コード例 #1
0
ファイル: interface.py プロジェクト: bryannolen/irma-probe
 def run(self, paths):
     results = PluginResult(name=self.module.name,
                            type=type(self).plugin_category,
                            version=self.module.version)
     try:
         # add database metadata
         results.database = None
         if self.module.database:
             results.database = dict()
             for filename in self.module.database:
                 results.database[filename] = self.file_metadata(filename)
         # launch an antivirus scan, automatically append scan results
         started = timestamp(datetime.utcnow())
         results.status = self.module.scan(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # add scan results or append error
         if results.status < 0:
             results.error = self.module.scan_results
         else:
             # as only one result is expected, we simply remove the filename
             # and we return the result got
             results.results = self.module.scan_results.values()[0]
     except Exception as e:
         results.status = -1
         results.error = str(e)
     return results
コード例 #2
0
ファイル: plugin.py プロジェクト: deloittem/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         response = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if 'error' in response:
             results.status = self.VirusTotalResult.ERROR
             results.error = str(response['error'])
         elif (response['response_code'] == 204):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Public API request rate limit exceeded"
         elif (response['response_code'] == 403):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Access forbidden (wrong key value or type)"
         elif (response['response_code'] == 200) and \
              (response['results']['response_code'] != 1):
             results.status = self.VirusTotalResult.NOT_FOUND
         else:
             results.status = self.VirusTotalResult.FOUND
         results.results = response if 'error' not in response else None
     except Exception as e:
         results.status = self.VirusTotalResult.ERROR
         results.results = str(e)
     return results
コード例 #3
0
ファイル: plugin.py プロジェクト: turbo420/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         response = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if 'error' in response:
             results.status = self.VirusTotalResult.ERROR
             results.error = response['error']
         elif (response['response_code'] == 204):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Public API request rate limit exceeded"
         elif (response['response_code'] == 403):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Access forbidden (wrong key value or type)"
         elif (response['response_code'] == 200) and \
              (response['results']['response_code'] != 1):
             results.status = self.VirusTotalResult.NOT_FOUND
         else:
             results.status = self.VirusTotalResult.FOUND
         results.results = response if 'error' not in response else None
     except Exception as e:
         results.status = self.VirusTotalResult.ERROR
         results.results = str(e)
     return results
コード例 #4
0
    def run(self, paths):
        results = PluginResult(name=type(self).plugin_display_name,
                               type=type(self).plugin_category,
                               version=self.module.version)
        try:
            # add database metadata
            results.database = None
            if self.module.database:
                results.database = dict()
                for filename in self.module.database:
                    results.database[filename] = self.file_metadata(filename)
            # launch an antivirus scan, automatically append scan results
            started = timestamp(datetime.utcnow())
            results.status = self.module.scan(paths)
            stopped = timestamp(datetime.utcnow())
            results.duration = stopped - started
            # as only one result is expected, we simply remove the filename
            # and we return the result got
            return_results = list(self.module.scan_results.values())[0]
            # add scan results or append error
            if results.status < 0:
                results.error = return_results
            else:
                results.results = return_results

            # Add virus_database_version metadata
            results.virus_database_version = self.module.virus_database_version
        except Exception as e:
            results.status = -1
            results.error = str(e)
        return results
コード例 #5
0
ファイル: format.py プロジェクト: ufausther/irma-frontend
 def format(cls, probe_name, raw_result):
     res = PluginResult(**raw_result)
     try:
         # call formatter until one declares that it can handle it
         for formatter in cls().formatters:
             if formatter.can_handle_results(res):
                 res = formatter.format(res)
                 log.debug("using formatter {0} for raw results: {1}"
                           "".format(formatter.plugin_name, res))
                 break
         # reduce output to hide or to overload the client unnecessarily
         res.pop('platform', None)
         if res.status < 0:
             res.pop('results', None)
         else:
             res.pop('error', None)
         duration = res.pop('duration', None)
         if duration is not None:
             # Round duration to 2 decimals
             res['duration'] = round(duration, 2)
     except Exception as e:
         res.pop('results', None)
