IntelOwl/api_app/analyzers_manager/file_analyzers/ipqsfile.py at 5be04c1c77a2b4be1da101dcf25b0184d2c72908 · RamboV/IntelOwl · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl
# See the file 'LICENSE' for copying permission.

"""IPQualityScore file analyzer.

Provides `IPQSFileScan`, a file-scanning analyzer that uploads files to
IPQualityScore for malware detection and polls for results.
"""

import logging

from api_app.analyzers_manager.classes import FileAnalyzer
from api_app.mixins import IPQualityScoreMixin

logger = logging.getLogger(__name__)


class IPQSFileScan(FileAnalyzer, IPQualityScoreMixin):
    """
    Scan a binary file using IPQualityScore malware detection service.
    """

    @classmethod
    def update(cls):
        pass

    def run(self):
        binary = self.read_file_bytes()
        files = {"files": (self.filename, binary)}
        # lookup endpoint check for cached result
        lookup_result = self._make_request(
            self.lookup_endpoint,
            method="POST",
            _api_key=self._ipqs_api_key,
            files=files,
        )
        if lookup_result.get("status", False) == "cached":
            lookup_result.pop("update_url", None)
            return lookup_result
        # sending file to ipqs for scan
        scan_result = self._make_request(
            self.scan_endpoint,
            method="POST",
            _api_key=self._ipqs_api_key,
            files=files,
        )
        # waiting for scan result with help of request id
        result = self._poll_for_report(
            endpoint=self.postback_endpoint,
            _api_key=self._ipqs_api_key,
            request_id=scan_result.get("request_id"),
        )
        result.pop("update_url", None)
        return result