def submit(self, args, file, opts):
"""
Routine to submit a sample to MalwareBazaar.
"""
document = db.file_collection.select(file.sha256_digest)
with open(file.file_path, "rb") as sample:
try:
tags = []
delivery_method = "other"
data = {'tags': tags, 'delivery_method': delivery_method}
files = {
'json_data': (None, js.dumps(data), 'application/json'),
'file': (document['name'], sample)
}
response = requests.post(API_ENDPOINT,
files=files,
headers=HEADERS,
verify=True,
timeout=10)
except requests.exceptions.RequestException:
raise error.InterfaceError("Failled to connect")
json_response = response.json()
return json_response
def info(self, args, file, opts):
try:
j = requests.get(CUCKOO_API + '/files/view/sha256/' +
file.sha256_digest,
verify=VERIFY).json()
except requests.exceptions.RequestException:
raise error.InterfaceError("failed to connect to Cuckoo")
if 'sample' not in j:
raise error.InterfaceWarning(
"file has never been submitted to Cuckoo")
s_id = j['sample']['id']
r = requests.get(CUCKOO_API + '/tasks/list', verify=VERIFY)
if not r.status_code == requests.codes.ok: # pylint: disable=no-member
return "No reports, sample must be pending/running", "pending"
j = r.json()
output = []
for t in j['tasks']:
if t['sample_id'] == s_id:
r = requests.get(CUCKOO_API + '/tasks/report/' + str(t['id']),
verify=VERIFY)
if r.status_code == requests.codes.ok: # pylint: disable=no-member
j = r.json()
output += [{
'score': j['info']['score'],
'name': j['info']['machine']['name']
}]
if not output:
return error.InterfaceWarning("no information available!")
return {'info': output}
def report(self, args, file, opts):
# TODO: Hash match!
try:
r = requests.get(CUCKOO_API + '/tasks/report/' + args['id'],
verify=VERIFY)
except requests.exceptions.RequestException:
raise error.InterfaceError("failed to connect to Cuckoo")
if not r.status_code == requests.codes.ok: # pylint: disable=no-member
return "No task for given id"
j = r.json()
output = {
'score':
j['info']['score'],
'platform':
j['info']['platform'],
'analysis': {
'category': j['info']['category'],
'started': j['info']['started'],
'ended': j['info']['ended'],
'duration': j['info']['duration']
},
'machine': {
'name': j['info']['machine']['name'],
'manager': j['info']['machine']['manager']
},
'signatures': [{
'severity': x['severity'],
'description': x['description']
} for x in j['signatures']]
}
return output
def reports(self, args, file, opts):
try:
j = requests.get(CUCKOO_API + '/files/view/sha256/' +
file.sha256_digest,
verify=VERIFY).json()
except requests.exceptions.RequestException:
raise error.InterfaceError("failed to connect to Cuckoo")
if 'sample' not in j:
raise error.InterfaceWarning(
"file has never been submitted to Cuckoo")
s_id = j['sample']['id']
r = requests.get(CUCKOO_API + '/tasks/list', verify=VERIFY)
if not r.status_code == requests.codes.ok: # pylint: disable=no-member
return "No reports, sample must be pending/running", "pending"
j = r.json()
output = {'reports': []}
for t in j['tasks']:
if t['sample_id'] == s_id:
output['reports'] += [{
'id':
str(t['id']),
'url':
config.scale_configs['cuckoo']['cuckoo_url'] +
str(t['id']),
'timestamp':
str(t['added_on']),
'status':
str(t['status'])
}]
return output
def upload(self, args, working_dir):
if not API_KEY:
raise error.InterfaceError(
"config variable 'api_key' has not been set")
params = {'apikey': API_KEY, 'hash': args['hash']}
resp = requests.get(
'https://www.virustotal.com/vtapi/v2/file/download',
params=params,
headers=HEADERS,
proxies=PROXIES,
stream=True,
timeout=10)
name = None
if 'Content-Disposition' in resp.headers:
_disp, params = cgi.parse_header(
resp.headers['Content-Disposition'])
if 'filename' in params:
name = params['filename']
if not name:
name = args['hash']
with open(path.join(working_dir, name), 'wb') as f:
for chunk in resp.iter_content(chunk_size=4096):
if chunk:
f.write(chunk)
return name
def submit(self, args, file, opts):
document = db.file_collection.select(file.sha256_digest)
with open(file.file_path, "rb") as f:
try:
r = requests.post(CUCKOO_API + '/tasks/create/file',
files={"file": (document['name'], f)},
verify=VERIFY)
except requests.exceptions.RequestException:
raise error.InterfaceError("failed to connect to Cuckoo")
if not r.status_code == requests.codes.ok: # pylint: disable=no-member
raise error.InterfaceError('failed to submit sample to Cuckoo')
j = r.json()
if not j["task_id"]:
raise error.InterfaceError('failed to submit sample to Cuckoo')
return j
def check(self):
"""Self check are prerequisits set. API key is needed for upload."""
if not API_KEY:
raise error.InterfaceError(
'config variable \'api_key\' has not been set')
def check(self):
if CUCKOO_API is None or CUCKOO_API == '':
raise error.InterfaceError(
"config variable 'cuckoo_api' has not been set")
def check(self):
if not API_KEY:
raise error.InterfaceError("config variable 'api_key' has not been set")