def add_extracted_file(self, filepath, automatic_analysis=True):
self.log('debug', "Adding extracted file '{}'".format(filepath))
fd = open(filepath, 'rb')
filename = os.path.basename(filepath)
f = File(filename=filename, stream=fd, create=False)
if not f.existing:
if fame_config.remote:
response = send_file_to_remote(filepath, '/files/')
f = File(response.json()['file'])
else:
f = File(filename=os.path.basename(filepath), stream=fd)
# Automatically analyze extracted file if magic is enabled and module did not disable it
if self.magic_enabled() and automatic_analysis:
modules = []
config = Config.get(name="extracted").get_values()
if config is not None and "modules" in config:
modules = config["modules"].split()
f.analyze(self['groups'], self['analyst'], modules,
self['options'])
fd.close()
f.add_groups(self['groups'])
self.append_to('extracted_files', f['_id'])
f.add_parent_analysis(self)
def add_group(self, id):
f = File(get_or_404(current_user.files, _id=id))
group = request.form.get('group')
f.add_groups([group])
return redirect(request.referrer)
def post(self):
"""Create a new analysis.
.. :quickref: Analysis; Create an analysis
Launch a new analysis. You have to specify on which object this analysis
will be made, by specifying one of:
* ``file_id`` for an existing object
* ``file`` for file uploads
* ``url``
* ``hash`` if VirusTotal sample retrieval is enabled.
You should also supply all enabled analysis options with the name
``options[OPTION_NAME]``. For boolean options, any value different than
``0`` or ``False`` means the option is enabled.
If the submitted object already exists (and ``file_id`` was not specified),
the response will be a file object. When a new analysis was successfuly
created, the analysis object will be returned, in the ``analysis`` field.
If there was error in your submission, they will be returned in the
``errors`` field.
**Example request**::
headers = {
'Accept': "application/json",
'X-API-KEY': FAME_API_KEY
}
with open(filepath, 'rb') as f:
params = {
'options[allow_internet_access]': "on",
'options[analysis_time]': "300",
'groups': "cert"
}
files = {
'file': f
}
r = requests.post(ENDPOINT, data=params, files=files, headers=headers)
:form string file_id: (optional) the id of the object on which this analysis should run.
:form file file: (optional) file to analyze.
:form string url: (optional) url to analyze.
:form string hash: (optional) hash to analyze.
:form string module: (optional) the name of the target module.
:form string groups: a comma-separated list of groups that will have access to this analysis.
:form string comment: comment to add to this object.
:form string option[*]: value of each enabled option.
"""
file_id = request.form.get('file_id')
modules = filter(None, request.form.get('modules', '').split(','))
groups = request.form.get('groups', '').split(',')
comment = request.form.get('comment', '')
options = get_options()
if options is None:
return validation_error()
valid_submission = self._validate_form(groups, modules, options)
if not valid_submission:
return validation_error()
if file_id is not None:
f = File(get_or_404(current_user.files, _id=file_id))
analysis = {
'analysis':
f.analyze(groups, current_user['_id'], modules, options)
}
return redirect(
analysis,
url_for('AnalysesView:get', id=analysis['analysis']['_id']))
else:
# When this is a new submission, validate the comment
if not self._validate_comment(comment):
return validation_error()
f = self._get_object_to_analyze()
if f is not None:
f.add_owners(set(current_user['groups']) & set(groups))
if comment:
f.add_comment(current_user['_id'], comment)
if f.existing:
f.add_groups(groups)
flash(
"File already exists, so the analysis was not launched."
)
return redirect(clean_files(f),
url_for('FilesView:get', id=f['_id']))
else:
analysis = {
'analysis':
clean_analyses(
f.analyze(groups, current_user['_id'], modules,
options))
}
analysis['analysis']['file'] = clean_files(f)
return redirect(
analysis,
url_for('AnalysesView:get',
id=analysis['analysis']['_id']))
else:
return render_template('analyses/new.html',
options=dispatcher.options)