Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def where(self, new_query):
nq = super(SensorQuery, self).where(new_query)
for k, v in iteritems(nq._query):
if k not in SensorQuery.valid_field_names:
nq._query = {}
raise ValueError("Field name must be one of: {0:s}".format(", ".join(SensorQuery.valid_field_names)))
return nq
def reset(self):
for k, v in iteritems(self._dirty_attributes):
self._info[k] = v
self._dirty_attributes = {}
0x00010000: 'DELETE',
0x00000001: 'PROCESS_TERMINATE',
0x00000002: 'PROCESS_CREATE_THREAD',
0x00000004: 'PROCESS_SET_SESSIONID',
0x00000008: 'PROCESS_VM_OPERATION',
0x00000010: 'PROCESS_VM_READ',
0x00000020: 'PROCESS_VM_WRITE',
0x00000040: 'PROCESS_DUP_HANDLE',
0x00000080: 'PROCESS_CREATE_PROCESS',
0x00000100: 'PROCESS_SET_QUOTA',
0x00000200: 'PROCESS_SET_INFORMATION',
0x00000400: 'PROCESS_QUERY_INFORMATION',
0x00000800: 'PROCESS_SUPEND_RESUME',
0x00001000: 'PROCESS_QUERY_LIMITED_INFORMATION'
}
r_windows_rights_dict = dict((value, key) for key, value in iteritems(windows_rights_dict))
@total_ordering
@python_2_unicode_compatible
class CbEvent(object):
def __init__(self, parent_process, timestamp, sequence, event_data):
self.timestamp = timestamp
self.parent = parent_process
self.sequence = sequence
self.__dict__.update(event_data)
self.event_type = u'Generic Cb event'
self.stat_titles = ['timestamp']
def __lt__(self, other):
return self.timestamp < other.timestamp
n.type = "malicious_file"
elif positivesPerc > self.potential_threshold:
n.analysisResult = Notification.ResultPotentialThreat
n.severity = "high"
n.type = "potential_risk_file"
else:
n.analysisResult = Notification.ResultClean
n.severity = "low"
n.type = "clean_file"
n.externalUrl = scanResults.get('permalink')
# Enumerate scan results that have detected the issue and build our
# 'malwareName' string for the notification
scans = scanResults.get("scans", {})
malware_type = [k + ":" + v["result"] for k, v in iteritems(scans) if v["detected"]]
malware_name = [v["result"] for k, v in iteritems(scans) if v["detected"]]
n.malwareType = "; ".join(malware_type[:4])
n.malwareName = "; ".join(malware_name[:4])
if len(malware_type) > 4:
n.malwareName += "..."
n.malwareType += "..."
# Send notification
n.save()
if binary.fileHash in self.awaiting_results:
del self.awaiting_results[binary.fileHash]
log.info("VT analysis for %s completed. VT result is %d%% malware (%s). Reporting status: %s"
def _match_query(self, i):
for k, v in iteritems(self._query):
if isinstance(v, six.string_types):
v = v.lower()
target = getattr(i, k, None)
if target is None:
return False
if str(target).lower() != v:
return False
return True