Module: Dorothy::QueueManager

Extended by:
QueueManager
Included in:
QueueManager
Defined in:
lib/dorothy2/do-utils.rb

Instance Method Summary collapse

Instance Method Details

#add(f, sourceinfo, profile, priority, mail_id = nil) ⇒ Object 



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
 
# File 'lib/dorothy2/do-utils.rb', line 137

def add(f, sourceinfo, profile, priority, mail_id=nil)

  bin = Loadmalw.new(f)

  if bin.size == 0  || bin.sha.empty?
    LOGGER.warn "BFM", "Warning - Empty file #{bin.filename}, deleting and skipping.."
    FileUtils.rm bin.binpath
    return false
  end

  begin
    push_malw(bin, sourceinfo, profile, priority, mail_id)
  rescue => e
    LOGGER.error "DB", $!
    LOGGER.debug "DB", e.backtrace
    raise e
  end

end

#push_malw(bin, sourceinfo, profile, priority, mail_id) ⇒ Object

push the binary meta info into the DB



158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
 
# File 'lib/dorothy2/do-utils.rb', line 158

def push_malw(bin, sourceinfo, profile, priority, mail_id)

  db = Insertdb.new
  db.begin_t

  unless db.select("samples", "sha256", bin.sha).one?                         #is bin.sha already present in my db?
    samplevalues = [bin.sha, bin.size, bin.binpath_repo, bin.filename, bin.md5, bin.type ]

    if db.insert("samples", samplevalues)                                     #no it isn't, insert it
      #Move the binary to the bin repo
      LOGGER.debug "BFM", "Moving file from the source's directory to the Dorothy's repository"
      FileUtils.mv(bin.binpath,bin.binpath_repo, :force => true)
    else
      raise "A DB error occurred"
    end

  else                                                                                #yes it is, don't insert in sample table
    date = db.select("sightings", "sample", bin.sha).first["date"]
    LOGGER.warn "BFM", "The binary #{bin.sha} was already added on #{date}"
    FileUtils.rm bin.binpath
  end


  #Add to sighting
  sigh_id = db.get_sighting_id
  sighvalues = [bin.sha, db.check_source_db(sourceinfo)["id"], bin.ctime, sigh_id, mail_id]
  raise "A DB error occurred" unless db.insert("sightings", sighvalues)

  # explanation: I don't want to insert the same malware twice but I do want to
  # insert the sighting value anyway ("the malware X has been downloaded 1 time but
  # has been spoted 32 times")

  #Add to the queue
  @id = db.analysis_queue_add(bin.sha, sourceinfo, bin.filename, profile, priority, nil, sigh_id )

  db.commit
  db.close

  @id

end