def test_extract_filesystem_bundle_and_clean_up(self):
temporary_dir = extract_filesystem_bundle(MockDockerDriver(), container_id='asdfi76fdgauh')
try:
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'opt')))
finally:
clean_up(temporary_dir)
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'opt')))
temporary_dir = extract_filesystem_bundle(MockDockerDriver(), image_name='alpine')
try:
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'opt')))
finally:
clean_up(temporary_dir)
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'opt')))
def test_extract_filesystem_bundle_and_clean_up(self):
temporary_dir = extract_filesystem_bundle(MockDockerDriver(), container_id='asdfi76fdgauh')
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'opt')))
clean_up(temporary_dir)
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'opt')))
temporary_dir = extract_filesystem_bundle(MockDockerDriver(), image_name='alpine')
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertTrue(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertTrue(os.path.isdir(os.path.join(temporary_dir, 'opt')))
clean_up(temporary_dir)
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'bin')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'bin/bash')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'etc')))
self.assertFalse(os.path.exists(os.path.join(temporary_dir, 'etc/daemon.conf')))
self.assertFalse(os.path.isdir(os.path.join(temporary_dir, 'opt')))
def evaluate_image(self, image_name, container_id):
# Init
data = {}
# -- Static analysis
image_name = self.dockerDriver.get_docker_image_name_by_container_id(container_id) if container_id \
else image_name
os_packages = []
malware_binaries = []
dependencies = None
temp_dir = None
try:
# Get OS packages
if container_id is None: # Scans the docker image
os_packages = os_info_extractor.get_soft_from_docker_image(
docker_driver=self.dockerDriver, image_name=image_name)
temp_dir = extract_filesystem_bundle(
docker_driver=self.dockerDriver, image_name=image_name)
else: # Scans the docker container
os_packages = os_info_extractor.get_soft_from_docker_container_id(
docker_driver=self.dockerDriver, container_id=container_id)
temp_dir = extract_filesystem_bundle(
docker_driver=self.dockerDriver, container_id=container_id)
# Get malware binaries
malware_binaries = malware_extractor.get_malware_included_in_docker_image(
docker_driver=self.dockerDriver, temp_dir=temp_dir)
# Get programming language dependencies
dependencies = dep_info_extractor.get_dependencies_from_docker_image(
docker_driver=self.dockerDriver,
image_name=image_name,
temp_dir=temp_dir)
except Exception as ex:
message = "Unexpected exception of type {0} occured: {1!r}"\
.format(type(ex).__name__, ex.get_message() if type(ex).__name__ == 'DagdaError' else ex.args)
DagdaLogger.get_logger().error(message)
data['status'] = message
# -- Cleanup
if temp_dir is not None:
clean_up(temporary_dir=temp_dir)
# -- Prepare output
if dependencies is not None:
data['status'] = 'Completed'
else:
dependencies = []
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['static_analysis'] = self.generate_static_analysis(
image_name, os_packages, dependencies, malware_binaries)
# -- Return
return data
def get_malware_included_in_docker_image(docker_driver,
image_name=None,
container_id=None):
temp_dir = extract_filesystem_bundle(docker_driver=docker_driver,
image_name=image_name,
container_id=container_id)
raw_output = _clamav_run(docker_driver=docker_driver, temp_dir=temp_dir)
output = _parse_raw_output(raw_output=raw_output)
clean_up(temporary_dir=temp_dir)
return output
def evaluate_image(self, image_name, container_id):
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'ENTRY to the method for analyzing a docker image')
# Init
data = {}
# -- Static analysis
image_name = self.dockerDriver.get_docker_image_name_by_container_id(container_id) if container_id \
else image_name
os_packages = []
malware_binaries = []
dependencies = None
temp_dir = None
try:
# Get OS packages
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'Retrieving OS packages from the docker image ...')
