Mini Shell

Direktori : /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/rpc/endpoints/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/rpc/endpoints/base.py

"""
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
"""
import asyncio
import functools
import logging
import os
import warnings
from collections import namedtuple
from functools import partial
from typing import List, Sequence

from defence360agent.contracts.config import Malware, UserType
from defence360agent.contracts.license import LicenseError
from defence360agent.contracts.messages import MessageType
from defence360agent.contracts.permissions import (
    MS_IGNORE_LIST_EDIT,
    check_permission,
)
from defence360agent.feature_management.constants import AV, AV_REPORT, FULL
from defence360agent.feature_management.lookup import feature
from defence360agent.model.instance import db
from defence360agent.model.simplification import run_in_executor
from defence360agent.rpc_tools.lookup import (
    CommonEndpoints,
    RootEndpoints,
    bind,
)
from defence360agent.rpc_tools.utils import run_in_executor_decorator
from defence360agent.rpc_tools.validate import ValidationError
from defence360agent.utils import (
    Scope,
    does_path_belong_to_user,
    get_path_owner,
    get_results_iterable_expression,
    safe_fileops,
)
from imav.malwarelib.config import (
    MalwareHitStatus,
    MalwareScanResourceType,
    MalwareScanType,
)
from imav.malwarelib.model import (
    MalwareHistory,
    MalwareHit,
    MalwareIgnorePath,
)
from imav.malwarelib.rpc.endpoints.ondemand import split_args
from imav.malwarelib.scan.crontab import get_crontab
from imav.malwarelib.scan.queue_supervisor_sync import (
    QueueSupervisorSync as ScanQueue,
)
from imav.malwarelib.subsys.malware import MalwareAction
from imav.malwarelib.utils import user_list
from imav.malwarelib.utils.endpoints import MaliciousEndpointStatus
from imav.malwarelib.utils.submit import (
    FALSE_NEGATIVE,
    FALSE_POSITIVE,
    submit_malware,
)

logger = logging.getLogger(__name__)

IgnoreParameters = namedtuple(
    "IgnoreParameters",
    ["path", "app_name", "db_host", "db_port", "db_name"],
    defaults=(None, None, None, None, None),
)


class SubmitEndpoints(RootEndpoints):
    SCOPE = Scope.AV

    _SEND_FILES_DISABLED_BANNER = """\
Warning: This server’s security can be enhanced \
by enabling the MALWARE_SCANNING.sends_file_for_analysis option. \
This may minimize the number of undetected malware, \
making your system more resistant to new threats.

The command below can be used to enable the option:
imunify-antivirus config update \
'{"MALWARE_SCANNING": {"sends_file_for_analysis": true}}'
- or -
imunify360-agent config update \
'{"MALWARE_SCANNING": {"sends_file_for_analysis": true}}'
"""

    @bind("submit", "false-positive")
    async def submit_fp(self, filename, reason, scanner=None):
        # WARNING: scanner parameter is deprecated
        try:
            await submit_malware(filename, FALSE_POSITIVE, reason=reason)
        except LicenseError as e:
            raise ValidationError(e)
        except FileNotFoundError:
            raise ValidationError("File {} doesn't exist.".format(filename))

    @bind("submit", "false-negative")
    async def submit_fn(self, filename):
        try:
            await submit_malware(filename, FALSE_NEGATIVE)
        except LicenseError as e:
            raise ValidationError(e)
        except FileNotFoundError:
            raise ValidationError("File {} doesn't exist.".format(filename))
        else:
            if not Malware.SEND_FILES:
                return warnings.warn(self._SEND_FILES_DISABLED_BANNER)


class MaliciousEndpoints(CommonEndpoints):
    SCOPE = Scope.AV

    def __init__(self, sink):
        super().__init__(sink)
        self.queue = ScanQueue(sink=sink)

    @feature(AV, [FULL, AV_REPORT])
    @bind("malware", "malicious", "list")
    @run_in_executor_decorator
    def malicious_list(self, user=None, **kwargs):
        return MalwareHit.malicious_list(user=user, **kwargs)

    @classmethod
    @feature(AV, [FULL, AV_REPORT])
    @bind("malware", "read")
    async def read_file(cls, path, offset, limit, user=None, **_):
        mode = "rb"
        if not os.path.exists(path):
            raise FileNotFoundError("notifications.fileNotFound")

        if user:
            open_fun = functools.partial(
                safe_fileops.safe_open_file,
                path,
                mode,
                user,
                respect_homedir=False,
            )
        else:
            open_fun = functools.partial(open, path, mode)
        try:
            with open_fun() as f:
                f.seek(offset)
                chunk = f.read(limit)
                eof = False if chunk else True
                text = chunk.decode("utf-8", errors="ignore")

                return {
                    "data": {
                        "chunk": text,
                        "eof": eof,
                        "limit": limit,
                        "offset": offset,
                        "size": os.fstat(f.fileno()).st_size,
                    },
                }
        except asyncio.CancelledError:
            raise
        except Exception as e:
            raise PermissionError("notifications.permissionError") from e

