Avoid simultaneous analyses of identical samples.

With this commit we avoid simultaneous analyses of identical samples.
We used our new toolbox concept to implement this feature.

5 files changed, 96 insertions, 36 deletions

diff --git a/peekaboo/ruleset/processor.py b/peekaboo/ruleset/processor.py
index 7388a26..ce69b45 100644
--- a/peekaboo/ruleset/processor.py
+++ b/peekaboo/ruleset/processor.py
@@ -29,7 +29,7 @@ from peekaboo import logger
 from peekaboo.ruleset import Result, RuleResult
 from peekaboo.ruleset.rules import *
 from peekaboo.exceptions import CuckooReportPendingException
-
+from peekaboo.toolbox.plugins.oneanalysis import OneAnalysis
 
 '''
 # this module contains methods and data structures which allow to
@@ -47,6 +47,8 @@ def evaluate(sample):
     process_rules(sample)
     logger.debug("Rules evaluated")
     report(sample)
+    one_analysis_tool = OneAnalysis()
+    one_analysis_tool.queue_identical_samples(sample)  # depends on already_in_progress
 
 
 def rule(sample, rule_function, args={}):
@@ -91,9 +93,10 @@ def process_rules(sample):
 
 # TODO (cuckooWrapper needs to check if there is other samples in pjobs with
 # the same hash)
-    #p = rule(s, already_in_progress)
-    #if not p.further_analysis:
-    #    return
+    one_analysis_tool = OneAnalysis()
+    p = rule(s, one_analysis_tool.already_in_progress)
+    if not p.further_analysis:
+        return
 
     p = rule(s, known)
     if not p.further_analysis:
@@ -133,7 +136,6 @@ def process_rules(sample):
 
     # active rules, non reporting
 #    report(sample)
-#    queue_identical_samples(sample) # depends on already_in_progress
 
 #                   __ ____   _   _  _      _____  ____
 #                  / /|  _ \ | | | || |    | ____|/ ___|
diff --git a/peekaboo/ruleset/rules.py b/peekaboo/ruleset/rules.py
index e481b3d..611bc52 100644
--- a/peekaboo/ruleset/rules.py
+++ b/peekaboo/ruleset/rules.py
@@ -27,37 +27,6 @@ import traceback
 import re
 from peekaboo import logger
 from peekaboo.ruleset import Result, RuleResult
-import peekaboo.pjobs
-
-
-def queue_identical_samples(s):
-    for sample in peekaboo.pjobs.Jobs.get_samples_by_sha256(s.sha256):
-        peekaboo.pjobs.Workers.submit_job(sample, 'Ruleset')
-
-
-def already_in_progress(s):
-    tb = traceback.extract_stack()
-    tb = tb[-1]
-    position = "%s:%s" % (tb[2], tb[1])
-
-    if len(peekaboo.pjobs.Jobs.get_samples_by_sha256(s.sha256sum)) == 1:
-        s.set_attr("pending", False)
-        return RuleResult(position,
-                          result=s.get_result(),
-                          reason='Datei wird jetzt Analysiert',
-                          further_analysis=True)
-    else:
-        try:
-            # get_attr raises a ValueError if an attribute is not set
-            s.get_attr("pending")
-            s.set_attr("pending", False)
-            return RuleResult(position,
-                          result=s.get_result(),
-                          reason='Datei wird jetzt Analysiert',
-                          further_analysis=True)
-        except ValueError:
-            s.set_attr("pending", True)
-            raise Exception('Kill ruleset for now')
 
 
 def known(s):
diff --git a/peekaboo/toolbox/__init__.py b/peekaboo/toolbox/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/peekaboo/toolbox/__init__.py
diff --git a/peekaboo/toolbox/plugins/__init__.py b/peekaboo/toolbox/plugins/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/peekaboo/toolbox/plugins/__init__.py
diff --git a/peekaboo/toolbox/plugins/oneanalysis.py b/peekaboo/toolbox/plugins/oneanalysis.py
new file mode 100644
index 0000000..d03defb
--- /dev/null
+++ b/peekaboo/toolbox/plugins/oneanalysis.py
@@ -0,0 +1,89 @@
+###############################################################################
+#                                                                             #
+# Peekaboo Extended Email Attachment Behavior Observation Owl                 #
+#                                                                             #
+# toolbox/plugins/oneanalysis.py                                              #
+###############################################################################
+#                                                                             #
+# Copyright (C) 2016-2017  science + computing ag                             #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or (at       #
+# your option) any later version.                                             #
+#                                                                             #
+# This program is distributed in the hope that it will be useful, but         #
+# WITHOUT ANY WARRANTY; without even the implied warranty of                  #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU           #
+# General Public License for more details.                                    #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+
+import threading
+import traceback
+import sys
+import peekaboo.pjobs
+from peekaboo import logger
+from peekaboo.ruleset import RuleResult
+from peekaboo.exceptions import CuckooReportPendingException
+
+
+def singleton(class_):
+    instances = {}
+
+    def getinstance(*args, **kwargs):
+        if class_ not in instances:
+            instances[class_] = class_(*args, **kwargs)
+        return instances[class_]
+    return getinstance
+
+
+@singleton
+class OneAnalysis(object):
+    """
+    @author: Felix Bauer
+    """
+    __in_use = threading.Lock()
+    
+    def already_in_progress(self, s):
+        with self.__in_use:
+            logger.debug("enter already_in_progress")
+            tb = traceback.extract_stack()
+            tb = tb[-1]
+            position = "%s:%s" % (tb[2], tb[1])
+        
+            if len(peekaboo.pjobs.Jobs.get_samples_by_sha256(s.sha256sum)) == 1:
+                s.set_attr("pending", False)
+                logger.debug("no second analysis present")
+                return RuleResult(position,
+                                  result=s.get_result(),
+                                  reason='Datei wird jetzt Analysiert',
+                                  further_analysis=True)
+            else:
+                logger.debug("there is another same sample")
+                try:
+                    # get_attr raises a ValueError if an attribute is not set
+                    s.get_attr("pending")
+                    s.set_attr("pending", False)
+                    logger.debug("but now is my turn")
+                    logger.debug("leave already_in_progress")
+                    return RuleResult(position,
+                                      result=s.get_result(),
+                                      reason='Datei wird jetzt Analysiert',
+                                      further_analysis=True)
+                except KeyError:
+                    logger.debug("I'll be off until needed")
+                    s.set_attr("pending", True)
+                    # stop worker
+                    sys.stdout.flush()
+                    logger.debug("leave already_in_progress")
+                    raise CuckooReportPendingException()
+
+    def queue_identical_samples(self, s):
+        logger.debug("queueing identical samples")
+        for sample in peekaboo.pjobs.Jobs.get_samples_by_sha256(s.sha256sum):
+            peekaboo.pjobs.Workers.submit_job(sample, 'OneAnalysis')