def each(self, content):
content = u(content)
found = []
# First, save whole configuration
botnet = self.botnet(content)
if botnet:
self.label = "{}:{}".format(self.family(), self.botnet(content))
self.load_current_state()
else:
self.label = self.family()
self.add_raw_config(self.label, content)
# Only process configuration if it matches some criterias
if not self.is_parsable(content):
return False
self.load_monitored_targets()
for target, type, content, additional in self.get_config_blocks(
content):
# For now, just check for inclusion in target
# Maybe this will need improvement later in order not to miss anything
for m in self.monitored:
id = "{}:{}".format(target, type)
if m in target and id not in found:
# We found a match, make sure to update database accordingly
found.append(id)
if botnet:
self.found_block(m, target, type, content, additional)
else:
self.found_block_without_botnet(
m, target, type, content, additional)
break
# At this point, every entry remaining in self.known has been removed
if botnet:
self.handle_removed_entries()
# Manually add the results to the analysis
if self.results:
self._analysis.update_value(['results', self.name], self.results)
# Always return False so that we do not trigger anything else
return False
def add_extraction(self, label, extraction):
extraction_object = {'label': label, 'content': u(extraction)}
self.append_to('extractions', extraction_object)
def add_extraction(self, label, extraction):
self['extractions'].append({'label': label, 'content': u(extraction)})