JFIF$        dd7 

Viewing File: /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/mrs_uploader.py

"""
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
"""
from __future__ import annotations

import re
from asyncio import CancelledError, Queue
from contextlib import ExitStack, suppress
from logging import getLogger
from typing import TYPE_CHECKING, List

from defence360agent.api import inactivity
from defence360agent.contracts.config import Malware as Config
from defence360agent.contracts.license import LicenseError
from defence360agent.contracts.messages import MessageType
from defence360agent.contracts.plugins import (
    MessageSink,
    MessageSource,
    expect,
)
from defence360agent.utils import recurring_check
from imav.malwarelib.utils import malware_response

if TYPE_CHECKING:
    from imav.contracts.messages import MalwareMRSUpload

    UploaderQueue = Queue[tuple[str, MalwareMRSUpload]]

logger = getLogger(__name__)


class MRSUploader(MessageSink, MessageSource):
    ERR_MSG = "Failed to submit a file"
    SUSP_PATTERN = re.compile(r"(?:suspicious\..+|[CS]MW-SUS-.+|SMW-HEUR-ELF)")

    def __init__(self):
        self._upload_queue: UploaderQueue = Queue()

    async def create_source(self, loop, sink):
        self._sink = sink
        self._loop = loop
        self._upload_task = loop.create_task(self.upload())

    async def create_sink(self, loop):
        pass

    async def shutdown(self):
        self._upload_task.cancel()
        with suppress(CancelledError):
            await self._upload_task

    def _separate_hits_by_type(self, results) -> tuple:
        malicious = []
        suspicious = []
        extended_suspicious = []
        for file, data in results.items():
            is_extended_suspicious = False
            is_suspicious = False
            is_malicious = False
            for hit in data["hits"]:
                is_extended_suspicious |= hit.get("extended_suspicious", False)
                is_suspicious |= bool(
                    hit["suspicious"]
                    and self.SUSP_PATTERN.match(hit["matches"])
                )
                is_malicious |= not hit["suspicious"]
            hit_info = malware_response.HitInfo(file, data["hash"])
            if is_extended_suspicious:
                extended_suspicious.append(hit_info)
            elif is_suspicious:
                suspicious.append(hit_info)
            elif is_malicious:
                malicious.append(hit_info)
        return malicious, suspicious, extended_suspicious

    @expect(MessageType.MalwareScan)
    async def process_scan(self, message):
        results = message["results"]
        if results is None:
            return
        if not Config.SEND_FILES:
            logger.info("Uploading files to MRS is disabled")
            return
        (
            malicious_hits,
            suspicious_hits,
            extended_suspicious_hits,
        ) = self._separate_hits_by_type(results)
        if malicious_hits:
            await self._sink.process_message(
                MessageType.MalwareMRSUpload(
                    hits=malicious_hits, upload_reason="malicious"
                )
            )

        if suspicious_hits:
            # Move uploading to another task
            await self._sink.process_message(
                MessageType.MalwareMRSUpload(
                    hits=suspicious_hits, upload_reason="suspicious"
                )
            )
        if extended_suspicious_hits:  # pragma: no cover
            await self._sink.process_message(
                MessageType.MalwareMRSUpload(
                    hits=extended_suspicious_hits,
                    upload_reason="extended-suspicious",
                )
            )
        errors = message["summary"].get("errors")
        if errors:
            error_hits = [
                malware_response.HitInfo(hit["file"], hit["hash"])
                for hit in errors
            ]
            await self._sink.process_message(
                MessageType.MalwareMRSUpload(
                    hits=error_hits, upload_reason="scan_error"
                )
            )

    @recurring_check(0)
    async def upload(self):
        (
            upload_reason,
            message,
        ) = await self._upload_queue.get()

        hits: List[malware_response.HitInfo] = message["hits"]

        hashes_generator = malware_response.check_known_hashes(
            self._loop, (hit.hash for hit in hits), upload_reason
        )
        no_new_hashes = True
        with ExitStack() as stack:
            stack.callback(self._upload_queue.task_done)
            async for unknown_hashes in hashes_generator:
                files = [
                    hit.file for hit in hits if hit.hash in unknown_hashes
                ]
                if files:
                    no_new_hashes = False
                    try:
                        await self._upload_files(files, upload_reason, message)
                    except malware_response.UploadFailure as e:
                        logger.error("Failed to upload files: %s", e)

        if no_new_hashes:
            logger.info("All files are known to MRS. Skipping uploading...")

