hFdZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZddlmZddlmZdd lmZmZdd lmZdd lmZdd lmZdd lmZeje Z!dZ"dZ#Gdde$Z%Gddej&Z'GddZ(dS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)cached_property)BytesIO)Path) DoesNotExist) safe_fileops)Malware)MalwareHitStatusMalwareScanResourceType)MalwareCleaner)CleanupStorage) MalwareHit)get_files_diff_imunifyceZdZdS) DiffErrorN)__name__ __module__ __qualname__S/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/difflib/differ.pyrr0sDrrc<eZdZd dZdZdZdZdefdZd d Z dS) SafeFilePathNFcJt||_||_||_dSN)r_path_user _missing_ok)selfpathuser missing_oks r__init__zSafeFilePath.__init__5s$$ZZ  %rc*t|jSr)strrrs r__str__zSafeFilePath.__str__:s4:rc*|Sr)r'r&s r __fspath__zSafeFilePath.__fspath__=s||~~rc,t|j|Sr)getattrr)rattrs r __getattr__zSafeFilePath.__getattr__@stz4(((rreturncb|5 ddddS#1swxYwYdS)zp Return True if the file is readable by the user or raise UnsafeFileOperation otherwise NT) safe_openr&s rcheck_readabilityzSafeFilePath.check_readabilityCs{ ^^                      s $((rbc|jr(|jstdS|jr"t j|j||jdS||S)NrF)moder!respect_homedir)rrexistsrrrsafe_open_fileopen)rr4s rr0zSafeFilePath.safe_openKst   DJ$5$5$7$7 3<<  : #. Z %  99T?? "r)NF)r2) rrrr#r'r)r-boolr1r0rrrrr4s&&&& )))4 # # # # # #rrcfeZdZdZddedefdZedZde fdZ de fd Z d e d e d e fd ZdS)MalwareHitDiffzL Used to compare infected and cleaned versions of a malicious file. Nidr!cP||_||_tddd|_dS)NF)loopsinkwatch_progress)_idrr _cleaner)rr<r!s rr#zMalwareHitDiff.__init__^s1 &D    rcV tjtj|jktjt jjktjdkgtj |j kgt|j zRS#t$r!td|jd|j dwxYw)NTzNo malware file hit found (id=z, user=).)r getr<rA resource_typer FILEvalue maliciousr!rr9rrr&s rhitzMalwareHitDiff.hites > )(,C,H,NN$,?dj01D4D4DD      ((((((  s A:A==+B(r.clKd}|jjtjvrrt |jj|jd}t tj|jd}| |||jj d{V}n%t d|jj|S)NrTr!r"r! cleaned_at9Malware hit has unexpected status=%s. Use the empty diff.) rJstatusr CLEANEDrorig_file_pathrr get_hit_store_path _get_diffrOloggerwarning)rdiffcleaned_file_pathinfected_file_paths r!get_unified_diff_for_cleaned_filez0MalwareHitDiff.get_unified_diff_for_cleaned_filets 8?.6 6 6 ,'Z!!!  ".1$(;;""" "!8.(DD NNK    rc Kd}|jjtjkrt |jj|j}|tj dtj 5}t |j dd}tj|jj|ddddd{Vt!j|t$t& |jt$t-|gd{V\}}}|t-|}|rX|s|r0|||t7j d{V}n(t8d |jj|||dddn #1swxYwYn%t8d |jj|S) NrrMzw+)r4dirTrLF) src_unlink dst_overwritesafe_srcsafe_dst)r!grouprNz1File %s was not cleaned to check diff: %s, %s, %srP)rJrQr FOUNDrrSrr1tempfileNamedTemporaryFileConfigTEMP_CLEANUP_DIRnamer safe_move orig_fileshutilchown IMUNIFY_USER IMUNIFY_GROUPrBstartr%rE is_cleaned is_removedrUtimerVrW) rrXrZ temp_filerYresulterrorcmd hit_results rclean_and_get_unified_diffz)MalwareHitDiff.clean_and_get_unified_diffs 8?.4 4 4!-'dj"""   0 0 2 2 2,v6% $0N$%%%!#,H&%$"&"!  %L ,0=+>+> 3'8#9#9":,,&&&&&&"s$ZZ,=(>(>?? ))++/9/D/D/F/F"&*)#'9;;"0""DD NNK* ?% % % % % % % % % % % % % % % N NNK    s4D?F??GGrZrYrOc"K|std|jjd|r,|j|krt d|5}|5}tj }| dt||d{VcdddcdddS#1swxYwYddddS#1swxYwYdS)Nz#Original file not found for hit(id=rDz8The file was modified after cleaning, diff is not valid.) r6FileNotFoundErrorrJr<statst_ctimerr0asyncioget_event_looprun_in_executorr)rrZrYrO infected_file cleaned_filer>s rrUzMalwareHitDiff._get_diffs"((** #EdhkEEE   $ $ & & !&&((1J>>J  ) ) + + }>O>Y>Y>[>[ _k)++D--nm\                                         s6D6C, D,C0 0D3C0 4DD Dr)rrr__doc__intr%r#rrJbytesr[rxrfloatrUrrrr;r;Ys  3 c      _ 25%5555n((  rr;))rr}loggingosrkrdrr functoolsriorpathlibrpeeweerdefence360agent.utilsrimav.contracts.configrrfimav.malwarelib.configr r imav.malwarelib.cleanup.cleanerr imav.malwarelib.cleanup.storager imav.malwarelib.modelr imav.utilsr getLoggerrrVrmrn ExceptionrPathLikerr;rrrrs*  %%%%%%......333333LLLLLLLL::::::::::::,,,,,,%%%%%%  8 $ $          "#"#"#"#"#2;"#"#"#JBBBBBBBBBBr