h2;rdZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZmZddlZddlmZmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZm Z ddl!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'ddl(m)Z)m*Z*ddl+m,Z,m-Z-ddl.m/Z/dZ0ej1e2Z3Gdde4Z5Gdde%Z6Gdde%Z7Gdde%Z8e GddZ9Gdde&eZ:Gd d!e:e'Z;Gd"d#e:eZ<Gd$d%e<Z=Gd&d'e<Z>dS)(u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)ABC) dataclass)Path)ListOptional)Message MessageType)g)TheSink) hosting_panel)rmtree) to_thread)ExitDetachedScanTypeMalwareScanResourceType)ScanAlreadyCompleteError ScanInfoError) DetachedDirDetachedOperation DetachedScan)MDSMDS_PATH)MalwareDatabaseHitInfo scan_report)trim_file_contentceZdZdS)DetachedOperationFailedN)__name__ __module__ __qualname__V/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/scan/mds/detached.pyrrBsDr"rcPeZdZUdZeed<eed<eed<iejddddZdS) MDSDetachedScanDirz/var/imunify360/dbscan/run/scan ignore_file report_filescan_info_fileignorezscan_info.json)r&r'r(Nrrr DETACHED_DIRr__annotations__rFILESr!r"r#r%r%Fsc4L    $*    EEEr"r%c8eZdZUdZeed<iejddiZdS)MDSDetachedCleanupDirz /var/imunify360/dbscan/run/cleanr'Nr*r!r"r#r/r/UsB5L    }  EEEr"r/c8eZdZUdZeed<iejddiZdS)MDSDetachedRestoreDirz"/var/imunify360/dbscan/run/restorer'Nr*r!r"r#r1r1`sB7L    }  EEEr"r1cPeZdZUeeed<dZeed<dZeed<dZe ed<dS) DbScanInfocmdN scan_type initial_pathrstarted) rrr rstrr,r5r6r7intr!r"r#r3r3ksO cNNNIsL#GSr"r3c&eZdZddeffd ZxZS)MDSDetachedOperationrreturncHt|S)N) start_time)superget_detached_process_state)selfr> __class__s r#r@z/MDSDetachedOperation.get_detached_process_statetsww11Z1HHHr")r)rrr r8r@ __classcell__)rBs@r#r;r;ssUII#IIIIIIIIIIr"r;cXeZdZejZeZdZdZ e dZ e dZ e dZ deefdZdZedefd Zdejfd Zejfd Zejd d d d d ddddededeedeedeedeeedededd fdZ d S)MDSDetachedScanc>|jjSN) detached_dir done_fileexistsrAs r#_is_scan_finishedz!MDSDetachedScan._is_scan_finished|s *11333r"c |jj5}tj|cdddS#1swxYwYdS#t tjf$ricYSwxYwrG)rH progress_fileopenjsonloadFileNotFoundErrorJSONDecodeError)rAfps r#_get_progress_infoz"MDSDetachedScan._get_progress_infos "05577 %2y}} % % % % % % % % % % % % % % % % % %!4#78   III s3AA AAAA AA)(A)c|} tt|dS#t$r|rdndcYSwxYw)N progress_maindr)rUr9floatKeyErrorrL)rA progress_infos r#progresszMDSDetachedScan.progressso//11  :u]?;<<== = : : :0022933 9 9 9 :s!8"AAcP|jdkrdSdtS)Nrz avd scanningz {} scanning)r\formatrrKs r#phasezMDSDetachedScan.phases( =A  !>##C(((r"ct t|dS#t$rYdSwxYw)Ntotal_db_countr)r9rUrZrKs r#total_resourceszMDSDetachedScan.total_resourcessI t..001ABCC C   11 s &) 77r<cd |jj5}tj|}dddn #1swxYwY|jjj}n#ttj f$rYdSwxYwt|d|d|d|S)Nr4r5r6)r4r5r6r7) rHr(rOrPrQpathstatst_mtimerRrSr3)rArTinfor7s r#_load_scan_infozMDSDetachedScan._load_scan_infos "16688 %By}} % % % % % % % % % % % % % % %',11338w+> >ur"cKx}ttj|j|jj|j} fdjj dD}nj#t$r }t|d}~wt$rH}td|t#||cYd}~Sd}~wwxYw|s|d|S|D]B}tj|j}t&j|d{VCt-|jd{V}|||S)N)argsrdscan_idtypec:g|]}|Sr!rl).0r'rAs r# z,MDSDetachedScan.complete..s7((55r" report*.jsonzUnable to parse MDS reportzNo reports foundrw)rhrr MalwareDatabaseScanr4r6 detached_idr5rHrdglobrRr Exceptionlogger exceptionupdate_with_errorr8 MDSReportr sinkprocess_messagerupdate_with_report)rA scan_infomessagehit_report_listereport report_msg result_reports` r#completezMDSDetachedScan.completes--// /I 8 1'$$     #'#4#9#>#>~#N#NOO! 2 2 2* 1      9 : : :  % %c!ff - - -NNNNNN     % %&8 9 9 9N% 5 5F$. 