def main(args):
if len(args) != 2:
pass
else:
ds_config, meta_data_file = args
if not os.path.exists(ds_config):
print >> sys.stderr, "%s does not exists" % ds_config
return 1
if os.path.exists(meta_data_file):
print >> sys.stderr, "%s already exists, please remove it first" % meta_data_file
return 1
if not os.path.exists(os.path.dirname(meta_data_file)):
print >> sys.stderr, "dir %s does not exists, please create it first" % os.path.dirname(
meta_data_file)
return 1
sc = SearchConfiguration(ds_config)
sc.get_search_config()
sc.parse()
for handle in sc.handles:
handle.connect()
handle.copy_raw_meta_data(meta_data_file, append=True)
handle.close()
# meta to database
doc = Document()
doc.clear()
with open(meta_data_file) as metadata:
reader = csv.reader(metadata)
for row in reader:
if len(row) > 3:
doc.create(row[0], row[1], row[2], row[3])
else:
doc.create(row[0], row[1], row[2])
doc.update_filters()
doc.close()
# database to solr
s = Solr()
db = Database()
db.connect()
cursor = db.cursor()
cursor.execute("SELECT * FROM documents")
datalist = []
for row in cursor.fetchall():
datalist.append({
"universal_id_s": row["universal_id"],
"title_s": row["title"],
"all_txt_ng": row["keywords"],
"path_s": row["path"],
})
cursor.close()
db.close()
s.solr().delete(q="*:*")
s.solr().add(datalist)
return 0
class Core(object):
"""
class core
"""
def __init__(self, malware_path, vt_key):
self.malware_path = malware_path
self.db = Database(malware_path)
Rules.db = self.db
self.string_list = None
self.vt = Vt(vt_key, self.malware_path)
self.ipAddr = IpAddr()
self.url = Url()
self.cmd = Cmd()
self.id = Id()
self.path = Path()
self.section = Section()
self.symbol = Symbol(self.malware_path)
self.formatStr = FormatStr()
self.msg = Msg()
self.undef = Undefined()
self.err_bad_path = "[Error] invalide malware file path."
self.err_string_recovery = "[Error] string recovery failed."
self.err_empty_bin = "[Error] no strings found."
def load_strings(self):
if not os.path.isfile(self.malware_path):
print self.err_bad_path
return False
try:
self.string_list = Parser.strings(self.malware_path)
except:
print self.err_string_recovery
return False
if self.string_list is None:
print self.err_empty_bin
return False
return True
def print_msa_logo(self):
print """
___ ________ ___
| \/ / ___|/ _ \\
| . . \ `--./ /_\ \\
| |\/| |`--. | _ |
| | | /\__/ | | | |
\_| |_\____/\_| |_/
"""
def run(self):
"""
Entry point of the MSA functions.
:param self: blabla
:type self: object
:return: If the function success or not.
:rtype: Boolean
"""
self.print_msa_logo()
print "File information:"
print "-----------------"
print "-> path:\t\t" + self.malware_path \
+ "\n-> db table:\t\t" + self.db.malware_name
print "-> Strings number:\t" + str(len(self.string_list)) + "\n"
if self.vt.isActivate() == True:
print "Virus total file analysis:"
print "--------------------------"
self.vt.file_analysis()
isValid, error_msg = Parser.isValidBin(self.malware_path)
if isValid == False:
print error_msg
sys.exit(2)
print "\nStrings analysis:"
print "-----------------"
self.string_list = self.symbol.run_analysis(self.string_list)
self.string_list = self.url.run_analysis(self.string_list)
self.string_list = self.ipAddr.run_analysis(self.string_list)
self.string_list = self.cmd.run_analysis(self.string_list)
self.string_list = self.id.run_analysis(self.string_list)
self.string_list = self.path.run_analysis(self.string_list)
self.string_list = self.section.run_analysis(self.string_list)
self.string_list = self.formatStr.run_analysis(self.string_list)
self.string_list = self.string_list = self.msg.run_analysis(
self.string_list)
self.undef.run_analysis(self.string_list)
print "\nVirus total URLs information:"
print "-----------------------------"
urls = list(set(self.db.getUrls()))
for url in urls:
self.vt.url_analysis(url)
print "\nVirus total IP addresses information:"
print "-------------------------------------"
