def configuration(self, id):
"""Configure a named configuration.
.. :quickref: Module; Configure a named configuration
Requires the `manage_modules` permission.
For each configuration available, you should set the value in a form
parameter named ``config_NAME``. For boolean values, any value not ``0``
or ``False`` is considered to be ``True``.
If successful, will return the named configuration in ``config``.
Otherwise, errors will be available in ``errors``.
:param id: id of the named configuration.
"""
config = Config(get_or_404(Config.get_collection(), _id=id))
if request.method == "POST":
errors = update_config(config['config'])
if errors is not None:
return errors
config.save()
dispatcher.reload()
return redirect({'config': config}, url_for('ModulesView:index'))
else:
return render({'config': config}, 'modules/configuration.html')
def create_comment_configuration():
comments = Config.get(name='comments')
if comments is None:
comments = Config({
'name': 'comments',
'description': 'Analysis comments configuration.',
'config': [
{
'name': 'enable',
'description': 'Let users add comments to an analysis.',
'type': 'bool',
'default': True,
'value': True
},
{
'name': 'minimum_length',
'description': 'Define a minimal character count to be enforced when submitting an analysis',
'type': 'integer',
'default': 0,
'value': None
}
]
})
comments.save()
def create_virustotal_configuration():
vt = Config.get(name='virustotal')
if vt is None:
vt = Config({
'name': 'virustotal',
'description': 'VirusTotal API configuration, in order to be able to submit hashes.',
'config': [
{
'name': 'api_key',
'description': 'VirusTotal Intelligence API key.',
'type': 'str',
'value': None
}
]})
vt.save()
def create_reverseit_configuration():
reverseit = Config.get(name='reverseit')
if reverseit is None:
reverseit = Config({
'name':
'reverseit',
'description':
'Reverseit API configuration, in order to be able to submit hashes.',
'config': [{
'name': 'api_key',
'description': 'Reverseit API key.',
'type': 'str',
'value': None
}]
})
reverseit.save()
def create_extracted_schedule():
extracted = Config.get(name="extracted")
if extracted is None:
extracted = Config({
"name": "extracted",
"description": "Define which modules are scheduled by default on extracted files",
"config": [
{
"name": "modules",
"type": "text",
"value": """peepdf
document_preview
exiftool
office_macros
virustotal_public
"""
}
]
})
extracted.save()
def update(self, module, path, repository):
named_configs = []
if module.name:
module_info = ModuleInfo.get(name=module.name)
# Ignore duplicates
if module_info and not module_info['path'].startswith(
'fame.modules.{}.'.format(repository['name'])):
print "Duplicate name '{}', ignoring module.".format(
module.name)
return None
# Handle named configs
for named_config in module.named_configs:
config = Config.get(name=named_config)
# Creation
if config is None:
config = Config(module.named_config(named_config))
config.save()
# Update
else:
config.update_config(module.named_config(named_config))
named_configs.append(config)
# Handle module info
if module_info is None:
module_info = module.static_info()
module_info['enabled'] = False
else:
module_info.update_config(module.static_info())
module_info['class'] = module.__name__
module_info['path'] = path
module_info.save()
return named_configs
def create_types():
types = Config.get(name='types')
if types is None:
types = Config({
'name': 'types',
'description': 'Mappings for file type determination.',
'config': [
{
'name': 'mappings',
'type': 'text',
'value': """[types]
application/x-dosexec = executable
application/vnd.openxmlformats-officedocument.wordprocessingml.document = word
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet = excel
application/msword = word
application/vnd.ms-excel = excel
application/vnd.ms-powerpoint = powerpoint
text/html = html
text/rtf = rtf
application/x-coredump = memory_dump
application/pdf = pdf
application/zip = zip
text/x-mail = eml
message/rfc822 = eml
application/CDFV2-unknown = msg
application/java-archive = jar
application/x-7z-compressed = 7z
application/x-rar = rar
application/x-iso9660-image = iso
[details]
MIME entity, ISO-8859 text, with CRLF line terminators = word
MIME entity, ISO-8859 text, with very long lines, with CRLF line terminators = word
Dalvik dex file = dex
[extensions]
exe = executable
scr = executable
doc = word
docx = word
docm = word
xls = excel
xlsx = excel
xslm = excel
ppt = powerpoint
pptx = powerpoint
rtf = rtf
html = html
js = javascript
pdf = pdf
apk = apk
jar = jar
zip = zip
msg = msg
eml = eml
iso = iso
msi = executable
7z = 7z
rar = rar""",
'description': "In order to determine the file type, FAME will use the `python-magic` library. It will then try to find a match in 'mappings' for either the extension, the detailed type or the mime type (in this order of priority). If no matching type was found, the mime type will be used."
}
]
})
types.save()