0J&((44 4 4 4 4 4 4 4 4)/4;KLLLLLLLL ""=111s*+A:: C!B  C!=CC!C!c@Kd}|tz}||kr^ |}nk#ttf$r&}t jdd{V|}Yd}~nd}~wwxYw||k^t d|j|dS tj |}| |r| dSdS#tj $r&}t d|Yd}~dSd}~wwxYw)NzICannot find the mds process to kill (%s): %r. Assuming it's already dead.z0Problem when killing the running mds process: %s)MDS_PID_WAIT_TIMEget_pidrR ValueErrorasynciosleeprwarningrpsutilProcessrtkillError)rAtimererrordeadlinepiderrrss r#kill_running_scan_processz)MDSDetachedScan.kill_running_scan_processsv577..egg   llnn%z2   mA&&&&&&&&&  egg   NN/      F >#&&D''--    |    NNBC          s-;A2 A--A2'=C((D7DDTN) exit_typer scan_pathr5 scan_startedr4outrrrrr5rr4rrc K|r|d{V|ptg} |p| j}|p| j}|p| j}t |p| j}|tj ||||j ||t tj d{V|j } |tjkrt!| jp|} t!| jp| } tj}| |d<| |d<t(d|j | | ||d<d|d <|j |d <||d <||d{V| jst(d | dSt1t3| dS) aRemoves aborted detached scan from scan_queue and writes it to DB. - Parses data about scan from scan_queue and writes it to DB - Kills scan process, if it exists - Deletes scan_dir - Processes MalwareScan and ScanFailed(in case of 'ABORTED') messages :param sink: the sink to send messages :param exit_type: 'ABORTED' by default, if stopped by user, then 'STOPPED' :param kill: try to kill a process :param scan_path: which path was scanned :param scan_type: what is the scan's type :param scan_started: when was the scan started (if known) :param cmd: command line arguments :param out: command stdout :param err: command stderr N)r4)rvrrdrwrxr7 completedrrzScan %s was aborted: %s, %scommandabortedrrwrdzNo such directory: %s)rrhr3r4r6r5r9r7rr rrtimerHrABORTEDrlog_fileerr_file ScanFailedrrrdis_dirr r8)rArrrrr5rr4rrrscan_dirstdoutstderrmsgs r#handle_aborted_processz&MDSDetachedScan.handle_aborted_processs >  30022 2 2 2 2 2 2 2((**@jR.@.@.@ "Y]7!7 4!4 <<9+<== ""  +($dikk**      $ ,4 4 4&x'899@SF&x'899@SF(**CCJCJ NN-t/?   !C N&C N!-C N#CK&&s++ + + + + + + +}##%% " NN2H = = = = = 3x== ! ! ! ! !r")!rrr rDB RESOURCE_TYPEr%DETACHED_DIR_CLSrLrUpropertyr\r_rbrr3rhrl classmethodboolrtr rrr monotonicrrrr8rYrrr!r"r#rErExs+.M)444::X:))X) X  *!5        $[ # ?####J59N>.5#'#'(,#'E"E"E" E"  E" C= E"C=E"uoE"d3i E"E"E" E"E"E"E"E"E"r"rEcHeZdZdZdZdZdefdZedZ de fdZ dS)MDSDetachedMutableOperationz=Parsing of operations that can succeed or fail for any DB hitNr<cKi} fdjjdD}|d{V}|sdjdS|D]B}t j|j}tj |d{VCj d i|S#t$r }t|d}~wt$rb}t!||d<t"djd t!|cYd}~Sd}~wwxYw) Nc:g|]}|Sr!rz)r{rrAs r#r|z8MDSDetachedMutableOperation.complete..Es7((00r"r}zNo z reports foundrr~rzUnable to parse MDS z reportr!)rHrdr _parse_reportFAIL_MSGNAMEr rrr rr SUCCESS_MSGrRrrr8rr)rArrrrrs` r#rz$MDSDetachedMutableOperation.completeBs /"/499.IIO!..????????G# L}}+J+J+J+J}KKK) 9 9(2D$4 f,,Z8888888888#4#..g.. .!! 