h#dZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z mZddlmZddlmZddlmZddlmZdd lmZdd lmZmZmZmZmZmZej e!Z"dd Z#Gd d eZ$GddeZ%GddeZ&dee'e(fde(fdZ)Gdde*Z+Gdde e'e+fZ,GddZ-dS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)suppress)DictListOptionalTupleUnion)MalwareSignatures) MessageTypebase64_encode_filename) MalwareTune)VulnerabilityHit) DeletionType ErrorTypeRescanResultTypeRevisiumCSVFileRevisiumJsonFileRevisiumTempFilecZtjrt||St||SN)r USE_JSON_REPORTrrtempdirmodes \/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/vulnerabilities/patcher.pypatcher_result_instancer0s-"/... 7D ) ))ceZdZdS)VulnerabilityPatcherLogN__name__ __module__ __qualname__rrrr6DrrceZdZdS)VulnerabilityPatcherProgressNr r$rrr'r':r%rr'ceZdZdZdS)VulnerabilityPatchFileListc|jd5}|d|DddddS#1swxYwYdS)Nwbc3:K|]}t|dzVdS) Nr ).0fs r z3VulnerabilityPatchFileList.write..As0MMq/22U:MMMMMMr)_pathopen writelines)selffilelistws rwritez VulnerabilityPatchFileList.write?s Z__T " " Na LLMMHMMM M M M N N N N N N N N N N N N N N N N N Ns AA A N)r!r"r#r7r$rrr)r)>s(NNNNNrr)valuereturncD t|S#t$rYdSwxYw)zbConvert str|int to int, in case errors return -2 -1 used as default value when storing CH )int ValueError)r8s r _parse_intr>Ds55zz rrs  c\eZdZdeeeeeffffd ZdZdZ dZ dZ xZ S)PatchResultEntrydatactt|ddt|dd|d|dt|ddt|ddt|dd|d d |d d  dS) Ndesr/rmbmahbha) rCrErFr/rG mtime_before mtime_after hash_before hash_after)super__init__r>get)r4rA __class__s rrRzPatchResultEntry.__init__Os #r**++#r**++3i3i#r**++#DHHT2$6$677"488D"#5#566r**xxb))  rc |s|rdS|dtjkr#td|ddS|dtjko|dtjkS)NFrEz2File has changed, assuming that it was patched: %sr/TrC) is_failedrequires_myimunify_protectionr NOT_CLEANEDUPloggerwarningNO_ERRORr PATCH_APPLIEDr4s r is_patchedzPatchResultEntry.is_patchedes NN    $ B B D D 5 9 / / / NNDd3i   4 I+ + 8S \77 rc.|dtjkSNrG)rDETECTEDr]s rrVzPatchResultEntry.is_failedvs I)2 2 rc.|dtjkSr`)rREQUIRED_ADVANCED_SIGNATURESr]s rrWz.PatchResultEntry.requires_myimunify_protection{sCy,IIIrcX| o|dtjkS)NrE)rVrFILE_NOT_EXISTSr]s r not_existzPatchResultEntry.not_exist~s&>>###NS Y5N(NNr) r!r"r#rstrrr<rRr^rVrWrf __classcell__rTs@rr@r@Ns T#uS#X"67      ,   "   JJJOOOOOOOrr@ceZdZdZd fd ZedeeefdefdZ deeefffd Z deeefffd Z xZ S) PatchResultz5 Cleanup result container for result entries Ncf|r-td|DdSdS)Nc:i|]}|dt|S)r/)r@)r.rEs r z(PatchResult.__init__..s'JJJaaf&6q&9&9JJJr)rQrR)r4reportrTs rrRzPatchResult.__init__sE  L GG  JJ6JJJ K K K K K L Lrhitr9c$t|d|S)N orig_file)getattr)rps r__keyzPatchResult.__keyssK---rclt||Sr)rQ __contains___PatchResult__keyr4rprTs rrvzPatchResult.__contains__s%ww##DJJsOO444rclt||Sr)rQ __getitem__rwrxs rrzzPatchResult.__getitem__s%ww""4::c??333rr) r!r"r#__doc__rR staticmethodrrgrrwrvrzrhris@rrkrksLLLLLL.5../.C...\.5c+;&; <5555554uS*:%:;4444444444rrkc eZdZdZejZddZdddZede de e d e d e ed e ef d Zd efdZdeee e e e ffdZdS)VulnerabilityPatcherz/opt/ai-bolit/procu2.phpNcL|r|ntj|_||_dSr)asyncioget_event_loop_loop_sink)r4loopsinks rrRzVulnerabilityPatcher.