def add_file(file_path, name=None, tags=None, parent=None):
obj = File(file_path)
new_path = store_sample(obj, __project__)
print(new_path)
if not name:
name = os.path.basename(file_path)
# success = True
if new_path:
# Add file to the database.
try:
db = Database()
db.add(obj=obj, name=name, tags=tags, parent_sha=parent)
except Exception as e:
log.error("Exception while adding sample to DB: {str(e)}")
# Removing stored file since DB write failed
remove_sample(new_path)
return None
# AutoRun Modules
if cfg.autorun.enabled:
autorun_module(obj.sha256)
# Close the open session to keep the session table clean
__sessions__.close()
return obj.sha256
else:
log.info("File already exists in database")
return None
def _process_uploaded(db, uploaded_file_path, file_name, tag_list=None, note_title=None, note_body=None):
"""_process_uploaded add one uploaded file to database and to storage then remove uploaded file"""
log.debug("adding: {} as {}".format(uploaded_file_path, file_name))
malware = File(uploaded_file_path)
malware.name = file_name
if get_sample_path(malware.sha256):
error = {"error": {"code": "DuplicateFileHash",
"message": "File hash exists already: {} (sha256: {})".format(malware.name, malware.sha256)}}
log.error("adding failed: {}".format(error))
raise ValidationError(detail=error) # TODO(frennkie) raise more specific error?! so that we can catch it..?!
# Try to store file object into database
if db.add(obj=malware, tags=tag_list):
# If succeeds, store also in the local repository.
# If something fails in the database (for example unicode strings)
# we don't want to have the binary lying in the repository with no
# associated database record.
malware_stored_path = store_sample(malware)
# run autoruns on the stored sample
if cfg.get('autorun').enabled:
autorun_module(malware.sha256)
log.debug("added file \"{0}\" to {1}".format(malware.name, malware_stored_path))
if note_body and note_title:
db.add_note(malware.sha256, note_title, note_body)
log.debug("added note: \"{0}\"".format(note_title))
else:
error = {"error": {"code": "DatabaseAddFailed",
"message": "Adding File to Database failed: {} (sha256: {})".format(malware.name, malware.sha256)}}
log.error("adding failed: {}".format(error))
raise ValidationError(detail=error)
# clean up
try:
os.remove(uploaded_file_path)
except OSError as err:
log.error("failed to delete temporary file: {}".format(err))
return malware
def add_file(file_path, tags, parent):
obj = File(file_path)
new_path = store_sample(obj)
print new_path
success = True
if new_path:
# Add file to the database.
db = Database()
success = db.add(obj=obj, tags=tags, parent_sha=parent)
# AutoRun Modules
if cfg.autorun.enabled:
autorun_module(obj.sha256)
# Close the open session to keep the session table clean
__sessions__.close()
return obj.sha256
else:
# ToDo Remove the stored file if we cant write to DB
return
def add_file(file_path, name=None, url=None, tags=None, parent=None):
obj = File(file_path, url)
new_path = store_sample(obj)
print(new_path)
if not name:
name = os.path.basename(file_path)
# success = True
if new_path:
# Add file to the database.
db = Database()
db.add(obj=obj, name=name, tags=tags, url=url, parent_sha=parent)
# AutoRun Modules
if cfg.autorun.enabled:
autorun_module(obj.sha256)
# Close the open session to keep the session table clean
__sessions__.close()
return obj.sha256
else:
# ToDo Remove the stored file if we cant write to DB
return
def run(self, *args):
try:
args = self.parser.parse_args(args)
except SystemExit:
return
if args.folder is not None:
# Allows to have spaces in the path.
args.folder = " ".join(args.folder)
if args.tags is not None:
# Remove the spaces in the list of tags
args.tags = "".join(args.tags)
def add_file(obj, tags=None):
if get_sample_path(obj.sha256):
self.log('warning', "Skip, file \"{0}\" appears to be already stored".format(obj.name))
return False
if __sessions__.is_attached_misp(quiet=True):
if tags is not None:
tags += ',misp:{}'.format(__sessions__.current.misp_event.event.id)
else:
tags = 'misp:{}'.format(__sessions__.current.misp_event.event.id)
# Try to store file object into database.
status = db.add(obj=obj, tags=tags)
if status:
