1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
###############################################################################
# #
# Peekaboo Extended Email Attachment Behavior Observation Owl #
# #
# toolbox/ #
# plugins/ #
# oneanalysis.py #
###############################################################################
# #
# Copyright (C) 2016-2017 science + computing ag #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or (at #
# your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, but #
# WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU #
# General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
import threading
import traceback
import sys
import logging
import peekaboo.pjobs
from peekaboo.ruleset import RuleResult
from peekaboo.exceptions import CuckooReportPendingException
logger = logging.getLogger(__name__)
def singleton(class_):
instances = {}
def getinstance(*args, **kwargs):
if class_ not in instances:
instances[class_] = class_(*args, **kwargs)
return instances[class_]
return getinstance
@singleton
class OneAnalysis(object):
"""
@author: Felix Bauer
"""
__in_use = threading.Lock()
def already_in_progress(self, s):
with self.__in_use:
logger.debug("enter already_in_progress")
tb = traceback.extract_stack()
tb = tb[-1]
position = "%s:%s" % (tb[2], tb[1])
if s.has_attr('pending'):
s.set_attr('pending', False)
return RuleResult(position,
result=s.get_result(),
reason='Datei wird jetzt Analysiert',
further_analysis=True)
l = []
for sample in peekaboo.pjobs.Jobs.get_samples_by_sha256(s.sha256sum):
if sample != s:
if not sample.has_attr('pending') or not sample.get_attr('pending') is True:
l.append(sample)
if len(l) == 0:
s.set_attr("pending", False)
logger.debug("no second analysis present")
return RuleResult(position,
result=s.get_result(),
reason='Datei wird jetzt Analysiert',
further_analysis=True)
logger.debug("there is another same sample")
logger.debug("I'll be off until needed")
s.set_attr("pending", True)
# stop worker
sys.stdout.flush()
logger.debug("leave already_in_progress")
raise CuckooReportPendingException()
def queue_identical_samples(self, s):
with self.__in_use:
logger.debug("queueing identical samples")
for sample in peekaboo.pjobs.Jobs.get_samples_by_sha256(s.sha256sum):
pending = sample.get_attr('pending')
if pending:
sample.set_attr('pending', False)
peekaboo.pjobs.Workers.submit_job(sample, 'OneAnalysis')
|
