def main():
args = docopt(__doc__, version='0.1')
debug = args["--debug"]
verbose = args["--verbose"]
if not os.path.exists("log"):
os.makedirs("log")
configure_logging("log/lama_api.log", debug=debug, verbose=verbose)
cmd_line = "COMMAND : "+" ".join(sys.argv)
logging.info(cmd_line)
try:
Lamadb.create_db()
LamaFtp.create_ftp()
run_api(debug=debug)
except KeyboardInterrupt:
Analyzer.stop_analyzer()
def find_by_parent_uid(parent_uid):
s = select([Lamadb.malware])\
.where(Lamadb.malware.c._parent_uid == parent_uid)
result = Lamadb.execute(s)
ms_tab = []
for row in result:
ms_tab.append(MalwareDAO.make_from_row(row))
return ms_tab
def find_by_module_uid(module_uid):
s = select([Lamadb.indicator])\
.where(Lamadb.indicator.c._module_uid == module_uid)
result = Lamadb.execute(s)
ms_tab = []
for row in result:
ms_tab.append(IndicatorDAO.make_from_row(row))
return ms_tab
def find_by_malware_uid(malware_uid):
s = select([Lamadb.module_status])\
.where(Lamadb.module_status.c._malware_uid == malware_uid)
result = Lamadb.execute(s)
ms_tab = []
for row in result:
ms_tab.append(ModuleStatusDAO.make_from_row(row))
return ms_tab
def read(uid):
s = select([Lamadb.malware]).where(Lamadb.malware.c._uid == uid)
result = Lamadb.execute(s)
if result.rowcount != 1:
print("Error read malware DAO")
return None
row = result.fetchone()
malware = MalwareDAO.make_from_row(row)
return malware
def read(uid):
s = select([Lamadb.indicator]).where(Lamadb.indicator.c._uid == uid)
result = Lamadb.execute(s)
if result.rowcount != 1:
print("Error read indicator DAO")
return None
row = result.fetchone()
ms = IndicatorDAO.make_from_row(row)
return ms
def read(uid):
s = select([Lamadb.module_status])\
.where(Lamadb.module_status.c._uid == uid)
result = Lamadb.execute(s)
if result.rowcount != 1:
print("Error read module Status DAO")
return None
row = result.fetchone()
ms = ModuleStatusDAO.make_from_row(row)
return ms
def update(module_status):
ins = Lamadb.module_status.update()\
.where(Lamadb.module_status.c._uid == module_status._uid)\
.values(
_module_cls_name=module_status._module_cls_name,
_status=module_status._status,
_start_analyze_date=module_status._start_analyze_date,
_end_analyze_date=module_status._end_analyze_date,
_options=module_status._options,
_malware_uid=module_status._malware_uid
)
res = Lamadb.execute(ins)
return res.rowcount == 1
def update(indicator):
ins = Lamadb.indicator.update()\
.where(Lamadb.indicator.c._uid == indicator._uid)\
.values(
_module_cls_name=indicator._module_cls_name,
_name=indicator._name,
_content_type=indicator._content_type,
_content=indicator._content,
_option=indicator._option,
_score=indicator._score,
_module_uid=indicator._module_uid
)
res = Lamadb.execute(ins)
return res.rowcount == 1
def create(module_status):
ins = Lamadb.module_status.insert().values(
_module_cls_name=module_status.module_cls_name,
_status=module_status.status,
_start_analyze_date=module_status.start_analyze_date,
_end_analyze_date=module_status.end_analyze_date,
_options=module_status.options,
_malware_uid=module_status.malware_uid)
result = Lamadb.execute(ins)
if result:
module_status._uid = result.inserted_primary_key[0]
return True
else:
return False
def update(malware):
ins = Lamadb.malware.update()\
.where(Lamadb.malware.c._uid == malware.uid)\
.values(
_parent_uid=malware._parent_uid,
_name=malware._name,
_path=malware._path,
_md5=malware._md5,
_sha1=malware._sha1,
_mime=malware._mime,
_size=malware._size,
_nb_module=malware._nb_module,
_analysis_uid=malware._analysis_uid
)
res = Lamadb.execute(ins)
return res.rowcount == 1
def create(indicator):
ins = Lamadb.indicator.insert().values(
_module_cls_name=indicator._module_cls_name,
_name=indicator._name,
_content_type=indicator._content_type,
_content=indicator._content,
_option=indicator._option,
_score=indicator._score,
_module_uid=indicator._module_uid
)
result = Lamadb.execute(ins)
if result:
indicator._uid = result.inserted_primary_key[0]
return True
else:
return False
def create(malware):
ins = Lamadb.malware.insert().values(
_parent_uid=malware._parent_uid,
_name=malware._name,
_path=malware._path,
_md5=malware._md5,
_sha1=malware._sha1,
_mime=malware._mime,
_size=malware._size,
_analysis_uid=malware._analysis_uid,
_nb_module=malware._nb_module
)
result = Lamadb.execute(ins)
if result:
malware._uid = result.inserted_primary_key[0]
return True
else:
return False
def delete(uid):
d = Lamadb.malware.delete(Lamadb.malware.c._uid == uid)
Lamadb.execute(d)
def delete(uid):
d = Lamadb.indicator.delete(Lamadb.indicator.c._uid == uid)
Lamadb.execute(d)
def delete(uid):
d = Lamadb.module_status.delete(Lamadb.module_status.c._uid == uid)
Lamadb.execute(d)