def record(request):
if not request.method == 'POST':
raise Http404
# req=json.loads(request.body)
try:
tmpReport = request.FILES.get('file')
if not tmpReport:
raise myErr('未接收到文件')
if not tmpReport.name.split('.')[-1] == 'json':
raise myErr('非法的文件后缀名')
context = json.loads(tmpReport.read())
if Application.objects(md5=context['md5']).count() > 0:
raise myErr('该应用已存在,不可重复添加')
app = Application()
app.fromDict(context)
app.type = 2
if not app.level:
raise myErr('请指定应用的风险等级')
app.save()
request.session['apkId'] = str(app.id)
context['id'] = str(app.id)
except myErr, e:
logger.info(e.msg)
return JsonResponse({"success": False, "data": None, "msg": e.msg})
def edit(request):
if not request.method == 'POST':
raise Http404
req = json.loads(request.body)
apkId = request.session.get('apkId')
res = {}
try:
if not req.has_key('operation'):
raise myErr('请务必指定执行操作')
if req['operation'] == 'delete':
if not apkId:
raise myErr('请先指定当前应用')
Addition.objects(ref=apkId).delete()
Feature.objects(ref=apkId).delete()
Application.objects(id=apkId).delete()
request.session['apkId'] = None
elif req['operation'] == 'modify':
if not apkId:
raise myErr('请先指定当前应用')
app = Application(id=apkId)
app.fromDict(req['data'])
app.save()
res = req['data']
elif req['operation'] == 'create':
app = Application()
app.fromDict(req['data'])
app.save()
res = app.toDict()
request.session['apkId'] = str(app.id)
else:
raise myErr('不支持的操作类型')
except myErr, e:
logger.info(e.msg)
return JsonResponse({"success": False, "data": None, "msg": e.msg})
def fromDict(self, src):
if not src.has_key('md5'):
raise myErr('MD5值是必须指定的')
if not src.has_key('name'):
raise myErr('应用名称不能缺省')
if not src.has_key('package'):
raise myErr('包名称不能缺省')
for key in src.keys():
if key == 'id':
continue
self._data[key] = src[key]
def upload(request):
if not request.method == 'POST':
raise Http404
try:
tmpFile = request.FILES.get('file')
if not tmpFile:
raise myErr('未找到上传文件')
if tmpFile.name.split('.')[-1] != 'apk':
raise myErr('不支持的文件格式')
filePath = os.path.join(Config.UPLOAD, tmpFile.name)
saveFile(tmpFile, filePath)
md5 = calMD5(filePath)
except myErr, e:
logger.info(e.msg)
return JsonResponse({"success": False, "data": None, "msg": e.msg})
def editMethod(request):
if not request.method == 'POST':
raise Http404
req = json.loads(request.body)
try:
print(Config.METHOD)
if not req.has_key('method'):
raise myErr('请指定选择的检测方法')
if not req['method'] in Config.AVAILABLE_METHOD:
raise myErr('不支持的检测方法')
Config.METHOD = req['method']
print(Config.METHOD)
except myErr, e:
logger.info(e.msg)
return JsonResponse({"success": False, "data": None, "msg": e.msg})
def __init__(self, filePath):
if not isAPK(filePath):
raise myErr('并非APK文件')
self.apk = ANG.APK(filePath)
self.dex = dvm.DalvikVMFormat(self.apk.get_dex())
self.vmx = analysis.VMAnalysis(self.dex)
self.filePath = filePath
def select(request):
if not request.method == 'POST':
raise Http404
req = json.loads(request.body)
try:
if not req.has_key('id'):
raise myErr('请先选择应用')
tmp = Application.objects(id=req['id']).first()
if not tmp:
raise myErr('错误的选择,没有该应用')
current = tmp.toDict()
request.session['apkId'] = current['id']
except myErr, e:
logger.info(e.msg)
return JsonResponse({"success": False, "data": None, "msg": e.msg})
def addition(request):
if not request.method == 'GET':
raise Http404
apkId = request.session.get('apkId')
print apkId
try:
tmp = Addition.objects(ref=apkId).first()
if not tmp:
if Application.objects(id=apkId).count() == 0:
raise myErr('不存在此应用的记录')
else:
raise myErr('该应用并无附加的分析报告')
tmp = tmp._data
tmp['id'] = str(tmp['id'])
except myErr, e:
logger.info(e.msg)
return JsonResponse({"success": False, "data": None, "msg": e.msg})
def process(request):
if not request.method == 'POST':
raise Http404
req = json.loads(request.body)
try:
if not req.has_key('md5'):
raise myErr('请指定MD5值')
app = Application.objects(md5=req['md5']).first()
MSG[req['md5']] = []
if app:
request.session['apkId'] = str(app.id)
raise myErr('该应用已存在,可直接查看')
if not os.path.exists(req['path']):
raise myErr('请先提交APK文件')
if not req['type'] in [0, 1]:
raise myErr('不支持的样本类型')
ex = extractorFactory(Config.EXTRACT, req['path'])
app = Application()
app.fromDict(ex.extractBasicInfo())
if not app.md5 == req['md5']:
raise myErr('MD5值有误')
MSG[app.md5].append('<p>APK基本信息提取完成</p>')
add = Addition()
add._data = ex.extractAddition()
ge = generatorFactory(Config.FEATURE)
MSG[app.md5].append('<p>APK初步分析完毕</p>')
fea = Feature()
fea.setVect(ge.generateFeature(add._data), Config.FEATURE)
MSG[app.md5].append('<p>特征提取完毕</p>')
if req['type'] == 0:
app.type = 0
if not req.has_key('level'):
raise myErr('请指定训练样本的风险等级')
if req['level'] > 4 or req['level'] < 0:
raise myErr('不支持的风险等级')
app.level = req['level']
fea.label = 1 if app.level > 0 else 0
fea.train = True
else:
app.type = 1
fea.train = False
print(Config.METHOD)
detector = DetectorFactory(Config.METHOD)
tmp = detector.detect({
"match": ex.apk,
"default": fea.getVect(Config.FEATURE)
})
app.level = tmp
fea.label = 1 if tmp > 0 else 0
MSG[app.md5].append('<p>APK恶意风险等级判定完毕</p>')
except myErr, e:
# print traceback.format_exc()
logger.info(e.msg)
res = {"success": False, "data": None, "msg": e.msg}
def basic(request):
if not request.method == 'GET':
raise Http404
apkId = request.session.get('apkId')
try:
tmp = Application.objects(id=apkId).first()
if not tmp:
raise myErr('不存在该应用')
tmp = tmp.toDict()
except myErr, e:
logger.info(e.msg)
return JsonResponse({"success": False, "data": None, "msg": e.msg})