Module: Dorothy::QueueManager
Instance Method Summary collapse
- #add(f, sourceinfo, profile, priority, mail_id = nil) ⇒ Object
-
#push_malw(bin, sourceinfo, profile, priority, mail_id) ⇒ Object
push the binary meta info into the DB.
Instance Method Details
#add(f, sourceinfo, profile, priority, mail_id = nil) ⇒ Object
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/dorothy2/do-utils.rb', line 137 def add(f, sourceinfo, profile, priority, mail_id=nil) bin = Loadmalw.new(f) if bin.size == 0 || bin.sha.empty? LOGGER.warn "BFM", "Warning - Empty file #{bin.filename}, deleting and skipping.." FileUtils.rm bin.binpath return false end begin push_malw(bin, sourceinfo, profile, priority, mail_id) rescue => e LOGGER.error "DB", $! LOGGER.debug "DB", e.backtrace raise e end end |
#push_malw(bin, sourceinfo, profile, priority, mail_id) ⇒ Object
push the binary meta info into the DB
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'lib/dorothy2/do-utils.rb', line 158 def push_malw(bin, sourceinfo, profile, priority, mail_id) db = Insertdb.new db.begin_t unless db.select("samples", "sha256", bin.sha).one? #is bin.sha already present in my db? samplevalues = [bin.sha, bin.size, bin.binpath_repo, bin.filename, bin.md5, bin.type ] if db.insert("samples", samplevalues) #no it isn't, insert it #Move the binary to the bin repo LOGGER.debug "BFM", "Moving file from the source's directory to the Dorothy's repository" FileUtils.mv(bin.binpath,bin.binpath_repo, :force => true) else raise "A DB error occurred" end else #yes it is, don't insert in sample table date = db.select("sightings", "sample", bin.sha).first["date"] LOGGER.warn "BFM", "The binary #{bin.sha} was already added on #{date}" FileUtils.rm bin.binpath end #Add to sighting sigh_id = db.get_sighting_id sighvalues = [bin.sha, db.check_source_db(sourceinfo)["id"], bin.ctime, sigh_id, mail_id] raise "A DB error occurred" unless db.insert("sightings", sighvalues) # explanation: I don't want to insert the same malware twice but I do want to # insert the sighting value anyway ("the malware X has been downloaded 1 time but # has been spoted 32 times") #Add to the queue @id = db.analysis_queue_add(bin.sha, sourceinfo, bin.filename, profile, priority, nil, sigh_id ) db.commit db.close @id end |