# If succeeds, store also in the local repository.
# If something fails in the database (for example unicode strings)
# we don't want to have the binary lying in the repository with no
# associated database record.
new_path = store_sample(obj)
self.log("success", "Stored file \"{0}\" to {1}".format(obj.name, new_path))
else:
return False
# Delete the file if requested to do so.
if args.delete:
try:
os.unlink(obj.path)
except Exception as e:
self.log('warning', "Failed deleting file: {0}".format(e))
return True
# If the user specified the --folder flag, we walk recursively and try
# to add all contained files to the local repository.
# This is note going to open a new session.
# TODO: perhaps disable or make recursion optional?
if args.folder is not None:
# Check if the specified folder is valid.
if os.path.isdir(args.folder):
# Walk through the folder and subfolders.
for dir_name, dir_names, file_names in walk(args.folder):
# Add each collected file.
for file_name in file_names:
file_path = os.path.join(dir_name, file_name)
if not os.path.exists(file_path):
continue
# Check if file is not zero.
if not os.path.getsize(file_path) > 0:
continue
# Check if the file name matches the provided pattern.
if args.file_name:
if not fnmatch.fnmatch(file_name, args.file_name):
# self.log('warning', "Skip, file \"{0}\" doesn't match the file name pattern".format(file_path))
continue
# Check if the file type matches the provided pattern.
if args.file_type:
if args.file_type not in File(file_path).type:
# self.log('warning', "Skip, file \"{0}\" doesn't match the file type".format(file_path))
continue
# Check if file exceeds maximum size limit.
if args.file_size:
# Obtain file size.
if os.path.getsize(file_path) > args.file_size:
self.log('warning', "Skip, file \"{0}\" is too big".format(file_path))
continue
file_obj = File(file_path)
# Add file.
add_file(file_obj, args.tags)
if add_file and cfg.get('autorun').enabled:
autorun_module(file_obj.sha256)
# Close the open session to keep the session table clean
__sessions__.close()
else:
self.log('error', "You specified an invalid folder: {0}".format(args.folder))
# Otherwise we try to store the currently opened file, if there is any.
else:
if __sessions__.is_set():
if __sessions__.current.file.size == 0:
self.log('warning', "Skip, file \"{0}\" appears to be empty".format(__sessions__.current.file.name))
return False
# Add file.
if add_file(__sessions__.current.file, args.tags):
# Open session to the new file.
Open().run(*[__sessions__.current.file.sha256])
if cfg.get('autorun').enabled:
autorun_module(__sessions__.current.file.sha256)
else:
self.log('error', "No open session")
def cmd_store(self, *args):
parser = argparse.ArgumentParser(
prog='store',
description="Store the opened file to the local repository")
parser.add_argument('-d',
'--delete',
action='store_true',
help="Delete the original file")
parser.add_argument('-f',
'--folder',
type=str,
nargs='+',
help="Specify a folder to import")
parser.add_argument('-s',
'--file-size',
type=int,
help="Specify a maximum file size")
parser.add_argument('-y',
'--file-type',
type=str,
help="Specify a file type pattern")
parser.add_argument('-n',
'--file-name',
type=str,
help="Specify a file name pattern")
parser.add_argument('-t',
'--tags',
type=str,
nargs='+',
help="Specify a list of comma-separated tags")
try:
args = parser.parse_args(args)
except:
return
if args.folder is not None:
# Allows to have spaces in the path.
args.folder = " ".join(args.folder)
if args.tags is not None:
# Remove the spaces in the list of tags
args.tags = "".join(args.tags)
def add_file(obj, tags=None):
if get_sample_path(obj.sha256):
self.log(
'warning',
"Skip, file \"{0}\" appears to be already stored".format(
obj.name))
return False
if __sessions__.is_attached_misp(quiet=True):
if tags is not None:
tags += ',misp:{}'.format(
__sessions__.current.misp_event.event_id)
else:
tags = 'misp:{}'.format(
__sessions__.current.misp_event.event_id)
# Try to store file object into database.
status = self.db.add(obj=obj, tags=tags)
if status:
