hj, VdZddlZddlZddlZddlZddlmZddlmZm Z m Z m Z ddl m Z mZddlmZmZddlmZddlmZdd lmZdd lmZmZdd lmZmZdd lmZej e!Z"ej#$ej#j%zrd Z&ndZ&ej'(dej)Z*ej'(ddZ+ej'(ddZ,e-ej'(ddZ.e-ej'(ddZ/dZ0dZ1dZ2dZ3Gdde4Z5Gdde4Z6Gd d!e7Z8Gd"d#ej9Z:d$Z; d6d%ee2fd%e. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see Utilities to help upload a malicious file.N) dataclass)AnyAsyncGeneratorIterableList)quote_from_bytesurljoin)Requesturlopen)utils)Core)Malware) LicenseCLN LicenseError)IAIDTokenErrorIndependentAgentIDAPI) MalwareTunez/opt/alt/curlssl/usr/bin/curlz/opt/alt/curlssl11/usr/bin/curlI360_MRS_API_BASE_URLI360_MRS_ENDPOINT_UPLOADz api/v1/uploadI360_MRS_ENDPOINT_CHECKzapi/v1/check-known-hashesIMUNIFY360_POST_FILE_TIMEOUTi%IMUNIFY360_HTTP_REQUEST_RETRY_TIMEOUT<false_negativefalse_positiveunknowniceZdZdZdS) ClientErrorzcHTTP client error. It is used to hide what specific http client is used by upload_file(). N)__name__ __module__ __qualname____doc__[/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/utils/malware_response.pyrrDsr$rceZdZdS)FileTooLargeErrorNrr r!r#r$r%r'r'KDr$r'ceZdZdS) UploadFailureNr(r#r$r%r+r+Or)r$r+cReZdZdZd dedefdZedZdZdZ d Z d Z dS) MalwareHitPathzm Wrapper that is used to send a file whose original contents may be located in a different path. N content_path real_pathc"||_||_dSN) _content_path _real_path)selfr.r/s r%__init__zMalwareHitPath.__init__Ys)#r$c|jSr1)r2r4s r%r.zMalwareHitPath.content_path]s !!r$ct|tr |j|jko|j|jkS|j|kSr1) isinstancer-r2r3)r4others r%__eq__zMalwareHitPath.__eq__asI e^ , , "e&998Ou'77 !U**r$c,|j|jS|jSr1)r3r.r7s r%__str__zMalwareHitPath.__str__is ? &? "  r$c*|Sr1r=r7s r%__repr__zMalwareHitPath.__repr__n||~~r$c*|Sr1r?r7s r% __fspath__zMalwareHitPath.__fspath__qrAr$r1) rr r!r"strr5propertyr.r;r=r@rCr#r$r%r-r-Ss $$S$S$$$$""X"+++!!! r$r-ctj}|d|d|d|d|d|dd}d|D}|S) Nidlimitstatustoken_expire_utctoken_created_utcsign)zI360-Idz I360-Limitz I360-StatuszI360-Token-Expire-UtczI360-Token-Created-Utcz I360-Signc4i|]\}}|t|Sr#)rD).0keyvalues r% z%_token_to_headers..s$AAA:3sCJJAAAr$)r get_tokenitems)tokenheaderss r%_token_to_headersrVusm  " "E;GnX!&'9!:"'(;"<6] GBAAAAG Nr$filec K|i}d|D}|}t|tr|j}t t j|dd}t jtg|zdt|dg|duzzddt j| d d  d d |fzd dd|dgz}tj |d{V\}} } |dkrC|dkrtn|dkrtnt} | djdit#| S)z Post *file* as multipart/form-data to *url* with given HTTP *headers*. Return server response as bytes (http body). Raise TimeoutError on timeout. Raise ConnectionError if failed to connect to host. Raise ClientError on error. Ncng|]2\}}d|d|dfz3S)s-H%s: %sasciizlatin-1)encode)rNheaderrPs r% z_post_file..sN FE v}}W--u||I/F/FGGr$)saferZs --max-times--formsfile=@"%s";filename="%s"\s\\"s\"s--fails--silents --show-errorrzNFailed to post {file} to {url}: curl: cmd={cmd}, rc={rc}, out={out}, err={err}r#)rSr9r-r.rosfsencoder[_CURLrDreplacer runConnectionError TimeoutErrorrformatvars) rWurlrUtimeout headers_argsr.quoted_full_pathcmdrcouterrErrors r% _post_filervs$]]__LL$'')( ' D(9(9CCCJJ U     #g,,--g66 77$;N O P  ' L))((v&&      JJw    ,3''''''LBS QwwQww ORxx e B  vv     Jr$c$Ktjstdtj|}|t jkr.td ||t jttt}itd|i}t|||td{V}t!j|}t&d|||S)z Upload a file to Malware Response Service. :param file: path to file :param upload_reason: one of 'unknown', 'false_positive', 'false_negative' :return: dict representing json response :raises LicenseError: zCFile uploading to Malware Responce Serivce requires a valid licensez@File {} is {} bytes, files larger than {} bytes are not allowed.I360-Upload-ReasonrnNzUploaded file %r to the Malware Response Service with reason: %s. More info: https://blog.imunify360.com/malware-protection-powered-by-imunify-cloudav)ris_validrrdpathgetsizeConfigMAX_MRS_UPLOAD_FILEr'rkr _API_BASE_URL_ENDPOINT_UPLOADrVrv_POST_FILE_TIMEOUTjsonloadsdecodeloggerinfo)rW upload_reason file_sizermrU response_bodyresults r% upload_filers?     '   %%I6--- %vi!;      -!1 2 2C   mG% c7$6MZ ,,.. / /F KK U   Mr$c Kgd}t|dz}t|dD]\}}t|d|d{V}|sdSt|trt d|dSt d|||||tj|d{Vt|d |d{VdS) zW :raises LicenseError, ClientError, TimeoutError, ConnectionError, )g?g@(d)startF) raise_errorsrNz+File %s is too big. Stop retrying to uploadzKAttempt %d/%d: failed uploading file %s, reason: %s. Retrying in %s secondsT) len enumerate _try_uploadr9r'rwarningasynciosleep)rWrdelays max_triesipauseerrors r%upload_with_retriesrs;- , ,FF aIfA...PP5! uM           EE e. / /  NNH$ O O O EE        mE""""""""""$TOOOOOOOOOOOOr$rcK t||d{VdS#ttttf$r}|rt d|||cYd}~Sd}~wwxYw)zReturn error instead of raising it unless *raise_errors* is true. :raises LicenseError: :raises ClientError, TimeoutError, ConnectionError, FileTooLargeError: if raise_errors is True rNzFailed to upload file %s)rrrir'rjr+)rWrres r%rrs $m<<<<<<<<<<t     I :DAAq HsAAAAc$eZdZUeed<eed<dS)HitInforWhashN)rr r!rD__annotations__r#r$r%rr/s" III IIIIIr$rloophashesreturnc Kt|}tjr!td|WVdS t jd{V}n3#t$r&}td|Yd}~dSd}~wwxYwttt}||dd}tj ||}tjdtj5|D]} d| i} tjdt!| d tj5 t#|t%|t'j| |d d{V} | d WVn2#t,$r%}td |Yd}~nd}~wwxYwdddn #1swxYwY ddddS#1swxYwYdS)Nz0NO_CHECK_KNOWN_HASHES is enabled, skipping checkz Failed to acquire IAID token: %szapplication/json)zX-Authrxz Content-TypezCheck known hashes)logrzCheck z hashesPOST)datarUmethodunknown_hashesz Failed to check known hashes: %s)listrNO_CHECK_KNOWN_HASHESrrrrRrrr r_ENDPOINT_CHECKr split_for_chunktimeitrr _do_requestr rdumpsr[ Exception) rrr chunk_sizerTrrmrUchunkschunkrequestrs r%check_known_hashesr5s &\\F( GHHH +577777777 91=== - 1 1C+*G  "6: 6 6F * < < <JJ J JE'G:s5zz::: LLL J J J#.!%G!4!4!;!;!=!=$+#) $$F!!1222222 JJJNN#EqIIIIIIIIJ J J J J J J J J J J J J J J J JJJJJJJJJJJJJJJJJJJsyA B $BB ":G F3AE54F35 F$ ?F F3F$ $F3' G 3F7 7G :F7 ;G  GGc|Ktd||tjd|zd{VdS)Nz#%s sleep on: %s)rrrr) exceptionattempts r% backoff_sleepresI NN%w ::: -W % %%%%%%%%%%r$)on_errorrnrcJK|dt|d{VSr1)run_in_executor_do_request_sync)rrs r%rrjsG %%       r$ctd|jt|jt |t j5}|jdkrGt d|jtd |jtj |cdddS#1swxYwYdS)NzRequesting %s, data size %sryrzHTTP response status code is %szstatus code is {})rrfull_urlrrr r DEFAULT_SOCKET_TIMEOUTrIrrrkrrreadr)rresponses r%rrws  KK%w'7W\9J9J $"= > > >4( ?c ! ! NNrs...  !!!!!!66666666666622222222++++++++!!!!!!111111>>>>>>FFFFFFFF.-----  8 $ $  5#6#==. +EE -E 68IJJ :>>"