def add_metadata(sample, metadata_type,
metadata_value, do_commit=True):
"""
Add a sample's metadata.
"""
if SampleMetadataType.tostring(metadata_type) == "":
app.logger.error("Invalid metadata type supplied")
return False
if isinstance(metadata_value, int):
metadata_value = hex(metadata_value)
else:
try:
metadata_value = str(metadata_value)
except Exception as e:
app.logger.exception(e)
return False
for s_metadata in sample.s_metadata:
if s_metadata.type_id == metadata_type and s_metadata.value == metadata_value:
return True
s_metadata = SampleMetadata()
s_metadata.value = metadata_value
s_metadata.type_id = metadata_type
db.session.add(s_metadata)
sample.s_metadata.append(s_metadata)
if do_commit:
db.session.commit()
return True
def add_metadata(sample, metadata_type, metadata_value, do_commit=True):
"""
Add a sample's metadata.
"""
if SampleMetadataType.tostring(metadata_type) == "":
app.logger.error("Invalid metadata type supplied")
return False
if isinstance(metadata_value, int):
metadata_value = hex(metadata_value)
else:
try:
metadata_value = str(metadata_value)
except Exception as e:
app.logger.exception(e)
return False
for s_metadata in sample.s_metadata:
if s_metadata.type_id == metadata_type and s_metadata.value == metadata_value:
return True
s_metadata = SampleMetadata()
s_metadata.value = metadata_value
s_metadata.type_id = metadata_type
db.session.add(s_metadata)
sample.s_metadata.append(s_metadata)
if do_commit:
db.session.commit()
return True
def gen_sample_view(sample_id, graph=None, fctaddr=None):
"""
Generates a sample's view (template). We split the view because of the
disassembly view, which is directly included in the sample's view, but
not "by default".
"""
sample = api.samplecontrol.get_by_id(sample_id)
if sample is None:
abort(404)
machex_export_form = ExportMachexForm(sampleid=sample.id)
set_sample_abstract_form = SampleAbstractForm()
add_family_form = AddSampleToFamilyForm()
families_choices = [(f.id, f.name) for f in Family.query.order_by('name')]
add_family_form.parentfamily.choices = families_choices
change_tlp_level_form = ChangeTLPForm()
machoc_compare_form = CompareMachocForm()
sample_metadata = []
for i in sample.s_metadata:
sample_metadata.append(
{"type": SampleMetadataType.tostring(i.type_id), "value": i.value})
if add_family_form.validate_on_submit():
family_id = add_family_form.parentfamily.data
family = api.familycontrol.get_by_id(family_id)
if family is None:
abort(404)
api.familycontrol.add_sample(sample, family)
if set_sample_abstract_form.validate_on_submit():
abstract = set_sample_abstract_form.abstract.data
api.samplecontrol.set_abstract(sample, abstract)
elif sample.abstract is not None:
set_sample_abstract_form.abstract.default = sample.abstract
set_sample_abstract_form.abstract.data = sample.abstract
if change_tlp_level_form.validate_on_submit():
level = change_tlp_level_form.level.data
api.samplecontrol.set_tlp_level(sample, level)
machoc_comparison_results = None
if machoc_compare_form.validate_on_submit():
comparison_level = machoc_compare_form.percent.data
if comparison_level < 1:
comparison_level = 1
elif comparison_level > 100:
comparison_level = 100
comparison_level = float(comparison_level) / 100
machoc_comparison_results = api.samplecontrol.machoc_diff_with_all_samples(
sample, comparison_level)
return render_template("sample.html",
sample=sample,
abstractform=set_sample_abstract_form,
checklists=api.samplecontrol.get_all_checklists(),
changetlpform=change_tlp_level_form,
compareform=machoc_compare_form,
expform=machex_export_form,
hresults=machoc_comparison_results,
metasample=sample_metadata,
addfamilyform=add_family_form,
graph=graph,
fctaddr=fctaddr)
def machexport(sample, machocfull, strings, metadata, fmachoc, fname,
sabstract, aabstracts):
"""
Creation of machex string data.
