async def scan(self, payload: Payload, request: Request) -> WorkerResponse:
"""
Scan payloads using OPSWAT MetaDefender
"""
errors: List[Error] = []
headers = {
'apikey':
self.apikey,
'content-type':
'application/octet-stream',
'filename':
payload.results.payload_meta.extra_data.get(
'filename',
get_sha1(payload.content).encode()).decode(),
}
async with aiohttp.ClientSession(raise_for_status=True) as session:
async with session.post(self.opswat_url,
data=payload.content,
headers=headers) as response:
content = await response.json()
data_id = content['data_id']
results, error = await self._parse_results(data_id)
if error:
errors.append(
Error(
error=error,
plugin_name=self.plugin_name,
payload_id=payload.results.payload_id,
))
return WorkerResponse(results, errors=errors)
async def scan(self, payload: Payload, request: Request) -> WorkerResponse:
"""
Scan payloads using OPSWAT MetaDefender
"""
errors: List[Error] = []
headers = {
'apikey':
self.apikey,
'content-type':
'application/octet-stream',
'filename':
payload.results.payload_meta.extra_data.get(
'filename', get_sha1(payload.content)),
}
response = requests.post(self.opswat_url,
data=payload.content,
headers=headers)
response.raise_for_status()
data_id = response.json()['data_id']
results, error = self._parse_results(data_id)
if error:
errors.append(
Error(
error=error,
plugin_name=self.plugin_name,
payload_id=payload.results.payload_id,
))
return WorkerResponse(results, errors=errors)
def archive(self, payload: Payload, request_meta: RequestMeta) -> ArchiverResponse:
"""
Archive a payload to MongoDB
"""
self._connect_gridfs()
sha1 = helpers.get_sha1(payload.content)
meta = payload.payload_meta.extra_data
meta['_id'] = sha1
try:
with self.gridfs_db.new_file(**meta) as fp:
fp.write(payload.content)
except (DuplicateKeyError, FileExists):
pass
return ArchiverResponse(meta)
def scan(self, payload: Payload, request_meta: RequestMeta) -> WorkerResponse:
"""
Scan payloads using OPSWAT MetaDefender
"""
headers = {
'apikey': self.apikey,
'filename': payload.payload_meta.extra_data.get(
'filename', get_sha1(payload.content)
),
}
response = requests.post(self.opswat_url, data=payload.content, headers=headers)
response.raise_for_status()
data_id = response.json()['data_id']
results, errors = self._parse_results(data_id)
if errors:
errors = [errors]
return WorkerResponse(results, errors=errors)
async def scan(self, payload: Payload, request: Request) -> WorkerResponse:
"""
Search VTMIS for sha1 hash of a payload or from results of `iocextract` plugin
"""
results: List[Dict] = []
seen: Set[str] = set()
if 'iocextract' in payload.results.workers:
for key, iocs in payload.results.workers['iocextract'].items():
for ioc in iocs:
if key in self.ENDPOINTS and ioc not in seen:
response = self._query_api(ioc, key)
seen.add(ioc)
results.append(response)
if not results:
sha1 = get_sha1(payload.content)
results = self._query_api(sha1, 'sha1')
return WorkerResponse(results=results)
def scan(self, payload: Payload,
request_meta: RequestMeta) -> WorkerResponse:
"""
Scan payloads using Falcon Sandbox
"""
errors = None
url = f'{self.sandbox_url}/submit/file'
headers = {'api-key': self.apikey, 'user-agent': self.useragent}
filename = payload.payload_meta.extra_data.get(
'filename', helpers.get_sha1(payload.content))
if isinstance(filename, bytes):
filename = filename.decode()
files = {'file': (filename, payload.content)}
data = {'environment_id': self.environment_id}
response = requests.post(url, data=data, files=files, headers=headers)
response.raise_for_status()
results = response.json()
if self.wait_for_results:
results, errors = self._parse_results(results['job_id'])
return WorkerResponse(results, errors=errors)
def test_get_sha1(self):
h = helpers.get_sha1(self.generic_content)
self.assertEqual(h, 'c519c1a06cdbeb2bc499e22137fb48683858b345')
