403Webshell
Server IP : 192.158.238.246  /  Your IP : 3.149.238.207
Web Server : LiteSpeed
System : Linux uniform.iwebfusion.net 4.18.0-553.27.1.lve.1.el8.x86_64 #1 SMP Wed Nov 20 15:58:00 UTC 2024 x86_64
User : jenniferflocom ( 1321)
PHP Version : 8.1.32
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/__pycache__/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/__pycache__/model.cpython-311.pyc
�

��h\����dZddlmZddlZddlZddlZddlZddlmZddl	m
Z
ddlmZddl
m
Z
ddlmZmZmZmZmZdd	lmZmZmZmZmZmZmZmZmZmZmZm Z dd
l!m"Z"ddl#m$Z$ddl%m&Z&m'Z'dd
l(m)Z)m*Z*m+Z+ddl,m-Z-m.Z.m/Z/m0Z0ddl1m2Z2m3Z3m4Z4m5Z5m6Z6ddl7m8Z8Gd�de&��Z9Gd�de&��Z:ed���Gd�d����Z;Gd�de&��Z<Gd�de&��Z=Gd�de&��Z>Gd�d e&��Z?dS)!u

This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
�)�annotationsN)�	dataclass)�
attrgetter)�Path)�time)�Dict�Iterable�List�Set�cast)�BooleanField�Case�	CharField�Check�
Expression�
FloatField�ForeignKeyField�IntegerField�PrimaryKeyField�SQL�	TextField�fn��
model_to_dict)�UserType)�Model�instance)�
FilenameField�
ScanPathField�apply_order_by)�execute_iterable_expression�get_abspath_from_user_dir�get_results_iterable_expression�split_for_chunk)�FAILED_TO_CLEANUP�MalwareHitStatus�MalwareScanResourceType�MalwareScanType�VulnerabilityHitStatus)�get_crontabc�~�eZdZdZGd�d��Zed���Zed���Zed���Z	ede
d�ej
ejejejejejejf����g�	��Zedd
���Zedd���Zedd
���Zedd
���Zede
d�ejjejjf����g�	��Zed���Z edd����Z!e"	dej
ejejfd
d�d���Z#d
S)�MalwareScanz�Represents a batch of files scanned for malware

    Usually a single AI-BOLIT execution.
    See :class:`.MalwareScanType` for possible kinds of scans.
    c� �eZdZejZdZdS)�MalwareScan.Meta�
malware_scansN��__name__�
__module__�__qualname__r�db�database�db_table���J/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/model.py�Metar.Ps�������;��"���r8r:T��primary_keyF��nullz
type in {}�r>�constraintsr�r>�default�N�resource_type in {}c�8�tt����S�N��intrr7r8r9�<lambda>zMalwareScan.<lambda>�s���T�V�V���r8)�types�pathsc�v�|�|j|j|j|j|j|j|j|j�	d��|j
�	�	�|j�|�����|j|k���|j|k��}|r-|�|j�|����}|�
|j|j|j|j���tj������|���|��}|�t'|||��}|�d���t+|�����fS)N�	scan_typeT��clear_limit)�select�total_resources�path�scanid�started�	completed�error�total_malicious�type�alias�
resource_type�where�in_�group_by�order_byr,�desc�limit�offsetr �count�list�dicts)	�cls�since�tor`rar^rJrK�querys	         r9�
ondemand_listzMalwareScan.ondemand_list�sd��"
�J�J��#����
����
��	��#�����{�+�+��!�

�

��U�3�8�<�<��&�&�
'�
'�
�U�3�;�%�'�
(�
(�
�U�3�;�"�$�
%�
%�	�"�	5��K�K�����U� 3� 3�4�4�E�
�N�N��#�S�X�s�z�3�;�
�
��X�k�)�.�.�0�0�
1�
1�
�U�5�\�\�
�V�F�^�^�
	���"�8�S�%�8�8�E��{�{�t�{�,�,�d�5�;�;�=�=�.A�.A�A�Ar8rF)$r1r2r3�__doc__r:rrSrrTrUr�formatr(�	ON_DEMAND�REALTIME�MALWARE_RESPONSE�
BACKGROUND�RESCAN�USER�RESCAN_OUTDATEDrXrQrrRrrVrWr'�DB�value�FILErZ�	initiator�	timestamp�classmethodrir7r8r9r,r,Is��������#�#�#�#�#�#�#�#�
�Y�4�
(�
(�
(�F��l��&�&�&�G���$�'�'�'�I��9�
��E��#�#�'�1�'�0�'�8�'�2�'�.�'�,�'�7��
�
�
�
�
����D�&#�l��q�9�9�9�O��=�d�B�/�/�/�D�

