Some structural changes, added GZIPSubmodule as example (without func…

…tionality).
TheHive-Project · Mar 26, 2018 · 8f46f15 · 8f46f15
1 parent d115ac9
commit 8f46f15
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 11 deletions.
diff --git a/analyzers/FileInfo/fileinfo_analyzer.py b/analyzers/FileInfo/fileinfo_analyzer.py
@@ -1,4 +1,6 @@
 #!/usr/bin/env python
+import pyexifinfo
+
 
 from cortexutils.analyzer import Analyzer
 from submodules import *
@@ -9,18 +11,32 @@ def __init__(self):
         Analyzer.__init__(self)
         self.filepath = self.get_param('file', None, 'File parameter is missing.')
         self.filename = self.get_param('filename', None, 'Filename is missing.')
+        self.filetype = pyexifinfo.fileType(self.filepath)
+        #self.auto_extract = False
 
-        # Create a dictionary of submodules
+        # Create a dictionary of custom submodules
         self.available_submodules = [
-            MetadataSubmodule()
+            GZIPSubmodule()
         ]
 
     def run(self):
+        results = []
+
+        # Add metadata to result directly as it's mandatory
+        m = MetadataSubmodule()
+        results.append({
+            'submodule_name': m.name,
+            'results': m.analyze_file(self.filepath)
+        })
 
         for module in self.available_submodules:
-            if module.check_file(self.filepath):
+            if module.check_file(file=self.filepath, filetype=self.filetype):
                 # temporary report
-                self.report(module.analyze_file(self.filepath))
+                results.append({
+                    'submodule_name': module.name,
+                    'results': module.analyze_file(self.filepath)
+                })
+        self.report(results)
 
 
 

diff --git a/analyzers/FileInfo/submodules/__init__.py b/analyzers/FileInfo/submodules/__init__.py
@@ -1 +1,2 @@
-from .submodule_metadata import MetadataSubmodule
+from .submodule_metadata import MetadataSubmodule
+from .submodule_gzip import GZIPSubmodule
diff --git a/analyzers/FileInfo/submodules/submodule_base.py b/analyzers/FileInfo/submodules/submodule_base.py
@@ -12,18 +12,25 @@ def get_name(self):
         """
         return self.name
 
-    def check_file(self, path):
+    def check_file(self, **kwargs):
         """
-        Checks if a file can be analyzed by the respective submodule.
+        Checks if a file can be analyzed by the respective submodule. This can be done using the file-parameter or the
+        filetype-parameter (fileType() of pyexiftool). Submodules can choose how to check, if a file fits their analysis
+        method.
+        If this returns true, the analyze_file() function gets called.
 
+        :param file: used for checking compatiblity for a file directly.
+        :type file: str
+        :param filetype: used for checking compatibility for a file using the filetype string of pyexiftool.fileType().
+        :type filetype: str
         :return: true on success, false otherwise
         :rtype: bool
         """
         return False
 
     def analyze_file(self, path):
         """
-        This starts the analyzation process.
+        This starts the analyzation process. Depends on the return value of check_file().
 
         :param path: path to file
         :return:

diff --git a/analyzers/FileInfo/submodules/submodule_gzip.py b/analyzers/FileInfo/submodules/submodule_gzip.py
@@ -0,0 +1,18 @@
+from .submodule_base import SubmoduleBaseclass
+
+
+class GZIPSubmodule(SubmoduleBaseclass):
+    """This is just for showing how to include a submodule. No real functionality here."""
+
+    def __init__(self):
+        SubmoduleBaseclass.__init__(self)
+        self.name = 'GZIP Test'
+
+    def check_file(self, **kwargs):
+        if kwargs.get('filetype') == 'GZIP':
+            return True
+        return False
+
+    def analyze_file(self, path):
+        self.add_result_subsection('TEST', {})
+        return self.results
diff --git a/analyzers/FileInfo/submodules/submodule_metadata.py b/analyzers/FileInfo/submodules/submodule_metadata.py
@@ -1,6 +1,7 @@
 import magic
 import hashlib
 import io
+import pyexifinfo
 
 from .submodule_base import SubmoduleBaseclass
 from ssdeep import Hash
@@ -11,7 +12,7 @@ def __init__(self):
         SubmoduleBaseclass.__init__(self)
         self.name = 'Metadata'
 
-    def check_file(self, path):
+    def check_file(self, **kwargs):
         """
         Metadata submodule will analyze every file, therefore it will always return true.
 
@@ -42,9 +43,10 @@ def analyze_file(self, path):
         # Get libmagic info
         magicliteral = magic.Magic().from_file(path)
         mimetype = magic.Magic(mime=True).from_file(path)
-        self.add_result_subsection('Libmagic information', {
+        self.add_result_subsection('Filetype determination', {
             'Magic literal': magicliteral,
-            'MimeType': mimetype
+            'MimeType': mimetype,
+            'Filetype': pyexifinfo.fileType(path)
         })
 
         return self.results