Hacked By AnonymousFox

Current Path : /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/__pycache__/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/__pycache__/store.cpython-311.pyc

�

��g�F���dZddlZddlZddlZddlZddlZddlZddlmZddl	m
Z
ddlmZddl
mZmZddlZddlmZddlmZdd	lmZmZmZdd
lmZddlmZddlmZm Z dd
l!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)ddl*m+Z+m,Z,m-Z.ddl/m0Z0ddl1m2Z2ddl3m4Z4m5Z5m6Z6ee7��Z8Gd�dej9��Z:Gd�dee��Z;Gd�de;��Z<dS)u

This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
�N)�defaultdict)�Enum)�	getLogger)�Any�Union)�
inactivity)�MessageType)�MessageSink�
MessageSource�expect)�run_in_executor)�HostingPanel)�Scope�
nice_iterator)�CLEANUP�CLEANUP_ON_SCHEDULE�MalwareEvent�MalwareEventPostponed�MalwareHitStatus�MalwareScanResourceType�MalwareScanType�NOTIFY)�
MalwareHit�MalwareHitAlternate�MalwareScan)�MalwareScanMessageInfo)�MalwareDatabaseHitInfo)�HackerTrapHitsSaver�
MalwareAction�MalwareActionIm360c�(��eZdZdedef�fd�Z�xZS)�MalwareScanJSONEncoder�o�returnc�~��t|t��r|jSt���|��S�N)�
isinstancer�value�super�default)�selfr#�	__class__s  ��R/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/store.pyr*zMalwareScanJSONEncoder.defaultIs2����a����	��7�N��w�w���q�!�!�!�)�__name__�
__module__�__qualname__rr*�
__classcell__�r,s@r-r"r"HsK�������"��"��"�"�"�"�"�"�"�"�"�"r.r"c�N�eZdZejZeZd\ZZ	d�Z
d�Zee
jd���d���Zee
j��d���Zed���Ze	dd
eeefdefd���Zd
e
jdd	fd�Zededd	fd���Zed���Zd
e
jfd�Zd	S)�StoreMalwareHits)NNc��&K�||_||_dSr&)�_loop�_sink)r+�loop�sinks   r-�
create_sourcezStoreMalwareHits.create_sourceTs������
���
�
�
r.c��
K�dSr&�)r+r9s  r-�create_sinkzStoreMalwareHits.create_sinkXs�����r.F)�
async_lockc���K�|d�d��sdStj�d��5|�|���d{V��ddd��dS#1swxYwYdS)a1MalwareScan is saved to DB when:
         1. Detached scan started - message has no results
         2. Any scan finished - message has summary and results
        Message without summary means that detached scan is finished
         and summary will arrive along with results in another message.
        �summary�pathN�
store_scan)�getr�track�task�_store_scan)r+�messages  r-�process_hitszStoreMalwareHits.process_hits[s������y�!�%�%�f�-�-�	��F�
�
�
"�
"�<�
0�
0�	,�	,��"�"�7�+�+�+�+�+�+�+�+�+�	,�	,�	,�	,�	,�	,�	,�	,�	,�	,�	,�	,����	,�	,�	,�	,�	,�	,s�A(�(A,�/A,c���K�tjj���5}t	jt
|d���|ddt���ddd��dS#1swxYwYdS)NrA)rA�F)�indent�	sort_keys�cls)�defence360agent�	internals�logger�openMalwareScanLog�json�dump�dictr")r+rH�logfs   r-�	store_logzStoreMalwareHits.store_loghs�����
�
&�
-�
@�
@�
B�
B�	�d��I��W�Y�/�0�0�0����*�
�
�
�
�	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�	�	s�3A&�&A*�-A*c���tj|||d|d|d|d||ddd|ddd||ddd	�
��S)N�owner�user�size�hash�hitsr�matches�	timestamp�
suspicious)�scanid�
resource_typerYrZr[r\�	orig_file�typer_�status�	malicious)r�create)ra�filenamererb�datas     r-�
_store_hitzStoreMalwareHits._store_hitssw��� ��'��w�-��f���f���f����f��a���+��6�l�1�o�k�2���v�,�q�/�,�7�7�
�
�
�	
r.N�path_obj�	scan_typec	#��K�tjg}t|t��r|gn|}|tjkrt
|��Ed{V��dS|D�]�}tj|��D�]v}tj
�|��}tj
�|��r�tj���tj|ktj�|��ztjt(jjkz�����r|V���t1j|��dz}d�tj���tj�|��tj�|��ztjt(jjkz��D��Ed{V����x���dS)z�
        Return files that may already not be infected, yet we still
        consider them such.

