Current File : //opt/imunify360/venv/lib64/python3.11/site-packages/imav/malwarelib/scan/scan_result.py |
"""
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Copyright © 2019 Cloud Linux Software Inc.
This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
"""
import asyncio
import logging
import time
from concurrent.futures.thread import ThreadPoolExecutor
from functools import wraps
from tempfile import NamedTemporaryFile
from typing import Any, Dict
from uuid import uuid4
from imav.malwarelib.config import MalwareScanType
from imav.malwarelib.utils.user_list import fill_results_owner
from defence360agent.contracts.config import Malware
from defence360agent.contracts.hook_events import HookEvent
from defence360agent.subsys.panels import hosting_panel
from defence360agent.utils import encode_filename
logger = logging.getLogger(__name__)
_executor = ThreadPoolExecutor(max_workers=1)
SCAN_OPTIONS = [
"intensity_cpu",
"intensity_io",
"intensity_ram",
"detect_elf",
"use_filters",
]
DIRECT_SCAN_OPTIONS = [
*SCAN_OPTIONS,
"follow_symlinks",
"exclude_patterns",
"file_patterns",
]
SCAN_HOOK_PARAMS = [
"file_patterns",
"follow_symlinks",
"exclude_patterns",
"intensity_cpu",
"intensity_io",
"intensity_ram",
]
class ScanResult:
def __init__(self, path, scan_id, scan_type):
self.scans = []
self.total_files = 0
self.error = None
self.errors = []
self._begin_time = self._end_time = None
self._aggregated_results = {}
self._path = path
self._scan_id = scan_id
self._scan_type = scan_type
self.args = None
def is_detached(self):
return self._scan_type in (
MalwareScanType.BACKGROUND,
MalwareScanType.ON_DEMAND,
MalwareScanType.USER,
)
def set_start_stop(self, begin_time=None, end_time=None):
if begin_time:
self._begin_time = begin_time
if end_time:
self._end_time = end_time
def to_dict_initial(self):
result = {
"summary": {
"scanid": self._scan_id,
"type": self._scan_type,
"path": self._path,
"started": self._begin_time,
"completed": self._end_time,
"total_files": self.total_files,
"error": self.error,
"errors": self.errors,
},
# We need to provide empty (not null) result to 'complete_scan'
# in case of scan without files
"results": None if self.is_detached() else {},
}
# Do not include args if they are not applicable
if self.args:
result["summary"]["args"] = self.args
return result
def to_dict(self):
as_dict = self.to_dict_initial()
as_dict["results"] = self.scans
return as_dict
def _aggregate_result(self):
self.scans = aggregate_result(list(*self.scans))
return self
async def get(self):
self._aggregate_result()
await fill_results_owner(self.scans)
return self
def aggregate_result(scans):
aggregated_results: Dict[str, Any] = {}
for record in scans:
matches = {
"matches": record["signature"],
"suspicious": record["suspicious"],
"extended_suspicious": record.get("extended_suspicious", False),
"timestamp": record["timestamp"],
}
if record.get("ignore"):
logger.info(
"File match for %s will be ignored: %s",
record["file_name"],
matches,
)
continue
row = aggregated_results.setdefault(
record["file_name"],
{
"hits": [],
"size": record["size"],
"hash": record["hash"],
"ctime": record.get("ctime", 0),
"modification_time": record.get("modification_time", 0),
},
)
if record.get("curable"):
matches["curable"] = True
# The first - non suspicious matches, suspicious - the second
if record["suspicious"]:
row["hits"].append(matches)
else:
row["hits"].insert(0, matches)
return aggregated_results
def event_hook(sink):
def _extract_scan_hook_params(kwargs):
return {opt: kwargs[opt] for opt in kwargs if opt in SCAN_HOOK_PARAMS}
def wrap(f):
@wraps(f)
async def wrapper(
path, scan_id=None, scan_type=None, started=None, **kwargs
):
scan_id = scan_id or uuid4().hex
started = started or time.time()
scan_params = _extract_scan_hook_params(kwargs)
if scan_type:
scan_started_event = HookEvent.MalwareScanningStarted(
scan_id=scan_id,
scan_type=scan_type,
path=path,
started=started,
scan_params=scan_params,
)
await sink.process_message(scan_started_event)
_started = time.time()
try:
scan_result = await f(
path, scan_id=scan_id, scan_type=scan_type, **kwargs
)
except asyncio.CancelledError:
raise
except Exception as e:
logger.exception("Scan wrapper task failed")
scan_result = {
"summary": {
"scanid": scan_id,
"type": scan_type,
"path": path,
"total_files": 0,
"started": _started,
"completed": time.time(),
"error": repr(e),
},
"results": {},
}
return scan_result
return wrapper
return wrap
class DirectAiBolit:
def __init__(self, *_, **__):
pass
@staticmethod
async def _add_db_dir(home_dir, scan_options):
if Malware.RAPID_SCAN:
d = hosting_panel.HostingPanel().get_rapid_scan_db_dir(home_dir)
scan_options["db_dir"] = d
@staticmethod
def _extract_scan_options(kwargs):
return {
opt: kwargs[opt] for opt in kwargs if opt in DIRECT_SCAN_OPTIONS
}
@staticmethod
def _update_scan_options(kwargs):
if (
"exclude_patterns" in kwargs
and kwargs["exclude_patterns"] is not None
):
kwargs["exclude_patterns"] = ",".join(kwargs["exclude_patterns"])
if "file_patterns" in kwargs and kwargs["file_patterns"] is not None:
kwargs["file_patterns"] = ",".join(kwargs["file_patterns"])
return kwargs
def __call__(self, f):
@wraps(f)
async def wrapper(
path, scan_id=None, scan_type=None, begin_time=None, **kwargs
):
scan_options = self._update_scan_options(
self._extract_scan_options(kwargs)
)
if scan_type in (MalwareScanType.USER, MalwareScanType.BACKGROUND):
await self._add_db_dir(path, scan_options)
scan_result = ScanResult(path, scan_id, scan_type)
scan_result.set_start_stop(begin_time=begin_time)
scan_result.scans, scan_result.error = await f(
None,
scan_type=scan_type,
scan_id=scan_id,
scan_path=path,
**scan_options,
)
scan_result.scans = list(*scan_result.scans)
return scan_result
return wrapper
class PrepareFileList:
def __init__(self, tmpdir):
self._tmpdir = tmpdir
async def prepare_file(self, fname, files, **kwargs) -> int:
total_files = self._write_list_to_file(fname, files)
return total_files
@staticmethod
def _write_list_to_file(fname, files):
with open(fname, "wb") as f:
total_files = 0
for file in files:
total_files += 1
f.write(encode_filename(file))
return total_files
@staticmethod
def _extract_scan_options(kwargs):
return {opt: kwargs[opt] for opt in kwargs if opt in SCAN_OPTIONS}
def __call__(self, f):
@wraps(f)
async def wrapper(
path, scan_id=None, scan_type=None, begin_time=None, **kwargs
):
scan_options = self._extract_scan_options(kwargs)
scan_result = ScanResult(path, scan_id, scan_type)
scan_result.set_start_stop(begin_time=begin_time)
with NamedTemporaryFile(dir=self._tmpdir) as tf:
total_files = await self.prepare_file(tf.name, path, **kwargs)
scan_result.scans, scan_result.error = await f(
tf, scan_type=scan_type, scan_id=scan_id, **scan_options
)
scan_result.total_files = total_files
scan_result.scans = list(*scan_result.scans)
return scan_result
return wrapper