Class: Tigre::Sample

Inherits:

Object

• Object
• Tigre::Sample

Extended by:

CommonGetters, CommonParams, TagComponents

Defined in:

lib/tigre-client/sample.rb

Class Method Summary

• .add_mime_type(hash) ⇒ Object

  required params hash => Hash :digest => String, The digest type :value => String, The digest value :mime_type_list => String (comma seperated) => I.E ‘foo,bar,baz’ :mime_type_list => Array => [‘foo’, ‘bar’, ‘baz’].

• .add_tags(md5, tags) ⇒ Object

  required md5 => String tags => String => I.E ‘foo’ tags => String (comma seperated) => I.E ‘foo,bar,baz’ tags => Array => [‘foo’, ‘bar’, ‘baz’].

• .calculate_checksums(file) ⇒ Object
• .calculate_file_digest(digest, file) ⇒ Object
• .compress(hash) ⇒ Object

  required params hash => Hash :samples => String (comma seperated) => I.E ‘ce78f201b54e68263f0ddc1b2f8b1b65,d9226e3d5abeef9de15eeabc3c075fb1 :samples => Array => I.E [’ce78f201b54e68263f0ddc1b2f8b1b65’,‘d9226e3d5abeef9de15eeabc3c075fb1’] :callback => The callback URL for when the job is finished optional params hash => Hash :digest => the digest type of the samples.

• .get(params_hash) ⇒ Object

  required params hash => Hash :digest => String, The digest type :value => String, The digest value.

• .get_metadatas(options) ⇒ Object
• .has_mime_type(mime_types, options = {}) ⇒ Object

  required params tags => String => I.E ‘foo’ tags => String (comma seperated) => I.E ‘foo,bar,baz’ tags => Array => [‘foo’, ‘bar’, ‘baz’] optional params options => Hash :after => Ruby DateTime object OR Integer (epoch time) :before => Ruby DateTime object OR Integer (epoch time) :page => Integer, :default => 0 :per => Integer, :default => 50.

• .md5(md5) ⇒ Object

  DEPRECATED => use Tigre::Sample.get(:digest => ‘md5’, :value => ‘your-md5’).

• .no_mime_type(options = {}) ⇒ Object

  optional params options => Hash :after => Ruby DateTime object OR Integer (epoch time) :before => Ruby DateTime object OR Integer (epoch time) :page => Integer, :default => 0 :per => Integer, :default => 50.

• .post(file_location, md5, options = {}) ⇒ Object

  required params md5 => String optional params file_location => String path to the file options => Hash :tags => String => I.E ‘foo’ :tags => String (comma seperated) => I.E ‘foo,bar,baz’ :tags => Array => [‘foo’, ‘bar’, ‘baz’] :dbts => Hash => value, :key2 => value where the key is what the name of the attribute is and the value should be a boolean :mutex_name_list => String (comma seperated) => I.E ‘foo,bar,baz’ :mutex_name_list => Array => [‘foo’, ‘bar’, ‘baz’].

• .remove_mime_type(hash) ⇒ Object

  required params hash => Hash :digest => String, The digest type :value => String, The digest value :mime_type_list => String (comma seperated) => I.E ‘foo,bar,baz’ :mime_type_list => Array => [‘foo’, ‘bar’, ‘baz’].

• .send_file_to_s3(md5, file) ⇒ Object
• .sha1(sha1) ⇒ Object

  DEPRECATED => use Tigre::Sample.get(:digest => ‘sha1’, :value => ‘your-sha1’).

• .sha256(sha256) ⇒ Object

  DEPRECATED => use Tigre::Sample.get(:digest => ‘sha256’, :value => ‘your-sha256’).

• .update(md5, params_hash = {}) ⇒ Object

  required params md5 => String params_hash => Hash.