�I�4��.�.�.�E�"�l��q�9�9�9�O��I�
��E�%�,�,�/�2�8�/�4�:����
�
�	
����M��	�t�$�$�$�I���%�1D�1D�E�E�E�I���
/B�
�%��&�� �
�
�/B�/B�/B�/B��[�/B�/B�/Br8r,c	���eZdZdZGd�d��Ze��Zeeddd���Z	e
d���Ze
d���Ze
d���Ze
d���Zedd�	��Ze
d
���Ze
d
���Zed
���Ze
ej���Zed
���Ze
ded�ejjejjf����g�
��Z e
d
���Z!e
d
���Z"e
d
���Z#e
d
���Z$e
d
���Z%e&d���Z'Gd�d��Z(e)										d?d���Z*e)d���Z+e)	d@d���Z,e)dAd���Z-e)dd�d���Z.e)dAd���Z/e)dBd���Z0e)dCd���Z1e)dDd!���Z2e)d"���Z3e)	dEd#���Z4e)dd$�d%���Z5e)dFd(���Z6e)d)���Z7d*�Z8e)dGdHd,���Z9e)dId/���Z:e)d0���Z;e)dDd1���Z<e)dDd2���Z=e)dDd3���Z>e)d4���Z?e)d5���Z@e)d6���ZAeBdJd<���ZCd=�ZDd>�ZEdS)K�
MalwareHitz*Represents a malicious or suspicious file.c� �eZdZejZdZdS)�MalwareHit.Meta�malware_hitsNr0r7r8r9r:r|�s�������;��!���r8r:F�hits�CASCADE�r>�related_name�	on_deleter=rAT�rBrDr?c�T�tt|j��}t|��SrF�r�str�	orig_filer��selfr�s  r9�orig_file_pathzMalwareHit.orig_file_path������d�n�-�-�	��I���r8c�$�eZdZed���ZdS)�MalwareHit.OrderByc	��ttjtjdftjdftjdftjdftjdffd��fS)Nr�����d)	rrz�statusr&�CLEANUP_PENDING�CLEANUP_STARTED�FOUND�CLEANUP_DONE�CLEANUP_REMOVEDr7r8r9r�zMalwareHit.OrderBy.statussb����%�)�9�1�=�)�9�1�=�)�/��3�)�6��:�)�9�1�=���
�
��
r8N)r1r2r3�staticmethodr�r7r8r9�OrderByr��s-������	�
	�
	�
��
	�
	�
	r8r�rNc��|�|t���t��}
|p
t��}d�|��}tj|ktj|kz}||z}|�|t
d|f��|j|zzz}|�|tj|kz}|�|tj	|kz}|
�|tj
|
zz}|}|�"|tj�|��z}|
�
|���|���|��}|	�t!|	t|��}|�|��}d�|D��}||fS)N�%{}%�CAST(orig_file AS TEXT) LIKE ?c�6�g|]}|�����Sr7��as_dict��.0�rows  r9�
<listcomp>z)MalwareHit._hits_list.<locals>.<listcomp>;� ��3�3�3�C�#�+�+�-�-�3�3�3r8)rPr,�joinrrkrTr�userrzrSr��idr\r[r`rar �	_hits_num)re�clausesrfrgr`ra�search�
by_scan_idr�r^�	by_status�ids�kwargsr~�patternrT�full_clauses�max_count_clauses�ordered�	max_count�results                     r9�
_hits_listzMalwareHit._hits_lists{�� �z�z�#�{�+�+�0�0��=�=��
�\�4�6�6���-�-��'�'���&�%�/�K�4G�2�4M�N����(�����C�0�7�*�����7�"�$�
$�L����J�O�t�3�3�L��!��K�.�*�<�<�L�� ��J�-��:�:�L�(���?��J�M�-�-�c�2�2�2�L��*�*�\�*�*�0�0��7�7�>�>�v�F�F����$�X�z�7�C�C�G��M�M�"3�4�4�	�3�3�7�3�3�3���&� � r8c�H�|j|���g|�Ri|��SrF)r��
is_suspicious�re�argsr�s   r9�suspicious_listzMalwareHit.suspicious_list?s0���s�~�c�/�/�1�1�C�D�C�C�C�F�C�C�Cr8c�x�|r&|r$|tj|ktj|kzz}|�||j|kz}|�t	j|j�����t���|��}|�t|t|��}|���SrF)r,rTr�rPr�COUNTr�r�r[r rz�scalar)rer�rfrgr�r^�qs       r9r�zMalwareHit._hits_numCs����	�R�	���+�u�4��#�r�)��
�G����s�x�4�'�'�G��J�J�r�x���'�'�(�(�-�-�k�:�:�@�@��I�I�����x��Q�7�7�A��x�x�z�z�r8c��|�|j�tj��|jz|||��SrF)r�r��not_inr&�CLEANUP�	malicious)rerfrgr�s    r9�
malicious_numzMalwareHit.malicious_numRs?���}�}�
�Z�
�
�/�7�
8�
8�3�=�
H����	
�
�	
r8)�ignore_cleanedc��|j}|r'||j�tj��z}|j|g|�Ri|��SrF)r�r�r�r&r�r�)rer�r�r�r�s     r9�malicious_listzMalwareHit.malicious_list[sR���-���	C��s�z�(�(�)9�)A�B�B�B�G��s�~�g�7��7�7�7��7�7�7r8c�F�d�|D��}d�}t|||||��S)Nc��g|]	}|j��
Sr7�r�r�s  r9r�z)MalwareHit.set_status.<locals>.<listcomp>d���'�'�'�3���'�'�'r8c��d|i}|�||d<|jdi|���|j�|����S)Nr��
cleaned_atr7��updater[r�r\)r�rer�r��fields_to_updates     r9�
expressionz)MalwareHit.set_status.<locals>.expressionf�U���&� ���%�1;� ��.��3�:�1�1� 0�1�1�7�7���
�
�3���H�H�Hr8�r!)rer~r�r�r�s     r9�
set_statuszMalwareHit.set_statusb�F��'�'�$�'�'�'��	I�	I�	I�+���c�6�:�
�
�	
r8�	to_deletercc�F��d�|D��}�fd�}t||��S)Nc��g|]	}|j��
Sr7r�r�s  r9r�z/MalwareHit.delete_instances.<locals>.<listcomp>us��1�1�1��S�V�1�1�1r8c���������j�|����SrF)�deleter[r�r\)r�res �r9r�z/MalwareHit.delete_instances.<locals>.expressionws+����:�:�<�<�%�%�c�f�j�j��o�o�6�6�6r8r�)rer�r�s`  r9�delete_instanceszMalwareHit.delete_instancesssA���1�1�y�1�1�1�	�	7�	7�	7�	7�	7�+�:�y�A�A�Ar8�	to_updatec���|D][}|���D]D\}}|���D]\}}t|||���|����E�\dSrF)�items�setattr�save)rer��data�	_instance�new_fields_data�fieldrts       r9�update_instanceszMalwareHit.update_instances|s����	!�	!�D�.2�j�j�l�l�
!�
!�*�	�?�$3�$9�$9�$;�$;�5�5�L�E�5��I�u�e�4�4�4�4���� � � � �
!�	!�	!r8�returnrc�`�|j�tjg��|jz}|SrF)r�r\r&r�r�)rer�s  r9�is_infectedzMalwareHit.is_infected�s:��
�J�N�N�$�*��
�
�
�m�
�	��r8c��|jSrF)r��res r9r�zMalwareHit.is_suspicious�s���
�~�r8c	�T�����fd�}tt||||d�����S)Nc���|j}|�||j�|��z}nS�r(||j�t
j��z}n)�r'||j�t
j��z}|�5t|t��r|g}||j
�|��z}|����|��SrF)
r�r�r\r�r�r&r��
RESTORABLE�
isinstancer�r�rPr[)�chunk_of_idsrer�r��cleanup�restores    ��r9r�z/MalwareHit.malicious_select.<locals>.expression�s�����m�G��'��3�6�:�:�l�3�3�3����
G��3�:�,�,�-=�-E�F�F�F����
G��3�:�>�>�*:�*E�F�F�F�����d�C�(�(�"� �6�D��3�8�<�<��-�-�-���:�:�<�<�%�%�g�.�.�.r8T)�exec_expr_with_empty_iter�rcr#)rer�r�r�r�r�r�s   ``  r9�malicious_selectzMalwareHit.malicious_select�sS����	/�	/�	/�	/�	/�	/��+��C��d�d�
�
�
�
�
�	
r8��statusesc�2�����fd�}t||��S)Nc�����j�|��}�r|�j����z}�����|��SrF�r�r\r�rPr[��filesr�rer�s  ��r9r�z'MalwareHit.get_hits.<locals>.expression��T����m�'�'��.�.�G��
4��3�:�>�>�(�3�3�3���:�:�<�<�%�%�g�.�.�.r8�r#�rer�r�r�s` ` r9�get_hitszMalwareHit.get_hits��4����	/�	/�	/�	/�	/�	/�/�z�5�A�A�Ar8�	hits_inforc�x��d�|D��}d�|D��}d�|D���tt����tj�|�����tj�|������}�fd�|D��}|S)Nc��g|]	}|j��
Sr7�rR�r��entrys  r9r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s��3�3�3����3�3�3r8c��g|]	}|j��
Sr7��app_namers  r9r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s��6�6�6�5���6�6�6r8c�*�g|]}|j|jf��Sr7�rRr
rs  r9r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s!��J�J�J�u�u�z�5�>�2�J�J�Jr8c�4��g|]}|j|jf�v�|��Sr7�r�r
)r��hit�
paths_appss  �r9r�z*MalwareHit.get_db_hits.<locals>.<listcomp>�s3���
�
�
��C�M�3�<�#@�J�#N�#N�C�#N�#N�#Nr8)rcrzrPr[r�r\r
)rerrK�appsr~rs     @r9�get_db_hitszMalwareHit.get_db_hits�s����3�3��3�3�3��6�6�I�6�6�6��J�J�	�J�J�J�
�������
�U�:�'�+�+�E�2�2�
3�
3�
�U�:�&�*�*�4�0�0�
1�
1�
�
��

