winappdbg.db

Database storage support for crash dumps.

Supports both SQL databases (via SQLAlchemy) and MongoDB (via PyMongo). The CrashDAO class automatically detects the database type based on the URL.

class winappdbg.db.CrashDAO(url, creator=None)

Factory class that creates the appropriate DAO implementation based on the URL.

Supports both SQL databases (via SQLAlchemy) and MongoDB.

class winappdbg.db.CrashDAO_Mongo(url, creator=None)

Data Access Object to read, write and search for Crash objects in a MongoDB database using PyMongo.

add(crash, allow_duplicates=True)

Add a new crash dump to the database.

Parameters:

  • crash (Crash) – Crash object.

  • allow_duplicates (bool) – If False, skip if signature already exists.

count(signature=None)

Count crashes in the database.

delete(crash)

Delete a crash from the database.

find(signature=None, order=0, since=None, until=None, offset=None, limit=None)

Find crash dumps in the database.

Parameters:

  • signature (str) – Filter by signature.

  • order (int) – Sort order (0=newest first, 1=oldest first).

  • since (datetime) – Filter crashes after this date.

  • until (datetime) – Filter crashes before this date.

  • offset (int) – Skip this many results.

  • limit (int) – Maximum number of results.

Return type:

generator

Returns:

Generator yielding Crash objects.

find_by_example(crash, offset=None, limit=None)

Find crashes similar to the given example.

class winappdbg.db.CrashDAO_SQL(url, creator=None)

Data Access Object to read, write and search for Crash objects in a SQL database using SQLAlchemy.

add(crash, allow_duplicates=True)

Add a new crash dump to the database, optionally filtering them by signature to avoid duplicates.

Parameters:

  • crash (Crash) – Crash object.

  • allow_duplicates (bool) –

    (Optional) True to always add the new crash dump. False to only add the crash dump if no other crash with the same signature is found in the database.

    Sometimes, your fuzzer turns out to be too good. Then you find youself browsing through gigabytes of crash dumps, only to find

    a handful of actual bugs in them. This simple heuristic filter saves you the trouble by discarding crashes that seem to be similar to another one you’ve already found.

count(signature=None)

Counts how many crash dumps have been stored in this database. Optionally filters the count by heuristic signature.

Parameters:

signature (object) – (Optional) Count only the crashes that match this signature. See Crash.signature for more details.

Return type:

int

Returns:

Count of crash dumps stored in this database.

delete(crash)

Remove the given crash dump from the database.

Parameters:

crash (Crash) – Crash dump to remove.

find(signature=None, order=0, since=None, until=None, offset=None, limit=None)

Retrieve all crash dumps in the database, optionally filtering them by signature and timestamp, and/or sorting them by timestamp.

Results can be paged to avoid consuming too much memory if the database is large.

See also

find_by_example()

Parameters:

  • signature (object) – (Optional) Return only through crashes matching this signature. See Crash.signature for more details.

  • order (int) – (Optional) Sort by timestamp. If == 0, results are not sorted. If > 0, results are sorted from older to newer. If < 0, results are sorted from newer to older.

  • since (datetime.datetime) – (Optional) Return only the crashes after and including this date and time.

  • until (datetime.datetime) – (Optional) Return only the crashes before this date and time, not including it.

  • offset (int) – (Optional) Skip the first offset results.

  • limit (int) – (Optional) Return at most limit results.

Return type:

list[Crash]

Returns:

List of Crash objects.

find_by_example(crash, offset=None, limit=None)

Find all crash dumps that have common properties with the crash dump provided.

Results can be paged to avoid consuming too much memory if the database is large.

See also

find()

Parameters:

  • crash (Crash) –

    Crash object to compare with. Fields set to None are ignored, all other fields but the signature are used in the comparison.

    To search for signature instead use the find() method.

  • offset (int) – (Optional) Skip the first offset results.

  • limit (int) – (Optional) Return at most limit results.

Return type:

list[Crash]

Returns:

List of similar crash dumps found.