h'XdZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z m Z ddl Z ddlmZmZddlmZddlmZmZdd lmZmZdd lmZmZdd lmZdd lmZdd l m!Z!ej"e#Z$dZ%GddeZ&eGddZ'GddeZ(dS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N) dataclass)Path)ListOptional)ExitDetachedScanTypeMalwareScanResourceType)ScanAlreadyCompleteError)AIBOLIT AIBOLIT_PATH)parse_report_csvparse_report_json) DetachedDir DetachedScan)trim_file_content) MessageType)rmtreecxeZdZUdZeed<eed<eed<eed<iejdddd d Zdfd Zfd Z xZ S)AiBolitDetachedDirz/var/imunify360/aibolit/runcsv_report_pathjson_report_path listing_filescan_info_filez report.csvz report.jsonfilezscan_info.json)rrrrNcXt|||_dS)zB NOTE: Initialization should not create any files N)super__init__tmp_listing_file)self detached_idr __class__s [/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/scan/ai_bolit/detached.pyrzAiBolitDetachedDir.__init__Fs+ %%% 0ct|j1tj|jjt |j|SN)r __enter__rshutilcopyfilenamestrr)rr!s r"r&zAiBolitDetachedDir.__enter__MsL   , OD16DA;c:|jj5}tj|di}dddn #1swxYwYd|D}d|vr |d|d<d|vr |d|d<|S)z6Get scan performance metrics if present in the summarysummaryNc"i|] \}}|dv || S)) scan_time report_time finder_timecas_timedeobfuscate_time scan_time_hsscan_time_preg smart_time_hssmart_time_pregmem_peak total_filescpu_user cpu_systemrcharwcharsyscrsyscw read_bytes write_bytescancelled_write_bytesdecision_statserrorsr6).0kvs r" z.ts@   1 qr# ai_versionaibolit_version db_versionsignatures_version)r:rr<r=r>getitems)rfrCstatss r"get_reported_summaryz(AiBolitDetachedScan.get_reported_summaryos  / 4 4 6 6 6!ill&&y"55G 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6      : 7 " "'.|'FileNotFoundErrorJSONDecodeError)rr?s r"_get_progress_infoz&AiBolitDetachedScan._get_progress_infos "05577 %2y}} % % % % % % % % % % % % % % % % % %!4#78   III s3AA AAAA AA)(A)c>|jjSr%)r: done_fileexistsrs r"_is_scan_finishedz%AiBolitDetachedScan._is_scan_finisheds *11333r#c tt|dS#t$r|rdndcYSwxYw)Nprogressdr)intfloatrlKeyErrorrqrps r"rszAiBolitDetachedScan.progresssj :uT4466zBCCDD D : : :0022933 9 9 9 :s36"AAc t|dS#ttf$rYdSwxYw)N files_totalr)rurlrw ValueErrorrps r"total_resourcesz#AiBolitDetachedScan.total_resourcessM t..00?@@ @*%   11 s &)>>cP|jdkrdSdtS)Nrzpreparing file listz {} scanning)rsformatr rps r"phasezAiBolitDetachedScan.phases) =A  ((##G,,,r#returncF |jj5}tj|}dddn #1swxYwYn#t tjf$ri}YnwxYwt|dg|dS)Nr4r5)r4r5) r:rr<r=r>rjrkr3rc)rr?infos r"_load_scan_infoz#AiBolitDetachedScan._load_scan_infos "16688 %By}} % % % % % % % % % % % % % % %!4#78   DDD ##txx /D/D    s3A A A AA A A A('A(c|K|}d|j|j|j||di} |}n#t$r }t|d}~wwxYw | }|d |t||d<nc#t$r }t|d}~wt$rA}t||dd<g|d<tdYd}~nd}~wwxYwt!j|S)NrC)argsscanidtypestderrstdoutresultserrorzUnable to parse AI-BOLIT report)rr4r r5extract_stderrextract_stdoutrgrjr rAupdatelist Exceptionr*logger exceptionr MalwareScan)r scan_infomessagereported_summarye scan_datas r"completezAiBolitDetachedScan.completesy((** ! *!