def get(self, id): """Get the analysis with `id`. .. :quickref: Analysis; Get an analysis Resulting object is in the ``analysis`` field. :param id: id of the analysis. :>json dict _id: ObjectId dict. :>json dict analyst: analyst's ObjectId. :>json dict date: date dict. :>json list executed_modules: list of executed modules. :>json list pending_modules: list of pending modules. :>json list waiting_modules: list of waiting modules. :>json list canceled_modules: list of canceled modules. :>json list executed_modules: list of executed modules. :>json string module: the name of the target module. :>json string status: status of the analysis (one of `pending`, `running`, `finished` or `error`). :>json list tags: the list of tags. :>json list probable_names: the list of probable names. :>json list iocs: list of dict describing observables. :>json dict results: detailed results for each module, with the module name being the key. :>json dict generated_files: a dict of generated files, the key being the file type. :>json list extracted_files: a list of extracted files. :>json dict support_files: a dict of support files, the key being the module name. """ analysis = { 'analysis': clean_analyses(get_or_404(current_user.analyses, _id=id)) } file = current_user.files.find_one( {'_id': analysis['analysis']['file']}) analysis['analysis']['file'] = clean_files(file) ti_modules = [ m.name for m in dispatcher.get_threat_intelligence_modules() ] av_modules = [m.name for m in dispatcher.get_antivirus_modules()] if 'extracted_files' in analysis['analysis']: files = [] for id in analysis['analysis']['extracted_files']: files.append(current_user.files.find_one({'_id': id})) analysis['analysis']['extracted_files'] = clean_files(files) modules = dict() for module in ModuleInfo.get_collection().find(): modules[module['name']] = ModuleInfo(module) return render(analysis, 'analyses/show.html', ctx={ 'analysis': analysis, 'modules': modules, 'av_modules': av_modules, 'ti_modules': ti_modules })
def _compute_default_properties(self): self['names'] = [os.path.basename(self['filepath'])] self['detailed_type'] = magic.from_file(self['filepath']) self['mime'] = magic.from_file(self['filepath'], mime=True) self['analysis'] = [] # Init antivirus status self['antivirus'] = {} for module in dispatcher.get_antivirus_modules(): self['antivirus'][module.name] = False self._set_type()
def return_file(file): analyses = list(current_user.analyses.find({'_id': {'$in': file['file']['analysis']}})) file['av_modules'] = [m.name for m in dispatcher.get_antivirus_modules()] for analysis in analyses: if 'analyst' in analysis: analyst = store.users.find_one({'_id': analysis['analyst']}) analysis['analyst'] = clean_users(analyst) file['file']['analysis'] = clean_analyses(analyses) return render(file, 'files/show.html', ctx={ 'data': file, 'options': dispatcher.options, 'comments_enabled': comments_enabled()})
def _compute_default_properties(self, hash_only=False): if not hash_only: self['names'] = [os.path.basename(self['filepath'])] self['detailed_type'] = magic.from_file(self['filepath']) self['mime'] = magic.from_file(self['filepath'], mime=True) self['size'] = os.path.getsize(self['filepath']) # Init antivirus status self['antivirus'] = {} for module in dispatcher.get_antivirus_modules(): self['antivirus'][module.name] = False self._set_type(hash_only)
def get(self, id): """Get the object with `id`. .. :quickref: File; Get an object Resulting object is in the ``file`` field. :param id: id of the object. :>json dict _id: ObjectId dict. :>json string md5: MD5 hash. :>json string sha1: SHA1 hash. :>json string sha256: SHA256 hash. :>json string type: FAME type. :>json string mime: mime type. :>json string detailed_type: detailed type. :>json list groups: list of groups (as strings) that have access to this file. :>json list owners: list of groups (as strings) that submitted this file. :>json list probable_names: list of probable names (as strings). :>json list analysis: list of analyses' ObjectIds. :>json list parent_analyses: list of analyses (as ObjectIds) that extracted this object. :>json dict antivirus: dict with antivirus names as keys. """ file = {'file': clean_files(get_or_404(current_user.files, _id=id))} analyses = list( current_user.analyses.find( {'_id': { '$in': file['file']['analysis'] }})) file['av_modules'] = [ m.name for m in dispatcher.get_antivirus_modules() ] for analysis in analyses: if 'analyst' in analysis: analyst = store.users.find_one({'_id': analysis['analyst']}) analysis['analyst'] = clean_users(analyst) file['file']['analysis'] = clean_analyses(analyses) return render(file, 'files/show.html', ctx={ 'data': file, 'options': dispatcher.options })
def submit_to_av(self, id, module): """Submit a file to an Antivirus module. .. :quickref: File; Submit file to an antivirus module If succesful, the response will be ``"ok"``. Otherwise, it will be an error message. :param id: id of the file to submit. :param module: name of the module to submit the file to. """ f = File(get_or_404(current_user.files, _id=id)) for av_module in dispatcher.get_antivirus_modules(): if av_module.name == module: av_module.submit(f['filepath']) f.update_value(['antivirus', module], True) break else: return make_response("antivirus module '{}' not present / enabled.".format(module)) return make_response("ok")
def return_file(file): analyses = list( current_user.analyses.find({"_id": { "$in": file["file"]["analysis"] }})) file["av_modules"] = [m.name for m in dispatcher.get_antivirus_modules()] for analysis in analyses: if "analyst" in analysis: analyst = store.users.find_one({"_id": analysis["analyst"]}) analysis["analyst"] = clean_users(analyst) file["file"]["analysis"] = clean_analyses(analyses) return render( file, "files/show.html", ctx={ "data": file, "options": dispatcher.options, "comments_enabled": comments_enabled() }, )