def get_public_ruleset(save, outfile, ruleset_id): """Get a public ruleset by its RULESET_ID""" ctx = click.get_current_context() api = ctx.meta.get('api') wdir = ctx.meta.get('wdir') quiet = ctx.meta.get('quiet') logger.info('Attempting to fetch ruleset %s', ruleset_id) result = api.get_public_ruleset(ruleset_id=ruleset_id) if not quiet: click.echo(pygmentize_json(result)) if save: if not outfile: filepath = os.path.join(wdir, 'ruleset-{}.json'.format(ruleset_id)) outfile = io.open(filepath, 'wb') else: filepath = outfile.name logger.info('Saving ruleset metadata to {}'.format(filepath)) json.dump(result, outfile) logger.info('Ruleset metadata saved correctly')
def get_analysis(sha256_or_file, upload, save, outfile): """ Get the Koodous report of SHA256_OR_FILE. If the file has not be analyzed by Koodous, the file is just submitted (or not, according to the --upload option). """ ctx = click.get_current_context() api = ctx.meta.get('api') wdir = ctx.meta.get('wdir') is_file = os.path.isfile(sha256_or_file) and os.access(sha256_or_file, os.R_OK) sha256 = sha256_or_file if is_file: sha256 = file_hash(sha256_or_file) logger.info('File %s SHA-256 digest = %s', sha256_or_file, sha256) logger.info('Getting analysis of %s', sha256) analysis = api.get_analysis(sha256) click.echo(analysis) if analysis: click.echo(pygmentize_json(analysis)) if save: if not outfile: filepath = os.path.join(wdir, '{}.json'.format(sha256)) outfile = io.open(filepath, 'wb') else: filepath = outfile.name logger.info('Saving analysis to %s', filepath) json.dump(analysis, outfile) logger.info('Saved to %s successfully', filepath) elif is_file: logger.warning('File not found on Koodous') if upload: logger.info('Uploading file for analysis') try: upload_result = api.upload(sha256_or_file) logger.info('File %s uploaded successfully', upload_result) except Exception as ex: logger.error('Uploading %s failed: %s', sha256_or_file, ex)
def get_analysis(sha256_or_file, upload, save, outfile): """ Get the Koodous report of SHA256_OR_FILE. If the file has not be analyzed by Koodous, the file is just submitted (or not, according to the --upload option). """ ctx = click.get_current_context() api = ctx.meta.get('api') wdir = ctx.meta.get('wdir') is_file = os.path.isfile(sha256_or_file) and os.access( sha256_or_file, os.R_OK) sha256 = sha256_or_file if is_file: sha256 = file_hash(sha256_or_file) logger.info('File %s SHA-256 digest = %s', sha256_or_file, sha256) logger.info('Getting analysis of %s', sha256) analysis = api.get_analysis(sha256) click.echo(analysis) if analysis: click.echo(pygmentize_json(analysis)) if save: if not outfile: filepath = os.path.join(wdir, '{}.json'.format(sha256)) outfile = io.open(filepath, 'wb') else: filepath = outfile.name logger.info('Saving analysis to %s', filepath) json.dump(analysis, outfile) logger.info('Saved to %s successfully', filepath) elif is_file: logger.warning('File not found on Koodous') if upload: logger.info('Uploading file for analysis') try: upload_result = api.upload(sha256_or_file) logger.info('File %s uploaded successfully', upload_result) except Exception as ex: logger.error('Uploading %s failed: %s', sha256_or_file, ex)
def get_matches_public_ruleset(ruleset_id, prompt, save, download, limit): """Get the APKs that match a public ruleset by its RULESET_ID Example: https://koodous.com/rulesets/RULESET_ID (e.g., 666) """ ctx = click.get_current_context() api = ctx.meta.get('api') quiet = ctx.meta.get('quiet') wdir = ctx.meta.get('wdir') logger.info('Attempting to fetch ruleset %s', ruleset_id) ruleset = api.get_public_ruleset(ruleset_id=ruleset_id) d = ruleset['detections'] if save: filepath = os.path.join(wdir, 'ruleset-{}.json'.format( ruleset_id)) logger.info('Saving ruleset to %s', filepath) with io.open(filepath, 'wb') as outfile: json.dump(ruleset, outfile) logger.info('Ruleset saved successfully') if prompt and 100 < d <= limit: if not click.confirm('The selected ruleset has {} matches. Do you ' 'want to proceed printing all of ' 'them?'.format(d)): return iterator = api.iter_matches_public_ruleset(ruleset_id) count = 0 for apks in iterator: for apk in apks: if not quiet: click.echo(pygmentize_json(apk)) if save: sha256 = apk['sha256'] filepath = os.path.join(wdir, '{}.json'.format(sha256)) logger.info('Saving metadata of %s to %s', sha256, filepath) with io.open(filepath, 'wb') as outfile: json.dump(apk, outfile) if download: dst = os.path.join(wdir, '{}.apk'.format(sha256)) logger.info('Downloading %s to %s', sha256, dst) try: api.download_to_file(sha256=sha256, dst=dst) logger.info('APK downloaded successfully') except Exception as ex: logger.error('Could not download %s: %s', sha256, ex) count += 1 if 0 < limit <= count: logger.info('Limit of %s matches reached: stopping!', limit) return
def get_matches_public_ruleset(ruleset_id, prompt, save, download, limit): """Get the APKs that match a public ruleset by its RULESET_ID Example: https://koodous.com/rulesets/RULESET_ID (e.g., 666) """ ctx = click.get_current_context() api = ctx.meta.get('api') quiet = ctx.meta.get('quiet') wdir = ctx.meta.get('wdir') logger.info('Attempting to fetch ruleset %s', ruleset_id) ruleset = api.get_public_ruleset(ruleset_id=ruleset_id) d = ruleset['detections'] if save: filepath = os.path.join(wdir, 'ruleset-{}.json'.format(ruleset_id)) logger.info('Saving ruleset to %s', filepath) with io.open(filepath, 'wb') as outfile: json.dump(ruleset, outfile) logger.info('Ruleset saved successfully') if prompt and 100 < d <= limit: if not click.confirm('The selected ruleset has {} matches. Do you ' 'want to proceed printing all of ' 'them?'.format(d)): return iterator = api.iter_matches_public_ruleset(ruleset_id) count = 0 for apks in iterator: for apk in apks: if not quiet: click.echo(pygmentize_json(apk)) if save: sha256 = apk['sha256'] filepath = os.path.join(wdir, '{}.json'.format(sha256)) logger.info('Saving metadata of %s to %s', sha256, filepath) with io.open(filepath, 'wb') as outfile: json.dump(apk, outfile) if download: dst = os.path.join(wdir, '{}.apk'.format(sha256)) logger.info('Downloading %s to %s', sha256, dst) try: api.download_to_file(sha256=sha256, dst=dst) logger.info('APK downloaded successfully') except Exception as ex: logger.error('Could not download %s: %s', sha256, ex) count += 1 if 0 < limit <= count: logger.info('Limit of %s matches reached: stopping!', limit) return