def get_public_ruleset(save, outfile, ruleset_id):
"""Get a public ruleset by its RULESET_ID"""
ctx = click.get_current_context()
api = ctx.meta.get('api')
wdir = ctx.meta.get('wdir')
quiet = ctx.meta.get('quiet')
logger.info('Attempting to fetch ruleset %s', ruleset_id)
result = api.get_public_ruleset(ruleset_id=ruleset_id)
if not quiet:
click.echo(pygmentize_json(result))
if save:
if not outfile:
filepath = os.path.join(wdir, 'ruleset-{}.json'.format(ruleset_id))
outfile = io.open(filepath, 'wb')
else:
filepath = outfile.name
logger.info('Saving ruleset metadata to {}'.format(filepath))
json.dump(result, outfile)
logger.info('Ruleset metadata saved correctly')
def get_public_ruleset(save, outfile, ruleset_id):
"""Get a public ruleset by its RULESET_ID"""
ctx = click.get_current_context()
api = ctx.meta.get('api')
wdir = ctx.meta.get('wdir')
quiet = ctx.meta.get('quiet')
logger.info('Attempting to fetch ruleset %s', ruleset_id)
result = api.get_public_ruleset(ruleset_id=ruleset_id)
if not quiet:
click.echo(pygmentize_json(result))
if save:
if not outfile:
filepath = os.path.join(wdir, 'ruleset-{}.json'.format(ruleset_id))
outfile = io.open(filepath, 'wb')
else:
filepath = outfile.name
logger.info('Saving ruleset metadata to {}'.format(filepath))
json.dump(result, outfile)
logger.info('Ruleset metadata saved correctly')
def get_analysis(sha256_or_file, upload, save, outfile):
"""
Get the Koodous report of SHA256_OR_FILE. If the file has not be analyzed
by Koodous, the file is just submitted (or not, according to the
--upload option).
"""
ctx = click.get_current_context()
api = ctx.meta.get('api')
wdir = ctx.meta.get('wdir')
is_file = os.path.isfile(sha256_or_file) and os.access(sha256_or_file,
os.R_OK)
sha256 = sha256_or_file
if is_file:
sha256 = file_hash(sha256_or_file)
logger.info('File %s SHA-256 digest = %s', sha256_or_file, sha256)
logger.info('Getting analysis of %s', sha256)
analysis = api.get_analysis(sha256)
click.echo(analysis)
if analysis:
click.echo(pygmentize_json(analysis))
if save:
if not outfile:
filepath = os.path.join(wdir, '{}.json'.format(sha256))
outfile = io.open(filepath, 'wb')
else:
filepath = outfile.name
logger.info('Saving analysis to %s', filepath)
json.dump(analysis, outfile)
logger.info('Saved to %s successfully', filepath)
elif is_file:
logger.warning('File not found on Koodous')
if upload:
logger.info('Uploading file for analysis')
try:
upload_result = api.upload(sha256_or_file)
logger.info('File %s uploaded successfully', upload_result)
except Exception as ex:
logger.error('Uploading %s failed: %s', sha256_or_file, ex)
def get_analysis(sha256_or_file, upload, save, outfile):
"""
Get the Koodous report of SHA256_OR_FILE. If the file has not be analyzed
by Koodous, the file is just submitted (or not, according to the
--upload option).