         res.status = -1
         res.error = e
     return res
コード例 #6
0
ファイル: plugin.py プロジェクト: bryannolen/irma-probe
 def run(self, paths):
     results = PluginResult(name="National Software Reference Library",
                            type=type(self).plugin_category,
                            version=None)
     try:
         # lookup the specified sha1
         started = timestamp(datetime.utcnow())
         response = self.module.lookup_by_sha1(sha1sum(paths).upper())
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check for errors
         if isinstance(response, dict) and \
             (not response.get('MfgCode', None) or
              not response.get('OpSystemCode', None) or
              not response.get('ProductCode', None) or
              not response.get('SHA-1', None)):
             results.status = self.NSRLPluginResult.NOT_FOUND
             response = None
         else:
             results.status = self.NSRLPluginResult.FOUND
         results.results = response
     except Exception as e:
         results.status = self.NSRLPluginResult.ERROR
         results.error = str(e)
     return results
コード例 #7
0
ファイル: plugin.py プロジェクト: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self)._plugin_display_name_,
                            type=type(self)._plugin_category_,
                            version=None)
     try:
         # lookup the specified sha1
         started = timestamp(datetime.utcnow())
         with open(paths,"r") as fileobj:
             response = self.module.lookup_by_sha1(sha1sum(fileobj))
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check for errors
         if isinstance(response, dict) and \
             (not response.get('MfgCode', None) or
              not response.get('OpSystemCode', None) or
              not response.get('ProductCode', None) or
              not response.get('SHA-1', None)):
             results.status = self.NSRLPluginResult.NOT_FOUND
             response = None
         else:
             results.status = self.NSRLPluginResult.FOUND
         results.results = response
     except Exception as e:
         results.status = self.NSRLPluginResult.ERROR
         results.error = str(e)
     return results
コード例 #8
0
 def run(self, paths):
     results = PluginResult(name="National Software Reference Library",
                            type=type(self).plugin_category,
                            version=None)
     try:
         # lookup the specified sha1
         started = timestamp(datetime.utcnow())
         response = self.module.lookup_by_sha1(sha1sum(paths).upper())
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check for errors
         if isinstance(response, dict) and \
             (not response.get('MfgCode', None) or
              not response.get('OpSystemCode', None) or
              not response.get('ProductCode', None) or
              not response.get('SHA-1', None)):
             results.status = self.NSRLPluginResult.NOT_FOUND
             response = None
         else:
             results.status = self.NSRLPluginResult.FOUND
         results.results = response
     except Exception as e:
         results.status = self.NSRLPluginResult.ERROR
         results.error = str(e)
     return results
コード例 #9
0
ファイル: format.py プロジェクト: deloittem/irma-frontend
 def format(cls, probe_name, raw_result):
     res = PluginResult(**raw_result)
     try:
         # call formatter until one declares that it can handle it
         for formatter in cls().formatters:
             if formatter.can_handle_results(res):
                 res = formatter.format(res)
                 log.debug("using formatter {0} for raw results: {1}"
                           "".format(formatter.plugin_name, res))
                 break
         # reduce output to hide or to overload the client unnecessarily
         res.pop('platform', None)
         if res.status < 0:
             res.pop('results', None)
         else:
             res.pop('error', None)
         duration = res.pop('duration', None)
         if duration is not None:
             # Round duration to 2 decimals
             res['duration'] = round(duration, 2)
     except Exception as e:
         res.pop('results', None)
         res.status = -1
         res.error = e
     return res
コード例 #10
0
ファイル: plugin.py プロジェクト: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         (error_raised, response) = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if error_raised:
             results.status = self.YaraResult.ERROR
             results.error = response
         elif response.__len__() == 0:
             results.status = self.YaraResult.NOT_FOUND
         else:
             results.status = self.YaraResult.FOUND
         match_string = ""
         matches = []
         if results.status is self.YaraResult.FOUND:
             for match in response:
                 match_string = "{0}, {1}".format(match_string, match)
                 matches.append("{0!s}".format(match))
         results.results = None
         if not error_raised:
             # results.results = {'Matches': "{0}".format(match_string)}
             results.results = {'Matches': matches}
     except Exception as e:
         results.status = self.YaraResult.ERROR
         results.results = str(e)
     return results
コード例 #11
0
ファイル: plugin.py プロジェクト: andrirad/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         (error_raised, response) = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if error_raised:
             results.status = self.YaraResult.ERROR
             results.error = response
         elif response.__len__() == 0:
             results.status = self.YaraResult.NOT_FOUND