• .without_mime_type(mime_types, options = {}) ⇒ Object

  required params tags => String => I.E ‘foo’ tags => String (comma seperated) => I.E ‘foo,bar,baz’ tags => Array => [‘foo’, ‘bar’, ‘baz’] optional params options => Hash :after => Ruby DateTime object OR Integer (epoch time) :before => Ruby DateTime object OR Integer (epoch time) :page => Integer, :default => 0 :per => Integer, :default => 50.

Methods included from CommonParams

before_after, before_after_page_per, common_params, get_klass, get_logic_param, package_array_list, page_per

Methods included from CommonGetters

count, exploit_feed, index, latest_analyses, latest_analysis

Methods included from TagComponents

not_tagged, not_tagged_with, remove_tags, tagged_count, tagged_with

Class Method Details

.add_mime_type(hash) ⇒ Object

required params

hash   => Hash
  :digest => String,  The digest type
  :value  => String,  The digest value
  :mime_type_list => String (comma seperated) => I.E 'foo,bar,baz'
  :mime_type_list => Array => ['foo', 'bar', 'baz']

# File 'lib/tigre-client/sample.rb', line 220

def self.add_mime_type(hash)
  unless hash[:digest] && hash[:value] && hash[:mime_type_list]
    raise 'Missing parameter :digest or :value or :mime_type_list'
  end

  update_data = {"mime_types" => package_array_list(hash[:mime_type_list])}
  Tigre.put_connection("/samples/#{hash[:digest]}/value/#{hash[:value]}/add_mime_types", update_data)
end

.add_tags(md5, tags) ⇒ Object

required

md5 => String
tags => String => I.E 'foo'
tags => String (comma seperated) => I.E 'foo,bar,baz'
tags => Array => ['foo', 'bar', 'baz']

# File 'lib/tigre-client/sample.rb', line 154

def self.add_tags(md5, tags)
  if md5 == '' || tags == '' 
    raise ArguementError, "Missing tags parameter"
  end
  
  update_data = {"tag_list" => package_array_list(tags)}
  Tigre.put_connection("/samples/#{md5}/add_tags", update_data)
end

.calculate_checksums(file) ⇒ Object

# File 'lib/tigre-client/sample.rb', line 84

def self.calculate_checksums(file)
  sha1   = Sample.calculate_file_digest(Digest::SHA1.new, file)
  sha256 = Sample.calculate_file_digest(Digest::SHA2.new, file)
  {:sha1 => sha1, :sha256 => sha256}
end

.calculate_file_digest(digest, file) ⇒ Object

# File 'lib/tigre-client/sample.rb', line 90

def self.calculate_file_digest(digest, file)
  File.open(file, "rb") do |f|
    digest.update f.read(8192) until f.eof
  end
  digest.hexdigest
end

.compress(hash) ⇒ Object

required params

hash   => Hash
  :samples  => String (comma seperated) => I.E 'ce78f201b54e68263f0ddc1b2f8b1b65,d9226e3d5abeef9de15eeabc3c075fb1
  :samples  => Array => I.E ['ce78f201b54e68263f0ddc1b2f8b1b65','d9226e3d5abeef9de15eeabc3c075fb1']
  :callback => The callback URL for when the job is finished

optional params

hash => Hash
  :digest   => the digest type of the samples.  Defaults to MD5
  :password => a password for the created compressed file

# File 'lib/tigre-client/sample.rb', line 253

def self.compress(hash)
  unless hash[:samples] && hash[:callback]
    raise 'Missing parameter :samples or :callback'
  end
  hash[:digest]  = hash[:digest] || 'md5'
  hash[:samples] = package_array_list(hash[:samples])
  hash[:type]    = 'compressor'
  Tigre.post_connection('/samples_for_compression', hash)
end

.get(params_hash) ⇒ Object

required params

hash   => Hash
  :digest => String,  The digest type
  :value  => String,  The digest value

# File 'lib/tigre-client/sample.rb', line 109

def self.get(params_hash)
  unless params_hash[:digest] && params_hash[:value]
    raise 'Missing parameter :digest or :value'
  end