2 2 2* 1& / / /"1vvGG    FDIFFF G G G==s1vv=.. . . . . . . /s+AC E C EAD<6E<Ec|5}tj|cdddS#1swxYwYdSrGrj)r'rks r#rlz/MDSDetachedMutableOperation._load_single_report\s      19Q<<                  rmc HKttjd{V}t t jd{V}t}t}|D]}|dx}r3td|j d|t||ds0| tj ||||jw| tj ||||j||dS)N error_listzErrors in MDS z: %srows_with_error) succeededfailed)setr HostingPanel get_usersrpwdgetpwallrrrraddr from_reportr)rArusers_from_panelpw_allrrrerrorss r#rz)MDSDetachedMutableOperation._parse_reportasO]%?%A%A%K%K%M%MMMMMMMNN ........EE %  F --v 6 =di===vFFF-f555+,  *6 0&$:J  *6 0&$:J '&999r") rrr __doc__rrrr staticmethodrldictrr!r"r#rr<suGGKH/////4  \ :d::::::r"rc eZdZdZeZejZej Z e dej fdZ ejdddededeeddfd Zedefd ZdS) MDSDetachedCleanupcleanupr<c6tj|jSNr~)r MalwareCleanCompleterrKs r#on_complete_messagez&MDSDetachedCleanup.on_complete_messages"/$    r"Nrrrrrc K|tjks Jdtd|j|t |jj}t |jj}tj d|d|jd|d|}| |d{Vtj t|jjd dS) Nz;Cleanup cannot be stopped, only aborted status is supportedzCleanup %s was %spath: , detached_id: , out: , err: rT ignore_errors)rrrrgrrrHrrr MalwareDatabaseCleanupFailedrshutilr r8rdrArrrrrrs r#rz)MDSDetachedCleanup.handle_aborted_processs -5 5 5 5 H 6 5 5  ')99EEE"4#4#=>>"4#4#=>>6!!! $ 0!!!!!!   ""3''''''''' c$+011FFFFFFr"cL|r!|}t|vod|vSdS)Nz--cleanFrorqs r#rtz&MDSDetachedCleanup.process_is_suitables2  @llnnGw&?9+? ?ur")rrr rr/rr MalwareDatabaseCleanuprrrrrrrrr r8rrrrrtr!r"r#rr{s D,4K7H  [%E   X .5#' GGGG G C= G  GGGG:$[r"rc eZdZdZeZejZej Z e de fdZ edejfdZejdddeded eeddfd ZdS) MDSDetachedRestorerestorer<cL|r!|}t|vod|vSdS)Nz --restoreFrorqs r#rtz&MDSDetachedRestore.process_is_suitables2  BllnnGw&A;'+A Aur"c6tj|jSr)r MalwareRestoreCompleterrKs r#rz&MDSDetachedRestore.on_complete_messages"1$    r"Nrrrrc K|tjks Jdtd|j|t |jj}t |jj}tj d|d|jd|d|}| |d{Vtj t|jjd dS) Nz;Restore cannot be stopped, only aborted status is supportedzRestore %s was %srrrrrTr)rrrrgrrrHrrr MalwareDatabaseRestoreFailedrrr r8rdrs r#rz)MDSDetachedRestore.handle_aborted_processs -5 5 5 5 H 6 5 5  ')99EEE"4#4#=>>"4#4#=>>6!!! $ 0!!!!!!   ""3''''''''' c$+011FFFFFFr")rrr rr1rr MalwareDatabaseRestorerrrrrrtrrrrrr r8rrr!r"r#rrs D,4K7H$[  [%G   X .5#' GGGG G C= G  GGGGGGr"r)?rrrPloggingrrrabcr dataclassesrpathlibrtypingrrr"defence360agent.contracts.messagesrr &defence360agent.internals.global_scoper "defence360agent.internals.the_sinkr defence360agent.subsys.panelsr defence360agent.utilsr defence360agent.utils.threadsrimav.malwarelib.configrrimav.malwarelib.scanrrimav.malwarelib.scan.detachedrrrimav.malwarelib.scan.mdsrrimav.malwarelib.scan.mds.reportrrimav.malwarelib.scan.utilsrr getLoggerrrrrr%r/r1r3r;rErrrr!r"r#r s*  !!!!!!!!!!!!!! CCCCCCCC444444666666777777((((((333333 32222222988888  8 $ $     i           KK  IIIII,cIII A"A"A"A"A"*LA"A"A"H<:<:<:<:<:"6<:<:<:~.....4...b,G,G,G,G,G4,G,G,G,G,Gr"