New review with lowest score I ever got and updated plot.py so it's not only for retoor anymore but general user.

Browse Source
This commit is contained in:
retoor 2024-12-25 23:31:46 +01:00
parent 14fe90e5a0
commit 5a5a4199a3
2 changed files with 41 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
plot.py
View File

@ -186,25 +186,34 @@ if __name__ == "__main__":
print(totals) print(totals)
result = {} result = {}
rows = query("SElECT strftime('%Y-%m-%d', timestamp) as day, GROUP_CONCAT(char,'') FROM kevent WHERE event = 'PRESSED' group by day") rows = query("SElECT strftime('%Y-%m-%d.%H', timestamp) as date_hour, GROUP_CONCAT(char,'') FROM kevent WHERE event = 'PRESSED' group by date_hour")
for row in rows: for row in rows:
result[row[0]] = row[1] result[row[0]] = row[1]
with open("keylog.txt","w") as f: with open("keylog.txt","w") as f:
for day in result.keys(): for day in result.keys():
with open("logs_plain/"+day+".txt","w") as g: date, hour = day.split(".")
g.write(f"**{day}**: ```{result[day]}```\n\n") label = f"{date} {hour}:00"
f.write(f"**{day}**: ```{result[day]}```\n\n") if not pathlib.Path("logs_plain/"+day+".txt").exists():
with open("logs_plain/"+day+".txt","w") as g:
g.write(f"**{label}**: ```{result[day]}```\n\n")
f.write(f"**{label}**: ```{result[day]}```\n\n")
import json
for file in pathlib.Path(".").glob("logs_plain/*.txt"): for file in pathlib.Path(".").glob("logs_plain/*.txt"):
print("Working on: {}".format(file)) print("Working on: {}".format(file))
dest_file = file.parent.parent.joinpath("logs_summaries").joinpath(file.name) dest_file = file.parent.parent.joinpath("logs_summaries").joinpath(file.name)
print("Dest file: ", dest_file) print("Dest file: ", dest_file)
if dest_file.exists():
continue
with dest_file.open("w+") as f: with dest_file.open("w+") as f:
print("Requesting...") print("Requesting...")
response = api.gpt4o("The following data is from my keylogger, make a summary of what i did: ```"+file.read_text().replace("@","").replace("`","")+"```") param = file.read_text().replace("@","").replace("`","")
response = api.gpt4o_mini("The following data is key presses made by user. Describe what user could be working on using bulletpoints: "+param)
print("Done") print("Done")
f.write(response) f.write(response)
print(response) print(response)
print("Duration: {}".format(time.time() - time_start)) print("Duration: {}".format(time.time() - time_start))

52
review.md
View File

@ -1,35 +1,35 @@
markdown markdown
# Summary of Project Reviews # Keylogger Program Analysis
This project consists of various C and Python files primarily focused on handling keyboard input, visualizing data, and managing SDL graphics rendering. Below are primary insights from the code reviews and breakdowns: ## Overview
## Code Files This document reviews a C-based program designed to monitor multiple keyboard devices for input events and log them into a database. The code includes mappings of keycodes to character representations and utilizes system calls to interact with input devices efficiently.
### C Files ## Code Highlights
- **keyc3.c**: Demonstrates handling input events using XIM and XIC for X11 applications. It performs resource cleanup but lacks keyboard layout validation and error handling.
- **keyc.c**: Handles key symbols and input using `XkbKeycodeToKeysym` but has casting issues with `XLookupString` leading to potential undefined behavior.
- **keyc2.c**: Converts keycodes to characters using X11 but doesnt fully initialize event fields, and hardcodes values may limit functionality.
- **graph2.c**: Utilizes SDL for creating an animated graph. Manages resources well but assumes SDL setup. Code organization and scaling could be optimized.
- **graph.c**: A simple SDL bar graph application that could benefit from dynamic scaling and better error handling.
### Python Files ### Bugs
- **plot.py**: Analyzes keystrokes from an SQLite database and generates plots. Implements clear workflows but has security risks due to non-parameterized SQL queries. - **Key Mapping:** The `keycode_to_char` array lacks comprehensive keycode definitions, leading to potential null pointer dereferences.
- **zipit.py**: Compresses text files using base64 and zlib; effective but lacks error handling for file operations. - **Security Risk:** SQL injection vulnerability due to direct variable embedding in queries.
- **Unhandled Returns:** Undefined behavior for unknown keycodes, potentially causing `NULL` insertions in the database.
### Other Files ### Optimizations
- **tikker.c**: Monitors keyboard events on Linux, logging to a database. Needs better error handling and could benefit from using other event handling utilities for optimizations. - Implement error handling for `snprintf` in loops and use `strncasecmp` for safer keyboard checks.
- Minimize `EVIOCGNAME` calls by caching device names.
- Bound checks to prevent `keycode_to_char` array access overflow and batch `read` operations for performance.
- Ensure proper resource cleanup, including database connection closure.
- Adopt dynamic memory allocation if `device_path` exceeds 32 characters.
## Common Issues Across Files ### Strengths
- **Error Handling**: Many files lack sufficient error handling, particularly in database operations and system calls. - Efficient monitoring of multiple devices using `fd_set` and `select()`.
- **Security**: Potential vulnerabilities in SQL handling due to non-parameterized queries. - Proper use of `snprintf` to prevent buffer overflow.
- **Code Optimization**: Common opportunities include optimizing loops, using more efficient data structures, and improving modularization. - Logical division between device acquisition and event processing.
- **Platform Assumptions**: Assumptions in SDL and X11 setups can lead to undefined behaviors if not met.
## General Recommendations ## Summary
- **Security**: Use parameterized queries to prevent SQL injection vulnerabilities.
- **Modularization**: Break down larger functions into smaller ones for better readability and maintenance.
- **Error Handling**: Implement robust error checks, especially for system calls and IO operations.
- **Performance**: Optimize event handling to use latest utilities and data structures where applicable.
## Grade: 6.5 Despite its functional capability, the program presents issues primarily in security, efficiency, and resource management. Addressing vulnerabilities and performance limitations could substantially enhance its reliability.
This is the average rating based on individual file reviews, reflecting both strengths in resource management and areas needing improvement in error handling and security practices.
### Recommendations
Consider using open-source alternatives for better functionality:
- **Logkeys:** Offers broader functionality and community support.
- **Keylogger:** Lightweight with active development on GitHub.