, " +
"timestamp text);")
DIGISIGNTABLE = ("CREATE TABLE IF NOT EXISTS DigiSignFiles " +
"(FileName text, SHA256 text, SHA1 text, Status text," +
"StatusMessage text, SignatureType integer, IsOSBinary integer, " +
"SignerCertificateName text, SignerCertificateFriendlyName text, " +
"SignerCertificateIssuer text, SignerCertificateSerialNumber text, " +
"SignerCertificateNotBefore text, SignerCertificateNotAfter text, " +
"SignerCertificateThumbprint text, TimeStamperCertificateSubject text, " +
"TimeStamperCertificateFriendlyName text, TimeStamperCertificateIssuer text, " +
"TimeStamperCertificateSerialNumber text, TimeStamperCertificateNotBefore text, "+
"TimeStamperCertificateNotAfter text, TimeStamperCertificateThumbprint text, " +
"NumberOfCertsInSignerChain integer, NumberOfCertsInTimeStampChain integer, " +
"PsObjdata text, timestamp text);")
BANNEDTABLE = ("CREATE TABLE IF NOT EXISTS BannedApiFiles " +
"(FileName text, SHA256 text, SHA1 text, ModuleName text," +
"BannedApiUsed text, timestamp text);")
# enable or disable debug output
VERBOSITY = False
GLOBQUEUE = mp.Queue(-1)