hdZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZddlmZdd lmZmZdd lmZejeZGd d e ZdS) u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)suppress) MessageType) MessageSource)MalwareScanType)parse_report_json) ScanResult)InotifyWatcher)create_task_and_log_exceptionsceZdZdZdZejdZdZdZ dZ dZ dZ d e d efd Zd e fd Zd efdZdZdZdZdS)AibolitResultsScanz Plugin to handle generated ai-bolit scan reports. Checks the contents of the *RESULT_SCAN_DIR* for the presence ai-bolit report files that match the *REPORT_FILE_MASK* pattern processes and deletes them. z$/var/imunify360/aibolit/resident/outz!^(?P[0-9a-f-]{36})\.report$c"d|_d|_dSN)_watcher _init_taskselfs `/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/aibolit_result_scan.py__init__zAibolitResultsScan.__init__3s cdK||_||_t|j|j|_dSr)_loop_sinkr _init_handling_and_setup_watcherr)rloopsinks r create_sourcez AibolitResultsScan.create_source7s3  8 J=  rcK|j&|j|jd{V|dSr)rcancel_shutdown_watcherrs rshutdownzAibolitResultsScan.shutdown>sT ? & O " " $ $ $/ ! ! ! ! ! ! !      rctj|jddt|j|j|_|j|jtj dS)NiT)modeexist_ok) coro_callback)pathmask) osmakedirsRESULT_SCAN_DIRr r_handle_incoming_reportrwatchencoder MOVED_TOrs r_setup_watcherz!AibolitResultsScan._setup_watcherDs~ D(utDDDD Jd&B     %,,..W5E      rcJ|j|jdSdSr)rclosers rr z$AibolitResultsScan._shutdown_watcherOs, = $ M   ! ! ! ! ! % $rreportreturnc|d}dt|D}|d}t||tj}|d|_|dg|_|d}|d}||z }|||t|g|_|S) Nsummarycg|] }|d S) file_name).0hits r zCAibolitResultsScan._get_scan_result_from_report..UsFFFSK FFFrscan_id)r< scan_type total_fileserrors report_time scan_time) rgetrrREALTIMEr>r?set_start_stopscans) rr2report_summaryr&r< scan_resultend_timerA start_times r_get_scan_result_from_reportz/AibolitResultsScan._get_scan_result_from_reportSs *FF,=f,E,EFFF $$Y// '_-E   #1"4"4]"C"C +//"== !%%m44"&&{33  ) "":x888.v667 rcK ||}|d{V}|jt jdi|d{VdS#tj$rt$r9}t d ||Yd}~dSd}~wwxYw)Nz:Error '{!r}' occurred while processing ai-bolit report: {}r8) rJrBrprocess_messager MalwareScanto_dictasyncioCancelledError Exceptionlogger exceptionformat)rr2rGresultexcs r_handle_reportz!AibolitResultsScan._handle_reportfs" ;;FCCK&??,,,,,,,,F*,,';;&..*:*:;;         %          &&,fS&&9&9          sA0A66C.CCr&cK|jtj|}|r"tj|r t |5}tj|}dddn #1swxYwY|d d| d| |d{Vn8#tj $r&}td||Yd}~nd}~wwxYwtt 5tj|ddddS#1swxYwYdSdSdS)Nr5r<uuidz*Problem with parsing %s aibolit report: %s)REPORT_FILE_MASKmatchr(r&basenameisfileopenjsonload setdefaultgrouprWJSONDecodeErrorrRwarningrFileNotFoundErrorunlink)rr& match_filefr2rVs rhandle_report_filez%AibolitResultsScan.handle_report_fileus*001A1A$1G1GHH  "'....  2$ZZ*1!Yq\\F***************y!,,z//77))&1111111111'   @$ +,,   $                      sNC$-B C$BC$BC$$D3DD0EEEcKtd|tjtj|jtj|j}||d{VdS)NzInotify event: %s)rRinfor(r&joinfsdecodenameri)revent report_files rr+z*AibolitResultsScan._handle_incoming_reports{ '///gll K # #R[%<%<  %%k22222222222rcKtj|jrZtj|j5}|D]"}||jd{V# ddddS#1swxYwYdSdSr)r(r&existsr*scandirri)ritentrys r_handle_existing_reportsz+AibolitResultsScan._handle_existing_reportss 7>>$. / / >D011 >R>>E11%*==========> > > > > > > > > > > > > > > > > > > > >s&A44A8;A8cfK|d{V|dSr)rvr/rs rrz3AibolitResultsScan._init_handling_and_setup_watchersB++--------- rN)__name__ __module__ __qualname____doc__r*recompilerZrrr!r/r dictrrJrWstrrir+rvrr8rrr r (s=O!rz"FGG   !!!    """4J& 4     S    $333>>> rr )r{rOr_loggingr(r| contextlibr"defence360agent.contracts.messagesr!defence360agent.contracts.pluginsrimav.malwarelib.configr$imav.malwarelib.scan.ai_bolit.reportr imav.malwarelib.scan.scan_resultrimav.malwarelib.subsys.ainotifyr r defence360agent.utilsr getLoggerrxrRr r8rrrs$*  ::::::;;;;;;222222BBBBBB777777<<<<<<<<@@@@@@  8 $ $nnnnnnnnnnr