+--//--//   2#88::    2 2 2* 1 2 1**,,I I  % %&6 7 7 7!%iGI  ! 2 2 2* 1 @ @ @*-a&&GI w '!#GI    > ? ? ? ? ? ? ? ? @&w///s<A** B4A<<BC D'C D'&7D""D'cb |jjS#t$rYdSwxYwN)r:log_file read_textrjrps r"rz"AiBolitDetachedScan.extract_stdoutA $-7799 9    22   ..cb |jjS#t$rYdSwxYwr)r:err_filerrjrps r"rz"AiBolitDetachedScan.extract_stderrrrc@|rt|vSdS)NF)r cmdline)clsprocs r"process_is_suitablez'AiBolitDetachedScan.process_is_suitables"  24<<>>1 1ur#c@Kd}|tz}||kr^ |}nk#ttf$r&}t jdd{V|}Yd}~nd}~wwxYw||k^t d|j|dS tj |}| |r| dSdS#tj $r&}t d|Yd}~dSd}~wwxYw)NzMCannot find the aibolit process to kill (%s): %r. Assuming it's already dead.z4Problem when killing the running aibolit process: %s)AIBOLIT_PID_WAIT_TIMEget_pidrjrzasynciosleeprwarningr psutilProcessrkillError)rtimerrdeadlinepiderrrs r"kill_running_scan_processz-AiBolitDetachedScan.kill_running_scan_processsv57722egg   llnn%z2   mA&&&&&&&&&  egg   NN/      F >#&&D''--    |    NNF          s-;A2 A--A2'=C((D7DDTN) exit_typer scan_pathr5 scan_startedrrrr5rc K|r|d{V|j}t|j}t|j} |j} |"| r | d} | | dz}t d|j |} |j ddtj ||pd|p| j ||| | p| jd id} | tjdi| d{V|t jkr~tj}||d<| |d <td |d d z|dz| |d <d |d<|j |d<||d<| |d{V|jstd|dSt-t/|dS)Nz--pathrzScan %s was abortedrg) rrOtotal_malicious completedrstartedrpathrrr)rCroutrzScan was aborted: %sz, commandabortedrscan_idrzNo such directory: %sr6)rr:rrrrr4indexrrr timer5process_messagerrrABORTED ScanFailedrris_dirrr*)rsinkrrrr5rscan_dirrrr4rr scan_resultmsgs r"handle_aborted_processz*AiBolitDetachedScan.handle_aborted_process sL  30022 2 2 2 2 2 2 2$"8#455"8#455""$$(   IIh''EEAII )4+;<<<((** * #$!Y[["'.3!8Y%8!  ,y}    "";#:#I#I[#I#IJJJJJJJJJ ,4 4 4(**CCJCJ NN&E T(9CJ(F   !C N&C N!-C N#CK&&s++ + + + + + + +}##%% " NN2H = = = = = 3x== ! ! ! ! !r#)#r+r,r-rFILE RESOURCE_TYPErDETACHED_DIR_CLSrArgrlrqpropertyrsr{r~r3rrrrr*rr classmethodboolrr monotonicrrrrrvrr6r#r"r8r8]s+0M) ) ) )&&&P444::X: X --X-      0 70000>  $[ 59N>.5#'#'(,6"6"6" 6"  6" C= 6"C=6"uo6" 6"6"6"6"6"6"r#r8))__doc__rr=loggingr'r dataclassesrpathlibrtypingrrrimav.malwarelib.configrrimav.malwarelib.scanr imav.malwarelib.scan.ai_bolitr r $imav.malwarelib.scan.ai_bolit.reportr r imav.malwarelib.scan.detachedrrimav.malwarelib.scan.utilsr"defence360agent.contracts.messagesrdefence360agent.utilsr getLoggerr+rrrr3r8r6r#r"rs*  !!!!!!!!!!!!!! :99999????????DCCCCCCC888888::::::((((((  8 $ $B   e"e"e"e"e",e"e"e"e"e"r#