class RunAntiVirus(object):
"""AntiVirus modules manager."""
def __init__(self, task, machine):
self.task = task
self.machine = machine
self.cfg = Config(cfg=os.path.join(MALICE_ROOT, "conf", "av.conf"))
self.enabled = []
def start(self):
av_list = list_plugins(group="av")
if av_list:
for module in av_list:
try:
current = module()
except:
log.exception("Failed to load the av module "
"\"{0}\":".format(module))
return
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = self.cfg.get(module_name)
except MaliceOperationalError:
log.debug(
"AntiVirus module %s not found in "
"configuration file", module_name)
continue
if not options.enabled:
continue
current.set_task(self.task)
current.set_machine(self.machine)
current.set_options(options)
try:
current.start()
except NotImplementedError:
pass
except Exception as e:
log.warning("Unable to start av module %s: %s",
module_name, e)
else:
log.debug("Started av module: %s", module_name)
self.enabled.append(current)
def stop(self):
for module in self.enabled:
try:
module.stop()
except NotImplementedError:
pass
except Exception as e:
log.warning("Unable to stop av module: %s", e)
else:
log.debug("Stopped av module: %s", module)
class RunAntiVirus(object):
"""AntiVirus modules manager."""
def __init__(self, task, machine):
self.task = task
self.machine = machine
self.cfg = Config(cfg=os.path.join(MALICE_ROOT, "conf", "av.conf"))
self.enabled = []
def start(self):
av_list = list_plugins(group="av")
if av_list:
for module in av_list:
try:
current = module()
except:
log.exception("Failed to load the av module "
"\"{0}\":".format(module))
return
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = self.cfg.get(module_name)
except MaliceOperationalError:
log.debug("AntiVirus module %s not found in "
"configuration file", module_name)
continue
if not options.enabled:
continue
current.set_task(self.task)
current.set_machine(self.machine)
current.set_options(options)
try:
current.start()
except NotImplementedError:
pass
except Exception as e:
log.warning("Unable to start av module %s: %s",
module_name, e)
else:
log.debug("Started av module: %s", module_name)
self.enabled.append(current)
def stop(self):
for module in self.enabled:
try:
module.stop()
except NotImplementedError:
pass
except Exception as e:
log.warning("Unable to stop av module: %s", e)
else:
log.debug("Stopped av module: %s", module)
class RunReporting:
"""Reporting Engine.
This class handles the loading and execution of the enabled reporting
modules. It receives the analysis results dictionary from the Intel
Engine and pass it over to the reporting modules before executing them.
"""
def __init__(self, task_id, results):
"""@param analysis_path: analysis folder path."""
self.task = Database().view_task(task_id).to_dict()
self.results = results
self.analysis_path = os.path.join(MALICE_ROOT, "storage", "analyses",
str(task_id))
self.cfg = Config(
cfg=os.path.join(MALICE_ROOT, "conf", "reporting.conf"))
def process(self, module):
"""Run a single reporting module.
@param module: reporting module.
@param results: results results from analysis.
"""
# Initialize current reporting module.
try:
current = module()
except:
log.exception(
"Failed to load the reporting module \"{0}\":".format(module))
return
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = self.cfg.get(module_name)
except MaliceOperationalError:
log.debug("Reporting module %s not found in configuration file",
module_name)
return
# If the reporting module is disabled in the config, skip it.
if not options.enabled:
return
# Give it the path to the analysis results folder.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the the relevant reporting.conf section.
current.set_options(options)
# Load the content of the analysis.conf file.
current.cfg = Config(current.conf_path)
try:
current.run(self.results)
log.debug("Executed reporting module \"%s\"",
current.__class__.__name__)
except MaliceDependencyError as e:
log.warning(
"The reporting module \"%s\" has missing dependencies: %s",
current.__class__.__name__, e)
except MaliceReportError as e:
log.warning(
"The reporting module \"%s\" returned the following error: %s",
current.__class__.__name__, e)
except:
log.exception("Failed to run the reporting module \"%s\":",
current.__class__.__name__)
def run(self):
"""Generates all reports.