"""
retv = {}
retv["md5"] = sample.md5
retv["sha1"] = sample.sha1
retv["sha256"] = sample.sha256
retv["type"] = sample.mime_type
if machocfull:
retv["machoc"] = ""
if sabstract:
retv["abstract"] = sample.abstract
if aabstracts:
retv["analyses"] = []
for i in sample.analysis_data:
retv["analyses"].append({"title": i.title, "data": i.data})
if metadata:
retv["file_date"] = str(sample.file_date)
retv["size"] = sample.size
retv["full_mime_type"] = sample.full_mime_type
retv["file_metadata"] = []
retv["filenames"] = []
for i in sample.s_metadata:
retv["file_metadata"].append({
"type":
SampleMetadataType.tostring(i.type_id),
"value":
i.value
})
for i in sample.filenames:
retv['filenames'].append(i.name)
if fmachoc or fname or machocfull:
if fmachoc or fname:
retv["functions"] = []
for f in sample.functions:
if fmachoc or fname:
tmp = {"address": f.address}
if fname:
tmp["name"] = f.name
if fmachoc:
tmp["machoc"] = f.machoc_hash
retv["functions"].append(tmp)
if machocfull:
retv["machoc"] += hex(f.machoc_hash)[2:].zfill(8)
if strings:
retv["strings"] = []
for i in sample.strings:
retv["strings"].append({
"type": i.string_type,
"value": i.string_value
})
return retv
def machexport(sample, machocfull, strings, metadata,
fmachoc, fname, sabstract, aabstracts):
"""
Creation of machex string data.
"""
retv = {}
retv["md5"] = sample.md5
retv["sha1"] = sample.sha1
retv["sha256"] = sample.sha256
retv["type"] = sample.mime_type
if machocfull:
retv["machoc"] = ""
if sabstract:
retv["abstract"] = sample.abstract
if aabstracts:
retv["analyses"] = []
for i in sample.analysis_data:
retv["analyses"].append({"title": i.title, "data": i.data})
if metadata:
retv["file_date"] = str(sample.file_date)
retv["size"] = sample.size
retv["full_mime_type"] = sample.full_mime_type
retv["file_metadata"] = []
retv["filenames"] = []
for i in sample.s_metadata:
retv["file_metadata"].append(
{"type": SampleMetadataType.tostring(i.type_id), "value": i.value})
for i in sample.filenames:
retv['filenames'].append(i.name)
if fmachoc or fname or machocfull:
if fmachoc or fname:
retv["functions"] = []
for f in sample.functions:
if fmachoc or fname:
tmp = {"address": f.address}
if fname:
tmp["name"] = f.name
if fmachoc:
tmp["machoc"] = f.machoc_hash
retv["functions"].append(tmp)
if machocfull:
retv["machoc"] += hex(f.machoc_hash)[2:].zfill(8)
if strings:
retv["strings"] = []
for i in sample.strings:
retv["strings"].append(
{"type": i.string_type, "value": i.string_value})
return retv
def ui_search():
"""
Search and handle forms.
"""
hform = HashSearchForm()
tform = FullTextSearchForm()
mhform = MachocHashSearchForm()
cfields = []
i = 1
while True:
x = SampleMetadataType.tostring(i)
if x == "":
break
cfields.append(x)
i = i + 1
hash_compare_results = None
samples_results = None
functions_results = None
if hform.validate_on_submit():
hneedle = hform.hneedle.data
samples_results, functions_results = api.samplecontrol.search_hash(
hneedle)
if tform.validate_on_submit():
tneedle = tform.fneedle.data
samples_results = api.samplecontrol.search_fulltext(tneedle)
if mhform.validate_on_submit():
comparison_level = mhform.percent.data
if comparison_level > 100:
comparison_level = 100
elif comparison_level < 1:
comparison_level = 1
comparison_level = float(comparison_level) / 100
needle = mhform.mneedle.data
hash_compare_results = api.samplecontrol.search_machoc_full_hash(
needle, comparison_level)
return render_template('search.html',
hform=hform,
tform=tform,
mhform=mhform,
cfields=cfields,
mresults=functions_results,
hresults=hash_compare_results,
results=samples_results)
def create_sample_from_json_machex(self, machex_json, level):
"""
Creation from machex string data.