�
�
�
��
�
�
���r8c�.���fd�}t||��S)Nc���������j�|����SrF�r�r[r�r\�r�res �r9r�z*MalwareHit.delete_hits.<locals>.expression��/����:�:�<�<�%�%�c�m�&7�&7��&>�&>�?�?�?r8r��rer�r�s`  r9�delete_hitszMalwareHit.delete_hits��3���	@�	@�	@�	@�	@�+�:�u�=�=�=r8c�j�t|���|�����SrF)rX�get�_pk_expr�r�s r9�refreshzMalwareHit.refresh�s"���D�z�z�~�~�d�m�m�o�o�.�.�.r8�Iterable[MalwareHit]c�L�����fd�}tt||����S)Nc�������}�r3���t���t��}|��j�d�|D������S)Nc��g|]	}|j��
Sr7r��r�rs  r9r�z?MalwareHit.refresh_hits.<locals>.expression.<locals>.<listcomp>�s��*B�*B�*B�c�3�6�*B�*B�*Br8)rPr,r�r[r�r\)r~rhre�include_scan_infos  ��r9r�z+MalwareHit.refresh_hits.<locals>.expression�si����J�J�L�L�E� �
G��
�
�3��4�4�9�9�+�F�F���;�;�s�v�z�z�*B�*B�T�*B�*B�*B�C�C�D�D�Dr8r�)rer~r%r�s` ` r9�refresh_hitszMalwareHit.refresh_hits�sC����	E�	E�	E�	E�	E�	E��3�J��E�E�F�F�Fr8rwrHc���|����|j|k|j�t
j��z|j�d��z��S)NF)rPr[r�r�r\r&�CLEANED�is_null)rerws  r9�
cleaned_sincezMalwareHit.cleaned_since�s^���z�z�|�|�!�!�
�^�y�
(��z�~�~�.�6�7�7�
9��~�%�%�e�,�,�
.�
�
�	
r8c��|����|jtjjk��SrF)rPr[rZr'rsrtr�s r9�db_hitszMalwareHit.db_hits�s4���z�z�|�|�!�!���!8�!;�!A�A�
�
�	
r8c�v�|����|jtjk��S)z,Return db hits that are in queue for cleanup)r,r[r�r&r�r�s r9�db_hits_pending_cleanupz"MalwareHit.db_hits_pending_cleanup��2���{�{�}�}�"�"��J�*�:�:�
�
�	
r8c�v�|����|jtjk��S)z3Return db hits for which the cleanup is in progress)r,r[r�r&r�r�s r9�db_hits_under_cleanupz MalwareHit.db_hits_under_cleanup�r/r8c�v�|����|jtjk��S)z3Return db hits for which the restore is in progress�r,r[r�r&�CLEANUP_RESTORE_STARTEDr�s r9�db_hits_under_restorationz$MalwareHit.db_hits_under_restoration�s2���{�{�}�}�"�"��J�*�B�B�
�
�	
r8c�<��d�|D��}d�|D��}d�|D���|����|j�|�����|j�|����}�fd�|D��S)z�
        Return db hits for which the cleanup is in progress
        specified by the provided set of MalwareDatabaseHitInfo
        c��h|]	}|j��
Sr7r�r��hit_infos  r9�	<setcomp>z6MalwareHit.db_hits_under_cleanup_in.<locals>.<setcomp>s��?�?�?�h�H�M�?�?�?r8c��h|]	}|j��
Sr7r	r8s  r9r:z6MalwareHit.db_hits_under_cleanup_in.<locals>.<setcomp>s��G�G�G�h��)�G�G�Gr8c�*�h|]}|j|jf��Sr7rr8s  r9r:z6MalwareHit.db_hits_under_cleanup_in.<locals>.<setcomp>s/��
�
�
�3;�X�]�H�-�.�
�
�
r8c�4��g|]}|j|jf�v�|��Sr7r)r�r�path_app_name_sets  �r9r�z7MalwareHit.db_hits_under_cleanup_in.<locals>.<listcomp>s8���
�
�
���
�s�|�,�0A�A�A�
�A�A�Ar8)r1r[r�r\r
)re�hit_info_set�path_set�app_name_setrhr>s     @r9�db_hits_under_cleanup_inz#MalwareHit.db_hits_under_cleanup_in�s����@�?�,�?�?�?��G�G�,�G�G�G��
�
�?K�
�
�
��
�%�%�'�'�
�U�3�=�$�$�X�.�.�
/�
/�
�U�3�<�#�#�L�1�1�
2�
2�	�

