def run(self, obj, config):
data = obj.filedata.read()
zipdata = create_zip([("samples", data)])
url = config.get('url', '')
if config.get('use_proxy'):
proxy_handler = urllib2.ProxyHandler({'http': settings.HTTP_PROXY})
opener = urllib2.build_opener(proxy_handler)
urllib2.install_opener(opener)
req = urllib2.Request(url)
req.add_header("Content-Type", "application/zip")
req.add_data(bytearray(zipdata))
out = urllib2.urlopen(req)
text_out = out.read()
# Parse XML output
handler = XMLTagHandler()
parser = xml.parsers.expat.ParserCreate()
parser.StartElementHandler = handler.StartElement
parser.EndElementHandler = handler.EndElement
parser.CharacterDataHandler = handler.CharData
parser.Parse(text_out)
for threat in handler.threatList:
self._add_result(
'av_result', threat["threat_name"], {
"engine": threat["engine_name"],
"date": datetime.now().isoformat()
})
def to_file(self, data, options=None):
"""
Respond with filedata instead of metadata.
:param data: The data to be worked on.
:type data: dict for multiple objects,
:class:`tastypie.bundle.Bundle` for a single object.
:param options: Options to alter how this serializer works.
:type options: dict
:returns: :class:`django.http.HttpResponse`,
:class:`tastypie.exceptions.BadRequest`
"""
get_file = options.get('file', None)
file_format = options.get('file_format', 'raw')
response = None
zipfile = None
if get_file:
files = []
if hasattr(data, 'obj'):
if hasattr(data.obj, 'filedata'):
filename = data.obj.md5
filedata = data.obj.filedata.read()
if filedata:
filedata = self._format_data(filedata, file_format)
files.append([filename, filedata])
elif hasattr(data.obj, 'screenshot'):
filename = "%s.png" % data.obj.md5
filedata = data.obj.screenshot.read()
if filedata:
files.append([filename, filedata])
elif 'objects' in data:
try:
objs = data['objects']
for obj_ in objs:
if hasattr(obj_.obj, 'filedata'):
filename = obj_.obj.md5
filedata = obj_.obj.filedata.read()
if filedata:
filedata = self._format_data(filedata,
file_format)
files.append([filename, filedata])
elif hasattr(obj_.obj, 'screenshot'):
filename = "%s.png" % data.obj.md5
filedata = data.obj.screenshot.read()
if filedata:
files.append([filename, filedata])
except:
pass
try:
if len(files):
zipfile = create_zip(files)
response = HttpResponse(zipfile,
content_type="application/octet-stream; charset=utf-8")
response['Content-Disposition'] = 'attachment; filename="results.zip"'
else:
response = BadRequest("No files found!")
except Exception, e:
response = BadRequest(str(e))
def to_file(self, data, options=None):
"""
Respond with filedata instead of metadata.
:param data: The data to be worked on.
:type data: dict for multiple objects,
:class:`tastypie.bundle.Bundle` for a single object.
:param options: Options to alter how this serializer works.
:type options: dict
:returns: :class:`django.http.HttpResponse`,
:class:`tastypie.exceptions.BadRequest`
"""
get_file = options.get('file', None)
file_format = options.get('file_format', 'raw')
response = None
zipfile = None
if get_file:
files = []
if hasattr(data, 'obj'):
if hasattr(data.obj, 'filedata'):
filename = data.obj.md5
filedata = data.obj.filedata.read()
if filedata:
filedata = self._format_data(filedata, file_format)
files.append([filename, filedata])
elif hasattr(data.obj, 'screenshot'):
filename = "%s.png" % data.obj.md5
filedata = data.obj.screenshot.read()
if filedata:
files.append([filename, filedata])
elif 'objects' in data:
try:
objs = data['objects']
for obj_ in objs:
if hasattr(obj_.obj, 'filedata'):
filename = obj_.obj.md5
filedata = obj_.obj.filedata.read()
if filedata:
filedata = self._format_data(filedata,
file_format)
files.append([filename, filedata])
elif hasattr(obj_.obj, 'screenshot'):
filename = "%s.png" % data.obj.md5
filedata = data.obj.screenshot.read()
if filedata:
files.append([filename, filedata])
except:
pass
try:
if len(files):
zipfile = create_zip(files)
response = HttpResponse(zipfile,
mimetype='application/octet-stream; charset=utf-8')
response['Content-Disposition'] = 'attachment; filename="results.zip"'
else:
response = BadRequest("No files found!")
