class IDAAction(db.Model):
"""
Abstract class for implementing IDA actions.
This mirrors actions done by the analyst on his database
"""
__tablename__ = "idaactions"
id = db.Column(db.Integer(), primary_key=True)
# The action data
data = db.Column(db.String())
# The address where the action occured
address = db.Column(db.BigInteger(), index=True)
# We must keep timestamp to reorder actions
timestamp = db.Column(db.DateTime(), index=True)
# We also keep the last user
user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
# The action type
type = db.Column(db.String(), index=True)
__mapper_args__ = {
'polymorphic_identity': 'idaactions',
'polymorphic_on': type
}
class User(db.Model, UserMixin):
"""
User model.
"""
__tablename__ = 'user'
id = db.Column(db.Integer, primary_key=True)
# N-N relationships
samples = db.relationship('Sample',
secondary=usersample,
backref=db.backref('users', lazy="dynamic"))
families = db.relationship('Family',
secondary=userfamily,
backref=db.backref('users', lazy="dynamic"))
# Login
nickname = db.Column(db.String(), index=True, unique=True)
# Complete user name
completename = db.Column(db.String(), index=True, unique=True)
theme = db.Column(db.String())
# User's email (not used for now)
email = db.Column(db.String(), index=True, unique=True)
# Password
password = db.Column(db.String())
api_key = db.Column(db.String())
roles = db.relationship('Role',
secondary=roles_users,
backref=db.backref('users', lazy='dynamic'))
last_login_at = db.Column(db.DateTime())
current_login_at = db.Column(db.DateTime())
last_login_ip = db.Column(db.String(45))
current_login_ip = db.Column(db.String(45))
login_count = db.Column(db.Integer)
active = db.Column(db.Boolean(), default=False)
def get_id(self):
return self.id
def __repr__(self):
return '<User %r>' % (self.nickname)
class AnalysisResult(db.Model):
"""
Containing all PE analysis data.
"""
__tablename__ = "analysisresult"
id = db.Column(db.Integer(), primary_key=True)
sample_id = db.Column(db.Integer(), db.ForeignKey('sample.id'))
analysis_status = db.Column(db.Boolean())
analysis_date = db.Column(db.DateTime())
title = db.Column(db.String())
data = db.Column(db.String())
type = db.Column(db.String())
class YaraRule(db.Model):
"""
Yara rule model.
"""
__tablename__ = 'yararule'
id = db.Column(db.Integer, primary_key=True)
# yara name (displayed)
name = db.Column(db.String(), unique=True)
# raw yara rule
raw_rule = db.Column(db.String())
# creation's date
creation_date = db.Column(db.DateTime())
# TLP sensibility
TLP_sensibility = db.Column(db.Integer(), nullable=False)
version = db.Column(db.Integer())
def __init__(self, name, raw_rule, tlp_level):
self.creation_date = datetime.now()
self.modif_date = datetime.now()
self.raw_rule = raw_rule
self.name = name
self.TLP_sensibility = tlp_level
class Sample(db.Model):
"""
Samples model.
"""
__tablename__ = 'sample'
id = db.Column(db.Integer, primary_key=True)
# N-N relationships
check_list = db.relationship('CheckList',
secondary=sampletochecklist,
backref=db.backref('samples', lazy='dynamic'))
actions = db.relationship('IDAAction',
secondary=sampletoactions,
backref=db.backref('samples', lazy='dynamic'))
yaras = db.relationship('YaraRule',
secondary=sampletoyara,
backref=db.backref('samples', lazy='dynamic'))
# Enriched N-N relationships (double link)
linked_samples = db.relationship('SampleMatch',
backref=db.backref('sample1',
remote_side=[id]),
foreign_keys=[SampleMatch.sid_1])
linked_samples_2 = db.relationship('SampleMatch',
backref=db.backref('sample2',
remote_side=[id]),
foreign_keys=[SampleMatch.sid_2])
# 1-N relationships
strings = db.relationship("StringsItem",
backref=db.backref('sample', remote_side=[id]))
s_metadata = db.relationship("SampleMetadata",
backref=db.backref('sample',
remote_side=[id]))
functions = db.relationship("FunctionInfo",
backref=db.backref('sample', remote_side=[id]),
lazy="dynamic")
filenames = db.relationship("FileName",
backref=db.backref('sample', remote_side=[id]))
analysis_data = db.relationship('AnalysisResult',
backref=db.backref("sample",
remote_side=[id]))
# Sample's binary path
storage_file = db.Column(db.String())
# File size
size = db.Column(db.Integer())
# File's internal date (compilation timestamp, etc.)
file_date = db.Column(db.DateTime(), index=True)
# Hashes
md5 = db.Column(db.String(32), index=True, nullable=False)
sha1 = db.Column(db.String(40), index=True, nullable=False)
sha256 = db.Column(db.String(64), index=True, nullable=False)
# Mime type
mime_type = db.Column(db.String())
full_mime_type = db.Column(db.String())
# Abstract, set by user
abstract = db.Column(db.String())
# Import hash, set by tasks
import_hash = db.Column(db.String(), index=True)
# TLP level, mandatory
TLP_sensibility = db.Column(db.Integer(),
nullable=False,
default=TLPLevel.TLPAMBER)
# Analysis status
analysis_status = db.Column(db.Integer(),
nullable=False,
default=AnalysisStatus.TOSTART)
# Sample's analysis date
analysis_date = db.Column(db.DateTime())
# "status" is not used, for now
# status = db.Column(db.Integer())
def __repr__(self):
return 'Sample %d' % self.id