{% extends "base.html" %} {% set active_page = "Database" %} {% block head %} {# angularJS import #} {% endblock %} {% block body %}

Advanced Search

{% if error %}

Please enter a valid search request. {{ error }}

{% endif %}

Example queries:

Simple:
{"device_class": "Router", "vendor": "AVM"}
Select firmware files based on specific vendor and device class

With regular expression:
{"device_name": {"$regex": "Fritz.+Box 7[0-9]{3}"}}
Match field with regular expression

With substring (case-insensitive):
{"vendor": {"$like": "link"}}
Match firmwares files that have "link" in their vendor name

With arithmetic:
{"processed_analysis.file_type.mime": "application/x-executable", "size": {"$lt": 1337}}
Select only executables that are smaller than or equal 1337 bytes

With list of possible values:
{"device_class": {"$in": ["router", "switch"]}}
Select firmwares that have either device class "router" or "switch"

Check existence (JSON columns only):
{"processed_analysis.software_components.BusyBox": {"$exists": true}}
Select files where an entry for BusyBox exists in the result of the software components plugin

For further usage also see the MongoDB documentation or simply ask for help at our Gitter channel.

Structure of file objects in database:

Common fields
- _id                   # UID of file
- analysis_tags         # Dynamically generated tags such as "Linux 2.7"
- depth                 # Level of extraction: Outer container has 0, SquashFS inside
                        # container has 1, ..
- file_name             # Name of file, can for example be busybox if extracted by a high
                        # level tool, can also be smth. like 49913.bin if carved
- file_path             # Path on backend file system
- files_included        # UIDs of included files (next level of extraction downwards)
- parent_firmware_uids  # UIDs for outer firmware container files containing this file
- parents               # UIDs of files containing this file (next level of extraction
                        # upwards)
- processed_analysis    # Dictionary containing all analysis results. See below for
                        # structure
- sha256                # SHA-2 hash of file
- size                  # file size in bytes
- virtual_file_path     # Full path of file in outer container with human readable format
                        # (e.g. |<Vendor> 32-Route-2000 v.1.1|rootfs.bin|/bin/bash)

Additional fields for outer container: (Mostly set by user, so depend on submission policy)
- device_class          # e.g. Router
- device_name           # e.g. Speedport W724
- device_part           # e.g. Kernel
- md5                   # MD5 hash of file
- release_date          # Release date in seconds since epoch (1970-01-01)
- submission_date       # Submission date in seconds since epoch (1970-01-01)
- tags                  # User defined tags, e.g. Partial, Crawled
- vendor                # e.g. EvilCorp
- version               # e.g 1.0.0.312

Structure of processed_analysis field:

{% if database_structure is mapping %}
Select analysis plugin
select complete to see all

Available plugins:

{a plugins | json a}

Structure for plugin {a firstname a}:

{a data[firstname] a}
{% else %}
No structural data present!
Run src/update_variety_data.py program.
{% endif %}
{% endblock %}