except Exception, e:
response = BadRequest(str(e))
def run(self, obj, config):
data = obj.filedata.read()
zipdata = create_zip([("samples", data)])
url = config.get('url', '')
if config.get('use_proxy'):
self._debug("OPSWAT: proxy handler set to: %s" % settings.HTTP_PROXY)
proxy_handler = urllib2.ProxyHandler({'http': settings.HTTP_PROXY})
else:
self._debug("OPSWAT: proxy handler unset")
proxy_handler = urllib2.ProxyHandler({})
opener = urllib2.build_opener(proxy_handler)
urllib2.install_opener(opener)
req = urllib2.Request(url)
req.add_header("Content-Type", "application/zip")
req.add_data(bytearray(zipdata))
out = urllib2.urlopen(req)
text_out = out.read()
# Parse XML output
handler = XMLTagHandler()
parser = xml.parsers.expat.ParserCreate()
parser.StartElementHandler = handler.StartElement
parser.EndElementHandler = handler.EndElement
parser.CharacterDataHandler = handler.CharData
parser.Parse(text_out)
for threat in handler.threatList:
self._add_result('av_result', threat["threat_name"], {"engine":threat["engine_name"], "date":datetime.now().isoformat()})
def run(self, obj, config):
api = API(config['api_key'])
url = config['url']
headers = {"apikey": api_key}
data = obj.filedata.read()
zipdata = create_zip([("samples", data)])
# SHA1 hash of the given file
file_hash = obj.sha1
if config.get('use_proxy'):
self._debug("MetaDefender: proxy handler set to: %s" %
settings.HTTP_PROXY)
#updated for requests
proxy_handler = {
'http': settings.HTTP_PROXY,
'https': settings.HTTP_PROXY
}
else:
self._debug("MetaDefender: proxy handler unset")
# was this file scanned/uploaded already?
hash_found = api.hashScanResult(file_hash, url, headers)[0]
# if so we can obtain the scan result via the file's hash
file_scan_result = api.hashScanResult(file_hash, url, headers)[1]
if not hash_found:
# scan/upload the file if we din't obtain a scan result via the file's hash; save the files data_id
file_data_id = api.uploadFile(data, url)
# obtain the scan results via the file's data_id
file_scan_result = api.retrieveScanResult(file_data_id, url,
headers)
for engine in file_scan_result["scan_results"]["scan_details"]:
#stores the threat intel restults. More data could be pulled from the results json, but this was sufficient for my purpose.
r = str(file_scan_result["scan_results"]["scan_details"][engine]
['threat_found'])
if r == '':
r = 'No Threat Detected'
#add result to the table.
self._add_result('av_result', str(r), {
"engine": str(engine),
"date": datetime.now().isoformat()
})
def submit_sample(self, obj):
timeout = self.config.get('timeout')
zipdata = create_zip([(obj.filename, obj.filedata.read())])
machine = self.config.get('machine', "")
sc = self.authentication
headers = {'X-FEApi-Token': sc}
json_option = {'application':'0', 'timeout':timeout, 'priority':'0', 'profiles':[machine], 'analysistype':'0', 'force':'true', 'prefetch':'0'}
jsondata = json.dumps(json_option)
files = [('filename',('crits.zip', zipdata, '')),('options', ('', jsondata,'application/json'))]
r = requests.post(self.base_url + '/submissions', headers=headers, files=files, verify=False, proxies=self.proxies)
if r.status_code != requests.codes.ok:
msg = "Failed to submit file to machine '%s'." % machine
self._error(msg)
self._debug(r.text)
task_id = r.json()[0]['ID']
self._info("Submitted Task ID %s for machine %s" % (task_id, machine))
self.timeout = timeout
self.sc = sc
self.task = task_id
def _scan(self, context):
data = get_file(context.md5)
zipdata = create_zip([("samples", data)])
url = self.config.get('OPSWAT_url', '')
req = urllib2.Request(url)
req.add_header("Content-Type", "application/zip")
req.add_data(bytearray(zipdata))
out = urllib2.urlopen(req)
text_out = out.read()
# Parse XML output
handler = XMLTagHandler()
parser = xml.parsers.expat.ParserCreate()
parser.StartElementHandler = handler.StartElement
parser.EndElementHandler = handler.EndElement
parser.CharacterDataHandler = handler.CharData
parser.Parse(text_out)
for threat in handler.threatList:
self._add_result('av_result', threat["threat_name"], {"engine":threat["engine_name"], "date":datetime.now().isoformat()})