    @staticmethod
    @feature(AV, [FULL, AV_REPORT])
    @bind("malware", "malicious", "remove-from-list")
    async def malicious_remove_from_list(ids, user=None):
        hits_to_remove = MalwareHit.malicious_select(ids, user=user)
        MalwareHit.delete_instances(hits_to_remove)
        return MaliciousEndpointStatus(hits_to_remove, [])

    @feature(AV, [FULL, AV_REPORT])
    @bind("malware", "malicious", "move-to-ignore")
    async def malicious_move_to_ignore(self, ids, user=None):
        ignored = await self._malicious_move_to_ignore(ids, user)
        return len(ignored)

    async def _malicious_move_to_ignore(self, ids, user=None):
        check_permission(MS_IGNORE_LIST_EDIT, user)

        hits = await run_in_executor(
            asyncio.get_event_loop(),
            partial(MalwareHit.malicious_select, ids, user=user),
        )

        # flush found
        malicious_found = (
            h for h in hits if h.status == MalwareHitStatus.FOUND
        )
        await run_in_executor(
            asyncio.get_event_loop(),
            partial(MalwareHit.delete_instances, malicious_found),
        )
        file_hits = [
            hit
            for hit in hits
            if hit.resource_type == MalwareScanResourceType.FILE.value
        ]
        file_items = [
            IgnoreParameters(path=hit.orig_file) for hit in file_hits
        ]
        db_items = [
            IgnoreParameters(
                hit.orig_file,
                hit.app_name,
                hit.db_host,
                hit.db_port,
                hit.db_name,
            )
            for hit in hits
            if hit.resource_type == MalwareScanResourceType.DB.value
        ]
        ignored = await IgnoreEndpoints(self._sink).try_add_to_ignore(
            file_items,
            resource_type=MalwareScanResourceType.FILE.value,
        ) + await IgnoreEndpoints(self._sink).try_add_to_ignore(
            db_items,
            resource_type=MalwareScanResourceType.DB.value,
        )
        if Malware.SEND_FILES:
            for hit in file_hits:
                await MalwareAction.submit_for_analysis(
                    type=FALSE_POSITIVE,
                    reason=hit.type,
                    path=hit.orig_file,
                    file_owner=hit.user,
                    initiator=user,
                )

        return ignored

    @feature(AV, [FULL, AV_REPORT])
    @bind("malware", "history", "list")
    @run_in_executor_decorator
    def get_history(self, user=None, **kwargs):
        return MalwareHistory.get_history(user=user, **kwargs)

    @bind("malware", "user", "list")
    async def user_list(
        self, offset, limit, search=None, order_by=None, user=None, ids=None
    ):
        if user:
            # user endpoint
            _, users = await user_list.fetch_user_list(
                self.queue.get_scans_from_paths, match={user}
            )
            max_count = len(users)
        elif search:
            # search
            _, users = await user_list.fetch_user_list(
                self.queue.get_scans_from_paths, match=search
            )
            max_count = len(users)
        elif ids:
            # filter by ids
            max_count, users = await user_list.fetch_user_list(
                self.queue.get_scans_from_paths, match=ids
            )
        else:
            # all users
            max_count, users = await user_list.fetch_user_list(
                self.queue.get_scans_from_paths
            )

        # sort
        users = user_list.sort(users)
        for order in reversed(order_by or []):
            users = user_list.sort(users, order.column_name, desc=order.desc)

        # limit and offset
        start = offset
        end = offset + limit
        return max_count, users[start:end]

    @bind("malware", "user", "scan")
    async def user_scan(
        self, scan_file, scan_db, background=False, **scan_args
    ):
        if not scan_file and not scan_db:
            raise ValidationError(
                "Either --scan-file or --scan-db should be specified"
            )

        if background and self.queue.status().get("background"):
            raise ValidationError("Background scan pending")

        if background:
            scan_type = MalwareScanType.BACKGROUND
        else:
            scan_type = MalwareScanType.ON_DEMAND

        users = await user_list.panel_users()
        paths = [user["home"] for user in users]
        if scan_db:
            await self.queue.put(
                paths=paths,
                resource_type=MalwareScanResourceType.DB,
                scan_type=scan_type,
                **split_args(scan_args)
            )
        if scan_file:
            await self.queue.put(
                paths=paths,
                resource_type=MalwareScanResourceType.FILE,
                scan_type=scan_type,
                **split_args(scan_args)
            )
        if background and Malware.CRONTABS_SCAN_ENABLED:
            crontab_paths = [get_crontab(user["user"]) for user in users]
            await self.queue.put(
                paths=crontab_paths,
                resource_type=MalwareScanResourceType.FILE,
                scan_type=scan_type,
                **split_args(scan_args)
            )