         else:
             results.status = self.YaraResult.FOUND
         match_string = ""
         matches = []
         if results.status is self.YaraResult.FOUND:
             for match in response:
                 match_string = "{0}, {1}".format(match_string, match)
                 matches.append("{0!s}".format(match))
         results.results = None
         if not error_raised:
             # results.results = {'Matches': "{0}".format(match_string)}
             results.results = {'Matches': matches}
     except Exception as e:
         results.status = self.YaraResult.ERROR
         results.results = str(e)
     return results
コード例 #12
0
ファイル: plugin.py プロジェクト: pombredanne/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         results.status, results.results = self.module.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
     except Exception as e:
         results.status = self.TrIDResults.ERROR
         results.error = str(e)
     return results
コード例 #13
0
ファイル: plugin.py プロジェクト: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         results.status, results.results = self.module.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
     except Exception as e:
         results.status = self.TrIDResults.ERROR
         results.error = str(e)
     return results
コード例 #14
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         (status, response) = self.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = status
         results.results = response
     except Exception as e:
         results.status = self.PEiDResult.ERROR
         results.error = str(e)
     return results
コード例 #15
0
ファイル: plugin.py プロジェクト: andrirad/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         (status, response) = self.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = status
         results.results = response
     except Exception as e:
         results.status = self.PEiDResult.ERROR
         results.error = str(e)
     return results
コード例 #16
0
ファイル: plugin.py プロジェクト: pombredanne/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None)
     try:
         # query the ICAP server: issue a REQMOD request
         started = timestamp(datetime.utcnow())
         response = self.query_server(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         if response is None:
             results.status = self.ICAPResult.CLEAN
             results.results = "No threat found"
         else:
             results.status = self.ICAPResult.INFECTED
             results.results = response
     except Exception as e:
         results.status = self.ICAPResult.ERROR
         results.error = str(e)
     return results
コード例 #17
0
ファイル: plugin.py プロジェクト: andrirad/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         output_dir = tempfile.mkdtemp()
         file_list = self.unarchive(paths, output_dir)
         results.output_files = {}
         results.output_files['output_dir'] = output_dir
         results.output_files['file_list'] = file_list
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = self.UnarchiveResult.OK
         results.results = None
     except Exception as e:
         results.status = self.UnarchiveResult.ERROR
         results.error = str(e)
     return results
コード例 #18
0
ファイル: plugin.py プロジェクト: deloittem/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         output_dir = tempfile.mkdtemp()
         file_list = self.unarchive(paths, output_dir)
         results.output_files = {}
         results.output_files['output_dir'] = output_dir
         results.output_files['file_list'] = file_list
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = self.UnarchiveResult.OK
         results.results = None
     except Exception as e:
         results.status = self.UnarchiveResult.ERROR
         results.error = str(e)
     return results
コード例 #19
0
ファイル: plugin.py プロジェクト: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # query the ICAP server: issue a REQMOD request
         started = timestamp(datetime.utcnow())
         response = self.query_server(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         if response is None:
             results.status = self.ICAPResult.CLEAN
             results.results = 'No threat found'
         else:
             results.status = self.ICAPResult.INFECTED
             results.results = response
     except Exception as e:
         results.status = self.ICAPResult.ERROR
         results.error = str(e)
     return results
コード例 #20
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         response = self.analyze(filename=paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # update results
         if not response:
             results.status = self.StaticAnalyzerResults.FAILURE
             results.results = "Not a PE file"
         else:
             results.status = self.StaticAnalyzerResults.SUCCESS
             results.results = response
     except Exception as e:
         results.status = self.StaticAnalyzerResults.ERROR
         results.error = str(e)
     return results
コード例 #21
0
ファイル: plugin.py プロジェクト: deloittem/irma-probe
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         response = self.analyze(filename=paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # update results
         if not response:
             results.status = self.StaticAnalyzerResults.FAILURE
             results.results = "Not a PE file"
         else:
             results.status = self.StaticAnalyzerResults.SUCCESS
             results.results = response
     except Exception as e:
         results.status = self.StaticAnalyzerResults.ERROR
         results.error = str(e)
     return results