async def scan(self, payload: Payload, request: Request) -> WorkerResponse: """ Scan payloads using OPSWAT MetaDefender """ errors: List[Error] = [] headers = { 'apikey': self.apikey, 'content-type': 'application/octet-stream', 'filename': payload.results.payload_meta.extra_data.get( 'filename', get_sha1(payload.content).encode()).decode(), } async with aiohttp.ClientSession(raise_for_status=True) as session: async with session.post(self.opswat_url, data=payload.content, headers=headers) as response: content = await response.json() data_id = content['data_id'] results, error = await self._parse_results(data_id) if error: errors.append( Error( error=error, plugin_name=self.plugin_name, payload_id=payload.results.payload_id, )) return WorkerResponse(results, errors=errors)
async def scan(self, payload: Payload, request: Request) -> WorkerResponse: """ Scan payloads using OPSWAT MetaDefender """ errors: List[Error] = [] headers = { 'apikey': self.apikey, 'content-type': 'application/octet-stream', 'filename': payload.results.payload_meta.extra_data.get( 'filename', get_sha1(payload.content)), } response = requests.post(self.opswat_url, data=payload.content, headers=headers) response.raise_for_status() data_id = response.json()['data_id'] results, error = self._parse_results(data_id) if error: errors.append( Error( error=error, plugin_name=self.plugin_name, payload_id=payload.results.payload_id, )) return WorkerResponse(results, errors=errors)
def archive(self, payload: Payload, request_meta: RequestMeta) -> ArchiverResponse: """ Archive a payload to MongoDB """ self._connect_gridfs() sha1 = helpers.get_sha1(payload.content) meta = payload.payload_meta.extra_data meta['_id'] = sha1 try: with self.gridfs_db.new_file(**meta) as fp: fp.write(payload.content) except (DuplicateKeyError, FileExists): pass return ArchiverResponse(meta)
def scan(self, payload: Payload, request_meta: RequestMeta) -> WorkerResponse: """ Scan payloads using OPSWAT MetaDefender """ headers = { 'apikey': self.apikey, 'filename': payload.payload_meta.extra_data.get( 'filename', get_sha1(payload.content) ), } response = requests.post(self.opswat_url, data=payload.content, headers=headers) response.raise_for_status() data_id = response.json()['data_id'] results, errors = self._parse_results(data_id) if errors: errors = [errors] return WorkerResponse(results, errors=errors)
async def scan(self, payload: Payload, request: Request) -> WorkerResponse: """ Search VTMIS for sha1 hash of a payload or from results of `iocextract` plugin """ results: List[Dict] = [] seen: Set[str] = set() if 'iocextract' in payload.results.workers: for key, iocs in payload.results.workers['iocextract'].items(): for ioc in iocs: if key in self.ENDPOINTS and ioc not in seen: response = self._query_api(ioc, key) seen.add(ioc) results.append(response) if not results: sha1 = get_sha1(payload.content) results = self._query_api(sha1, 'sha1') return WorkerResponse(results=results)
def scan(self, payload: Payload, request_meta: RequestMeta) -> WorkerResponse: """ Scan payloads using Falcon Sandbox """ errors = None url = f'{self.sandbox_url}/submit/file' headers = {'api-key': self.apikey, 'user-agent': self.useragent} filename = payload.payload_meta.extra_data.get( 'filename', helpers.get_sha1(payload.content)) if isinstance(filename, bytes): filename = filename.decode() files = {'file': (filename, payload.content)} data = {'environment_id': self.environment_id} response = requests.post(url, data=data, files=files, headers=headers) response.raise_for_status() results = response.json() if self.wait_for_results: results, errors = self._parse_results(results['job_id']) return WorkerResponse(results, errors=errors)
def test_get_sha1(self): h = helpers.get_sha1(self.generic_content) self.assertEqual(h, 'c519c1a06cdbeb2bc499e22137fb48683858b345')