@raise MaliceReportError: if a report module fails.
"""
# In every reporting module you can specify a numeric value that
# represents at which position that module should be executed among
# all the available ones. It can be used in the case where a
# module requires another one to be already executed beforehand.
reporting_list = list_plugins(group="reporting")
# Return if no reporting modules are loaded.
if reporting_list:
reporting_list.sort(key=lambda module: module.order)
# Run every loaded reporting module.
for module in reporting_list:
self.process(module)
else:
log.info("No reporting modules loaded")
class RunIntel(object):
"""Analysis Results Intel Engine.
This class handles the loading and execution of the processing modules.
It executes the enabled ones sequentially and generates a dictionary which
is then passed over the reporting engine.
"""
def __init__(self, task_id):
"""@param task_id: ID of the analyses to process."""
self.task = Database().view_task(task_id).to_dict()
self.analysis_path = os.path.join(MALICE_ROOT, "storage", "analyses",
str(task_id))
self.cfg = Config(
cfg=os.path.join(MALICE_ROOT, "conf", "processing.conf"))
def process(self, module):
"""Run a processing module.
@param module: processing module to run.
@param results: results dict.
@return: results generated by module.
"""
# Initialize the specified processing module.
try:
current = module()
except:
log.exception("Failed to load the processing module "
"\"{0}\":".format(module))
return
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = self.cfg.get(module_name)
except MaliceOperationalError:
log.debug("Intel module %s not found in configuration file",
module_name)
return None
# If the processing module is disabled in the config, skip it.
if not options.enabled:
return None
# Give it path to the analysis results.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the options from the relevant processing.conf section.
current.set_options(options)
try:
# Run the processing module and retrieve the generated data to be
# appended to the general results container.
data = current.run()
log.debug(
"Executed processing module \"%s\" on analysis at "
"\"%s\"", current.__class__.__name__, self.analysis_path)
# If succeeded, return they module's key name and the data to be
# appended to it.
return {current.key: data}
except MaliceDependencyError as e:
log.warning(
"The processing module \"%s\" has missing dependencies: %s",
current.__class__.__name__, e)
except MaliceIntelError as e:
log.warning(
"The processing module \"%s\" returned the following "
"error: %s", current.__class__.__name__, e)
except:
log.exception("Failed to run the processing module \"%s\":",
current.__class__.__name__)
return None
def run(self):
"""Run all processing modules and all signatures.
@return: processing results.
"""
# This is the results container. It's what will be used by all the
# reporting modules to make it consumable by humans and machines.
# It will contain all the results generated by every processing
# module available. Its structure can be observed through the JSON
# dump in the analysis' reports folder. (If jsondump is enabled.)
# We friendly call this "fat dict".
results = {}
# Order modules using the user-defined sequence number.
# If none is specified for the modules, they are selected in
# alphabetical order.
processing_list = list_plugins(group="processing")
# If no modules are loaded, return an empty dictionary.
if processing_list:
processing_list.sort(key=lambda module: module.order)
# Run every loaded processing module.
for module in processing_list:
result = self.process(module)
# If it provided some results, append it to the big results
# container.
if result:
results.update(result)
else:
log.info("No processing modules loaded")
# Return the fat dict.
return results
class RunReporting:
"""Reporting Engine.
This class handles the loading and execution of the enabled reporting
modules. It receives the analysis results dictionary from the Intel
Engine and pass it over to the reporting modules before executing them.
"""
def __init__(self, task_id, results):
"""@param analysis_path: analysis folder path."""
self.task = Database().view_task(task_id).to_dict()
self.results = results
self.analysis_path = os.path.join(MALICE_ROOT, "storage", "analyses", str(task_id))
self.cfg = Config(cfg=os.path.join(MALICE_ROOT, "conf", "reporting.conf"))
def process(self, module):
"""Run a single reporting module.
@param module: reporting module.
@param results: results results from analysis.