  Tigre.get_connection("/samples/#{params_hash[:digest]}/value/#{params_hash[:value]}")
end

.get_metadatas(options) ⇒ Object

# File 'lib/tigre-client/sample.rb', line 51

def self.get_metadatas(options)
  hash = {}
  if options[:dbts]
    hash[:dbts] = options[:dbts]
  end
  
  if options[:mutex_name_list]
    hash[:mutex_name_list] = package_array_list(options[:mutex_name_list])
  end
  hash.empty? ? nil : hash
end

.has_mime_type(mime_types, options = {}) ⇒ Object

required params

tags => String => I.E 'foo'
tags => String (comma seperated) => I.E 'foo,bar,baz'
tags => Array => ['foo', 'bar', 'baz']

optional params

options => Hash
  :after  => Ruby DateTime object OR Integer (epoch time)
  :before => Ruby DateTime object OR Integer (epoch time)
  :page => Integer, :default => 0
  :per => Integer, :default => 50

# File 'lib/tigre-client/sample.rb', line 173

def self.has_mime_type(mime_types, options={})
  if mime_types == ''
    raise "Missing tags parameter"
  end
  
  common_params(options)
  mime_types = package_array_list(mime_types)
  Tigre.get_connection("/samples/has_mime_type?mime_types=#{mime_types}&#{before_after_page_per}")
end

.md5(md5) ⇒ Object

DEPRECATED => use Tigre::Sample.get(:digest => ‘md5’, :value => ‘your-md5’)

required params

md5 => String

# File 'lib/tigre-client/sample.rb', line 122

def self.md5(md5)
  Tigre.logger.warn "** DEPRECATED ** Use Tigre::Sample.get(:digest => 'md5', :value => 'your-md5')" if Tigre.logger
  self.get(:digest => 'md5', :value => md5)
end

.no_mime_type(options = {}) ⇒ Object

optional params

options => Hash
  :after  => Ruby DateTime object OR Integer (epoch time)
  :before => Ruby DateTime object OR Integer (epoch time)
  :page => Integer, :default => 0
  :per => Integer, :default => 50

# File 'lib/tigre-client/sample.rb', line 209

def self.no_mime_type(options={})
  common_params(options)
  Tigre.get_connection("/samples/no_mime_type?#{before_after_page_per}")
end

.post(file_location, md5, options = {}) ⇒ Object

required params

md5 => String

optional params

file_location => String path to the file
options => Hash 
  :tags => String => I.E 'foo'
  :tags => String (comma seperated) => I.E 'foo,bar,baz'
  :tags => Array => ['foo', 'bar', 'baz']
  :dbts => Hash {:key1 => value, :key2 => value} where the key is what the name of the 
           attribute is and the value should be a boolean
  :mutex_name_list => String (comma seperated) => I.E 'foo,bar,baz'
  :mutex_name_list => Array => ['foo', 'bar', 'baz']

# File 'lib/tigre-client/sample.rb', line 22

def self.post(file_location, md5, options={})
  raise "md5 parameter cannot be empty" if md5 == ''
  
  options[:tags] = package_array_list(options[:tags]) if options[:tags]
  
  post_data = {:md5 => md5}
  
  unless file_location == ''
    if Tigre.s3_enabled?
      process_after = true
    else
      post_data[:file] = File.new(file_location)
    end
  end
  
  post_data[:metadatas] = self.get_metadatas(options)
  
  result = Tigre.post_connection('/samples', post_data.merge(options))
  
  case
  when result[1] == 'success_nofile' && process_after
    result = self.send_file_to_s3(md5, file_location)
  when result[1] == 'success' && process_after && options[:force]
    result = self.send_file_to_s3(md5, file_location)
  end
  
  result
end

.remove_mime_type(hash) ⇒ Object

required params

hash   => Hash
  :digest => String,  The digest type
  :value  => String,  The digest value
  :mime_type_list => String (comma seperated) => I.E 'foo,bar,baz'
  :mime_type_list => Array => ['foo', 'bar', 'baz']