"""
try:
jdata = json.loads(machex_json)
mhash_sha256 = jdata["sha256"]
mhash_sha1 = jdata["sha1"]
mhash_md5 = jdata["md5"]
mtype = jdata["type"]
except Exception as e:
app.logger.error("Machex import failed : %s" % (e))
return None
qresult = Sample.query.filter_by(sha256=mhash_sha256)
exists = False
if qresult.count() != 0:
sample = qresult.first()
return None
sample = Sample()
sample.md5 = mhash_md5
sample.sha1 = mhash_sha1
sample.sha256 = mhash_sha256
sample.mime_type = mtype
sample.TLP_sensibility = level
sample.analysis_status = AnalysisStatus.TOSTART
if "full_mime_type" in jdata:
sample.full_mime_type = jdata["full_mime_type"]
if "size" in jdata:
sample.size = jdata["size"]
if "file_date" in jdata:
sample.file_date = jdata["file_date"]
db.session.add(sample)
if "file_metadata" in jdata:
for i in jdata["file_metadata"]:
self.add_metadata(
sample, SampleMetadataType.fromstring(
i['type']), i['value'])
if "filenames" in jdata:
for i in jdata["filenames"]:
self.add_filename(sample, i)
if "functions" in jdata:
for i in jdata["functions"]:
address = i["address"]
if isinstance(address, str):
address = int(address, 16)
name = ""
machoc_hash = -1
if "machoc" in i:
machoc_hash = i["machoc"]
if isinstance(machoc_hash, str):
machoc_hash = int(machoc_hash, 16)
if "name" in i:
name = i["name"]
self.add_function(sample, address, machoc_hash, name)
if "strings" in jdata and len(jdata["strings"]) > 0:
for i in jdata["strings"]:
typ = i["type"]
val = i["value"]
if not exists:
self.add_string(sample, typ, val)
if "abstract" in jdata:
sample.abstract = jdata["abstract"]
if "analyses" in jdata:
for i in jdata["analyses"]:
self.create_analysis(sample, i["data"], i["title"])
db.session.commit()
return sample
def create_sample_from_json_machex(self, machex_json, level):
"""
Creation from machex string data.
"""
try:
jdata = json.loads(machex_json)
mhash_sha256 = jdata["sha256"]
mhash_sha1 = jdata["sha1"]
mhash_md5 = jdata["md5"]
mtype = jdata["type"]
except Exception as e:
app.logger.error("Machex import failed : %s" % (e))
return None
qresult = Sample.query.filter_by(sha256=mhash_sha256)
exists = False
if qresult.count() != 0:
sample = qresult.first()
return None
sample = Sample()
sample.md5 = mhash_md5
sample.sha1 = mhash_sha1
sample.sha256 = mhash_sha256
sample.mime_type = mtype
sample.TLP_sensibility = level
sample.analysis_status = AnalysisStatus.TOSTART
if "full_mime_type" in jdata:
sample.full_mime_type = jdata["full_mime_type"]
if "size" in jdata:
sample.size = jdata["size"]
if "file_date" in jdata:
sample.file_date = jdata["file_date"]
db.session.add(sample)
if "file_metadata" in jdata:
for i in jdata["file_metadata"]:
self.add_metadata(sample,
SampleMetadataType.fromstring(i['type']),
i['value'])
if "filenames" in jdata:
for i in jdata["filenames"]:
self.add_filename(sample, i)
if "functions" in jdata:
for i in jdata["functions"]:
address = i["address"]
if isinstance(address, str):
address = int(address, 16)
name = ""
machoc_hash = -1
if "machoc" in i:
machoc_hash = i["machoc"]
if isinstance(machoc_hash, str):
machoc_hash = int(machoc_hash, 16)
if "name" in i:
name = i["name"]
self.add_function(sample, address, machoc_hash, name)
if "strings" in jdata and len(jdata["strings"]) > 0:
for i in jdata["strings"]:
typ = i["type"]
val = i["value"]
if not exists:
self.add_string(sample, typ, val)
if "abstract" in jdata:
sample.abstract = jdata["abstract"]
if "analyses" in jdata:
for i in jdata["analyses"]:
self.create_analysis(sample, i["data"], i["title"])
db.session.commit()
return sample
def format_metadata(meta):
"""
Used to format correctly a sample metadata type in Jinja
"""
return u'%s' % (SampleMetadataType.tostring(meta.type_id))
def format_metadata(meta):
"""
Used to format correctly a sample metadata type in Jinja
"""
return u'%s' % (SampleMetadataType.tostring(meta.type_id))