if container_id is None: # Scans the docker image
os_packages = os_info_extractor.get_soft_from_docker_image(
docker_driver=self.dockerDriver, image_name=image_name)
temp_dir = extract_filesystem_bundle(
docker_driver=self.dockerDriver, image_name=image_name)
else: # Scans the docker container
os_packages = os_info_extractor.get_soft_from_docker_container_id(
docker_driver=self.dockerDriver, container_id=container_id)
temp_dir = extract_filesystem_bundle(
docker_driver=self.dockerDriver, container_id=container_id)
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'OS packages from the docker image retrieved')
# Get malware binaries
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'Retrieving malware files from the docker image ...')
malware_binaries = malware_extractor.get_malware_included_in_docker_image(
docker_driver=self.dockerDriver, temp_dir=temp_dir)
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'Malware files from the docker image retrieved')
# Get programming language dependencies
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'Retrieving dependencies from the docker image ...')
dependencies = dep_info_extractor.get_dependencies_from_docker_image(
docker_driver=self.dockerDriver,
image_name=image_name,
temp_dir=temp_dir)
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'Dependencies from the docker image retrieved')
except Exception as ex:
message = "Unexpected exception of type {0} occured: {1!r}"\
.format(type(ex).__name__, ex.get_message() if type(ex).__name__ == 'DagdaError' else ex.args)
DagdaLogger.get_logger().error(message)
if InternalServer.is_debug_logging_enabled():
traceback.print_exc()
data['status'] = message
# -- Cleanup
if temp_dir is not None:
clean_up(temporary_dir=temp_dir)
# -- Prepare output
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('Preparing analysis output ...')
if dependencies is not None:
data['status'] = 'Completed'
else:
dependencies = []
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['static_analysis'] = self.generate_static_analysis(
image_name, os_packages, dependencies, malware_binaries)
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('Analysis output completed')
# -- Return
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug(
'EXIT from the method for analyzing a docker image')
return data
def evaluate_image(self, image_name, container_id):
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('ENTRY to the method for analyzing a docker image')
# Init
data = {}
# -- Static analysis
image_name = self.dockerDriver.get_docker_image_name_by_container_id(container_id) if container_id \
else image_name
os_packages = []
malware_binaries = []
dependencies = []
temp_dir = None
try:
# Get OS packages
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('Retrieving OS packages from the docker image ...')
if container_id is None: # Scans the docker image
os_packages = os_info_extractor.get_soft_from_docker_image(docker_driver=self.dockerDriver,
image_name=image_name)
temp_dir = extract_filesystem_bundle(docker_driver=self.dockerDriver,
image_name=image_name)
else: # Scans the docker container
os_packages = os_info_extractor.get_soft_from_docker_container_id(docker_driver=self.dockerDriver,
container_id=container_id)
temp_dir = extract_filesystem_bundle(docker_driver=self.dockerDriver,
container_id=container_id)
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('OS packages from the docker image retrieved')
# Get malware binaries in a parallel way
malware_thread = Thread(target=Analyzer._threaded_malware, args=(self.dockerDriver, temp_dir,
malware_binaries))
malware_thread.start()
# Get programming language dependencies in a parallel way
dependencies_thread = Thread(target=Analyzer._threaded_dependencies, args=(self.dockerDriver, image_name,
temp_dir, dependencies))
dependencies_thread.start()
# Waiting for the threads
malware_thread.join()
dependencies_thread.join()
except Exception as ex:
message = "Unexpected exception of type {0} occurred: {1!r}"\
.format(type(ex).__name__, ex.get_message() if type(ex).__name__ == 'DagdaError' else ex.args)
DagdaLogger.get_logger().error(message)
if InternalServer.is_debug_logging_enabled():
traceback.print_exc()
data['status'] = message
# -- Cleanup
if temp_dir is not None:
clean_up(temporary_dir=temp_dir)
# -- Prepare output
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('Preparing analysis output ...')
if 'status' not in data or data['status'] is None:
data['status'] = 'Completed'
data['image_name'] = image_name
data['timestamp'] = datetime.datetime.now().timestamp()
data['static_analysis'] = self.generate_static_analysis(image_name, os_packages, dependencies, malware_binaries)
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('Analysis output completed')
# -- Return
if InternalServer.is_debug_logging_enabled():
DagdaLogger.get_logger().debug('EXIT from the method for analyzing a docker image')
return data