# File 'lib/tigre-client/sample.rb', line 235

def self.remove_mime_type(hash)
  unless hash[:digest] && hash[:value] && hash[:mime_type_list]
    raise 'Missing parameter :digest or :value or :mime_type_list'
  end
  
  update_data = {"mime_types" => package_array_list(hash[:mime_type_list])}
  Tigre.put_connection("/samples/#{hash[:digest]}/value/#{hash[:value]}/remove_mime_types", update_data)      
end

.send_file_to_s3(md5, file) ⇒ Object

# File 'lib/tigre-client/sample.rb', line 63

def self.send_file_to_s3(md5, file)
  Tigre.logger.info 'Uploading file directly to S3' if Tigre.logger
  s3        = RightAws::S3.new(Tigre.s3_key, Tigre.s3_secret)
  bucket    = s3.bucket(Tigre.s3_bucket)
  file_name = [md5[0],md5[1],md5[2],md5[3],md5].join('/')
  
  bucket.put(file_name, IO.binread(file))
  
  Tigre.logger.info 'Updating sample with filename / filesize' if Tigre.logger
  f = File.new(file, 'r')
  digest_hash = self.calculate_checksums(f)
  post_data = {:md5    => md5,
               :sample => {:file_original_filename => File.basename(f),
                           :file_size => File.size(f),
                           :sha1      => digest_hash[:sha1],
                           :sha256    => digest_hash[:sha256] 
                          }
              }
  Tigre.post_connection('/samples', post_data)
end

.sha1(sha1) ⇒ Object

DEPRECATED => use Tigre::Sample.get(:digest => ‘sha1’, :value => ‘your-sha1’)

required params

sha1 => String

# File 'lib/tigre-client/sample.rb', line 132

def self.sha1(sha1)
  Tigre.logger.warn "** DEPRECATED ** Use Tigre::Sample.get(:digest => 'sha1', :value => 'your-sha1')" if Tigre.logger
  params_hash = {:digest => 'sha1', :value => sha1}
  self.get(params_hash)
end

.sha256(sha256) ⇒ Object

DEPRECATED => use Tigre::Sample.get(:digest => ‘sha256’, :value => ‘your-sha256’)

required params

sha256 => String

# File 'lib/tigre-client/sample.rb', line 143

def self.sha256(sha256)
  Tigre.logger.warn "** DEPRECATED ** Use Tigre::Sample.get(:digest => 'sha256', :value => 'your-sha256')" if Tigre.logger
  params_hash = {:digest => 'sha256', :value => sha256}
  self.get(params_hash)
end

.update(md5, params_hash = {}) ⇒ Object

required params

md5 => String
params_hash => Hash

# File 'lib/tigre-client/sample.rb', line 100

def self.update(md5, params_hash={})
  update_data = params_hash.map { |k, v| {"sample[#{k.to_s}]" => v.to_s} }
  Tigre.put_connection("/samples/#{md5}", update_data)
end

.without_mime_type(mime_types, options = {}) ⇒ Object

required params

tags => String => I.E 'foo'
tags => String (comma seperated) => I.E 'foo,bar,baz'
tags => Array => ['foo', 'bar', 'baz']

optional params

options => Hash
  :after  => Ruby DateTime object OR Integer (epoch time)
  :before => Ruby DateTime object OR Integer (epoch time)
  :page => Integer, :default => 0
  :per => Integer, :default => 50

# File 'lib/tigre-client/sample.rb', line 193

def self.without_mime_type(mime_types, options={})
  if mime_types == ''
    raise "Missing tags parameter"
  end
  
  common_params(options)
  mime_types = package_array_list(mime_types)
  Tigre.get_connection("/samples/without_mime_type?mime_types=#{mime_types}&#{before_after_page_per}")
end