        For example, an infected file might have been removed manually.
        Nz(/.*|\b)c3�$K�|]}|jV��dSr&�rc)�.0�is  r-�	<genexpr>z8StoreMalwareHits.get_outdated_entries.<locals>.<genexpr>�s8���� � ���� � � � � � r.)r�FOUNDr'�strr�REALTIME�iter�glob�iglob�osrB�realpath�isfiler�select�wherercre�in_rbr�FILEr(�first�re�escape�regexp)rkrl�possibly_infected_statuses�paths�target_pathrB�scanned_dirs       r-�get_outdated_entriesz%StoreMalwareHits.get_outdated_entries�s�����'7�&<�%=�"�(��3�7�7�E��
�
�X����0�0�0��E�{�{�"�"�"�"�"�"�"��F� �!	�!	�K��
�;�/�/� 
� 
���w�'�'��-�-���G�N�N�4�(�(��"�)�+�+��U�#�-��5�%�,�0�0�1K�L�L�N�'�4�6�;�A�B�����U�W�W���J�J�J�J�"$�)�D�/�/�K�"?�K� � �!+�!2�!4�!4�!:�!:�'�1�8�8��E�E� *� 1� 5� 5�$>�!"�!"��!+� 8�#:�#?�#E�!F�	�"�"� � � ���������% 
�!	�!	r.rHr$c��K�|d}|dsdSt|��}|jr�tj���tj|ddk�����sGtjdi|�tj	j
|jd���}d|_|�
��dSt�d|dd��dS|�|���d{V��dS)	zLProcess scan message results.