# If succeeds, store also in the local repository.
# If something fails in the database (for example unicode strings)
# we don't want to have the binary lying in the repository with no
# associated database record.
new_path = store_sample(obj)
self.log(
"success",
"Stored file \"{0}\" to {1}".format(obj.name, new_path))
else:
return False
# Delete the file if requested to do so.
if args.delete:
try:
os.unlink(obj.path)
except Exception as e:
self.log('warning', "Failed deleting file: {0}".format(e))
return True
# If the user specified the --folder flag, we walk recursively and try
# to add all contained files to the local repository.
# This is note going to open a new session.
# TODO: perhaps disable or make recursion optional?
if args.folder is not None:
# Check if the specified folder is valid.
if os.path.isdir(args.folder):
# Walk through the folder and subfolders.
for dir_name, dir_names, file_names in walk(args.folder):
# Add each collected file.
for file_name in file_names:
file_path = os.path.join(dir_name, file_name)
if not os.path.exists(file_path):
continue
# Check if file is not zero.
if not os.path.getsize(file_path) > 0:
continue
# Check if the file name matches the provided pattern.
if args.file_name:
if not fnmatch.fnmatch(file_name, args.file_name):
# self.log('warning', "Skip, file \"{0}\" doesn't match the file name pattern".format(file_path))
continue
# Check if the file type matches the provided pattern.
if args.file_type:
if args.file_type not in File(file_path).type:
# self.log('warning', "Skip, file \"{0}\" doesn't match the file type".format(file_path))
continue
# Check if file exceeds maximum size limit.
if args.file_size:
# Obtain file size.
if os.path.getsize(file_path) > args.file_size:
self.log(
'warning',
"Skip, file \"{0}\" is too big".format(
file_path))
continue
file_obj = File(file_path)
# Add file.
add_file(file_obj, args.tags)
if add_file and cfg.autorun.enabled:
autorun_module(file_obj.sha256)
# Close the open session to keep the session table clean
__sessions__.close()
else:
self.log(
'error',
"You specified an invalid folder: {0}".format(args.folder))
# Otherwise we try to store the currently opened file, if there is any.
else:
if __sessions__.is_set():
if __sessions__.current.file.size == 0:
self.log(
'warning',
"Skip, file \"{0}\" appears to be empty".format(
__sessions__.current.file.name))
return False
# Add file.
if add_file(__sessions__.current.file, args.tags):
# Open session to the new file.
self.cmd_open(*[__sessions__.current.file.sha256])
if cfg.autorun.enabled:
autorun_module(__sessions__.current.file.sha256)
else:
self.log('error', "No open session")
def _process_uploaded(db,
uploaded_file_path,
file_name,
tag_list=None,
note_title=None,
note_body=None):
"""_process_uploaded add one uploaded file to database and to storage then remove uploaded file"""
log.debug("adding: {} as {}".format(uploaded_file_path, file_name))
malware = File(uploaded_file_path)
malware.name = file_name
if get_sample_path(malware.sha256):
error = {
"error": {
"code":
"DuplicateFileHash",
"message":
"File hash exists already: {} (sha256: {})".format(
malware.name, malware.sha256)
}
}
log.error("adding failed: {}".format(error))
raise ValidationError(
detail=error
) # TODO(frennkie) raise more specific error?! so that we can catch it..?!
# Try to store file object into database
if db.add(obj=malware, tags=tag_list):