    @bind("malware", "suspicious", "list")
    @run_in_executor_decorator
    def suspicious_list(self, user=None, **kwargs):
        return MalwareHit.suspicious_list(user=user, **kwargs)

    @bind("malware", "suspicious", "move-to-ignore")
    async def suspicious_move_to_ignore(self, ids):
        total = 0

        def expression(ids):
            return MalwareHit.select().where(MalwareHit.id.in_(ids))

        hits = await run_in_executor(
            asyncio.get_event_loop(),
            lambda: list(get_results_iterable_expression(expression, ids)),
        )
        for hit in hits:
            MalwareIgnorePath.get_or_create(
                path=hit.orig_file,
                resource_type=MalwareScanResourceType.FILE.value,
            )
            hit.delete_instance()
            total += 1
        return total


@feature(AV, [FULL, AV_REPORT])
class IgnoreEndpoints(CommonEndpoints):
    @bind("malware", "ignore", "list")
    @run_in_executor_decorator
    def ignore_list(self, user=None, **kwargs):
        check_permission(MS_IGNORE_LIST_EDIT, user)

        if user is not None:
            kwargs["user"] = user
        return MalwareIgnorePath.paths_count_and_list(**kwargs)

    @bind("malware", "ignore", "delete-ui")
    async def ignore_delete_ui(self, ids, user=None):
        return await self.ignore_delete(
            ids=ids,
            user=user,
            skip_rescan=False,
        )

    @bind("malware", "ignore", "delete")
    async def ignore_delete(self, ids, user=None, skip_rescan=False):
        check_permission(MS_IGNORE_LIST_EDIT, user)

        ignore_path: MalwareIgnorePath
        ignore_paths = list(
            MalwareIgnorePath.select().where(MalwareIgnorePath.id.in_(ids))
        )

        if user is not None:
            user_crontab_path = get_crontab(user)
            ignore_paths = [
                ignore_path
                for ignore_path in ignore_paths
                if does_path_belong_to_user(ignore_path.path, user)
                or ignore_path.path == user_crontab_path
            ]

        paths = [
            ignore_path.path
            for ignore_path in ignore_paths
            if ignore_path.resource_type == MalwareScanResourceType.FILE.value
        ]

        with db.atomic():
            for ignore_path in ignore_paths:
                MalwareAction.delete_from_ignore_sync(
                    path=ignore_path.path,
                    file_owner=user or get_path_owner(ignore_path.path),
                    initiator=user or UserType.ROOT,
                    resource_type=ignore_path.resource_type,
                )

        if paths:
            if not skip_rescan:
                await self._sink.process_message(
                    # FIXME: this spawns a scan with the `realtime` type
                    MessageType.MalwareScanTask(filelist=paths)
                )
            await self._sink.process_message(
                MessageType.MalwareIgnorePathUpdated()
            )

        return len(paths)

    @bind("malware", "ignore", "add")
    async def ignore_add(self, resource_type, paths, user=None):
        items = [IgnoreParameters(path) for path in paths]
        added = await self.try_add_to_ignore(items, resource_type, user)
        return len(added)

    async def try_add_to_ignore(
        self,
        items: Sequence[IgnoreParameters],
        resource_type: str,
        user: str = None,
    ) -> List[str]:
        check_permission(MS_IGNORE_LIST_EDIT, user)

        added = []
        items = [item for item in items if os.path.isabs(item.path)]
        if user is not None:
            user_crontab_path = get_crontab(user)
            items = (
                i
                for i in items
                if does_path_belong_to_user(i.path, user)
                or i.path == user_crontab_path
            )

        already_ignored = MalwareIgnorePath.path_list(
            resource_type=resource_type
        )
        items = (items for items in items if items.path not in already_ignored)

        for item in items:
            result = await MalwareAction.ignore(
                path=item.path,
                resource_type=resource_type,
                file_owner=user or get_path_owner(item.path),
                initiator=user or UserType.ROOT,
                app_name=item.app_name,
                db_host=item.db_host,
                db_port=item.db_port,
                db_name=item.db_name,
            )

            if result.successful:
                added.append(item.path)
        if added:
            await self._sink.process_message(
                MessageType.MalwareIgnorePathUpdated()
            )
        return added

    async def is_path_ignored(self, check_path, user=None):
        assert os.path.isabs(check_path)
        if user is not None and not does_path_belong_to_user(check_path, user):
            return False

        return await MalwareIgnorePath.is_path_ignored(check_path)


class MalwareRebuildPatterns(RootEndpoints):
    @bind("malware", "rebuild", "patterns")
    async def rebuild_patterns(self):
        await self._sink.process_message(
            MessageType.MalwareIgnorePathUpdated()
        )
        return {}


class MalwareRescanEdnpoints(RootEndpoints):
    @bind("malware", "rescan")
    async def malware_rescan_files(self, files: List[str]):
        await self._sink.process_message(
            MessageType.MalwareRescanFiles(files=files)
        )
        return {}

Zerion Mini Shell 1.0