"""
ctx = click.get_current_context()
api = ctx.meta.get('api')
wdir = ctx.meta.get('wdir')
is_file = os.path.isfile(sha256_or_file) and os.access(
sha256_or_file, os.R_OK)
sha256 = sha256_or_file
if is_file:
sha256 = file_hash(sha256_or_file)
logger.info('File %s SHA-256 digest = %s', sha256_or_file, sha256)
logger.info('Getting analysis of %s', sha256)
analysis = api.get_analysis(sha256)
click.echo(analysis)
if analysis:
click.echo(pygmentize_json(analysis))
if save:
if not outfile:
filepath = os.path.join(wdir, '{}.json'.format(sha256))
outfile = io.open(filepath, 'wb')
else:
filepath = outfile.name
logger.info('Saving analysis to %s', filepath)
json.dump(analysis, outfile)
logger.info('Saved to %s successfully', filepath)
elif is_file:
logger.warning('File not found on Koodous')
if upload:
logger.info('Uploading file for analysis')
try:
upload_result = api.upload(sha256_or_file)
logger.info('File %s uploaded successfully', upload_result)
except Exception as ex:
logger.error('Uploading %s failed: %s', sha256_or_file, ex)
def get_matches_public_ruleset(ruleset_id, prompt, save, download, limit):
"""Get the APKs that match a public ruleset by its RULESET_ID
Example: https://koodous.com/rulesets/RULESET_ID (e.g., 666)
"""
ctx = click.get_current_context()
api = ctx.meta.get('api')
quiet = ctx.meta.get('quiet')
wdir = ctx.meta.get('wdir')
logger.info('Attempting to fetch ruleset %s', ruleset_id)
ruleset = api.get_public_ruleset(ruleset_id=ruleset_id)
d = ruleset['detections']
if save:
filepath = os.path.join(wdir, 'ruleset-{}.json'.format(
ruleset_id))
logger.info('Saving ruleset to %s', filepath)
with io.open(filepath, 'wb') as outfile:
json.dump(ruleset, outfile)
logger.info('Ruleset saved successfully')
if prompt and 100 < d <= limit:
if not click.confirm('The selected ruleset has {} matches. Do you '
'want to proceed printing all of '
'them?'.format(d)):
return
iterator = api.iter_matches_public_ruleset(ruleset_id)
count = 0
for apks in iterator:
for apk in apks:
if not quiet:
click.echo(pygmentize_json(apk))
if save:
sha256 = apk['sha256']
filepath = os.path.join(wdir, '{}.json'.format(sha256))
logger.info('Saving metadata of %s to %s', sha256, filepath)
with io.open(filepath, 'wb') as outfile:
json.dump(apk, outfile)
if download:
dst = os.path.join(wdir, '{}.apk'.format(sha256))
logger.info('Downloading %s to %s', sha256, dst)
try:
api.download_to_file(sha256=sha256, dst=dst)
logger.info('APK downloaded successfully')
except Exception as ex:
logger.error('Could not download %s: %s', sha256, ex)
count += 1
if 0 < limit <= count:
logger.info('Limit of %s matches reached: stopping!', limit)
return
def get_matches_public_ruleset(ruleset_id, prompt, save, download, limit):
"""Get the APKs that match a public ruleset by its RULESET_ID
Example: https://koodous.com/rulesets/RULESET_ID (e.g., 666)
"""
ctx = click.get_current_context()
api = ctx.meta.get('api')
quiet = ctx.meta.get('quiet')
wdir = ctx.meta.get('wdir')
logger.info('Attempting to fetch ruleset %s', ruleset_id)
ruleset = api.get_public_ruleset(ruleset_id=ruleset_id)
d = ruleset['detections']
if save:
filepath = os.path.join(wdir, 'ruleset-{}.json'.format(ruleset_id))
logger.info('Saving ruleset to %s', filepath)
with io.open(filepath, 'wb') as outfile:
json.dump(ruleset, outfile)
logger.info('Ruleset saved successfully')
if prompt and 100 < d <= limit:
if not click.confirm('The selected ruleset has {} matches. Do you '
'want to proceed printing all of '
'them?'.format(d)):
return
iterator = api.iter_matches_public_ruleset(ruleset_id)
count = 0
for apks in iterator:
for apk in apks:
if not quiet:
click.echo(pygmentize_json(apk))
if save:
sha256 = apk['sha256']
filepath = os.path.join(wdir, '{}.json'.format(sha256))
logger.info('Saving metadata of %s to %s', sha256, filepath)
with io.open(filepath, 'wb') as outfile:
json.dump(apk, outfile)
if download:
dst = os.path.join(wdir, '{}.apk'.format(sha256))
logger.info('Downloading %s to %s', sha256, dst)
try:
api.download_to_file(sha256=sha256, dst=dst)
logger.info('APK downloaded successfully')
except Exception as ex:
logger.error('Could not download %s: %s', sha256, ex)
count += 1
if 0 < limit <= count:
logger.info('Limit of %s matches reached: stopping!', limit)
return