# If succeeds, store also in the local repository.
# If something fails in the database (for example unicode strings)
# we don't want to have the binary lying in the repository with no
# associated database record.
malware_stored_path = store_sample(malware)
# run autoruns on the stored sample
if cfg.get('autorun').enabled:
autorun_module(malware.sha256)
log.debug("added file \"{0}\" to {1}".format(
malware.name, malware_stored_path))
if note_body and note_title:
db.add_note(malware.sha256, note_title, note_body)
log.debug("added note: \"{0}\"".format(note_title))
else:
error = {
"error": {
"code":
"DatabaseAddFailed",
"message":
"Adding File to Database failed: {} (sha256: {})".format(
malware.name, malware.sha256)
}
}
log.error("adding failed: {}".format(error))
raise ValidationError(detail=error)
# clean up
try:
os.remove(uploaded_file_path)
except OSError as err:
log.error("failed to delete temporary file: {}".format(err))
return malware
def cmd_store(self, *args):
parser = argparse.ArgumentParser(prog='store', description="Store the opened file to the local repository")
parser.add_argument('-d', '--delete', action='store_true', help="Delete the original file")
parser.add_argument('-f', '--folder', type=str, nargs='+', help="Specify a folder to import")
parser.add_argument('-s', '--file-size', type=int, help="Specify a maximum file size")
parser.add_argument('-y', '--file-type', type=str, help="Specify a file type pattern")
parser.add_argument('-n', '--file-name', type=str, help="Specify a file name pattern")
parser.add_argument('-t', '--tags', type=str, nargs='+', help="Specify a list of comma-separated tags")
try:
args = parser.parse_args(args)
except:
return
if args.folder is not None:
# Allows to have spaces in the path.
args.folder = " ".join(args.folder)
if args.tags is not None:
# Remove the spaces in the list of tags
args.tags = "".join(args.tags)
def add_file(obj, tags=None):
if get_sample_path(obj.sha256):
self.log('warning', "Skip, file \"{0}\" appears to be already stored".format(obj.name))
return False
# Try to store file object into database.
status = self.db.add(obj=obj, tags=tags)
if status:
# If succeeds, store also in the local repository.
# If something fails in the database (for example unicode strings)
# we don't want to have the binary lying in the repository with no
# associated database record.
new_path = store_sample(obj)
self.log("success", "Stored file \"{0}\" to {1}".format(obj.name, new_path))
else:
return False
# Delete the file if requested to do so.
if args.delete:
try:
os.unlink(obj.path)
except Exception as e:
self.log('warning', "Failed deleting file: {0}".format(e))
return True
# If the user specified the --folder flag, we walk recursively and try
# to add all contained files to the local repository.
# This is note going to open a new session.
# TODO: perhaps disable or make recursion optional?
if args.folder is not None:
# Check if the specified folder is valid.
if os.path.isdir(args.folder):
# Walk through the folder and subfolders.
for dir_name, dir_names, file_names in walk(args.folder):
# Add each collected file.
for file_name in file_names:
file_path = os.path.join(dir_name, file_name)
if not os.path.exists(file_path):
continue
# Check if file is not zero.
if not os.path.getsize(file_path) > 0:
continue
# Check if the file name matches the provided pattern.
if args.file_name:
if not fnmatch.fnmatch(file_name, args.file_name):
# self.log('warning', "Skip, file \"{0}\" doesn't match the file name pattern".format(file_path))
continue
# Check if the file type matches the provided pattern.
if args.file_type:
if args.file_type not in File(file_path).type:
# self.log('warning', "Skip, file \"{0}\" doesn't match the file type".format(file_path))
continue
# Check if file exceeds maximum size limit.
if args.file_size:
# Obtain file size.
if os.path.getsize(file_path) > args.file_size:
self.log('warning', "Skip, file \"{0}\" is too big".format(file_path))
continue
file_obj = File(file_path)
# Add file.
add_file(file_obj, args.tags)
if add_file and cfg.autorun.enabled:
autorun_module(file_obj.sha256)
# Close the open session to keep the session table clean
__sessions__.close()
else:
self.log('error', "You specified an invalid folder: {0}".format(args.folder))
# Otherwise we try to store the currently opened file, if there is any.
else:
if __sessions__.is_set():
if __sessions__.current.file.size == 0:
self.log('warning', "Skip, file \"{0}\" appears to be empty".format(__sessions__.current.file.name))
return False
# Add file.
if add_file(__sessions__.current.file, args.tags):
# Open session to the new file.
self.cmd_open(*[__sessions__.current.file.sha256])
if cfg.autorun.enabled:
autorun_module(__sessions__.current.file.sha256)
else:
self.log('error', "No session opened")
