Skip to content
This repository has been archived by the owner on Sep 8, 2023. It is now read-only.

Commit

Permalink
Merge pull request #46 from anteater/pep8fixes
Browse files Browse the repository at this point in the history 
PEP8 fixes
  • Loading branch information
@lukehinds
lukehinds committed Mar 29, 2018
2 parents f6507fc + 28b08d7 commit 5493560
Show file tree
Hide file tree
Showing 10 changed files with 130 additions and 157 deletions.
2 changes: 1 addition & 1 deletion anteater/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ def main():
arguments['--binaries'], arguments['--ips'], arguments['--urls'])
elif arguments['<project_path>']:
prepare_project(arguments['<project>'], arguments['<project_path>'],
arguments['--binaries'], arguments['--ips'], arguments['--urls'])
arguments['--binaries'], arguments['--ips'], arguments['--urls'])


if __name__ == "__main__":
Expand Down
18 changes: 9 additions & 9 deletions anteater/src/get_lists.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,20 +44,23 @@
logger.error('File not found: %s', ignore_list)
sys.exit(0)


def unique(sequence):
return list(set(sequence))


def _remove_nullvalue(contents):
""" Removes nullvalue placeholders required to prevent key errors"""
if contents and len(contents) > 2 and 'nullvalue' in contents:
contents.remove('nullvalue')


class GetLists(object):
def __init__(self, *args):
self.args = args
self.loaded = False

def load_project_flag_list_file (self, project_exceptions, project):
def load_project_flag_list_file(self, project_exceptions, project):
""" Loads project specific lists """
if self.loaded:
return
Expand Down Expand Up @@ -111,13 +114,12 @@ def load_project_ignore_list_file(self, project_exceptions, project):
logger.info('%s not found in %s', project, ignore_list)
logger.info('No project specific exceptions will be applied')


def binary_hash(self, project, patch_file):
""" Gathers sha256 hashes from binary lists """
global il
exception_file = None
try:
project_exceptions = il.get('project_exceptions') # try needed
project_exceptions = il.get('project_exceptions')
except KeyError:
logger.info('project_exceptions missing in %s for %s', ignore_list, project)

Expand Down Expand Up @@ -157,7 +159,7 @@ def file_audit_list(self, project):
logger.error('Key Error processing file_names list values')
try:
project_list = set((fl['file_audits'][project]['file_names']))
logger.info('Loaded %s specific file_audits entries', project)
logger.info('Loaded %s specific file_audits entries', project)
except KeyError:
logger.info('No project specific file_names section for project %s', project)

Expand All @@ -172,7 +174,7 @@ def file_audit_list(self, project):
file_names_proj_re = re.compile("")
return file_names_re, file_names_proj_re

def file_content_list(self, project):
def file_content_list(self, project):
""" gathers content strings """
project_list = False
self.load_project_flag_list_file(il.get('project_exceptions'), project)
Expand All @@ -188,7 +190,7 @@ def file_content_list(self, project):

try:
project_list = fl['file_audits'][project]['file_contents']
logger.info('Loaded %s specific file_contents entries', project)
logger.info('Loaded %s specific file_contents entries', project)

except KeyError:
logger.info('No project specific file_contents section for project %s', project)
Expand Down Expand Up @@ -228,9 +230,8 @@ def ignore_directories(self, project):
return ignore_directories
else:
return ignore_directories

def url_ignore(self, project):

def url_ignore(self, project):
""" Gathers a list of URLs to ignore """
project_list = False
try:
Expand Down Expand Up @@ -258,7 +259,6 @@ def url_ignore(self, project):
return url_ignore_re

def ip_ignore(self, project):

""" Gathers a list of URLs to ignore """
project_list = False
try:
Expand Down
85 changes: 40 additions & 45 deletions anteater/src/patch_scan.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@
hasher = hashlib.sha256()
failure = False

def prepare_patchset(project, patchset, binaries, ips, urls):

def prepare_patchset(project, patchset, binaries, ips, urls):
""" Create black/white lists and default / project waivers
and iterates over patchset file """
# Get Various Lists / Project Waivers
Expand All @@ -63,9 +64,9 @@ def prepare_patchset(project, patchset, binaries, ips, urls):
ignore_directories = lists.ignore_directories(project)

if binaries or ips or urls:
try:
try:
apikey = os.environ["VT_KEY"]
except KeyError:
except KeyError:
logger.error("Please set your virustotal.com API key as an environment variable")
sys.exit(1)
try:
Expand Down Expand Up @@ -104,7 +105,7 @@ def scan_patch(project, patch_file, binaries, ips, urls, file_audit_list,
file_audit_project_list, flag_list, ignore_list, file_ignore,
ignore_directories, url_ignore, ip_ignore, apikey):

"""
"""
Scan actions for each commited file in patch set
"""
global failure
Expand All @@ -120,17 +121,17 @@ def scan_patch(project, patch_file, binaries, ips, urls, file_audit_list,
buf = afile.read()
hasher.update(buf)
sha256hash = hasher.hexdigest()

if sha256hash in binary_hash:

logger.info('Found matching file hash for: %s',
patch_file)
else:
logger.info('sha256hash: %s', sha256hash)
logger.error('Non Whitelisted Binary file: %s',
patch_file)
scan_binary(patch_file, project, sha256hash, apikey)

scan_binary(patch_file, project, sha256hash, apikey)

failure = True

Expand Down Expand Up @@ -169,17 +170,16 @@ def scan_patch(project, patch_file, binaries, ips, urls, file_audit_list,
ipaddr = re.findall(r'(?:\d{1,3}\.)+(?:\d{1,3})', line)
if ipaddr:
ipaddr = ipaddr[0]
if re.search(ip_ignore,ipaddr):
if re.search(ip_ignore, ipaddr):
logger.info('%s is in IP ignore list.', ipaddr)
else:
try:
ipaddress.ip_address(ipaddr).is_global
scan_ipaddr(ipaddr, apikey)
except:
pass # Ok to pass here, as this captures
# the odd string which is not an IP Address

