def get(self, id):
"""Get the analysis with `id`.
.. :quickref: Analysis; Get an analysis
Resulting object is in the ``analysis`` field.
:param id: id of the analysis.
:>json dict _id: ObjectId dict.
:>json dict analyst: analyst's ObjectId.
:>json dict date: date dict.
:>json list executed_modules: list of executed modules.
:>json list pending_modules: list of pending modules.
:>json list waiting_modules: list of waiting modules.
:>json list canceled_modules: list of canceled modules.
:>json list executed_modules: list of executed modules.
:>json string module: the name of the target module.
:>json string status: status of the analysis (one of `pending`, `running`, `finished` or `error`).
:>json list tags: the list of tags.
:>json list probable_names: the list of probable names.
:>json list iocs: list of dict describing observables.
:>json dict results: detailed results for each module, with the module name being the key.
:>json dict generated_files: a dict of generated files, the key being the file type.
:>json list extracted_files: a list of extracted files.
:>json dict support_files: a dict of support files, the key being the module name.
"""
analysis = {
'analysis':
clean_analyses(get_or_404(current_user.analyses, _id=id))
}
file = current_user.files.find_one(
{'_id': analysis['analysis']['file']})
analysis['analysis']['file'] = clean_files(file)
ti_modules = [
m.name for m in dispatcher.get_threat_intelligence_modules()
]
av_modules = [m.name for m in dispatcher.get_antivirus_modules()]
if 'extracted_files' in analysis['analysis']:
files = []
for id in analysis['analysis']['extracted_files']:
files.append(current_user.files.find_one({'_id': id}))
analysis['analysis']['extracted_files'] = clean_files(files)
modules = dict()
for module in ModuleInfo.get_collection().find():
modules[module['name']] = ModuleInfo(module)
return render(analysis,
'analyses/show.html',
ctx={
'analysis': analysis,
'modules': modules,
'av_modules': av_modules,
'ti_modules': ti_modules
})
def _compute_default_properties(self):
self['names'] = [os.path.basename(self['filepath'])]
self['detailed_type'] = magic.from_file(self['filepath'])
self['mime'] = magic.from_file(self['filepath'], mime=True)
self['analysis'] = []
# Init antivirus status
self['antivirus'] = {}
for module in dispatcher.get_antivirus_modules():
self['antivirus'][module.name] = False
self._set_type()
def return_file(file):
analyses = list(current_user.analyses.find({'_id': {'$in': file['file']['analysis']}}))
file['av_modules'] = [m.name for m in dispatcher.get_antivirus_modules()]
for analysis in analyses:
if 'analyst' in analysis:
analyst = store.users.find_one({'_id': analysis['analyst']})
analysis['analyst'] = clean_users(analyst)
file['file']['analysis'] = clean_analyses(analyses)
return render(file, 'files/show.html', ctx={
'data': file,
'options': dispatcher.options,
'comments_enabled': comments_enabled()})
def _compute_default_properties(self, hash_only=False):
if not hash_only:
self['names'] = [os.path.basename(self['filepath'])]
self['detailed_type'] = magic.from_file(self['filepath'])
self['mime'] = magic.from_file(self['filepath'], mime=True)
self['size'] = os.path.getsize(self['filepath'])
# Init antivirus status
self['antivirus'] = {}
for module in dispatcher.get_antivirus_modules():
self['antivirus'][module.name] = False
self._set_type(hash_only)
def get(self, id):
"""Get the object with `id`.
.. :quickref: File; Get an object
Resulting object is in the ``file`` field.
:param id: id of the object.
:>json dict _id: ObjectId dict.
:>json string md5: MD5 hash.
:>json string sha1: SHA1 hash.
:>json string sha256: SHA256 hash.
:>json string type: FAME type.
:>json string mime: mime type.
:>json string detailed_type: detailed type.
:>json list groups: list of groups (as strings) that have access to this file.
:>json list owners: list of groups (as strings) that submitted this file.
:>json list probable_names: list of probable names (as strings).
:>json list analysis: list of analyses' ObjectIds.
:>json list parent_analyses: list of analyses (as ObjectIds) that extracted this object.
:>json dict antivirus: dict with antivirus names as keys.
"""
file = {'file': clean_files(get_or_404(current_user.files, _id=id))}
analyses = list(
current_user.analyses.find(
{'_id': {
'$in': file['file']['analysis']
}}))
file['av_modules'] = [
m.name for m in dispatcher.get_antivirus_modules()
]
for analysis in analyses:
if 'analyst' in analysis:
analyst = store.users.find_one({'_id': analysis['analyst']})
analysis['analyst'] = clean_users(analyst)
file['file']['analysis'] = clean_analyses(analyses)
return render(file,
'files/show.html',
ctx={
'data': file,
'options': dispatcher.options
})
def submit_to_av(self, id, module):
"""Submit a file to an Antivirus module.
.. :quickref: File; Submit file to an antivirus module
If succesful, the response will be ``"ok"``. Otherwise, it will be an
error message.
:param id: id of the file to submit.
:param module: name of the module to submit the file to.
"""
f = File(get_or_404(current_user.files, _id=id))
for av_module in dispatcher.get_antivirus_modules():
if av_module.name == module:
av_module.submit(f['filepath'])
f.update_value(['antivirus', module], True)
break
else:
return make_response("antivirus module '{}' not present / enabled.".format(module))
return make_response("ok")
def return_file(file):
analyses = list(
current_user.analyses.find({"_id": {
"$in": file["file"]["analysis"]
}}))
file["av_modules"] = [m.name for m in dispatcher.get_antivirus_modules()]
for analysis in analyses:
if "analyst" in analysis:
analyst = store.users.find_one({"_id": analysis["analyst"]})
analysis["analyst"] = clean_users(analyst)
file["file"]["analysis"] = clean_analyses(analyses)
return render(
file,
"files/show.html",
ctx={
"data": file,
"options": dispatcher.options,
"comments_enabled": comments_enabled()
},
)
