diff options
Diffstat (limited to 'lib/Db')
-rw-r--r-- | lib/Db/FileOperation.php | 21 | ||||
-rw-r--r-- | lib/Db/RecoveredFileOperation.php | 110 | ||||
-rw-r--r-- | lib/Db/RecoveredFileOperationMapper.php | 156 |
3 files changed, 287 insertions, 0 deletions
diff --git a/lib/Db/FileOperation.php b/lib/Db/FileOperation.php index 09bcedc..18d400b 100644 --- a/lib/Db/FileOperation.php +++ b/lib/Db/FileOperation.php @@ -22,6 +22,7 @@ namespace OCA\RansomwareDetection\Db; use OCP\AppFramework\Db\Entity; +use OCA\RansomwareDetection\Db\RecoveredFileOperation; class FileOperation extends Entity { @@ -86,4 +87,24 @@ class FileOperation extends Entity $this->addType('fileExtensionClass', 'integer'); $this->addType('fileClass', 'integer'); } + + public function toRecoveredFileOperation() { + $recoveredFileOperation = new RecoveredFileOperation(); + $recoveredFileOperation->setUserId($this->getUserId()); + $recoveredFileOperation->setPath($this->getPath()); + $recoveredFileOperation->setOriginalName($this->getOriginalName()); + $recoveredFileOperation->setNewName($this->getNewName()); + $recoveredFileOperation->setType($this->getType()); + $recoveredFileOperation->setMimeType($this->getMimeType()); + $recoveredFileOperation->setSize($this->getSize()); + $recoveredFileOperation->setTimestamp($this->getTimestamp()); + $recoveredFileOperation->setCorrupted($this->getCorrupted()); + $recoveredFileOperation->setCommand($this->getCommand()); + $recoveredFileOperation->setSequence($this->getSequence()); + $recoveredFileOperation->setEntropy($this->getEntropy()); + $recoveredFileOperation->setStandardDeviation($this->getStandardDeviation()); + $recoveredFileOperation->setFileClass($this->getFileClass()); + $recoveredFileOperation->setFileExtensionClass($this->getFileExtensionClass()); + return $recoveredFileOperation; + } } diff --git a/lib/Db/RecoveredFileOperation.php b/lib/Db/RecoveredFileOperation.php new file mode 100644 index 0000000..74dbce7 --- /dev/null +++ b/lib/Db/RecoveredFileOperation.php @@ -0,0 +1,110 @@ +<?php + +/** + * @copyright Copyright (c) 2020 Matthias Held <matthias.held@uni-konstanz.de> + * @author Matthias Held <matthias.held@uni-konstanz.de> + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\RansomwareDetection\Db; + +use OCP\AppFramework\Db\Entity; +use OCA\RansomwareDetection\Db\FileOperation; + +class RecoveredFileOperation extends Entity +{ + /** @var string */ + public $userId; + + /** @var string */ + public $path; + + /** @var string */ + public $originalName; + + /** @var string */ + public $newName; + + /** @var string */ + public $type; + + /** @var string */ + public $mimeType; + + /** @var int */ + public $size; + + /** @var int */ + public $corrupted; + + /** @var string */ + public $timestamp; + + /** @var int */ + public $command; + + /** @var int */ + public $sequence; + + /** @var float */ + public $entropy; + + /** @var float */ + public $standardDeviation; + + /** @var string */ + public $fileClass; + + /** @var string */ + public $fileExtensionClass; + + /** @var int */ + public $suspicionClass; + + public function __construct() + { + // Add types in constructor + $this->addType('size', 'integer'); + $this->addType('corrupted', 'integer'); + $this->addType('command', 'integer'); + $this->addType('sequence', 'integer'); + $this->addType('entropy', 'float'); + $this->addType('standardDeviation', 'float'); + $this->addType('suspicionClass', 'integer'); + $this->addType('fileExtensionClass', 'integer'); + $this->addType('fileClass', 'integer'); + } + + public function toFileOperation() { + $fileOperation = new FileOperation(); + $fileOperation->setUserId($this->getUserId()); + $fileOperation->setPath($this->getPath()); + $fileOperation->setOriginalName($this->getOriginalName()); + $fileOperation->setNewName($this->getNewName()); + $fileOperation->setType($this->getType()); + $fileOperation->setMimeType($this->getMimeType()); + $fileOperation->setSize($this->getSize()); + $fileOperation->setTimestamp($this->getTimestamp()); + $fileOperation->setCorrupted($this->getCorrupted()); + $fileOperation->setCommand($this->getCommand()); + $fileOperation->setSequence($this->getSequence()); + $fileOperation->setEntropy($this->getEntropy()); + $fileOperation->setStandardDeviation($this->getStandardDeviation()); + $fileOperation->setFileClass($this->getFileClass()); + $fileOperation->setFileExtensionClass($this->getFileExtensionClass()); + return $fileOperation; + } +} diff --git a/lib/Db/RecoveredFileOperationMapper.php b/lib/Db/RecoveredFileOperationMapper.php new file mode 100644 index 0000000..c0ee353 --- /dev/null +++ b/lib/Db/RecoveredFileOperationMapper.php @@ -0,0 +1,156 @@ +<?php + +/** + * @copyright Copyright (c) 2020 Matthias Held <matthias.held@uni-konstanz.de> + * @author Matthias Held <matthias.held@uni-konstanz.de> + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\RansomwareDetection\Db; + +use OCP\IDBConnection; +use OCP\AppFramework\Db\Mapper; + +class RecoveredFileOperationMapper extends Mapper +{ + /** + * @param IDBConnection $db + */ + public function __construct( + IDBConnection $db + ) { + parent::__construct($db, 'rd_recovery'); + } + + /** + * Find one by id. + * + * @throws \OCP\AppFramework\Db\DoesNotExistException if not found + * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException if more than one result + * + * @param int $id + * + * @return Entity + */ + public function find($id, $userId) + { + $sql = 'SELECT * FROM `*PREFIX*rd_recovery` '. + 'WHERE `id` = ? AND `user_id` = ?'; + + return $this->findEntity($sql, [$id, $userId]); + } + + /** + * Find one by file name. + * + * @throws \OCP\AppFramework\Db\DoesNotExistException if not found + * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException if more than one result + * + * @param string $name + * + * @return Entity + */ + public function findOneByFileName($name, $userId) + { + $sql = 'SELECT * FROM `*PREFIX*rd_recovery` '. + 'WHERE `original_name` = ? AND `user_id` = ?'; + + return $this->findEntity($sql, [$name, $userId]); + } + + /** + * Find the one with the highest id. + * + * @throws \OCP\AppFramework\Db\DoesNotExistException if not found + * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException if more than one result + * + * @return Entity + */ + public function findOneWithHighestId($userId) + { + $sql = 'SELECT * FROM `*PREFIX*rd_recovery` WHERE `user_id` = ?'. + 'ORDER BY id DESC LIMIT 1'; + + return $this->findEntity($sql, [$userId]); + } + + /** + * Find all. + * + * @param int $limit + * @param int $offset + * + * @return array + */ + public function findAll(array $params = [], $limit = null, $offset = null) + { + $sql = 'SELECT * FROM `*PREFIX*rd_recovery` WHERE `user_id` = ?'; + + return $this->findEntities($sql, $params, $limit, $offset); + } + + /** + * Find a sequence by its id. + * + * @param array $params + * @param int $limit + * @param int $offset + * + * @return array + */ + public function findSequenceById(array $params = [], $limit = null, $offset = null) + { + $sql = 'SELECT * FROM `*PREFIX*rd_recovery` WHERE `sequence` = ? AND `user_id` = ?'; + + return $this->findEntities($sql, $params, $limit, $offset); + } + + /** + * Delete entity by id. + * + * @param int $id + */ + public function deleteById($id, $userId) + { + $sql = 'DELETE FROM `*PREFIX*rd_recovery` WHERE `id` = ? AND `user_id` = ?'; + $stmt = $this->execute($sql, [$id, $userId]); + $stmt->closeCursor(); + } + + /** + * Deletes a sequence of file operations. + * + * @param int $sequence + */ + public function deleteSequenceById($sequence, $userId) + { + $sql = 'DELETE FROM `*PREFIX*rd_recovery` WHERE `sequence` = ? AND `user_id` = ?'; + $stmt = $this->execute($sql, [$sequence, $userId]); + $stmt->closeCursor(); + } + + /** + * Delete all entries before $timestamp. + * + * @param int $timestamp + */ + public function deleteFileOperationsBefore($timestamp) + { + $sql = 'DELETE FROM `*PREFIX*rd_recovery` WHERE `timestamp` < ?'; + $stmt = $this->execute($sql, [$timestamp]); + $stmt->closeCursor(); + } +} |