"""
# Initialize current reporting module.
try:
current = module()
except:
log.exception("Failed to load the reporting module \"{0}\":".format(module))
return
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = self.cfg.get(module_name)
except MaliceOperationalError:
log.debug("Reporting module %s not found in configuration file", module_name)
return
# If the reporting module is disabled in the config, skip it.
if not options.enabled:
return
# Give it the path to the analysis results folder.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the the relevant reporting.conf section.
current.set_options(options)
# Load the content of the analysis.conf file.
current.cfg = Config(current.conf_path)
try:
current.run(self.results)
log.debug("Executed reporting module \"%s\"", current.__class__.__name__)
except MaliceDependencyError as e:
log.warning("The reporting module \"%s\" has missing dependencies: %s", current.__class__.__name__, e)
except MaliceReportError as e:
log.warning("The reporting module \"%s\" returned the following error: %s", current.__class__.__name__, e)
except:
log.exception("Failed to run the reporting module \"%s\":", current.__class__.__name__)
def run(self):
"""Generates all reports.
@raise MaliceReportError: if a report module fails.
"""
# In every reporting module you can specify a numeric value that
# represents at which position that module should be executed among
# all the available ones. It can be used in the case where a
# module requires another one to be already executed beforehand.
reporting_list = list_plugins(group="reporting")
# Return if no reporting modules are loaded.
if reporting_list:
reporting_list.sort(key=lambda module: module.order)
# Run every loaded reporting module.
for module in reporting_list:
self.process(module)
else:
log.info("No reporting modules loaded")
class RunIntel(object):
"""Analysis Results Intel Engine.
This class handles the loading and execution of the processing modules.
It executes the enabled ones sequentially and generates a dictionary which
is then passed over the reporting engine.
"""
def __init__(self, task_id):
"""@param task_id: ID of the analyses to process."""
self.task = Database().view_task(task_id).to_dict()
self.analysis_path = os.path.join(MALICE_ROOT, "storage", "analyses", str(task_id))
self.cfg = Config(cfg=os.path.join(MALICE_ROOT, "conf", "processing.conf"))
def process(self, module):
"""Run a processing module.
@param module: processing module to run.
@param results: results dict.
@return: results generated by module.
"""
# Initialize the specified processing module.
try:
current = module()
except:
log.exception("Failed to load the processing module "
"\"{0}\":".format(module))
return
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = self.cfg.get(module_name)
except MaliceOperationalError:
log.debug("Intel module %s not found in configuration file",
module_name)
return None
# If the processing module is disabled in the config, skip it.
if not options.enabled:
return None
# Give it path to the analysis results.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the options from the relevant processing.conf section.
current.set_options(options)
try:
# Run the processing module and retrieve the generated data to be
# appended to the general results container.
data = current.run()
log.debug("Executed processing module \"%s\" on analysis at "
"\"%s\"", current.__class__.__name__, self.analysis_path)
# If succeeded, return they module's key name and the data to be
# appended to it.
return {current.key: data}
except MaliceDependencyError as e:
log.warning("The processing module \"%s\" has missing dependencies: %s", current.__class__.__name__, e)
except MaliceIntelError as e:
log.warning("The processing module \"%s\" returned the following "
"error: %s", current.__class__.__name__, e)
except:
log.exception("Failed to run the processing module \"%s\":",
current.__class__.__name__)
return None
def run(self):
"""Run all processing modules and all signatures.
@return: processing results.
"""
# This is the results container. It's what will be used by all the
# reporting modules to make it consumable by humans and machines.
# It will contain all the results generated by every processing
# module available. Its structure can be observed through the JSON
# dump in the analysis' reports folder. (If jsondump is enabled.)
# We friendly call this "fat dict".
results = {}
# Order modules using the user-defined sequence number.
# If none is specified for the modules, they are selected in
# alphabetical order.
processing_list = list_plugins(group="processing")
# If no modules are loaded, return an empty dictionary.
if processing_list:
processing_list.sort(key=lambda module: module.order)
# Run every loaded processing module.
for module in processing_list:
result = self.process(module)
# If it provided some results, append it to the big results
# container.
if result:
results.update(result)
else:
log.info("No processing modules loaded")
# Return the fat dict.
return results