    async def _upload_files(
        self, files: list[str], upload_reason: str, message: MalwareMRSUpload
    ):
        with inactivity.track.task("mrs_upload"):
            for file in files:
                try:
                    await malware_response.upload_with_retries(
                        file, upload_reason=upload_reason
                    )
                except LicenseError as e:
                    logger.warning("Cannot process message %s: %s", message, e)
                    break
                except FileNotFoundError as e:
                    err = "{}. {}".format(self.ERR_MSG, e.strerror)
                    logger.warning("%s: %s", err, e.filename)

    @expect(MessageType.MalwareMRSUpload)
    async def process_hits(self, message: MalwareMRSUpload):
        upload_reason = message.get("upload_reason", "suspicious")
        self._upload_queue.put_nowait((upload_reason, message))
Back to Directory  nL+D550H?Mx ,D"v]qv;6*Zqn)ZP0!1 A "#a$2Qr D8 a Ri[f\mIykIw0cuFcRı?lO7к_f˓[C$殷WF<_W ԣsKcëIzyQy/_LKℂ;C",pFA:/]=H  ~,ls/9ć:[=/#f;)x{ٛEQ )~ =𘙲r*2~ a _V=' kumFD}KYYC)({ *g&f`툪ry`=^cJ.I](*`wq1dđ#̩͑0;H]u搂@:~וKL Nsh}OIR*8:2 !lDJVo(3=M(zȰ+i*NAr6KnSl)!JJӁ* %݉?|D}d5:eP0R;{$X'xF@.ÊB {,WJuQɲRI;9QE琯62fT.DUJ;*cP A\ILNj!J۱+O\͔]ޒS߼Jȧc%ANolՎprULZԛerE2=XDXgVQeӓk yP7U*omQIs,K`)6\G3t?pgjrmۛجwluGtfh9uyP0D;Uڽ"OXlif$)&|ML0Zrm1[HXPlPR0'G=i2N+0e2]]9VTPO׮7h(F*癈'=QVZDF,d߬~TX G[`le69CR(!S2!P <0x<!1AQ "Raq02Br#SCTb ?Ζ"]mH5WR7k.ۛ!}Q~+yԏz|@T20S~Kek *zFf^2X*(@8r?CIuI|֓>^ExLgNUY+{.RѪ τV׸YTD I62'8Y27'\TP.6d&˦@Vqi|8-OΕ]ʔ U=TL8=;6c| !qfF3aů&~$l}'NWUs$Uk^SV:U# 6w++s&r+nڐ{@29 gL u"TÙM=6(^"7r}=6YݾlCuhquympǦ GjhsǜNlɻ}o7#S6aw4!OSrD57%|?x>L |/nD6?/8w#[)L7+6〼T ATg!%5MmZ/c-{1_Je"|^$'O&ޱմTrb$w)R$& N1EtdU3Uȉ1pM"N*(DNyd96.(jQ)X 5cQɎMyW?Q*!R>6=7)Xj5`J]e8%t!+'!1Q5 !1 AQaqё#2"0BRb?Gt^## .llQT $v,,m㵜5ubV =sY+@d{N! dnO<.-B;_wJt6;QJd.Qc%p{ 1,sNDdFHI0ГoXшe黅XۢF:)[FGXƹ/w_cMeD,ʡcc.WDtA$j@:) -# u c1<@ۗ9F)KJ-hpP]_x[qBlbpʖw q"LFGdƶ*s+ډ_Zc"?%t[IP 6J]#=ɺVvvCGsGh1 >)6|ey?Lӣm,4GWUi`]uJVoVDG< SB6ϏQ@ TiUlyOU0kfV~~}SZ@*WUUi##; s/[=!7}"WN]'(L! ~y5g9T̅JkbM' +s:S +B)v@Mj e Cf jE 0Y\QnzG1д~Wo{T9?`Rmyhsy3!HAD]mc1~2LSu7xT;j$`}4->L#vzŏILS ֭T{rjGKC;bpU=-`BsK.SFw4Mq]ZdHS0)tLg