#!/usr/bin/env python
#Description : Malware Feed Module for MalShare
#Author      : Silas Cutler (Silas.Cutler@BlackListThisDomain.com)
#Date        : 2018 04 08
#==============================================================================

#Required Imports
import os
import sys
sys.path.extend(["../../"])

from malpipe.config import CONFIG
from malpipe.feeds.common import Modules,MalwareFeed,MalwareFeedDescription
from malpipe.utils import get_url, post_url

import schedule

# Local Imports
import time
import re
import os
import json

DISABLE=None

class MalShare(MalwareFeed):
    def __init__(self):
        md = MalwareFeedDescription(
            module_name="MalShare",
            interval = schedule.every().day.at("04:00"),
            description="Feed from MalShare of Daily files",
            authors=["Silas Cutler"],
            version="0.2"
        )
        MalwareFeed.__init__(self, md)
        self.parse_settings()

        self.url_daily_list = "https://malshare.com/daily/malshare.current.sha256.txt"
        self.url_download = "https://malshare.com/api.php?api_key=%s&action=getfile&hash=%s"
        self.url_sources = "https://malshare.com/api.php?api_key=%s&action=getsources"

        # Settings
    def parse_settings(self):
        global CONFIG,DISABLE
        try:
            self.api_key = CONFIG['feeds'][self.get_module_name()]['API_KEY']
            self.exporters = CONFIG['feeds'][self.get_module_name()]['EXPORTERS']
            self.processors = CONFIG['feeds'][self.get_module_name()]['PROCESSORS']
        except Exception, e:
            print "[%s] Error Loading: %s" % ( self.get_module_name(), e)
            DISABLE = True


    def get_hash_list(self):
        return get_url( self.url_daily_list )

    def get_file_feed(self):
        hash_list = self.get_hash_list()
        if hash_list:
            for thash in hash_list.split('\n'):
                uFile = self.url_download % ( self.api_key, thash )
                fData = get_url( uFile )
                self.results.add_file( fData )

    def get_url_feed(self):
        url_list = []
        turl = self.url_sources % ( self.api_key )

        fData = get_url( turl, ret_json=True )
        for url in fData:
            self.results.add_url(url)

    def pull_feeds(self):
        self.get_url_feed()
        self.get_file_feed()

    def run(self):
        self.pull_feeds()
        self.process()
        self.export()

        
if (CONFIG['feeds']["MalShare"]['ENABLED'] == True and DISABLE is not False):
    Modules.Feeds.append(MalShare())