def _analyze_elf(self, file_object):
elf_dict = {}
try:
parsed_binary = lief.parse(file_object.file_path)
binary_json_dict = json.loads(
lief.to_json_from_abstract(parsed_binary))
if parsed_binary.exported_functions:
binary_json_dict['exported_functions'] = normalize_lief_items(
parsed_binary.exported_functions)
if parsed_binary.imported_functions:
binary_json_dict['imported_functions'] = normalize_lief_items(
parsed_binary.imported_functions)
if parsed_binary.libraries:
binary_json_dict['libraries'] = normalize_lief_items(
parsed_binary.libraries)
modinfo_data = self.filter_modinfo(parsed_binary)
if modinfo_data:
elf_dict['modinfo'] = modinfo_data
except (AttributeError, TypeError, lief.bad_file):
logging.error(f'Bad file for lief/elf analysis {file_object.uid}.',
exc_info=True)
return elf_dict
self.get_final_analysis_dict(binary_json_dict, elf_dict)
self._convert_address_values_to_hex(elf_dict)
return elf_dict, parsed_binary
def main():
parser = argparse.ArgumentParser()
parser.add_argument('binary', help='A binary')
args = parser.parse_args()
binary = lief.parse(args.binary)
json_data = json.loads(lief.to_json_from_abstract(binary))
print(json.dumps(json_data, sort_keys=True, indent=4))
def _analyze_elf(self, file_object):
elf_dict = {}
try:
parsed_binary = lief.parse(file_object.file_path)
binary_json_dict = json.loads(lief.to_json_from_abstract(parsed_binary))
if parsed_binary.exported_functions:
binary_json_dict['exported_functions'] = normalize_lief_items(parsed_binary.exported_functions)
if parsed_binary.imported_functions:
binary_json_dict['imported_functions'] = normalize_lief_items(parsed_binary.imported_functions)
if parsed_binary.libraries:
binary_json_dict['libraries'] = normalize_lief_items(parsed_binary.libraries)
except (TypeError, lief.bad_file) as error:
logging.error('Bad file for lief/elf analysis {}. {}'.format(file_object.get_uid(), error))
return elf_dict
self.get_final_analysis_dict(binary_json_dict, elf_dict)
return elf_dict, parsed_binary
async def scan(self, payload: Payload, request: Request) -> WorkerResponse:
"""
Scan a payload using LIEF
"""
filename = payload.results.payload_meta.extra_data.get(
'filename', payload.results.payload_id)
try:
binary = lief.parse(raw=payload.content, name=filename)
except lief.exception as err:
raise StoqPluginException(f'Unable to parse payload: {err}')
if binary is None:
raise StoqPluginException('The file type isn\'t supported by LIEF')
if self.abstract == True:
results = lief.to_json_from_abstract(binary.abstract)
else:
results = lief.to_json(binary)
return WorkerResponse(json.loads(results))