class Attachments(AbstractBolt):
outputs = ['sha256_random', 'with_attachments', 'attachments']
def initialize(self, stormconf, context):
super(Attachments, self).initialize(stormconf, context)
self.attach = MailAttachments()
self._load_settings()
def _load_settings(self):
# Loading configuration
self._load_lists()
settings = copy.deepcopy(self.conf)
settings.update({
"filter_cont_types":
self._filter_cont_types,
"tika_whitelist_cont_types":
self._tika_whitelist_cont_types
})
self.attach.reload(**settings)
def _load_lists(self):
# Load content types to filter
self._filter_cont_types = load_keywords_list(
self.conf["content_types_blacklist"], lower=False)
self.log("Content types to filter reloaded")
# Load Tika content types to analyze
self._tika_whitelist_cont_types = set()
if self.conf["tika"]["enabled"]:
self._tika_whitelist_cont_types = load_keywords_list(
self.conf["tika"]["valid_content_types"], lower=False)
self.log("Whitelist Tika content types reloaded")
def process_tick(self, freq):
"""Every freq seconds you reload the keywords. """
super(Attachments, self).process_tick(freq)
self._load_settings()
def process(self, tup):
try:
sha256_random = tup.values[0]
with_attachments = tup.values[1]
# Remove all values
self.attach.removeall()
# Add the new values
self.attach.extend(tup.values[2])
# Run analysis
# self.attach.run() == self.attach()
self.attach.run()
except Error, e:
self.raise_exception(e, tup)
else:
class Attachments(AbstractBolt):
outputs = ['sha256_random', 'with_attachments', 'attachments']
def initialize(self, stormconf, context):
super(Attachments, self).initialize(stormconf, context)
self.attach = MailAttachments()
self._load_settings()
def _load_settings(self):
# Loading configuration
settings = self._load_lists()
self.attach.reload(**settings)
def _load_lists(self):
settings = copy.deepcopy(self.conf)
for k in self.conf:
for i, j in self.conf[k].get("lists", {}).items():
settings[k][i] = load_keywords_list(j)
self.log("Loaded lists {!r} for {!r}".format(i, k), "debug")
self.log(
"Keys[{!r}][{!r}]: {}".format(k, i,
", ".join(settings[k][i])),
"debug")
else:
return settings
def process_tick(self, freq):
"""Every freq seconds you reload the keywords. """
super(Attachments, self).process_tick(freq)
self._load_settings()
def process(self, tup):
try:
sha256_random = tup.values[0]
sha256 = sha256_random.split("_")[0]
self.log("Processing started: {}".format(sha256))
with_attachments = tup.values[1]
# Remove all values
self.attach.removeall()
# Add the new values
self.attach.extend(tup.values[2])
# Run analysis
# self.attach.run() == self.attach()
self.attach.run()
except BinAsciiError, e:
self.raise_exception(e, tup)
else: