Hacked By AnonymousFox

Current Path : /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/__pycache__/
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/__pycache__/model.cpython-311.pyc
�

��g�j����dZddlmZddlZddlZddlZddlmZddlm	Z	ddl
mZddlmZddl
mZmZmZmZmZdd	lmZmZmZmZmZmZmZmZmZmZmZmZdd
l m!Z!ddl"m#Z#ddl$m%Z%m&Z&dd
l'm(Z(m)Z)m*Z*ddl+m,Z,m-Z-m.Z.m/Z/ddl0m1Z1m2Z2m3Z3m4Z4ddl5m6Z6Gd�de%��Z7Gd�de%��Z8ed���Gd�d����Z9Gd�de%��Z:Gd�de%��Z;dS)u

This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
�)�annotationsN)�	dataclass)�
attrgetter)�Path)�time)�Dict�Iterable�List�Set�cast)�BooleanField�Case�	CharField�Check�
Expression�
FloatField�ForeignKeyField�IntegerField�PrimaryKeyField�SQL�	TextField�fn��
model_to_dict)�UserType)�Model�instance)�
FilenameField�
ScanPathField�apply_order_by)�execute_iterable_expression�get_abspath_from_user_dir�get_results_iterable_expression�split_for_chunk)�FAILED_TO_CLEANUP�MalwareHitStatus�MalwareScanResourceType�MalwareScanType)�get_crontabc�b�eZdZdZGd�d��Zed���Zed���Zed���Z	ede
d�ej
ejejejejejejf����g�	��Zedd
���Zedd���Zedd
���Zedd
���Zede
d�ejjejjf����g�	��Zed���Z e!	dej
ejejfd
d�d���Z"d
S)�MalwareScanz�Represents a batch of files scanned for malware

    Usually a single AI-BOLIT execution.
    See :class:`.MalwareScanType` for possible kinds of scans.
    c� �eZdZejZdZdS)�MalwareScan.Meta�
malware_scansN��__name__�
__module__�__qualname__r�db�database�db_table���J/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/model.py�Metar-Ns�������;��"���r7r9T)�primary_keyF��nullz
type in {}�r<�constraintsr�r<�default�N�resource_type in {})�types�pathsc�v�|�|j|j|j|j|j|j|j|j�	d��|j
�	�	�|j�|�����|j|k���|j|k��}|r-|�|j�|����}|�
|j|j|j|j���tj������|���|��}|�t'|||��}|�d���t+|�����fS)N�	scan_typeT��clear_limit)�select�total_resources�path�scanid�started�	completed�error�total_malicious�type�alias�
resource_type�where�in_�group_by�order_byr+�desc�limit�offsetr �count�list�dicts)	�cls�since�torYrZrWrCrD�querys	         r8�
ondemand_listzMalwareScan.ondemand_list�sd��"
�J�J��#����
����
��	��#�����{�+�+��!�

�

��U�3�8�<�<��&�&�
'�
'�
�U�3�;�%�'�
(�
(�
�U�3�;�"�$�
%�
%�	�"�	5��K�K�����U� 3� 3�4�4�E�
�N�N��#�S�X�s�z�3�;�
�
��X�k�)�.�.�0�0�
1�
1�
�U�5�\�\�
�V�F�^�^�
	���"�8�S�%�8�8�E��{�{�t�{�,�,�d�5�;�;�=�=�.A�.A�A�Ar7�N)#r0r1r2�__doc__r9rrLrrMrNr�formatr(�	ON_DEMAND�REALTIME�MALWARE_RESPONSE�
BACKGROUND�RESCAN�USER�RESCAN_OUTDATEDrQrJrrKrrOrPr'�DB�value�FILErS�	initiator�classmethodrbr6r7r8r+r+Gs��������#�#�#�#�#�#�#�#�
�Y�4�
(�
(�
(�F��l��&�&�&�G���$�'�'�'�I��9�
��E��#�#�'�1�'�0�'�8�'�2�'�.�'�,�'�7��
�
�
�
�
����D�&#�l��q�9�9�9�O��=�d�B�/�/�/�D�

�I�4��.�.�.�E�"�l��q�9�9�9�O��I�
��E�%�,�,�/�2�8�/�4�:����
�
�	
����M��	�t�$�$�$�I���
/B�
�%��&�� �
�
�/B�/B�/B�/B��[�/B�/B�/Br7r+c	���eZdZdZGd�d��Ze��Zeeddd���Z	e
d���Ze
d���Ze
d���Ze
d���Zedd�	��Ze
d
���Ze
d
���Zed
���Ze
ej���Zed
���Ze
ded�ejjejjf����g�
��Z e
d
���Z!e
d
���Z"e
d
���Z#e
d
���Z$e
d
���Z%e&d���Z'Gd�d��Z(e)										d<d���Z*e)d���Z+e)	d=d���Z,e)d>d���Z-e)dd�d���Z.e)d>d���Z/e)d?d���Z0e)d@d���Z1e)dAd!���Z2e)d"���Z3e)	dBd#���Z4e)dd$�d%���Z5e)dCd(���Z6e)d)���Z7d*�Z8e)dDdEd,���Z9e)d-���Z:e)dAd.���Z;e)dAd/���Z<e)dAd0���Z=e)d1���Z>e)d2���Z?e)d3���Z@eAdFd9���ZBd:�ZCd;�ZDdS)G�
MalwareHitz*Represents a malicious or suspicious file.c� �eZdZejZdZdS)�MalwareHit.Meta�malware_hitsNr/r6r7r8r9ru�s�������;��!���r7r9F�hits�CASCADE)r<�related_name�	on_deleter;r?T)r@rBr=c�T�tt|j��}t|��Src)r�str�	orig_filer)�selfr}s  r8�orig_file_pathzMalwareHit.orig_file_path�s����d�n�-�-�	��I���r7c�$�eZdZed���ZdS)�MalwareHit.OrderByc	��ttjtjdftjdftjdftjdftjdffd��fS)Nr�����d)	rrs�statusr&�CLEANUP_PENDING�CLEANUP_STARTED�FOUND�CLEANUP_DONE�CLEANUP_REMOVEDr6r7r8r�zMalwareHit.OrderBy.status�sb����%�)�9�1�=�)�9�1�=�)�/��3�)�6��:�)�9�1�=���
�
��
r7N)r0r1r2�staticmethodr�r6r7r8�OrderByr��s-������	�
	�
	�
��
	�
	�
	r7r�rNc��|�|t���t��}
|p
t��}d�|��}tj|ktj|kz}||z}|�|t
d|f��|j|zzz}|�|tj|kz}|�|tj	|kz}|
�|tj
|
zz}|}|�"|tj�|��z}|
�
|���|���|��}|	�t!|	t|��}|�|��}d�|D��}||fS)Nz%{}%zCAST(orig_file AS TEXT) LIKE ?c�6�g|]}|�����Sr6)�as_dict��.0�rows  r8�
<listcomp>z)MalwareHit._hits_list.<locals>.<listcomp>7s ��3�3�3�C�#�+�+�-�-�3�3�3r7)rIr+�joinrrerMr�userrsrLr��idrUrTrYrZr �	_hits_num)r^�clausesr_r`rYrZ�search�
by_scan_idr�rW�	by_status�ids�kwargsrw�patternrM�full_clauses�max_count_clauses�ordered�	max_count�results                     r8�
_hits_listzMalwareHit._hits_lists{�� �z�z�#�{�+�+�0�0��=�=��
�\�4�6�6���-�-��'�'���&�%�/�K�4G�2�4M�N����(�����C�0�7�*�����7�"�$�
$�L����J�O�t�3�3�L��!��K�.�*�<�<�L�� ��J�-��:�:�L�(���?��J�M�-�-�c�2�2�2�L��*�*�\�*�*�0�0��7�7�>�>�v�F�F����$�X�z�7�C�C�G��M�M�"3�4�4�	�3�3�7�3�3�3���&� � r7c�H�|j|���g|�Ri|��Src)r��
is_suspicious)r^�argsr�s   r8�suspicious_listzMalwareHit.suspicious_list;s0���s�~�c�/�/�1�1�C�D�C�C�C�F�C�C�Cr7c�x�|r&|r$|tj|ktj|kzz}|�||j|kz}|�t	j|j�����t���|��}|�t|t|��}|���Src)r+rMr�rIr�COUNTr�r�rTr rs�scalar)r^r�r_r`r�rW�qs       r8r�zMalwareHit._hits_num?s����	�R�	���+�u�4��#�r�)��
�G����s�x�4�'�'�G��J�J�r�x���'�'�(�(�-�-�k�:�:�@�@��I�I�����x��Q�7�7�A��x�x�z�z�r7c��|�|j�tj��|jz|||��Src)r�r��not_inr&�CLEANUP�	malicious)r^r_r`r�s    r8�
malicious_numzMalwareHit.malicious_numNs?���}�}�
�Z�
�
�/�7�
8�
8�3�=�
H����	
�
�	
r7)�ignore_cleanedc��|j}|r'||j�tj��z}|j|g|�Ri|��Src)r�r�r�r&r�r�)r^r�r�r�r�s     r8�malicious_listzMalwareHit.malicious_listWsR���-���	C��s�z�(�(�)9�)A�B�B�B�G��s�~�g�7��7�7�7��7�7�7r7c�F�d�|D��}d�}t|||||��S)Nc��g|]	}|j��
Sr6�r�r�s  r8r�z)MalwareHit.set_status.<locals>.<listcomp>`s��'�'�'�3���'�'�'r7c��d|i}|�||d<|jdi|���|j�|����S)Nr��
cleaned_atr6)�updaterTr�rU)r�r^r�r��fields_to_updates     r8�
expressionz)MalwareHit.set_status.<locals>.expressionbsU���&� ���%�1;� ��.��3�:�1�1� 0�1�1�7�7���
�
�3���H�H�Hr7�r!)r^rwr�r�r�s     r8�
set_statuszMalwareHit.set_status^sF��'�'�$�'�'�'��	I�	I�	I�+���c�6�:�
�
�	
r7�	to_deleter\c�F��d�|D��}�fd�}t||��S)Nc��g|]	}|j��
Sr6r�r�s  r8r�z/MalwareHit.delete_instances.<locals>.<listcomp>qs��1�1�1��S�V�1�1�1r7c���������j�|����Src)�deleterTr�rU)r�r^s �r8r�z/MalwareHit.delete_instances.<locals>.expressionss+����:�:�<�<�%�%�c�f�j�j��o�o�6�6�6r7r�)r^r�r�s`  r8�delete_instanceszMalwareHit.delete_instancesosA���1�1�y�1�1�1�	�	7�	7�	7�	7�	7�+�:�y�A�A�Ar7�	to_updatec��|D]V}|���D]?\}}|���D]\}}t|||���|j���@�WdSrc)�items�setattr�save)r^r��datar�new_fields_data�fieldrns       r8�update_instanceszMalwareHit.update_instancesxs���	 �	 �D�-1�Z�Z�\�\�
 �
 �)��/�$3�$9�$9�$;�$;�4�4�L�E�5��H�e�U�3�3�3�3���
�����
 �	 �	 r7�returnrc�`�|j�tjg��|jz}|Src)r�rUr&r�r�)r^r�s  r8�is_infectedzMalwareHit.is_infected�s:��
�J�N�N�$�*��
�
�
�m�
�	��r7c��|jSrc)r��r^s r8r�zMalwareHit.is_suspicious�s���
�~�r7c	�T�����fd�}tt||||d�����S)Nc���|j}|�||j�|��z}nS�r(||j�t
j��z}n)�r'||j�t
j��z}|�5t|t��r|g}||j
�|��z}|����|��Src)
r�r�rUr�r�r&r��
RESTORABLE�
isinstancer|r�rIrT)�chunk_of_idsr^r�r��cleanup�restores    ��r8r�z/MalwareHit.malicious_select.<locals>.expression�s�����m�G��'��3�6�:�:�l�3�3�3����
G��3�:�,�,�-=�-E�F�F�F����
G��3�:�>�>�*:�*E�F�F�F�����d�C�(�(�"� �6�D��3�8�<�<��-�-�-���:�:�<�<�%�%�g�.�.�.r7T)�exec_expr_with_empty_iter�r\r#)r^r�r�r�r�r�r�s   ``  r8�malicious_selectzMalwareHit.malicious_select�sS����	/�	/�	/�	/�	/�	/��+��C��d�d�
�
�
�
�
�	
r7)�statusesc�2�����fd�}t||��S)Nc�����j�|��}�r|�j����z}�����|��Src)r}rUr�rIrT)�filesr�r^r�s  ��r8r�z'MalwareHit.get_hits.<locals>.expression�sT����m�'�'��.�.�G��
4��3�:�>�>�(�3�3�3���:�:�<�<�%�%�g�.�.�.r7)r#)r^r�r�r�s` ` r8�get_hitszMalwareHit.get_hits�s4����	/�	/�	/�	/�	/�	/�/�z�5�A�A�Ar7�	hits_inforc�x��d�|D��}d�|D��}d�|D���tt����tj�|�����tj�|������}�fd�|D��}|S)Nc��g|]	}|j��
Sr6�rK�r��entrys  r8r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s��3�3�3����3�3�3r7c��g|]	}|j��
Sr6��app_namer�s  r8r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s��6�6�6�5���6�6�6r7c�*�g|]}|j|jf��Sr6�rKr�r�s  r8r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s!��J�J�J�u�u�z�5�>�2�J�J�Jr7c�4��g|]}|j|jf�v�|��Sr6�r}r�)r��hit�
paths_appss  �r8r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s3���
�
�
��C�M�3�<�#@�J�#N�#N�C�#N�#N�#Nr7)r\rsrIrTr}rUr�)r^r�rD�appsrwr�s     @r8�get_db_hitszMalwareHit.get_db_hits�s����3�3��3�3�3��6�6�I�6�6�6��J�J�	�J�J�J�
�������
�U�:�'�+�+�E�2�2�
3�
3�
�U�:�&�*�*�4�0�0�
1�
1�
�
��

�
�
�
��
�
�
���r7c�.���fd�}t||��S)Nc���������j�|����Src)r�rTr}rU)r�r^s �r8r�z*MalwareHit.delete_hits.<locals>.expression�s/����:�:�<�<�%�%�c�m�&7�&7��&>�&>�?�?�?r7r�)r^r�r�s`  r8�delete_hitszMalwareHit.delete_hits�s3���	@�	@�	@�	@�	@�+�:�u�=�=�=r7c�j�t|���|�����Src)rQ�get�_pk_expr�r~s r8�refreshzMalwareHit.refresh�s"���D�z�z�~�~�d�m�m�o�o�.�.�.r7�Iterable[MalwareHit]c�L�����fd�}tt||����S)Nc�������}�r3���t���t��}|��j�d�|D������S)Nc��g|]	}|j��
Sr6r��r�r�s  r8r�z?MalwareHit.refresh_hits.<locals>.expression.<locals>.<listcomp>�s��*B�*B�*B�c�3�6�*B�*B�*Br7)rIr+r�rTr�rU)rwrar^�include_scan_infos  ��r8r�z+MalwareHit.refresh_hits.<locals>.expression�si����J�J�L�L�E� �
G��
�
�3��4�4�9�9�+�F�F���;�;�s�v�z�z�*B�*B�T�*B�*B�*B�C�C�D�D�Dr7r�)r^rwrr�s` ` r8�refresh_hitszMalwareHit.refresh_hits�sC����	E�	E�	E�	E�	E�	E��3�J��E�E�F�F�Fr7c��|����|jtjjk��Src)rIrTrSr'rmrnr�s r8�db_hitszMalwareHit.db_hits�s4���z�z�|�|�!�!���!8�!;�!A�A�
�
�	
r7c�v�|����|jtjk��S)z,Return db hits that are in queue for cleanup)rrTr�r&r�r�s r8�db_hits_pending_cleanupz"MalwareHit.db_hits_pending_cleanup��2���{�{�}�}�"�"��J�*�:�:�
�
�	
r7c�v�|����|jtjk��S)z3Return db hits for which the cleanup is in progress)rrTr�r&r�r�s r8�db_hits_under_cleanupz MalwareHit.db_hits_under_cleanup�r	r7c�v�|����|jtjk��S)z3Return db hits for which the restore is in progress�rrTr�r&�CLEANUP_RESTORE_STARTEDr�s r8�db_hits_under_restorationz$MalwareHit.db_hits_under_restoration�s2���{�{�}�}�"�"��J�*�B�B�
�
�	
r7c�<��d�|D��}d�|D��}d�|D���|����|j�|�����|j�|����}�fd�|D��S)z�
        Return db hits for which the cleanup is in progress
        specified by the provided set of MalwareDatabaseHitInfo
        c��h|]	}|j��
Sr6r��r��hit_infos  r8�	<setcomp>z6MalwareHit.db_hits_under_cleanup_in.<locals>.<setcomp>�s��?�?�?�h�H�M�?�?�?r7c��h|]	}|j��
Sr6r�rs  r8rz6MalwareHit.db_hits_under_cleanup_in.<locals>.<setcomp>�s��G�G�G�h��)�G�G�Gr7c�*�h|]}|j|jf��Sr6r�rs  r8rz6MalwareHit.db_hits_under_cleanup_in.<locals>.<setcomp>�s/��
�
�
�3;�X�]�H�-�.�
�
�
r7c�4��g|]}|j|jf�v�|��Sr6r�)r�r��path_app_name_sets  �r8r�z7MalwareHit.db_hits_under_cleanup_in.<locals>.<listcomp>s8���
�
�
���
�s�|�,�0A�A�A�
�A�A�Ar7)rrTr}rUr�)r^�hit_info_set�path_set�app_name_setrars     @r8�db_hits_under_cleanup_inz#MalwareHit.db_hits_under_cleanup_in�s����@�?�,�?�?�?��G�G�,�G�G�G��
�
�?K�
�
�
��
�%�%�'�'�
�U�3�=�$�$�X�.�.�
/�
/�
�U�3�<�#�#�L�1�1�
2�
2�	�

�
�
�
��
�
�
�	
r7c�v�|����|jtjk��Src)rrTr�r&�CLEANUP_RESTORE_PENDINGr�s r8�db_hits_pending_cleanup_restorez*MalwareHit.db_hits_pending_cleanup_restore�0���{�{�}�}�"�"��J�*�B�B�
�
�	
r7c�v�|����|jtjk��Srcr
r�s r8�db_hits_under_cleanup_restorez(MalwareHit.db_hits_under_cleanup_restorer r7�
hit_list_list�List['MalwareHit']�	attributer|�Dict[str, List['MalwareHit']]c���td�tj�|��D��t	|�����}d�tj|t	|�����D��S)Nc3�K�|]}|V��dSrcr6rs  r8�	<genexpr>z0MalwareHit.group_by_attribute.<locals>.<genexpr>s"����I�I�S�S�I�I�I�I�I�Ir7)�keyc�4�i|]\}}|t|����Sr6)r\)r��
attr_valuerws   r8�
<dictcomp>z1MalwareHit.group_by_attribute.<locals>.<dictcomp>s4��
�
�
� �
�D�
��T�
�
�
�
�
r7)�sorted�	itertools�chain�
from_iterabler�groupby)r%r#�hit_lists   r8�group_by_attributezMalwareHit.group_by_attributes����I�I�I�O�9�9�-�H�H�I�I�I��9�%�%�
�
�
��
�
�$-�$5���y�)�)�%�%�%�
�
�
�	
r7c��id|j�d|j�d|j�d|jj�d|j�d|jj�d|j�d|j�d	|j�d
|j	�d|j
�d|j�d
|j�di�d|j
�d|j�d|j�|j|j|jt$jjk�rQt+t,�t,jt,jt,j���t,j|jkt,j|jkt,j|jkt,j
|j
kt,j|jkt,j|jkt,j|jkt,j�d��t,j�d��t,j�d���
�
�����ngd��S)Nr��username�file�created�scan_idrFrSrQ�hash�sizer�r�r��
extra_data�db_namer��db_hostF)�db_port�snippet�table_fields) r�r�r}rLrM�	scanid_idrQrSr:r;r�r�r�r=r�r>r?r@r'rmrnr\�MalwareHistoryrI�
table_name�table_field�
table_row_infrTrKr9�is_nullr]r�s r8r�zMalwareHit.as_dict$s ��,
��$�'�,
���	�,
�
�D�N�,
�
�t�{�*�	,
�

�t�~�,
�
���)�
,
�
�T�/�,
�
�D�I�,
�
�D�I�,
�
�D�I�,
�
���,
�
�d�k�,
�
�$�/�,
�
�"�,
�
�t�|�,
� 
��
�!,
�"
�t�|�#,
�$�|��|�,�%�)@�)C�)I�I�I�)�"�)�)�&�1�&�2�&�4���
�U�&�/�4�=�@�&�.�$�,�>�&�.�$�,�>�&�.�$�,�>�&�+�t�~�=�&�4��8J�J�&�.�$�+�=�&�1�9�9�%�@�@�&�2�:�:�5�A�A�&�4�<�<�U�C�C����U�W�W�%���*�U,
�,
�,
�,	
r7c�|�|jr|jj�d|j�d|j�d�S|jj�d|j�d�S)Nz(orig_file=z, app_name=�))r��	__class__r0r}r�s r8�__repr__zMalwareHit.__repr__SsT���=�	���'�'�'������
�
�
��
�
&*�^�%<�%<�%<�d�n�n�n�M�Mr7)
rNNNNNNNNN)NNNNNrc)r�r\)r�r\)r�r)NNFF)r�r)F)rwr�)r#r$r%r|r�r&)Er0r1r2rdr9rr�rr+rLr�ownerr�rr}rQr
r�r:r;r�	timestampr&r�r�r�rrer'rmrnrorSr�r>r?r=r@�propertyrr�rqr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrrrrrr"r�r4r�rKr6r7r8rsrs�sc������4�4�"�"�"�"�"�"�"�"�

��	�	�B�
�_��%�f�	����F�
�I�5�!�!�!�E��9�%� � � �D��
�5�)�)�)�I��9�%� � � �D���%��7�7�7�I��9�$����D��9�$����D��
��%�%�%�I��Y�/�5�
6�
6�
6�F����&�&�&�J��I�
��E�%�,�,�/�2�8�/�4�:����
�
�	
����M��y�d�#�#�#�H��i�T�"�"�"�G��i�T�"�"�"�G��i�T�"�"�"�G��i�T�"�"�"�G�
����X����������"�������
����,!�,!�,!��[�,!�\�D�D��[�D��DH�����[���
�
�
��[�
��27�8�8�8�8��[�8��
�
�
��[�
� �B�B�B��[�B�� � � ��[� ��	�	�	��[�	�����[���9>�
�
�
��[�
�.�)-�B�B�B�B��[�B������[���>�>��[�>�/�/�/��G�G�G�G��[�G��
�
��[�
�
�
�
�
��[�
��
�
�
��[�
��
�
�
��[�
��
�
��[�
�.�
�
��[�
�
�
�
��[�
�
�

�

�

��\�

�-
�-
�-
�^N�N�N�N�Nr7rsT)�frozenc��eZdZUdZded<ded<ded<ded<ded<d	ed
<ded<ded<d	ed
<ded<ed���Zed���ZdS)�MalwareHitAlternatezA
    Used as a replacement for MalwareHit for file hits only
    r|rLr}�Noner�rLr��intr;r:rQrM�boolr�c
���|||d|d|d|d|d|ddd|ddd|ddd	�
�
�
S)NrLr�r;r:rwr�matchesrM�
suspicious)
rLr}r�rLr�r;r:rQrMr�r6)r^rL�filenamer�s    r8�createzMalwareHitAlternate.createoss���s�����w�-��f���f���f���f��a���+��6�l�1�o�k�2��v�,�q�/�,�7�7�
�
�
�	
r7c�N�ttj|j����Src)r�os�fsdecoder}r�s r8rz"MalwareHitAlternate.orig_file_path~s���B�K���/�/�0�0�0r7N)	r0r1r2rd�__annotations__rqrYrNrr6r7r8rQrQ]s�����������K�K�K��N�N�N��N�N�N��J�J�J�
�I�I�I�
�I�I�I�
�I�I�I�
�I�I�I��N�N�N��O�O�O��
�
��[�
��1�1��X�1�1�1r7rQc�J��eZdZdZGd�d��ZdZe��Ze��Z	ede
d��g���Zedd��	��Z
ed
���Ze�fd���Ze�fd���Ze								ddd���Zedd���Zed���Z�xZS)�MalwareIgnorePathz+A path that must be excluded from all scansc�$�eZdZejZdZdZdS)�MalwareIgnorePath.Meta�malware_ignore_path)))rKrSTN)r0r1r2rr3r4r5�indexesr6r7r8r9ra�s�������;��(��6���r7r9NFzresource_type in ('file','db')r=c�8�tt����Src�rSrr6r7r8�<lambda>zMalwareIgnorePath.<lambda>�s��#�d�f�f�+�+�r7r?c��t|����|j�������}||_dSrc)r\rIrWrKr]�CACHE)r^r�s  r8�
_update_cachezMalwareIgnorePath._update_cache�s>���S�Z�Z�\�\�*�*�3�8�4�4�:�:�<�<�=�=����	�	�	r7c�R��d|_tt|��jdi|��S)Nr6)rh�superr_rY)r^r�rJs  �r8rYzMalwareIgnorePath.create�s.�����	�3�u�&��,�,�3�=�=�f�=�=�=r7c�`��d|_tt|�����Src)rhrkr_r�)r^rJs �r8r�zMalwareIgnorePath.delete�s'�����	��&��,�,�3�3�5�5�5r7rSr|c		�\�|����|j��}	|�|	�|j|k��}	|�|	�|j|k��}	|�-|	�|j�|����}	|�|	�|j|k��}	|�|	�|��}	|�|	�|��}	|�t|||	��}	|��t|��}
|	�|j�t|
��dz��|jt|
��kz|jtt|����kz��}	|	�d���}|d�|	D��fS)N�/TrGc�,�g|]}t|����Sr6rr�s  r8r�z:MalwareIgnorePath.paths_count_and_list.<locals>.<listcomp>�s ��-�-�-�C�]�3�
�
�-�-�-r7)rIrWrKrT�
added_date�containsrSrZrYr r"�
startswithr|r)r[)r^rYrZr�rSr�r_r`rWr��	user_homer�s            r8�paths_count_and_listz&MalwareIgnorePath.paths_count_and_list�s���
�J�J�L�L�!�!�#�(�+�+���������%�/�0�0�A�
�>������"�,�-�-�A��������)�)�&�1�1�2�2�A��$�����)�]�:�;�;�A������� � �A���������A����x��a�0�0�A���1�$�7�7�I������$�$�S��^�^�c�%9�:�:��8�s�9�~�~�-�/��8�s�;�t�#4�#4�5�5�5�7���A��G�G��G�-�-�	��-�-�1�-�-�-�
�	
r7r��	List[str]c�:�|j|i|��\}}d�|D��S)Nc��g|]
}|d��Sr�r6r�s  r8r�z/MalwareIgnorePath.path_list.<locals>.<listcomp>�s��1�1�1���F��1�1�1r7)rt)r^r�r��_�	path_lists     r8ryzMalwareIgnorePath.path_list�s1��/�s�/��@��@�@���9�1�1�y�1�1�1�1r7c���K�|j�|���t|��}|jD]C}tjd���d{V��t|d��}||ks	||jvrdS�DdS)z�Checks whether path stored in MalwareIgnorePath cache or
        if it's belongs to path from cache or if it matches patters from cache

        :param str check_path: path to check
        :return: bool: is ignored according MalwareIgnorePath
        NrrKTF)rhrir�asyncio�sleep�parents)r^�
check_pathrK�p�ignored_paths     r8�is_path_ignoredz!MalwareIgnorePath.is_path_ignored�s������9���������J������	�	�A��-��"�"�"�"�"�"�"�"�"���&�	�?�?�L���$�$�,�$�,�*F�*F��t�t�+G��ur7)NNNNNNNN)rSr|)r�ru)r0r1r2rdr9rhrr�rrKrrSrrprqrirYr�rtryr��
__classcell__)rJs@r8r_r_�s��������5�5�7�7�7�7�7�7�7�7�

�E�	��	�	�B��9�;�;�D��I�
���'G�!H�!H� I����M���5�2E�2E�F�F�F�J�����[���>�>�>�>��[�>��6�6�6�6��[�6�����!�
����&
�&
�&
�&
��[�&
�P�2�2�2��[�2�����[�����r7r_c	��eZdZdZGd�d��Zed���Zed���Zede	d�
ejj
ejj
f����gejj
���Zed���Zed���Zed���Zed���Zed���Zedd	��
��Zed���Zed���Zed���Zed���Zed���Zed���Zed���Ze	dd���Zed
���Z edd���Z!edd���Z"dS)rCz:Records every event related to :class:`MalwareHit` recordsc� �eZdZejZdZdS)�MalwareHistory.Meta�malware_historyNr/r6r7r8r9r��s�������;��$���r7r9Fr;TrB)r<r>r@c�8�tt����Srcrer6r7r8rfzMalwareHistory.<lambda>
s��S����[�[�r7r?Nc���|j|k|j|kz}|r/||j�|��td|f��zz}|r||j|kz}|����|���|���|���	��}	|�t|t|	��}	t|	��}
|	�
d���|
fS)Nz(INSTR(path, ?))TrG)�ctime�eventrqr�	file_userrIrTrYrZr]r rCr\r[)r^r_r`rYrZr�r�rWr�ra�list_results           r8�get_historyzMalwareHistory.get_historys����9��%�#�)�r�/�:���	���	�*�*�6�2�2��&��	�2�2��
�G��	-��s�}��,�,�G��
�
���"�"�7�+�+�1�1�%�8�8�?�?��G�G�M�M�O�O����"�8�^�U�C�C�E��5�k�k���{�{�t�{�,�,�k�9�9r7c	��|jd|�dd��ptj|�dd��ptj|�dd��ptjjd�|���	��dS)Nrp�causerS)rpr�rSr6)
�insert�popr�ROOTr(�MANUALr'rorn�execute)r^r�s  r8�
save_eventzMalwareHistory.save_event.s�����
�	
��j�j��d�3�3�D�x�}��*�*�W�d�+�+�E��/E� �*�*�_�d�;�;�2�&�+�1�		
�	
�
�	
�	
��'�)�)�)�)�)r7rw�
List[dict]c� �tj���5t|dt	|jj��z���D])}|�|������*	ddd��dS#1swxYwYdS)Ni�)�
chunk_size)	rr3�atomicr$�len�_meta�columns�insert_manyr�)r^rw�
hits_chunks   r8�save_eventszMalwareHistory.save_events8s���
�[�
�
�
!�
!�	6�	6�
.����C�I�,=�(>�(>�!>����
6�
6�
����
�+�+�3�3�5�5�5�5�
6�	6�	6�	6�	6�	6�	6�	6�	6�	6�	6�	6�	6����	6�	6�	6�	6�	6�	6s�AB�B�
BrDr\r_rSc�>�|�|jtj�����|j�|��|jtkz|j|kz���	|j���
��Src)rIrKrr�rTrUr�r%r�rV�tuples)r^rDr_s   r8�get_failed_cleanup_events_countz.MalwareHistory.get_failed_cleanup_events_countDs{��
�J�J�s�x�����,�,�
�U�����U�#�#��9� 1�1�3��9��%�'���
�X�c�h�
�
�
�V�X�X�		
r7)NNN)rwr�)rDr\r_rS)#r0r1r2rdr9rrKrr�rrer'rmrnrorSr�r�rp�
file_ownerr�rr�r>r?r=rDrErFr9rqr�r�r�r�r6r7r8rCrC�s:������D�D�%�%�%�%�%�%�%�%�
�=�e�$�$�$�D��y�d�#�#�#�H��I�
��E�%�,�,�/�2�8�/�4�:����
�
�	
�(�,�2�
�
�
�M�
�I�5�!�!�!�E�
�I�5�!�!�!�E��	�u�%�%�%�I����&�&�&�J��	�u�%�%�%�I��L�e�-@�-@�A�A�A�E��i�T�"�"�"�G��i�T�"�"�"�G��i�T�"�"�"�G����%�%�%�J��)��&�&�&�K� �L�d�+�+�+�M��i�T�"�"�"�G��HL�:�:�:��[�:�&����[���	6�	6�	6��[�	6��

�

�

��[�

�

�

r7rC)<rd�
__future__rr{r/r[�dataclassesr�operatorr�pathlibrr�typingrr	r
rr�peeweer
rrrrrrrrrrr�playhouse.shortcutsr� defence360agent.contracts.configr�defence360agent.modelrr�$defence360agent.model.simplificationrrr �defence360agent.utilsr!r"r#r$�imav.malwarelib.configr%r&r'r(�imav.malwarelib.scan.crontabr)r+rsrQr_rCr6r7r8�<module>r�se����*#�"�"�"�"�"���������	�	�	�	�!�!�!�!�!�!�������������������2�2�2�2�2�2�2�2�2�2�2�2�2�2�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�.�-�-�-�-�-�5�5�5�5�5�5�1�1�1�1�1�1�1�1�����������
������������������������5�4�4�4�4�4�pB�pB�pB�pB�pB�%�pB�pB�pB�f`N�`N�`N�`N�`N��`N�`N�`N�F
��$����"1�"1�"1�"1�"1�"1�"1���"1�J`�`�`�`�`��`�`�`�Fi
�i
�i
�i
�i
�U�i
�i
�i
�i
�i
r7
Hacked By AnonymousFox1.0, Coded By AnonymousFox