�
�
�
��
�
�
�	
r8c�v�|����|jtjk��SrF)r,r[r�r&�CLEANUP_RESTORE_PENDINGr�s r9�db_hits_pending_cleanup_restorez*MalwareHit.db_hits_pending_cleanup_restore�0���{�{�}�}�"�"��J�*�B�B�
�
�	
r8c�v�|����|jtjk��SrFr3r�s r9�db_hits_under_cleanup_restorez(MalwareHit.db_hits_under_cleanup_restorerFr8�
hit_list_list�List['MalwareHit']�	attributer��Dict[str, List['MalwareHit']]c���td�tj�|��D��t	|�����}d�tj|t	|�����D��S)Nc3�K�|]}|V��dSrFr7r$s  r9�	<genexpr>z0MalwareHit.group_by_attribute.<locals>.<genexpr>%�"����I�I�S�S�I�I�I�I�I�Ir8��keyc�4�i|]\}}|t|����Sr7�rc�r��
attr_valuer~s   r9�
<dictcomp>z1MalwareHit.group_by_attribute.<locals>.<dictcomp>(�4��
�
�
� �
�D�
��T�
�
�
�
�
r8��sorted�	itertools�chain�
from_iterabler�groupby�rKrI�hit_lists   r9�group_by_attributezMalwareHit.group_by_attribute ����I�I�I�O�9�9�-�H�H�I�I�I��9�%�%�
�
�
��
�
�$-�$5���y�)�)�%�%�%�
�
�
�	
r8c��id|j�d|j�d|j�d|jj�d|j�d|jj�d|j�d|j�d	|j�d
|j	�d|j
�d|j�d
|j�di�d|j
�d|j�d|j�|j|j|jt$jjk�rQt+t,�t,jt,jt,j���t,j|jkt,j|jkt,j|jkt,j
|j
kt,j|jkt,j|jkt,j|jkt,j�d��t,j�d��t,j�d���
�
�����ngd��S)Nr��username�file�created�scan_idrMrZrX�hash�sizer�r�r��
extra_data�db_namer
�db_hostF)�db_port�snippet�table_fields) r�r�r�rSrT�	scanid_idrXrZrhrir�r�r�rkr
rlrmrnr'rsrtrc�MalwareHistoryrP�
table_name�table_field�
table_row_infr[rRrgr)rdrs r9r�zMalwareHit.as_dict0s ��,
��$�'�,
���	�,
�
�D�N�,
�
�t�{�*�	,
�

�t�~�,
�
���)�
,
�
�T�/�,
�
�D�I�,
�
�D�I�,
�
�D�I�,
�
���,
�
�d�k�,
�
�$�/�,
�
�"�,
�
�t�|�,
� 
��
�!,
�"
�t�|�#,
�$�|��|�,�%�)@�)C�)I�I�I�)�"�)�)�&�1�&�2�&�4���
�U�&�/�4�=�@�&�.�$�,�>�&�.�$�,�>�&�.�$�,�>�&�+�t�~�=�&�4��8J�J�&�.�$�+�=�&�1�9�9�%�@�@�&�2�:�:�5�A�A�&�4�<�<�U�C�C����U�W�W�%���*�U,
�,
�,
�,	
r8c�|�|jr|jj�d|j�d|j�d�S|jj�d|j�d�S)Nz(orig_file=z, app_name=�))r
�	__class__r1r�rs r9�__repr__zMalwareHit.__repr___sT���=�	���'�'�'������
�
�
��
�
&*�^�%<�%<�%<�d�n�n�n�M�Mr8�
rNNNNNNNNN)NNNNNrF)r�rc)r�rc)r�r)NNFF)rr)F)r~r )rwrH)rIrJrKr�r�rL)Fr1r2r3rjr:rr�rr,rSr�ownerr�rr�rXr
r�rhrirrwr&r�r�r�rrkr'rsrtrurZr
rlrmrkrn�propertyr�r�rxr�r�r�r�r�r�r�r�r�r�r�rrrrr&r*r,r.r1r5rBrErHr�rar�rxr7r8r9rzrz�s�������4�4�"�"�"�"�"�"�"�"�

��	�	�B�
�_��%�f�	����F�
�I�5�!�!�!�E��9�%� � � �D��
�5�)�)�)�I��9�%� � � �D���%��7�7�7�I��9�$����D��9�$����D��
��%�%�%�I��Y�/�5�
6�
6�
6�F����&�&�&�J��I�
��E�%�,�,�/�2�8�/�4�:����
�
�	
����M��y�d�#�#�#�H��i�T�"�"�"�G��i�T�"�"�"�G��i�T�"�"�"�G��i�T�"�"�"�G�
����X����������"�������
����,!�,!�,!��[�,!�\�D�D��[�D��DH�����[���
�
�
��[�
��27�8�8�8�8��[�8��
�
�
��[�
� �B�B�B��[�B��!�!�!��[�!��	�	�	��[�	�����[���9>�
�
�
��[�
�.�)-�B�B�B�B��[�B������[���>�>��[�>�/�/�/��G�G�G�G��[�G��
�
�
��[�
��
�
��[�
�
�
�
�
��[�
��
�
�
��[�
��
�
�
��[�
��
�
��[�
�.�
�
��[�
�
�
�
��[�
�
�

�

�

��\�

�-
�-
�-
�^N�N�N�N�Nr8rzT)�frozenc��eZdZUdZded<ded<ded<ded<ded<d	ed
<ded<ded<d	ed
<ded<ed���Zed���ZdS)�MalwareHitAlternatezA
    Used as a replacement for MalwareHit for file hits only
    r�rSr��Noner
rzr�rHrirhrXrw�boolr�c
���|||d|d|d|d|d|ddd|ddd|ddd	�
�
�
S)Nrzr�rirhr~r�matchesrw�
suspicious)
rSr�r
rzr�rirhrXrwr�r7)rerS�filenamer�s    r9�createzMalwareHitAlternate.create{ss���s�����w�-��f���f���f���f��a���+��6�l�1�o�k�2��v�,�q�/�,�7�7�
�
�
�	
r8c�N�ttj|j����SrF)r�os�fsdecoder�rs r9r�z"MalwareHitAlternate.orig_file_path�s���B�K���/�/�0�0�0r8N)	r1r2r3rj�__annotations__rxr�r{r�r7r8r9r~r~is�����������K�K�K��N�N�N��N�N�N��J�J�J�
�I�I�I�
�I�I�I�
�I�I�I�
�I�I�I��N�N�N��O�O�O��
�
��[�
��1�1��X�1�1�1r8r~c�J��eZdZdZGd�d��ZdZe��Ze��Z	ede
d��g���Zedd��	��Z
ed
���Ze�fd���Ze�fd���Ze								ddd���Zedd���Zed���Z�xZS)�MalwareIgnorePathz+A path that must be excluded from all scansc�$�eZdZejZdZdZdS)�MalwareIgnorePath.Meta�malware_ignore_path)))rRrZTN)r1r2r3rr4r5r6�indexesr7r8r9r:r��s�������;��(��6���r8r:NFzresource_type in ('file','db')r?c�8�tt����SrFrGr7r8r9rIzMalwareIgnorePath.<lambda>�s��#�d�f�f�+�+�r8rAc��t|����|j�������}||_dSrF)rcrPr^rRrd�CACHE)rer�s  r9�
_update_cachezMalwareIgnorePath._update_cache�s>���S�Z�Z�\�\�*�*�3�8�4�4�:�:�<�<�=�=����	�	�	r8c�R��d|_tt|��jdi|��S)Nr7)r��superr�r�)rer�rws  �r9r�zMalwareIgnorePath.create�s.�����	�3�u�&��,�,�3�=�=�f�=�=�=r8c�`��d|_tt|�����SrF)r�r�r�r�)rerws �r9r�zMalwareIgnorePath.delete�s'�����	��&��,�,�3�3�5�5�5r8rZr�c		�\�|����|j��}	|�|	�|j|k��}	|�|	�|j|k��}	|�-|	�|j�|����}	|�|	�|j|k��}	|�|	�|��}	|�|	�|��}	|�t|||	��}	|��t|��}
|	�|j�t|
��dz��|jt|
��kz|jtt|����kz��}	|	�d���}|d�|	D��fS)N�/TrNc�,�g|]}t|����Sr7rr�s  r9r�z:MalwareIgnorePath.paths_count_and_list.<locals>.<listcomp>�s ��-�-�-�C�]�3�
�
�-�-�-r8)rPr^rRr[�
added_date�containsrZrar`r r"�
startswithr�r*rb)rer`rar�rZr�rfrgr^r��	user_homer�s            r9�paths_count_and_listz&MalwareIgnorePath.paths_count_and_list�s���
�J�J�L�L�!�!�#�(�+�+���������%�/�0�0�A�
�>������"�,�-�-�A��������)�)�&�1�1�2�2�A��$�����)�]�:�;�;�A������� � �A���������A����x��a�0�0�A���1�$�7�7�I������$�$�S��^�^�c�%9�:�:��8�s�9�~�~�-�/��8�s�;�t�#4�#4�5�5�5�7���A��G�G��G�-�-�	��-�-�1�-�-�-�
�	
r8r��	List[str]c�:�|j|i|��\}}d�|D��S)Nc��g|]
}|d��Srr7r�s  r9r�z/MalwareIgnorePath.path_list.<locals>.<listcomp>�s��1�1�1���F��1�1�1r8)r�)rer�r��_�	path_lists     r9r�zMalwareIgnorePath.path_list�s1��/�s�/��@��@�@���9�1�1�y�1�1�1�1r8c���K�|j�|���t|��}|jD]C}tjd���d{V��t|d��}||ks	||jvrdS�DdS)z�Checks whether path stored in MalwareIgnorePath cache or
        if it's belongs to path from cache or if it matches patters from cache

        :param str check_path: path to check
        :return: bool: is ignored according MalwareIgnorePath
        NrrRTF)r�r�r�asyncio�sleep�parents)re�
check_pathrR�p�ignored_paths     r9�is_path_ignoredz!MalwareIgnorePath.is_path_ignored�s������9���������J������	�	�A��-��"�"�"�"�"�"�"�"�"���&�	�?�?�L���$�$�,�$�,�*F�*F��t�t�+G��ur8)NNNNNNNN)rZr�)r�r�)r1r2r3rjr:r�rr�rrRrrZrr�rxr�r�r�r�r�r��
__classcell__)rws@r9r�r��s��������5�5�7�7�7�7�7�7�7�7�

�E�	��	�	�B��9�;�;�D��I�
���'G�!H�!H� I����M���5�2E�2E�F�F�F�J�����[���>�>�>�>��[�>��6�6�6�6��[�6�����!�
����&
�&
�&
�&
��[�&
�P�2�2�2��[�2�����[�����r8r�c	��eZdZdZGd�d��Zed���Zed���Zede	d�
ejj
ejj
f����gejj
���Zed���Zed���Zed���Zed���Zed���Zedd	��
��Zed���Zed���Zed���Zed���Zed���Zed���Zed���Ze	dd���Zed
���Z edd���Z!edd���Z"dS)rqz:Records every event related to :class:`MalwareHit` recordsc� �eZdZejZdZdS)�MalwareHistory.Meta�malware_historyNr0r7r8r9r:r��s�������;��$���r8r:Fr=TrD)r>r@rBc�8�tt����SrFrGr7r8r9rIzMalwareHistory.<lambda>s��S����[�[�r8rANc���|j|k|j|kz}|r/||j�|��td|f��zz}|r||j|kz}|����|���|���|���	��}	|�t|t|	��}	t|	��}
|	�
d���|
fS)Nz(INSTR(path, ?))TrN)�ctime�eventr�r�	file_userrPr[r`rardr rqrcrb)rerfrgr`rar�r�r^r�rh�list_results           r9�get_historyzMalwareHistory.get_history&s����9��%�#�)�r�/�:���	���	�*�*�6�2�2��&��	�2�2��
�G��	-��s�}��,�,�G��
�
���"�"�7�+�+�1�1�%�8�8�?�?��G�G�M�M�O�O����"�8�^�U�C�C�E��5�k�k���{�{�t�{�,�,�k�9�9r8c	��|jd|�dd��ptj|�dd��ptj|�dd��ptjjd�|���	��dS)Nrv�causerZ)rvr�rZr7)
�insert�popr�ROOTr(�MANUALr'rurt�execute)rer�s  r9�
save_eventzMalwareHistory.save_event:s�����
�	
��j�j��d�3�3�D�x�}��*�*�W�d�+�+�E��/E� �*�*�_�d�;�;�2�&�+�1�		
�	
�
�	
�	
��'�)�)�)�)�)r8r~�
List[dict]c� �tj���5t|dt	|jj��z���D])}|�|������*	ddd��dS#1swxYwYdS)Ni�)�
chunk_size)	rr4�atomicr$�len�_meta�columns�insert_manyr�)rer~�
hits_chunks   r9�save_eventszMalwareHistory.save_eventsDs���
�[�
�
�
!�
!�	6�	6�
.����C�I�,=�(>�(>�!>����
6�
6�
����
�+�+�3�3�5�5�5�5�
6�	6�	6�	6�	6�	6�	6�	6�	6�	6�	6�	6�	6����	6�	6�	6�	6�	6�	6s�AB�B�
BrKrcrfrHc�>�|�|jtj�����|j�|��|jtkz|j|kz���	|j���
��SrF)rPrRrr�r[r\r�r%r�r]�tuples)rerKrfs   r9�get_failed_cleanup_events_countz.MalwareHistory.get_failed_cleanup_events_countPs{��
�J�J�s�x�����,�,�
�U�����U�#�#��9� 1�1�3��9��%�'���
�X�c�h�
�
�
�V�X�X�		
r8)NNN)r~r�)rKrcrfrH)#r1r2r3rjr:rrRrr
rrkr'rsrtrurZr�r�rv�
file_ownerr�rr�rlrmrkrrrsrtrgrxr�r�r�r�r7r8r9rqrq�s:������D�D�%�%�%�%�%�%�%�%�
�=�e�$�$�$�D��y�d�#�#�#�H��I�
��E�%�,�,�/�2�8�/�4�:����
�
�	
�(�,�2�
�
�
�M�
�I�5�!�!�!�E�
�I�5�!�!�!�E��	�u�%�%�%�I����&�&�&�J��	�u�%�%�%�I��L�e�-@�-@�A�A�A�E��i�T�"�"�"�G��i�T�"�"�"�G��i�T�"�"�"�G����%�%�%�J��)��&�&�&�K� �L�d�+�+�+�M��i�T�"�"�"�G��HL�:�:�:��[�:�&����[���	6�	6�	6��[�	6��

�

�

��[�

�

�

r8rqc�0�eZdZdZGd�d��Ze��Zeeddd���Z	e
d���Ze
d���Ze
d���Ze
d���Ze
d	���Ze
d	���Zed	���Ze
ej�
��Zed	���Zed���Zed!d���Zed"d���Zedd�d���Zed���Ze										d#d���Zed���Z e!d$d���Z"ed%d���Z#d �Z$dS)&�VulnerabilityHitzRepresents a vulnerable file.c� �eZdZejZdZdS)�VulnerabilityHit.Meta�vulnerability_hitsNr0r7r8r9r:r�as�������;��'���r8r:F�vulnerabilitiesrr�r=Tr�c�T�tt|j��}t|��SrFr�r�s  r9r�zVulnerabilityHit.orig_file_path�r�r8�	signaturer�r�r�c�,�|�d��S)Nz
VULN-ESUS-)r�)rer�s  r9�matchzVulnerabilityHit.match�s���#�#�L�1�1�1r8rcc��tjd|��x}r-|���d�d��SgS)NzVULN-ESUS-([\d,]+)r�,)�rer��groups�split)rer�r�s   r9�get_vulnerability_idsz&VulnerabilityHit.get_vulnerability_ids�sB���I�3�Y�?�?�?�5�	0��<�<�>�>�!�$�*�*�3�/�/�/��	r8Nr�c�2�����fd�}t||��S)Nc�����j�|��}�r|�j����z}�����|��SrFr�r�s  ��r9r�z-VulnerabilityHit.get_hits.<locals>.expression�r�r8r�r�s` ` r9rzVulnerabilityHit.get_hits�rr8c�.���fd�}t||��S)Nc���������j�|����SrFrrs �r9r�z0VulnerabilityHit.delete_hits.<locals>.expression�rr8r�rs`  r9rzVulnerabilityHit.delete_hits�rr8rc�d�|�|t���t��}|p
t��}d�|��}
tj|ktj|kz}|�|t
d|
f��|j|
zzz}|�||j|kz}|�||j|kz}|	�
||j	|	zz}|}|
�||j
�|
��z}|�|���
|���|��}|�t|||��}|�t!j|j
�����t���|�����}d�|D��}||fS)Nr�r�c�6�g|]}|�����Sr7r�r�s  r9r�z/VulnerabilityHit._hits_list.<locals>.<listcomp>�r�r8)rPr,r�rrkrTrr�rSr�r�r\r[r`rar rr�r�)rerfrgr`rar�r�r�r^r�r�r�r~r�r�r�r�r�r�s                   r9r�zVulnerabilityHit._hits_list�s����z�z�#�{�+�+�0�0��=�=��
�\�4�6�6���-�-��'�'��#�+�u�4���2�%�
�����C�0�7�*�����7�"�$�
$�L����C�H��,�,�L��!��C�J�*�4�4�L�� ��C�J�)�3�3�L�(���?��C�F�J�J�s�O�O�+�L��*�*�\�*�*�0�0��7�7�>�>�v�F�F����$�X�s�G�<�<�G�
�J�J�r�x���'�'�(�(�
�T�+�
�
�
�U�$�
%�
%�
�V�X�X�		�4�3�7�3�3�3���&� � r8c��|j|i|��SrF)r�r�s   r9rczVulnerabilityHit.list�s���s�~�t�.�v�.�.�.r8rI�List['VulnerabilityHit']rK�#Dict[str, List['VulnerabilityHit']]c���td�tj�|��D��t	|�����}d�tj|t	|�����D��S)Nc3�K�|]}|V��dSrFr7r$s  r9rOz6VulnerabilityHit.group_by_attribute.<locals>.<genexpr>�rPr8rQc�4�i|]\}}|t|����Sr7rTrUs   r9rWz7VulnerabilityHit.group_by_attribute.<locals>.<dictcomp>�rXr8rYr_s   r9raz#VulnerabilityHit.group_by_attribute�rbr8c�F�d�|D��}d�}t|||||��S)Nc��g|]	}|j��
Sr7r�r�s  r9r�z/VulnerabilityHit.set_status.<locals>.<listcomp>�r�r8c��d|i}|�||d<|jdi|���|j�|����S)Nr��
patched_atr7r�)r�rer�r�r�s     r9r�z/VulnerabilityHit.set_status.<locals>.expression�r�r8r�)rer~r�r�r�s     r9r�zVulnerabilityHit.set_status�r�r8c��|j|j|j|jj|j|jj|j|j|j|j	|j
d�S)N)r�rd�	file_pathrfrgrMrXrhrir�r�)r�r�r�rSrTrprXrhrir�r�rs r9r�zVulnerabilityHit.as_dict�sN���'��	����{�*��~���)��I��I��I��k��/�
�
�	
r8)r�r�r�r�)r�r�r�rcry)rIr�rKr�r�r�rF)%r1r2r3rjr:rr�rr,rSrrzr�rr�rXrhrirrwr)�
VULNERABLEr�r�r{r�rxr�r�rrr�rcr�rar�r�r7r8r9r�r�^si������'�'�(�(�(�(�(�(�(�(�

��	�	�B�
�_��
�&��	���F�
�I�5�!�!�!�E��9�%� � � �D��
�5�)�)�)�I��9�%� � � �D��9�$����D��9�$����D��
��%�%�%�I��Y�5�@�
A�
A�
A�F����&�&�&�J�
����X���2�2�2��[�2������[��
�)-�B�B�B�B��[�B��>�>��[�>��������
����1!�1!�1!��[�1!�f�/�/��[�/��

�

�

��\�

��
�
�
��[�
� 

�

�

�

�

r8r�c�D�eZdZdZGd�d��Zed���ZdS)�ImunifyPatchSubscriptionz(Stores Imunify Patch user subscriptions.c� �eZdZejZdZdS)�ImunifyPatchSubscription.Meta�imunify_patch_subscriptionsN)r1r2r3rr4r5rrr7r8r9r:r�s�������;��2�
�
�
r8r:Tr;N)r1r2r3rjr:r�user_idr7r8r9r�r�sP������2�2�3�3�3�3�3�3�3�3��i�D�)�)�)�G�G�Gr8r�)@rj�
__future__rr�r[r�r��dataclassesr�operatorr�pathlibrr�typingrr	r
rr�peeweer
rrrrrrrrrrr�playhouse.shortcutsr� defence360agent.contracts.configr�defence360agent.modelrr�$defence360agent.model.simplificationrrr �defence360agent.utilsr!r"r#r$�imav.malwarelib.configr%r&r'r(r)�imav.malwarelib.scan.crontabr*r,rzr~r�rqr�r�r7r8r9�<module>rs�����*#�"�"�"�"�"���������	�	�	�	�	�	�	�	�!�!�!�!�!�!�������������������2�2�2�2�2�2�2�2�2�2�2�2�2�2�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�.�-�-�-�-�-�5�5�5�5�5�5�1�1�1�1�1�1�1�1�����������
��������������������������5�4�4�4�4�4�rB�rB�rB�rB�rB�%�rB�rB�rB�jhN�hN�hN�hN�hN��hN�hN�hN�V
��$����"1�"1�"1�"1�"1�"1�"1���"1�J`�`�`�`�`��`�`�`�Fi
�i
�i
�i
�i
�U�i
�i
�i
�Xj
�j
�j
�j
�j
�u�j
�j
�j
�Z*�*�*�*�*�u�*�*�*�*�*r8

Youez - 2016 - github.com/yon3zu
LinuXploit