# Check for URLs and send for report to Virus Total
pass # Ok to pass here, as this captures the odd string which is not an IP Address

# Check for URLs and send for report to Virus Total
if urls:
url = re.search("(?P<url>https?://[^\s]+)", line) or re.search("(?P<url>www[^\s]+)", line)
if url:
Expand All @@ -189,8 +189,7 @@ def scan_patch(project, patch_file, binaries, ips, urls, file_audit_list,
else:
scan_url(url, apikey)


# Perform search within text files
# Perform search within text files
for key, value in flag_list.items():
regex = value['regex']
desc = value['desc']
Expand All @@ -200,16 +199,12 @@ def scan_patch(project, patch_file, binaries, ips, urls, file_audit_list,
logger.error('Flagged Content: %s', line.rstrip())
logger.error('Rationale: %s', desc.rstrip())
failure = True
with open(reports_dir + "contents_" + project + ".log",
"a") as gate_report:
gate_report.write('File contains violation: {0}\n'.
format(patch_file))
gate_report.write('Flagged Content: {0}'.
format(line))
gate_report.write('Matched Regular Exp: {0}\n'.
format(regex))
gate_report.write('Rationale: {0}\n'.
format(desc.rstrip()))
with open(reports_dir + "contents_" + project + ".log", "a") as gate_report:
gate_report.write('File contains violation: {0}\n'.format(patch_file))
gate_report.write('Flagged Content: {0}'.format(line))
gate_report.write('Matched Regular Exp: {0}\n'.format(regex))
gate_report.write('Rationale: {0}\n'.format(desc.rstrip()))


def scan_binary(patch_file, project, sha256hash, apikey):
"""
Expand All @@ -220,7 +215,7 @@ def scan_binary(patch_file, project, sha256hash, apikey):
while True:
binary_report = v_api.binary_report(sha256hash, apikey)
response_code = binary_report['response_code']

# report does not exist, need to scan
if response_code == 0:
logger.info('Performing new scan of %s.', patch_file)
Expand All @@ -240,42 +235,40 @@ def scan_binary(patch_file, project, sha256hash, apikey):
positives = binary_report['positives']

if positives == 0:
negative_report(binary_report,sha256hash, project, patch_file)
negative_report(binary_report, sha256hash, project, patch_file)
else:
positive_report(binary_report,sha256hash, project, patch_file)
positive_report(binary_report, sha256hash, project, patch_file)


def negative_report(binary_report,sha256hash, project, patch_file):
def negative_report(binary_report, sha256hash, project, patch_file):
"""
If no match is made and file is clean
"""
report_url = binary_report['permalink']
scan_date = binary_report['scan_date'] # build conditional
scan_date = binary_report['scan_date']
logger.info('File scan date for %s shows a clean status on: %s', patch_file, scan_date)
logger.info('Full report avaliable here: %s', report_url)
logger.info('The following sha256 hash can be used in your %s.yaml file to suppress this scan:', project)
logger.info('%s', sha256hash)
with open(reports_dir + "binaries-" + project + ".log",
"a") as gate_report:
gate_report.write('Non Whitelisted Binary: {}\n'.
format(patch_file))
gate_report.write('File scan date for {} shows a clean status on {}\n'.
format(patch_file, scan_date))
gate_report.write('The following sha256 hash can be used in your {}.yaml file to suppress this scan:\n'.
format(project))
gate_report.write('{}\n'.
format(sha256hash))

def positive_report(binary_report,sha256hash, project, patch_file):
with open(reports_dir + "binaries-" + project + ".log", "a") as gate_report:
gate_report.write('Non Whitelisted Binary: {}\n'.format(patch_file))
gate_report.write('File scan date for {} shows a clean status on {}\n'.format(patch_file, scan_date))
gate_report.write('The following sha256 hash can be used in your {}.yaml file to suppress this scan:\n'.format(project))
gate_report.write('{}\n'.format(sha256hash))


def positive_report(binary_report, sha256hash, project, patch_file):
"""
If a Positive match is found
"""
"""
failure = True
report_url = binary_report['permalink']
scan_date = binary_report['scan_date'] # build conditional
scan_date = binary_report['scan_date']
logger.error("Virus Found!")
logger.info('File scan date for %s shows a infected status on: %s', patch_file, scan_date)
logger.info('Full report avaliable here: %s', report_url)


def scan_ipaddr(ipaddr, apikey):
"""
If an IP Address is found, scan it
Expand All @@ -295,6 +288,7 @@ def scan_ipaddr(ipaddr, apikey):
else:
logger.info('%s has no record of resolving to malicious urls', ipaddr)


def scan_url(url, apikey):
"""
If URL is found, scan it
Expand Down Expand Up @@ -331,7 +325,8 @@ def scan_url(url, apikey):
logger.info("%s is recorded as a clean", url)
except:
pass



def process_failure():
"""
If any scan operations register a failure, sys.exit(1) is called
Expand Down

0 comments on commit 5493560

Please sign in to comment.