__init__s&!?TTw'='?'?  rT)use_csvc Td|jddddd|zdd|zd d |zd |zg }|r|d |zgn|d |zgtj|jr/|d||j|S)Nz/opt/ai-bolit/wrapperz --deobfuscatez --nobackupz--patch-vulnerabilitiesz--rescanz --list=%sz--input-fn-b64-encodedz --username=%sz--report-hashesz--log=%sz --progress=%sz--csv_result=%sz --result=%sz--avdb) PROCU_PATHextendospathexistsPROCU_DBappend)r4filename progress_path result_pathlog_pathusernamercmds r_cmdzVulnerabilityPatcher._cmds $ O   %  ( " $ h &   ! m +    6 JJ)K78 9 9 9 9 JJ 34 5 5 5 7>>$- ( ( & JJx JJt} % % % rexcr returncodestdoutstderrc t|jj||||dnd||dndS)Nreplace)errorsrK) exception return_codecommandouterr)dictrTr!decode)rrrrrs r_get_patcher_error_infoz,VulnerabilityPatcher._get_patcher_error_infos_m,"393E Y ///2393E Y ///2     rinfocBK|jr tji|dtt ji}|j|d{VdS#t j$rt$rt dYdSwxYwdS)N timestampz+Exception while sending PatchFailed message) rr VulnerabilityPatchFailedr<timeprocess_messagerCancelledError ExceptionrYr)r4rmsgs r_send_failed_messagez)VulnerabilityPatcher._send_failed_messages : P P!:?t? S-=-=>?j0055555555555)    P P P  !NOOOOOO P P PsAA%%3BBr9c>Ktj}t|}t|t}t |d5}t |d5t |5}|5}t|5} ||| |j |j |j | j ||} t dd | d\} } d} tjj| tjtjdd{V} | d{V\} } |}n#tj$rD| r@t+t,5| dddn #1swxYwYt0$r&}||| | r| jnd | | }td |d d |d d|di|d|i|i|t=t?|d{VtAtC|| fcYd}~cdddcdddcdddcdddcdddSd}~wwxYwtA|d| fcdddcdddcdddcdddcdddS#1swxYwYdddn #1swxYwYdddn #1swxYwYdddn #1swxYwYddddS#1swxYwYdS)N)rir)rrz Executing %s )rr)rr~z'Patch vulnerabilities failed exit_code=rz: %srrr)extra)message)"tempfile gettempdirr isinstancerr)r'rr7rrrYdebugjoinr subprocesscreate_subprocess_execPIPE communicatereadrrProcessLookupError terminaterrrerrorrSrrrgrkrepr)r4userr5r result_filerflistprogressresultlogrrrprocrorrs rstartzVulnerabilityPatcher.starts %''-g>>> [/:: '%   7 2 .%   7 27 2 (   7 2 { 7 2 '-.E/ / / 7 2 KK ! ! !))!  C LL# 7 7 7HCD 5$/F%?%? "&!1!1!3!3333333S)   )!"455))((())))))))))))))) 5 5 533'+4DOO 4 @"&((="9"9@@@xx::%::4T4;44  //6t6tCHH5556#}}d3ii444444k7 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 2F 5(v&&c1o7 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 27 2s# NM:/M#2M A:L5 >A"E" L5 "%K$ F( K$ (F,,K$ /F,0K$ >CK K$ L5 " M . M#: M: NK$ $L5 8 M  M# M: N5L99M <L9=M M# M M#M M# M:#M' 'M:*M' +M:. N:M> >NM> NNNNN)r!r"r#rr rrRrr|rrrgr<rbytesrrrrrkrr$rrr~r~s+J )H!!!!!F    #Y          \   Pt P P P P@2 {HSM494 5 @2@2@2@2@2@2rr~r).r{rloggingrrrr contextlibrtypingrrrrr defence360agent.contracts.configr "defence360agent.contracts.messagesr defence360agent.utilsr imav.contracts.configr imav.malwarelib.modelrimav.malwarelib.utils.revisiumrrrrrr getLoggerr!rYrrr'r)rgr<r>rr@rkr~r$rrrs*  55555555555555>>>>>>::::::888888------222222  8 $ $****      .        #3   NNNNN!1NNN eCHo#1O1O1O1O1Ot1O1O1Oh44444$s,,-444(G2G2G2G2G2G2G2G2G2G2r