def __init__(self, name, lastline_url, lastline_api_key, lastline_api_token, verify_ssl=False):
super(LastlineProvider, self).__init__(name)
self.lastline_analysis = AnalysisClient(lastline_url, lastline_api_key, lastline_api_token,
verify_ssl=verify_ssl)
self.feed_link_prefix = "%s/malscape/#/task/" % lastline_url
if self.feed_link_prefix.lower().find("analysis.lastline.com") >= 0:
self.feed_link_prefix = "https://user.lastline.com/malscape/#/task/"
def _init_client(self):
if not self._key:
raise ValueError('Missing "key" config option')
if not self._api_token:
raise ValueError('Missing "api_token" config option')
return AnalysisClient(self._url, self._key, self._api_token) # noqa
def __init__(self, name, lastline_url, lastline_api_key, lastline_api_token, verify_ssl=False):
super(LastlineProvider, self).__init__(name)
self.lastline_analysis = AnalysisClient(lastline_url, lastline_api_key, lastline_api_token,
verify_ssl=verify_ssl)
self.feed_link_prefix = "%s/malscape/#/task/" % lastline_url
if self.feed_link_prefix.lower().find("analysis.lastline.com") >= 0:
self.feed_link_prefix = "https://user.lastline.com/malscape/#/task/"
def _init_client(self):
url = self.config.get('url', 'https://analysis.lastline.com')
key = self.config.get('key')
api_token = self.config.get('api_token')
if not key:
return ValueError('Missing "key" config option')
if not api_token:
return ValueError('Missing "api_token" config option')
return AnalysisClient(url, key, api_token) # noqa
class LastlineProvider(BinaryAnalysisProvider):
def __init__(self, name, lastline_url, lastline_api_key, lastline_api_token, verify_ssl=False):
super(LastlineProvider, self).__init__(name)
self.lastline_analysis = AnalysisClient(lastline_url, lastline_api_key, lastline_api_token,
verify_ssl=verify_ssl)
self.feed_link_prefix = "%s/malscape/#/task/" % lastline_url
if self.feed_link_prefix.lower().find("analysis.lastline.com") >= 0:
self.feed_link_prefix = "https://user.lastline.com/malscape/#/task/"
def get_uuid(self, response):
try:
task_uuid = response.get('data', {}).get('task_uuid', None)
except AttributeError:
raise AnalysisTemporaryError(message="Invalid response from LastLine: %s" % response, retry_in=120)
else:
if not task_uuid:
raise AnalysisTemporaryError(message="No UUID for result: %s" % response, retry_in=120)
return task_uuid
def make_result(self, task_uuid):
try:
result = self.lastline_analysis.get_result(task_uuid)
result = result.get('data', {})
except Exception as e:
raise AnalysisTemporaryError(message="API error: %s" % str(e), retry_in=120)
else:
if 'error' in result:
raise AnalysisTemporaryError(message=result['error'], retry_in=120)
score = int(result.get('score', 0))
if score == 0:
malware_result = "Benign"
else:
reasons = "; ".join(result.get('malicious_activity', []))
malware_result = "Potential malware: %s" % reasons
return AnalysisResult(message=malware_result, extended_message="",
link=re.sub("(?<!:)/{2,}", "/", "%s/%s" % (self.feed_link_prefix, task_uuid)),
score=score)
def check_result_for(self, md5sum):
try:
response = self.lastline_analysis.submit_file_hash(md5=md5sum)
except FileNotAvailableError as e:
# the file does not exist yet.
return None
except AnalysisAPIError as e:
raise AnalysisTemporaryError(message="API error: %s" % str(e), retry_in=120)
else:
task_uuid = self.get_uuid(response)
return self.make_result(task_uuid)
def analyze_binary(self, md5sum, binary_file_stream):
log.info("Submitting binary %s to LastLine" % md5sum)
try:
response = self.lastline_analysis.submit_file(binary_file_stream)
except AnalysisAPIError as e:
raise AnalysisTemporaryError(message="API error: %s" % str(e), retry_in=120)
task_uuid = self.get_uuid(response)
retries = 10
while retries:
sleep(10)
result = self.lastline_analysis.get_progress(task_uuid)
if result.get('data', {}).get('completed', 0) == 1:
return self.make_result(task_uuid)
retries -= 1
raise AnalysisTemporaryError(message="Maximum retries (10) exceeded submitting to LastLine", retry_in=120)
class LastlineProvider(BinaryAnalysisProvider):
def __init__(self, name, lastline_url, lastline_api_key, lastline_api_token, verify_ssl=False):
super(LastlineProvider, self).__init__(name)
self.lastline_analysis = AnalysisClient(lastline_url, lastline_api_key, lastline_api_token,
verify_ssl=verify_ssl)
self.feed_link_prefix = "%s/malscape/#/task/" % lastline_url
if self.feed_link_prefix.lower().find("analysis.lastline.com") >= 0:
self.feed_link_prefix = "https://user.lastline.com/malscape/#/task/"
def get_uuid(self, response):
try:
task_uuid = response.get('data', {}).get('task_uuid', None)
except AttributeError:
raise AnalysisTemporaryError(message="Invalid response from LastLine: %s" % response, retry_in=120)
else:
if not task_uuid:
raise AnalysisTemporaryError(message="No UUID for result: %s" % response, retry_in=120)
return task_uuid
def make_result(self, task_uuid):
try:
result = self.lastline_analysis.get_result(task_uuid)
result = result.get('data', {})
except Exception as e:
raise AnalysisTemporaryError(message="API error: %s" % str(e), retry_in=120)
else:
if 'error' in result:
raise AnalysisTemporaryError(message=result['error'], retry_in=120)
score = int(result.get('score', 0))
if score == 0:
malware_result = "Benign"
else:
reasons = "; ".join(result.get('malicious_activity', []))
malware_result = "Potential malware: %s" % reasons
return AnalysisResult(message=malware_result, extended_message="",
link=re.sub("(?<!:)/{2,}", "/", "%s/%s" % (self.feed_link_prefix, task_uuid)),
score=score)
def check_result_for(self, md5sum):
try:
response = self.lastline_analysis.submit_file_hash(md5=md5sum)
except FileNotAvailableError as e:
# the file does not exist yet.
return None
except AnalysisAPIError as e:
raise AnalysisTemporaryError(message="API error: %s" % str(e), retry_in=120)
else:
task_uuid = self.get_uuid(response)
return self.make_result(task_uuid)
def analyze_binary(self, md5sum, binary_file_stream):
log.info("Submitting binary %s to LastLine" % md5sum)
try:
response = self.lastline_analysis.submit_file(binary_file_stream)
except AnalysisAPIError as e:
raise AnalysisTemporaryError(message="API error: %s" % str(e), retry_in=120)
task_uuid = self.get_uuid(response)
retries = 10
while retries:
sleep(10)
result = self.lastline_analysis.get_progress(task_uuid)
if result.get('data', {}).get('completed', 0) == 1:
return self.make_result(task_uuid)
retries -= 1
raise AnalysisTemporaryError(message="Maximum retries (10) exceeded submitting to LastLine", retry_in=120)
