g!dZddlZddlZddlZddlZddlmZddlmZm Z ddl m Z m Z ddl Z ddlmZddlmZmZddlmZmZdd lmZmZdd lmZejeZej ejj!zrd Z"nd Z"ej#$d ej%Z&ej#$ddZ'ej#$ddZ(e)ej#$ddZ*dZ+dZ,dZ-Gdde.Z/Gdde.Z0dZ1d)dZ2e-fde3fdZ4e-fdZ5e-d d!Z6eGd"d#Z7e-fd$ee3d%e e3fd&Z8d'e j9j:d%dfd(Z;dS)*u5 This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see Utilities to help upload a malicious file.N) dataclass)IterableList)quote_from_bytesurljoin)utils)CoreMalware) LicenseCLN LicenseError)IAIDTokenErrorIndependentAgentIDAPI) MalwareTunez/opt/alt/curlssl/usr/bin/curlz/opt/alt/curlssl11/usr/bin/curlI360_MRS_API_BASE_URLI360_MRS_ENDPOINT_UPLOADz api/v1/uploadI360_MRS_ENDPOINT_CHECKzapi/v1/check-known-hashesIMUNIFY360_POST_FILE_TIMEOUTifalse_negativefalse_positiveunknownceZdZdZdS) ClientErrorzcHTTP client error. It is used to hide what specific http client is used by upload_file(). N)__name__ __module__ __qualname____doc__[/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/utils/malware_response.pyrr=srrceZdZdS)FileTooLargeErrorN)rrrrrrr!r!DsDrr!ctj}|d|d|d|d|d|dd}d|D}|S) Nidlimitstatustoken_expire_utctoken_created_utcsign)zI360-Idz I360-Limitz I360-StatuszI360-Token-Expire-UtczI360-Token-Created-Utcz I360-Signc4i|]\}}|t|Sr)str).0keyvalues r z%_token_to_headers..Rs$AAA:3sCJJAAAr)r get_tokenitems)tokenheaderss r_token_to_headersr3Hsm  " "E;GnX!&'9!:"'(;"<6] GBAAAAG Nrc K|i}d|D}ttj|dd}tjt g|zdt |dg|duzzddtj|d d d d |fzd dd|dgz}tj |d{V\}}} |dkrC|dkrtn|dkrtnt} | dj dit|S)a Post *filename* as multipart/form-data to *url* with given HTTP *headers*. Return server response as bytes (http body). Raise TimeoutError on timeout. Raise ConnectionError if failed to connect to host. Raise ClientError on error. Ncng|]2\}}d|d|dfz3S)s-H%s: %sasciizlatin-1)encode)r+headerr-s r z_post_file..bsN FE v}}W--u||I/F/FGGr)safer6s --max-times--formsfile=@"%s";filename="%s"\s\\"s\"s--fails--silents --show-errorrzRFailed to post {filename} to {url}: curl: cmd={cmd}, rc={rc}, out={out}, err={err}r)r0rosfsencoder7_CURLr*replacerrunConnectionError TimeoutErrorrformatvars) filenameurlr2timeout headers_argsquoted_full_pathcmdrcouterrErrors r _post_filerSVs$]]__L( H(=(=BGGGNN U     #g,,--g66 77$;N O P  ' H%%((v&&      JJw    ,3''''''LBS QwwQww ORxx e B  vv     Jrfilec$Ktjstdtj|}|t jkr.td ||t jttt}itd|i}t|||td{V}t!j|}t&d|||S)z Upload a file to Malware Response Service. :param file: path to file :param upload_reason: one of 'unknown', 'false_positive', 'false_negative' :return: dict representing json response :raises LicenseError: zCFile uploading to Malware Responce Serivce requires a valid licensez@File {} is {} bytes, files larger than {} bytes are not allowed.I360-Upload-ReasonrKNz@Uploaded file %r to the Malware Response Service with reason: %s)r is_validr r@pathgetsizeConfigMAX_MRS_UPLOAD_FILEr!rGr _API_BASE_URL_ENDPOINT_UPLOADr3rS_POST_FILE_TIMEOUTjsonloadsdecodeloggerinfo)rT upload_reason file_sizerJr2 response_bodyresults r upload_fileris:     '   %%I6--- %vi!;      -!1 2 2C   mG% c7$6MZ ,,.. / /F KKJ  Mrc Kgd}t|dz}t|dD]\}}t|d|d{V}|sdSt|trt d|dSt d|||||tj|d{Vt|d |d{VdS) zW :raises LicenseError, ClientError, TimeoutError, ConnectionError, )g?g@(d)startF) raise_errorsreNz+File %s is too big. Stop retrying to uploadzKAttempt %d/%d: failed uploading file %s, reason: %s. Retrying in %s secondsT) len enumerate _try_upload isinstancer!rcwarningasynciosleep)rTredelays max_triesipauseerrors rupload_with_retriesrs;- , ,FF aIfA...PP5! uM           EE e. / /  NNH$ O O O EE        mE""""""""""$TOOOOOOOOOOOOrrecK t||d{VdS#ttttf$r}|r||cYd}~Sd}~wwxYw)zReturn error instead of raising it unless *raise_errors* is true. :raises LicenseError: :raises ClientError, TimeoutError, ConnectionError, FileTooLargeError: if raise_errors is True rN)rirrEr!rF)rTrrrees rrurus $m<<<<<<<<<<t     GsA AA A c$eZdZUeed<eed<dS)HitInforThashN)rrrr*__annotations__rrrrrs" III IIIIIrrhashesreturnc ,Kt|}tjr|S tjd{V}n#t $r|cYSwxYwt tt}||dd}d|i} | dttj |tj||dd{V}n4#t"$r'}t$d||cYd}~Sd}~wwxYw|dS)Nzapplication/json)zX-AuthrVz Content-TyperPOST)datar2methodz Failed to check known hashes: %sunknown_hashes)listrNO_CHECK_KNOWN_HASHESrr/r rr]_ENDPOINT_CHECKrun_in_executor _do_requesturllibrequestRequestr`dumpsr7 Exceptionrcrw) looprrer1rJr2rrhrs rcheck_known_hashesrso&\\F( +577777777   - 1 1C+*G  G ++   N " "Z((//11 #            91===  " ##s.; A  A 2A'C D $DD D rc`tj|tj5}|jdkr't d|jtj | cdddS#1swxYwYdS)NrWrozstatus code is {}) rrurlopenr DEFAULT_SOCKET_TIMEOUTr%rrGr`rareadrb)rresponses rrr!s   4   4  ?c ! !/66xGGHH Hz(--//002233 444444444444444444sA*B##B'*B')NN)rs:..,  !!!!!!!!!!!!!!22222222 !!!!!!DDDDDDDDFFFFFFFF.-----  8 $ $  5#6#==. +EE -E 68IJJ :>>"$$C$$$$N3A!P!P!P!PH$$$$3-$$ #Y$$$$$$$$N4/4D444444r