        message: MalwareScan message
        rA�startedNra)rb�	initiatorrzScan %s already in databaser=)r�
is_summary�MalwareScanModelr|r}ra�existsrgrrr(r��total_malicious�saverQ�warning�_store_scan_from_results)r+rHrA�message_type�scans     r-rGzStoreMalwareHits._store_scan�s-����
�)�$���y�!�	��F�-�g�6�6���"�	9� �'�)�)���'�.�'�)�2D�X�2N�N�O�O�����
�
(�.�����"9�">�"D�%�/������
()��$��	�	���������1�7�9�3E�h�3O�������/�/��8�8�8�8�8�8�8�8�8�8�8r.rAc�
�|�dd��}|�dd��}|�d���=|�=|�=|�|d|d���}tj|��dSdSdSdS)N�
file_patterns�exclude_patterns�errorrBrd)rl)�poprDr�r�delete_hits)rNrAr�r��outdated_entriess     r-�_delete_outdated_entriesz)StoreMalwareHits._delete_outdated_entries�s������O�T�:�:�
�"�;�;�'9�4�@�@���K�K�� � �(��%� �(�"�7�7����7�6�?� 8� � ��
�"�#3�4�4�4�4�4�
)�(�%�%�(�(r.c��
K�dSr&r=)�hit_data�default_action_resultss  r-�_process_default_action_resultsz0StoreMalwareHits._process_default_action_results�s
����	
�r.c��&�K�|d}|d}|d}tj|i|�dtjji����\�}|s
|d�_|�*|�d���|�|��d�tj	t|���	��D��}tt��}d
}dtfd�}	tt|�������23d{V��}
|
|vr?|	||
||
d
d
d��r|�|
���K6�fd�|���D��}|j�||�d��|d|j����d{V��}i}
|D]\}}}}|||f|
|j<�|���D�]5\}
}t*j}d}|
|
vr�|
|
\}}}t/|t0��r4|jt4kr$|dt6jkrt:nt<}||d<||d<|dz
}t/|t>��r|j r��tC|j"tGj$|j%�j&|
|tjj|�����d{V��}t/|t0��r<|j'|j(|j)|j*|jff}||�+|����7|�_,|d�_-|�d��x}r|�_.��/��|jr�|���D]w\\}\}}}}}|t4kr1|dt6jkrt`�1d���I|j�2||||||������d{V���x|�3|d�|D�����d{V��dS)NrA�resultsrarb)ra�defaults�	completedrBc��i|]
}|j|��Sr=ro�rp�hits  r-�
<dictcomp>z=StoreMalwareHits._store_scan_from_results.<locals>.<dictcomp>�s,��
�
�
��
�M�3�
�
�
r.)�filesrr�c��|jtjkp)|jtjtjfvo
|j|kSr&)rer�CLEANUP_STARTED�CLEANUP_DONE�CLEANUP_REMOVED�
cleaned_at)r��detected_timestamps  r-�_hit_status_race_detectedzLStoreMalwareHits._store_scan_from_results.<locals>._hit_status_race_detectedsG���
�.�>�>�8��:�$�1�$�4���8�
�N�%7�7�
r.r]r_c�t��g|]4\}}|ddd�tj�j||����5S)r]rr`)rrgra)rp�filerir�s   �r-�
<listcomp>z=StoreMalwareHits._store_scan_from_results.<locals>.<listcomp>sQ���
�
�
���d���<��?�<�0�
��&�t�{�D�$�?�?�
�
�
r.r�rd)r]r��causer:�default_action�try_restore��total_filesr�zCSkipping auto-cleanup because it's allowed for scheduled scans only�r]�scan_idr�r��post_actionc�(�i|]\}}}}|j|��Sr=ro)rpr��event�_s    r-r�z=StoreMalwareHits._store_scan_from_results.<locals>.<dictcomp>�s%��I�I�I�&6�c�5�!�Q�S�]�E�I�I�Ir.)4r��
get_or_createrrr(r�rDr�r�get_hits�listrr�tuple�keysr��items�malware_action�apply_default_actionr8rcrrsr'r�actionrr�
BACKGROUNDrrr�malware_eliminatedr
r7�	functools�partialrjrarHr�r�r��appendr��total_resourcesr�r�rQ�info�process_messager�)r+rHrAr�r��createdr]�postponed_hitsr�r�r��malicious_hits�action_results�
apply_dict�hit_infor�r�r�rire�resultr�r��keyr��msg_clsr�r�r�r�s                             @r-r�z)StoreMalwareHits._store_scan_from_results�sb������)�$���)�$���(�#��(�6������!8�!=�!C���
�
�
�
��g��	2�%�[�1�D�N���7�;�;�v�#6�#6�#B��)�)�'�2�2�2�
�
�!�*��g���?�?�?�
�
�
��%�T�*�*����		�:�		�		�		�		�(��g�l�l�n�n�(=�(=�>�>�	"�	"�	"�	"�	"�	"�	"�$��t�|�|� 9� 9��T�
�G�D�M�&�1�!�4�[�A�!�!�|����D�!�!�!��	?�
�
�
�
�%�m�m�o�o�
�
�
�� $�2�G�G���k�k�+�.�.��&�/���	 H� 
� 
�
�
�
�
�
�
���
�4B�	J�	J�0�H�e�V�[�.3�V�[�-I�J�x�)�*�*�!�-�-�/�/�4	0�4	0�J�D�$�%�+�F��F��z�!�!�
�t�$�	��"��
�v�'<�=�=�	��
�)<�<�<�
#�6�?�o�.H�H�H� ��#�#�
*8��%�&�&1��]�#��1�$���f�l�3�3�!��0�!� �'��
��!��O��K���+�0�6��
��
�
�
�
�
�
�
�
�C��&�"7�8�8�

0��N����(��*��
�	����s�#�*�*�3�/�/�/��.���&�}�5����K�K��(�(�(�5�	��D�J��	�	�����:�	� �%�%�'�'�
�
��B��A�5�)�[�&���1�1�1����?�+E�E�E��K�K�/�����
�*�4�4���!%�$+�"'�&/�(3���������������2�2��I�I�.�I�I�I�
�
�	
�	
�	
�	
�	
�	
�	
�	
�	
s�Er&)r/r0r1r�AV�SCOPErr�r7r8r;r>rr	rrIrW�staticmethodrjrrtr�r�rG�classmethodrUr�r�r�r=r.r-r5r5Os��������H�E�"�N��L�E�5����
�
�
��V�K�#��6�6�6�
,�
,�7�6�
,��V�K�#�$�$���%�$���

�

��\�

���1�1���T�	�"�1��1�1�1��\�1�f9��)@�9�T�9�9�9�9�>�5�t�5��5�5�5��[�5��
�
��\�
�
W
�k�6M�W
�W
�W
�W
�W
�W
r.r5c���eZdZejZeZ�fd�Ze	d���Z
eej
��dej
fd���Ze	d���Z�xZS)�StoreMalwareHitsIm360c���K�t���|���d{V��tj���d{V��dSr&)r)r>r�init)r+r9r,s  �r-r>z!StoreMalwareHitsIm360.create_sink�sX������g�g�!�!�$�'�'�'�'�'�'�'�'�'�!�&�(�(�(�(�(�(�(�(�(�(�(r.c��K�g}g}|���D]�\}}|�|��}t|t��s�0|jr|�|��t
d�|dD����r|�|����tj|���d{V��tj	|g���d{V��dS)z,Do additional processing for malicious filesc3�>K�|]}tj|dvV��dS)r^N)r�STANDALONE_MARKr�s  r-rrzHStoreMalwareHitsIm360._process_default_action_results.<locals>.<genexpr>�sB�������$�3�s�9�~�E������r.r]N)
r�rDr'rr�r��anyr�add_hits�update_sa_hits)r�r��hacker_trap_hits�hacker_trap_sa_hitsrBrir�s       r-r�z5StoreMalwareHitsIm360._process_default_action_results�s������ ��"�.�.�*�*�	1�	1�J�D�$�+�/�/��5�5�F��f�l�3�3�
���(�
.� �'�'��-�-�-������<������
1�$�*�*�4�0�0�0��!�*�+;�<�<�<�<�<�<�<�<�<�!�0�1D�b�I�I�I�I�I�I�I�I�I�I�Ir.rHc��T�K�|jr|j�dStj|j|j|j|j|j|j|j|j	tjj|j
��
�
}|jsdStt!������d{V������fd�t%j��D��}t)j|j��}|�|��|j�|j|�d��|�d��|jtjj����d{V��}i}|D]\}}}	}
||	f||j<�t7t8��}|D�]@}d}
|j|vr-||j\}
}t;|
t<��r|
jr�;tAjdid|�d|�|j!|j!���d|�|j"|j"���d	|j�d|j#�d
d�dd�d
d�dd�dtHj%�dd�dtjj�d|j&�d|j'�d|j(�d|j)�d|j*��}t;|
tV��r6|
j,|
j-|
j
|
j.ff}||�/|����B|jrT|�0��D]A\\}\}}}}|j�1|||j|||������d{V���@dSdS)N)
rar�r�rdrBr�r�r�rbr�c�<��i|]}|j�v�|j|j��Sr=)�pw_name�pw_uid)rp�pw�panel_userss  �r-r�z7StoreMalwareHitsIm360.store_db_scan.<locals>.<dictcomp>�s6���
�
�
���z�[�(�(�
�I�r�z�(�(�(r.r�rd)r]r�r�r:rbrarYrZrcrfTr\r[�	timestamerer�rb�app_name�db_host�db_port�db_name�snippetr�r=)2r�rdr�rgr�r�rBr�r�r�r�DBr(r�r]�setr�	get_users�pwd�getpwallr�get_hits_per_db�_delete_outdated_db_entriesr�r�rDr8rr�r'rr�rrYrZ�	signaturerrsr�r�r�r�r�rrHr�r�r�r�r�)r+rHr��uid_to_name�unique_db_hitsr�r�r�r�r�r�r�r�r�r��new_hitr�r�r�r�r�r]r�s                      @r-�
store_db_scanz#StoreMalwareHitsIm360.store_db_scan�s8�������	�'�,�"6��F��&��?��O��'������-�#�3�#�3�1�4�:��'�
�
�
���|�	��F����� 8� 8� :� :�:�:�:�:�:�:�;�;��
�
�
�
��l�n�n�
�
�
��0�?���M�M���(�(��8�8�8� $�2�G�G����k�k�+�.�.��+�+�f�%�%���1�4�:� H� 
� 
�
�
�
�
�
�
���
�%3�	3�	3�!�C����$)�6�?�J�s�x� � �$�T�*�*��&�&	4�&	4�H��F��}�
�*�*��x�}�-���"�
�f�l�3�3�!��0�!� �",�"3�#�#�#��t�#�!�o�o�h�n�h�n�E�E�E�#�!�_�_�X�]�H�M�B�B�B�#�#�-�-�	#�
�'�'�#��$�
#��T�#��T�#��$�#�(�-�-�#� �4�#�6�8�>�>�#�"�*�*�#�!�(�(�#�!�(�(�#� !�(�(�!#�"!�(�(�##�G�&�&�"7�8�8�
4��N��\�6�#3�V�5G�H����s�#�*�*�7�3�3�3���:�
	� �%�%�'�'�
�
��:��9�5�)�[���j�0�0��G�!� '��#�"+�$/��������������
	�
	�
�
r.c�F�d�|D��}tj|��dS)Nc��g|]	}|j��
Sr=)rBr�s  r-r�zEStoreMalwareHitsIm360._delete_outdated_db_entries.<locals>.<listcomp>
s��/�/�/�3�c�h�/�/�/r.)rr�)r]�
orig_filess  r-r�z1StoreMalwareHitsIm360._delete_outdated_db_entriess,��/�/�$�/�/�/�
���z�*�*�*�*�*r.)r/r0r1r�IM360r�r r�r>r�r�rr	�MalwareDatabaseScanrr�r2r3s@r-r�r��s���������K�E�'�N�)�)�)�)�)��J�J��\�J�0�V�K�+�,�,�c�;�+J�c�c�c�-�,�c�J�+�+��\�+�+�+�+�+r.r�)=�__doc__r�rwrSryr�r��collectionsr�enumr�loggingr�typingrr� defence360agent.internals.loggerrO�defence360agent.apir�"defence360agent.contracts.messagesr	�!defence360agent.contracts.pluginsr
rr�$defence360agent.model.simplificationr
�+defence360agent.subsys.panels.hosting_panelr�defence360agent.utilsrr�imav.malwarelib.configrrrrrrrr�imav.malwarelib.modelrrrr��%imav.malwarelib.plugins.detached_scanr�imav.malwarelib.scan.mds.reportr�imav.malwarelib.subsys.malwarerrr r/rQ�JSONEncoderr"r5r�r=r.r-�<module>rs�����*������������	�	�	�	�
�
�
�
�	�	�	�	�#�#�#�#�#�#���������������������'�'�'�'�*�*�*�*�*�*�:�:�:�:�:�:�����������
A�@�@�@�@�@�D�D�D�D�D�D�6�6�6�6�6�6�6�6�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�����������
������C�B�B�B�B�B�����������
��8�	�	��"�"�"�"�"�T�-�"�"�"�r
�r
�r
�r
�r
�{�M�r
�r
�r
�j	J+�J+�J+�J+�J+�,�J+�J+�J+�J+�J+r.

Hacked By AnonymousFox1.0, Coded By AnonymousFox