def add_file(file_path, name=None, tags=None, parent=None): obj = File(file_path) new_path = store_sample(obj, __project__) print(new_path) if not name: name = os.path.basename(file_path) # success = True if new_path: # Add file to the database. try: db = Database() db.add(obj=obj, name=name, tags=tags, parent_sha=parent) except Exception as e: log.error("Exception while adding sample to DB: {str(e)}") # Removing stored file since DB write failed remove_sample(new_path) return None # AutoRun Modules if cfg.autorun.enabled: autorun_module(obj.sha256) # Close the open session to keep the session table clean __sessions__.close() return obj.sha256 else: log.info("File already exists in database") return None
def _process_uploaded(db, uploaded_file_path, file_name, tag_list=None, note_title=None, note_body=None): """_process_uploaded add one uploaded file to database and to storage then remove uploaded file""" log.debug("adding: {} as {}".format(uploaded_file_path, file_name)) malware = File(uploaded_file_path) malware.name = file_name if get_sample_path(malware.sha256): error = {"error": {"code": "DuplicateFileHash", "message": "File hash exists already: {} (sha256: {})".format(malware.name, malware.sha256)}} log.error("adding failed: {}".format(error)) raise ValidationError(detail=error) # TODO(frennkie) raise more specific error?! so that we can catch it..?! # Try to store file object into database if db.add(obj=malware, tags=tag_list): # If succeeds, store also in the local repository. # If something fails in the database (for example unicode strings) # we don't want to have the binary lying in the repository with no # associated database record. malware_stored_path = store_sample(malware) # run autoruns on the stored sample if cfg.get('autorun').enabled: autorun_module(malware.sha256) log.debug("added file \"{0}\" to {1}".format(malware.name, malware_stored_path)) if note_body and note_title: db.add_note(malware.sha256, note_title, note_body) log.debug("added note: \"{0}\"".format(note_title)) else: error = {"error": {"code": "DatabaseAddFailed", "message": "Adding File to Database failed: {} (sha256: {})".format(malware.name, malware.sha256)}} log.error("adding failed: {}".format(error)) raise ValidationError(detail=error) # clean up try: os.remove(uploaded_file_path) except OSError as err: log.error("failed to delete temporary file: {}".format(err)) return malware
def add_file(file_path, tags, parent): obj = File(file_path) new_path = store_sample(obj) print new_path success = True if new_path: # Add file to the database. db = Database() success = db.add(obj=obj, tags=tags, parent_sha=parent) # AutoRun Modules if cfg.autorun.enabled: autorun_module(obj.sha256) # Close the open session to keep the session table clean __sessions__.close() return obj.sha256 else: # ToDo Remove the stored file if we cant write to DB return
def add_file(file_path, name=None, url=None, tags=None, parent=None): obj = File(file_path, url) new_path = store_sample(obj) print(new_path) if not name: name = os.path.basename(file_path) # success = True if new_path: # Add file to the database. db = Database() db.add(obj=obj, name=name, tags=tags, url=url, parent_sha=parent) # AutoRun Modules if cfg.autorun.enabled: autorun_module(obj.sha256) # Close the open session to keep the session table clean __sessions__.close() return obj.sha256 else: # ToDo Remove the stored file if we cant write to DB return
def run(self, *args): try: args = self.parser.parse_args(args) except SystemExit: return if args.folder is not None: # Allows to have spaces in the path. args.folder = " ".join(args.folder) if args.tags is not None: # Remove the spaces in the list of tags args.tags = "".join(args.tags) def add_file(obj, tags=None): if get_sample_path(obj.sha256): self.log('warning', "Skip, file \"{0}\" appears to be already stored".format(obj.name)) return False if __sessions__.is_attached_misp(quiet=True): if tags is not None: tags += ',misp:{}'.format(__sessions__.current.misp_event.event.id) else: tags = 'misp:{}'.format(__sessions__.current.misp_event.event.id) # Try to store file object into database. status = db.add(obj=obj, tags=tags) if status: # If succeeds, store also in the local repository. # If something fails in the database (for example unicode strings) # we don't want to have the binary lying in the repository with no # associated database record. new_path = store_sample(obj) self.log("success", "Stored file \"{0}\" to {1}".format(obj.name, new_path)) else: return False # Delete the file if requested to do so. if args.delete: try: os.unlink(obj.path) except Exception as e: self.log('warning', "Failed deleting file: {0}".format(e)) return True # If the user specified the --folder flag, we walk recursively and try # to add all contained files to the local repository. # This is note going to open a new session. # TODO: perhaps disable or make recursion optional? if args.folder is not None: # Check if the specified folder is valid. if os.path.isdir(args.folder): # Walk through the folder and subfolders. for dir_name, dir_names, file_names in walk(args.folder): # Add each collected file. for file_name in file_names: file_path = os.path.join(dir_name, file_name) if not os.path.exists(file_path): continue # Check if file is not zero. if not os.path.getsize(file_path) > 0: continue # Check if the file name matches the provided pattern. if args.file_name: if not fnmatch.fnmatch(file_name, args.file_name): # self.log('warning', "Skip, file \"{0}\" doesn't match the file name pattern".format(file_path)) continue # Check if the file type matches the provided pattern. if args.file_type: if args.file_type not in File(file_path).type: # self.log('warning', "Skip, file \"{0}\" doesn't match the file type".format(file_path)) continue # Check if file exceeds maximum size limit. if args.file_size: # Obtain file size. if os.path.getsize(file_path) > args.file_size: self.log('warning', "Skip, file \"{0}\" is too big".format(file_path)) continue file_obj = File(file_path) # Add file. add_file(file_obj, args.tags) if add_file and cfg.get('autorun').enabled: autorun_module(file_obj.sha256) # Close the open session to keep the session table clean __sessions__.close() else: self.log('error', "You specified an invalid folder: {0}".format(args.folder)) # Otherwise we try to store the currently opened file, if there is any. else: if __sessions__.is_set(): if __sessions__.current.file.size == 0: self.log('warning', "Skip, file \"{0}\" appears to be empty".format(__sessions__.current.file.name)) return False # Add file. if add_file(__sessions__.current.file, args.tags): # Open session to the new file. Open().run(*[__sessions__.current.file.sha256]) if cfg.get('autorun').enabled: autorun_module(__sessions__.current.file.sha256) else: self.log('error', "No open session")
def cmd_store(self, *args): parser = argparse.ArgumentParser( prog='store', description="Store the opened file to the local repository") parser.add_argument('-d', '--delete', action='store_true', help="Delete the original file") parser.add_argument('-f', '--folder', type=str, nargs='+', help="Specify a folder to import") parser.add_argument('-s', '--file-size', type=int, help="Specify a maximum file size") parser.add_argument('-y', '--file-type', type=str, help="Specify a file type pattern") parser.add_argument('-n', '--file-name', type=str, help="Specify a file name pattern") parser.add_argument('-t', '--tags', type=str, nargs='+', help="Specify a list of comma-separated tags") try: args = parser.parse_args(args) except: return if args.folder is not None: # Allows to have spaces in the path. args.folder = " ".join(args.folder) if args.tags is not None: # Remove the spaces in the list of tags args.tags = "".join(args.tags) def add_file(obj, tags=None): if get_sample_path(obj.sha256): self.log( 'warning', "Skip, file \"{0}\" appears to be already stored".format( obj.name)) return False if __sessions__.is_attached_misp(quiet=True): if tags is not None: tags += ',misp:{}'.format( __sessions__.current.misp_event.event_id) else: tags = 'misp:{}'.format( __sessions__.current.misp_event.event_id) # Try to store file object into database. status = self.db.add(obj=obj, tags=tags) if status: # If succeeds, store also in the local repository. # If something fails in the database (for example unicode strings) # we don't want to have the binary lying in the repository with no # associated database record. new_path = store_sample(obj) self.log( "success", "Stored file \"{0}\" to {1}".format(obj.name, new_path)) else: return False # Delete the file if requested to do so. if args.delete: try: os.unlink(obj.path) except Exception as e: self.log('warning', "Failed deleting file: {0}".format(e)) return True # If the user specified the --folder flag, we walk recursively and try # to add all contained files to the local repository. # This is note going to open a new session. # TODO: perhaps disable or make recursion optional? if args.folder is not None: # Check if the specified folder is valid. if os.path.isdir(args.folder): # Walk through the folder and subfolders. for dir_name, dir_names, file_names in walk(args.folder): # Add each collected file. for file_name in file_names: file_path = os.path.join(dir_name, file_name) if not os.path.exists(file_path): continue # Check if file is not zero. if not os.path.getsize(file_path) > 0: continue # Check if the file name matches the provided pattern. if args.file_name: if not fnmatch.fnmatch(file_name, args.file_name): # self.log('warning', "Skip, file \"{0}\" doesn't match the file name pattern".format(file_path)) continue # Check if the file type matches the provided pattern. if args.file_type: if args.file_type not in File(file_path).type: # self.log('warning', "Skip, file \"{0}\" doesn't match the file type".format(file_path)) continue # Check if file exceeds maximum size limit. if args.file_size: # Obtain file size. if os.path.getsize(file_path) > args.file_size: self.log( 'warning', "Skip, file \"{0}\" is too big".format( file_path)) continue file_obj = File(file_path) # Add file. add_file(file_obj, args.tags) if add_file and cfg.autorun.enabled: autorun_module(file_obj.sha256) # Close the open session to keep the session table clean __sessions__.close() else: self.log( 'error', "You specified an invalid folder: {0}".format(args.folder)) # Otherwise we try to store the currently opened file, if there is any. else: if __sessions__.is_set(): if __sessions__.current.file.size == 0: self.log( 'warning', "Skip, file \"{0}\" appears to be empty".format( __sessions__.current.file.name)) return False # Add file. if add_file(__sessions__.current.file, args.tags): # Open session to the new file. self.cmd_open(*[__sessions__.current.file.sha256]) if cfg.autorun.enabled: autorun_module(__sessions__.current.file.sha256) else: self.log('error', "No open session")
