mirror of https://github.com/CIRCL/AIL-framework
chg: [retro_hunt] show match + fix None subtype
parent
c260455d14
commit
7d42315419
|
@ -1616,6 +1616,19 @@ def get_retro_hunt_metas():
|
|||
tasks.append(retro_hunt.get_meta(options={'date', 'progress', 'nb_match', 'tags'}))
|
||||
return tasks
|
||||
|
||||
## Objects ##
|
||||
|
||||
def is_obj_retro_hunted(obj_type, subtype, obj_id):
|
||||
return r_tracker.exists(f'obj:retro_hunts:{obj_type}:{subtype}:{obj_id}')
|
||||
|
||||
def get_obj_retro_hunts(obj_type, subtype, obj_id):
|
||||
return r_tracker.smembers(f'obj:retro_hunts:{obj_type}:{subtype}:{obj_id}')
|
||||
|
||||
def delete_obj_retro_hunts(obj_type, subtype, obj_id):
|
||||
for retro_uuid in get_obj_retro_hunts(obj_type, subtype, obj_id):
|
||||
retro_hunt = RetroHunt(retro_uuid)
|
||||
retro_hunt.remove(obj_type, subtype, obj_id)
|
||||
|
||||
## API ##
|
||||
def api_check_retro_hunt_task_uuid(task_uuid):
|
||||
if not is_valid_uuid_v4(task_uuid):
|
||||
|
|
|
@ -152,6 +152,20 @@ def get_tracker_match(obj_id, content):
|
|||
for match in regex_match:
|
||||
extracted.append([int(match[0]), int(match[1]), match[2], f'tracker:{tracker.uuid}'])
|
||||
|
||||
# Retro Hunt
|
||||
retro_hunts = Tracker.get_obj_retro_hunts('item', '', obj_id)
|
||||
for retro_uuid in retro_hunts:
|
||||
retro_hunt = Tracker.RetroHunt(retro_uuid)
|
||||
rule = retro_hunt.get_rule(r_compile=True)
|
||||
rule.match(data=content.encode(), callback=_get_yara_match,
|
||||
which_callbacks=yara.CALLBACK_MATCHES, timeout=30)
|
||||
yara_match = r_cache.smembers(f'extractor:yara:match:{r_key}')
|
||||
r_cache.delete(f'extractor:yara:match:{r_key}')
|
||||
extracted = []
|
||||
for match in yara_match:
|
||||
start, end, value = match.split(':', 2)
|
||||
extracted_yara.append([int(start), int(end), value, f'retro_hunt:{retro_hunt.uuid}'])
|
||||
|
||||
# Convert byte offset to string offset
|
||||
if extracted_yara:
|
||||
b_content = content.encode()
|
||||
|
@ -230,6 +244,11 @@ def get_extracted_by_match(extracted):
|
|||
matches[str_obj]['id'] = row_id
|
||||
matches[str_obj]['icon'] = {'style': 'fas', 'icon': '\uf05b', 'color': '#ffc107', 'radius': 5}
|
||||
matches[str_obj]['link'] = ''
|
||||
elif ob_type == 'retro_hunt': # TODO put me in object class
|
||||
matches[str_obj]['subtype'] = 'retro_hunt'
|
||||
matches[str_obj]['id'] = row_id
|
||||
matches[str_obj]['icon'] = {'style': 'fas', 'icon': '\uf05b', 'color': '#008107', 'radius': 5}
|
||||
matches[str_obj]['link'] = ''
|
||||
else:
|
||||
row_id = row_id.split(':', 1)
|
||||
if len(row_id) == 2:
|
||||
|
|
|
@ -128,7 +128,7 @@ class Retro_Hunt_Module(AbstractModule):
|
|||
self.redis_logger.info(f'{self.module_name}, Retro hunt {task_uuid} match found: {obj_id}')
|
||||
print(f'Retro hunt {task_uuid} match found: {self.obj.get_type()} {obj_id}')
|
||||
|
||||
self.retro_hunt.add(self.obj.get_type(), self.obj.get_subtype(), obj_id)
|
||||
self.retro_hunt.add(self.obj.get_type(), self.obj.get_subtype(r_str=True), obj_id)
|
||||
|
||||
# TODO FILTER Tags
|
||||
|
||||
|
|
Loading…
Reference in New Issue