ips = list(set(self.db.getIpAddresses()))
for ip in ips:
self.vt.ip_analysis(ip)
self.db.close()
return True
attr_person2 = 'vassarPersonGroups'
value_person2 = 'cn=' + str(
res[0]) + ',ou=courses,ou=groups,dc=vassar,dc=edu'
if res[2].strip() in ['add']:
# Do they already exist as a member of this course:
res_cn = ldap.search(dn_course, '(uniqueMember=' + value_course + ')',
'cn')
if res_cn:
db.crosslistreserve('add', value_course, res[0])
else:
ldap.modify(dn_course, attr_course, value_course, 'ADD')
ldap.modify(dn_person, attr_person1, value_person1, 'ADD')
ldap.modify(dn_person, attr_person2, value_person2, 'ADD')
if res[2].strip() in ['drop']:
# Is this drop in holding:
res_crosslist = db.crosslistsearch(value_course, res[0])
if res_crosslist:
db.crosslistreserve('remove', value_course, res[0])
else:
ldap.modify(dn_course, attr_course, value_course, 'DELETE')
ldap.modify(dn_person, attr_person1, value_person1, 'DELETE')
ldap.modify(dn_person, attr_person2, value_person2, 'DELETE')
#res_cn = ldap.search('cn=MATH-241-01-2018A,ou=courses,ou=groups,dc=vassar,dc=edu','(uniqueMember=uid=isfurman,ou=people,dc=vassar,dc=edu)','uniqueMember')
ldap.close()
db.close()
class Core(object):
"""
class core
"""
def __init__(self, malware_path, vt_key):
self.malware_path = malware_path
self.db = Database(malware_path)
Rules.db = self.db
self.string_list = None
self.vt = Vt(vt_key, self.malware_path)
self.ipAddr = IpAddr()
self.url = Url()
self.cmd = Cmd()
self.id = Id()
self.path = Path()
self.section = Section()
self.symbol = Symbol(self.malware_path)
self.formatStr = FormatStr()
self.msg = Msg()
self.undef = Undefined()
self.err_bad_path = "[Error] invalide malware file path."
self.err_string_recovery = "[Error] string recovery failed."
self.err_empty_bin = "[Error] no strings found."
def load_strings(self):
if not os.path.isfile(self.malware_path):
print self.err_bad_path
return False
try:
self.string_list = Parser.strings(self.malware_path)
except:
print self.err_string_recovery
return False
if self.string_list is None:
print self.err_empty_bin
return False
return True
def print_msa_logo(self):
print """
___ ________ ___
| \/ / ___|/ _ \\
| . . \ `--./ /_\ \\
| |\/| |`--. | _ |
| | | /\__/ | | | |
\_| |_\____/\_| |_/
"""
def run(self):
"""
Entry point of the MSA functions.
:param self: blabla
:type self: object
:return: If the function success or not.
:rtype: Boolean
"""
self.print_msa_logo()
print "File information:"
print "-----------------"
print "-> path:\t\t" + self.malware_path \
+ "\n-> db table:\t\t" + self.db.malware_name
print "-> Strings number:\t" + str(len(self.string_list)) + "\n"
if self.vt.isActivate() == True:
print "Virus total file analysis:"
print "--------------------------"
self.vt.file_analysis()
isValid, error_msg = Parser.isValidBin(self.malware_path)
if isValid == False:
print error_msg
sys.exit(2)
print "\nStrings analysis:"
print "-----------------"
self.string_list = self.symbol.run_analysis(self.string_list)
self.string_list = self.url.run_analysis(self.string_list)
self.string_list = self.ipAddr.run_analysis(self.string_list)
self.string_list = self.cmd.run_analysis(self.string_list)
self.string_list = self.id.run_analysis(self.string_list)
self.string_list = self.path.run_analysis(self.string_list)
self.string_list = self.section.run_analysis(self.string_list)
self.string_list = self.formatStr.run_analysis(self.string_list)
self.string_list = self.string_list = self.msg.run_analysis(self.string_list)
self.undef.run_analysis(self.string_list)
print "\nVirus total URLs information:"
print "-----------------------------"
urls = list(set(self.db.getUrls()))
for url in urls:
self.vt.url_analysis(url)
print "\nVirus total IP addresses information:"
print "-------------------------------------"
ips = list(set(self.db.getIpAddresses()))
for ip in ips:
self.vt.ip_analysis(ip)
self.db.close()
return True