def _process_uploaded(db, uploaded_file_path, file_name, tag_list=None, note_title=None, note_body=None): """_process_uploaded add one uploaded file to database and to storage then remove uploaded file""" log.debug("adding: {} as {}".format(uploaded_file_path, file_name)) malware = File(uploaded_file_path) malware.name = file_name if get_sample_path(malware.sha256): error = { "error": { "code": "DuplicateFileHash", "message": "File hash exists already: {} (sha256: {})".format( malware.name, malware.sha256) } } log.error("adding failed: {}".format(error)) raise ValidationError( detail=error ) # TODO(frennkie) raise more specific error?! so that we can catch it..?! # Try to store file object into database if db.add(obj=malware, tags=tag_list): # If succeeds, store also in the local repository. # If something fails in the database (for example unicode strings) # we don't want to have the binary lying in the repository with no # associated database record. malware_stored_path = store_sample(malware) # run autoruns on the stored sample if cfg.get('autorun').enabled: autorun_module(malware.sha256) log.debug("added file \"{0}\" to {1}".format( malware.name, malware_stored_path)) if note_body and note_title: db.add_note(malware.sha256, note_title, note_body) log.debug("added note: \"{0}\"".format(note_title)) else: error = { "error": { "code": "DatabaseAddFailed", "message": "Adding File to Database failed: {} (sha256: {})".format( malware.name, malware.sha256) } } log.error("adding failed: {}".format(error)) raise ValidationError(detail=error) # clean up try: os.remove(uploaded_file_path) except OSError as err: log.error("failed to delete temporary file: {}".format(err)) return malware
def cmd_store(self, *args): parser = argparse.ArgumentParser(prog='store', description="Store the opened file to the local repository") parser.add_argument('-d', '--delete', action='store_true', help="Delete the original file") parser.add_argument('-f', '--folder', type=str, nargs='+', help="Specify a folder to import") parser.add_argument('-s', '--file-size', type=int, help="Specify a maximum file size") parser.add_argument('-y', '--file-type', type=str, help="Specify a file type pattern") parser.add_argument('-n', '--file-name', type=str, help="Specify a file name pattern") parser.add_argument('-t', '--tags', type=str, nargs='+', help="Specify a list of comma-separated tags") try: args = parser.parse_args(args) except: return if args.folder is not None: # Allows to have spaces in the path. args.folder = " ".join(args.folder) if args.tags is not None: # Remove the spaces in the list of tags args.tags = "".join(args.tags) def add_file(obj, tags=None): if get_sample_path(obj.sha256): self.log('warning', "Skip, file \"{0}\" appears to be already stored".format(obj.name)) return False # Try to store file object into database. status = self.db.add(obj=obj, tags=tags) if status: # If succeeds, store also in the local repository. # If something fails in the database (for example unicode strings) # we don't want to have the binary lying in the repository with no # associated database record. new_path = store_sample(obj) self.log("success", "Stored file \"{0}\" to {1}".format(obj.name, new_path)) else: return False # Delete the file if requested to do so. if args.delete: try: os.unlink(obj.path) except Exception as e: self.log('warning', "Failed deleting file: {0}".format(e)) return True # If the user specified the --folder flag, we walk recursively and try # to add all contained files to the local repository. # This is note going to open a new session. # TODO: perhaps disable or make recursion optional? if args.folder is not None: # Check if the specified folder is valid. if os.path.isdir(args.folder): # Walk through the folder and subfolders. for dir_name, dir_names, file_names in walk(args.folder): # Add each collected file. for file_name in file_names: file_path = os.path.join(dir_name, file_name) if not os.path.exists(file_path): continue # Check if file is not zero. if not os.path.getsize(file_path) > 0: continue # Check if the file name matches the provided pattern. if args.file_name: if not fnmatch.fnmatch(file_name, args.file_name): # self.log('warning', "Skip, file \"{0}\" doesn't match the file name pattern".format(file_path)) continue # Check if the file type matches the provided pattern. if args.file_type: if args.file_type not in File(file_path).type: # self.log('warning', "Skip, file \"{0}\" doesn't match the file type".format(file_path)) continue # Check if file exceeds maximum size limit. if args.file_size: # Obtain file size. if os.path.getsize(file_path) > args.file_size: self.log('warning', "Skip, file \"{0}\" is too big".format(file_path)) continue file_obj = File(file_path) # Add file. add_file(file_obj, args.tags) if add_file and cfg.autorun.enabled: autorun_module(file_obj.sha256) # Close the open session to keep the session table clean __sessions__.close() else: self.log('error', "You specified an invalid folder: {0}".format(args.folder)) # Otherwise we try to store the currently opened file, if there is any. else: if __sessions__.is_set(): if __sessions__.current.file.size == 0: self.log('warning', "Skip, file \"{0}\" appears to be empty".format(__sessions__.current.file.name)) return False # Add file. if add_file(__sessions__.current.file, args.tags): # Open session to the new file. self.cmd_open(*[__sessions__.current.file.sha256]) if cfg.autorun.enabled: autorun_module(__sessions__.current.file.sha256) else: self.log('error', "No session opened")