def decoders_list():
"""
List of configured decoders with names, sources, authors, and descriptions.
Normally an HTML table, but if `application/json` is the best mimetype set
in the `Accept` header, the response will be in JSON.
"""
name_filter = f.request.args.get("name", type=str)
source_filter = f.request.args.get("source", type=str)
headers = ("Name", "Source", "Description")
decoders_info = kordesii.iter_decoders(name=name_filter,
source=source_filter)
decoder_list = [{
"name": decoder_info.name,
"source": decoder_info.source.name,
"description": decoder_info.description,
} for decoder_info in decoders_info]
if f.request.accept_mimetypes.best == "application/json":
return f.jsonify({"decoders": decoder_list})
f.g.title = "Decoders"
return f.render_template("decoders.html",
headers=headers,
decoders=decoder_list)
def list_decoders(self):
"""
Retrieve list of decoder
"""
warnings.warn(
'Reporter.list_decoders() is deprecated, please use kordesii.iter_decoders() instead.',
DeprecationWarning
)
return [decoder.name for decoder in kordesii.iter_decoders()]
def test_register_decoder_directory(monkeypatch, Sample_decoder):
# Monkey patch decoders registration so previous test runs don't muck with this.
monkeypatch.setattr("kordesii.registry._sources", {})
decoder_dir = Sample_decoder.dirname
# Test registration
assert not list(kordesii.iter_decoders("Sample"))
kordesii.register_decoder_directory(decoder_dir)
decoders = list(kordesii.iter_decoders("Sample"))
assert len(decoders) == 1
# Test it was registered properly
decoder = decoders[0]
assert decoder.name == "Sample"
# Test we can also pull by source name.
decoders = list(kordesii.iter_decoders(source=decoder_dir))
assert len(decoders) == 1
decoders = list(kordesii.iter_decoders(decoder_dir + ":"))
assert len(decoders) == 1
def test_iter_decoders(monkeypatch, Sample_decoder):
monkeypatch.setattr("kordesii.registry._sources", {})
source = os.path.abspath(Sample_decoder.dirname)
kordesii.register_decoder_directory(source)
decoders = list(kordesii.iter_decoders("Sample"))
assert len(decoders) == 1
decoder = decoders[0]
assert isinstance(decoder, Decoder)
assert decoder.name == "Sample"
decoders = list(kordesii.iter_decoders(source=source))
assert len(decoders) == 1
decoder = decoders[0]
assert isinstance(decoder, Decoder)
assert decoder.name == "Sample"
assert list(kordesii.iter_decoders(name="bogus")) == []
assert list(kordesii.iter_decoders(source="bogus")) == []
def test_register_decoder_directory2(monkeypatch, Sample_decoder):
# Monkey patch decoders registration so previous test runs don't muck with this.
monkeypatch.setattr('kordesii.registry._sources', {})
decoder_dir = Sample_decoder.dirname
# Test registration
assert not list(kordesii.iter_decoders('Sample'))
kordesii.register_decoder_directory(decoder_dir, source_name='ACME')
decoders = list(kordesii.iter_decoders('Sample'))
assert len(decoders) == 1
# Test it was registered properly
decoder = decoders[0]
assert decoder.name == 'Sample'
assert decoder.source.name == 'ACME'
assert decoder.source.path == decoder_dir
# Test we can also pull by source name.
decoders = list(kordesii.iter_decoders(source='ACME'))
assert len(decoders) == 1
decoders = list(kordesii.iter_decoders('ACME:'))
assert len(decoders) == 1
def descriptions():
"""
List descriptions of decoder modules
"""
try:
response.content_type = "application/json"
# NOTE: Only presenting name for backwards compatibility.
output = {
"decoders": [decoder.name for decoder in kordesii.iter_decoders()]
}
return json.dumps(output, indent=4)
except Exception as e:
output = {'error': traceback.format_exc()}
logger.error("descriptions %s" % (traceback.format_exc()))
return output
def descriptions():
"""
List descriptions of decoder modules.
This is for backwards compatibility purposes.
Always a JSON response.
"""
try:
# NOTE: Only presenting name for backwards compatibility.
output = {
"decoders": [decoder.name for decoder in kordesii.iter_decoders()]
}
except Exception as e:
output = {"error": str(e)}
f.current_app.logger.exception(
"Error running descriptions: {}".format(e))
return f.jsonify(output)
def run_decoder(self, name, filename=None, data=None, **run_config):
"""
Runs specified decoder on file
:param name: name of decoder module to run
:param filename: file to parse
:param data: use data as file instead of loading data from filename
:param run_config: Extra configuration arguments to pass to kordesii.run_ida()
"""
self.__reset()
if not (filename or data):
raise ValueError("filename or data must be provided.")
if filename:
input_file = filename
else:
# we were passed data buffer. Lazy initialize a temp file for this
input_file = os.path.join(self.managed_tempdir(),
hashlib.md5(data).hexdigest())
with open(input_file, "wb") as file_object:
file_object.write(data)
try:
with self.__redirect_stdout():
found = False
# TODO: Run all decoders within a single ida call.
for decoder in kordesii.iter_decoders(name):
found = True
try:
decoder.run(input_file, self, **run_config)
except (Exception, SystemExit) as e:
logger.exception(
"Error running decoder {} on {}".format(
decoder.full_name,
os.path.basename(input_file)))
if not found:
logger.error(
"Could not find decoder with name: {}".format(name))
finally:
self.__cleanup()
def get_decoder_path(self, decoder_name):
"""
Description:
Given a decoder name, either full or just the family, get its path. First, try finding the Decoders
directory that should be a sibling to kordesii's parent and look in there. If that fails, return None.
Input:
decoder_name - The name of the decoder (just the family name)
Output:
The full path of the decoder
Raises:
ValueError if the decoder could not be found.
"""
warnings.warn(
'Reporter.get_decoder_path() is deprecated, please use kordesii.iter_decoders() instead.',
DeprecationWarning
)
for decoder in kordesii.iter_decoders(name=decoder_name):
return decoder.script_path
raise ValueError('Failed to find decoder: {}'.format(decoder_name))
def upload():
"""Upload page"""
f.g.title = "Upload"
decoders_info = kordesii.iter_decoders()
return f.render_template("upload.html", decoders=decoders_info)
def decoders():
return list(kordesii.iter_decoders())