from hashlib import algorithms_available import logging from helperFunctions.config import read_list_from_config from helperFunctions.hash import get_hash, get_ssdeep, get_imphash, get_tlsh from analysis.PluginBase import AnalysisBasePlugin class AnalysisPlugin(AnalysisBasePlugin): ''' This Plugin creates several hashes of the file ''' NAME = 'file_hashes' DEPENDENCIES = ['file_type'] DESCRIPTION = 'calculate different hash values of the file' VERSION = '1.1' def __init__(self, plugin_administrator, config=None, recursive=True): ''' recursive flag: If True recursively analyze included files default flags should be edited above. Otherwise the scheduler cannot overwrite them. ''' self.config = config self.hashes_to_create = self._get_hash_list_from_config() # additional init stuff can go here super().__init__(plugin_administrator, config=config, recursive=recursive, plugin_path=__file__, timeout=600) def process_object(self, file_object): ''' This function must be implemented by the plugin. Analysis result must be a dict stored in file_object.processed_analysis[self.NAME] If you want to propagate results to parent objects store a list of strings 'summary' entry of your result dict ''' file_object.processed_analysis[self.NAME] = {} for h in self.hashes_to_create: if h in algorithms_available: file_object.processed_analysis[self.NAME][h] = get_hash(h, file_object.binary) else: logging.debug('algorithm {} not available'.format(h)) file_object.processed_analysis[self.NAME]['ssdeep'] = get_ssdeep(file_object.binary) file_object.processed_analysis[self.NAME]['imphash'] = get_imphash(file_object) tlsh_hash = get_tlsh(file_object.binary) if tlsh_hash: file_object.processed_analysis[self.NAME]['tlsh'] = get_tlsh(file_object.binary) return file_object def _get_hash_list_from_config(self): try: return read_list_from_config(self.config, self.NAME, 'hashes', default=['sha256']) except Exception: logging.warning("'file_hashes' -> 'hashes' not set in config") return ['sha256']