9:BTdZddlmZddlZddlZddlZddlZddlZddlm Z ddl m Z ddlm Z ddl mZddlmZdd lmZmZmZmZmZmZmZdd lmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%dd l&m'Z'dd l(m)Z)dd l*m+Z+m,Z,ddl-m.Z.m/Z/m0Z0ddl1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7ddl8m9Z9m:Z:m;Z;mm?Z?ddl@mAZAGdde+ZBGdde+ZCe dGddZDGdde+ZEGdde+ZFGd d!e+ZGGd"d#e+ZHdS)$u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see ) annotationsN) dataclass)reduce) attrgetter)Path)time)AnyDictIterableListSetTuplecast) SQL BooleanFieldCase CharFieldCheck Expression FloatFieldForeignKeyField IntegerField ModelSelectPrimaryKeyField TextFieldfn model_to_dict)UserType)Modelinstance) FilenameField ScanPathFieldapply_order_by)execute_iterable_expressionget_abspath_from_user_dirget_results_iterable_expressionsplit_for_chunk)RemoteRevertHitInfo)FAILED_TO_CLEANUPMalwareHitStatusMalwareScanResourceTypeMalwareScanTypeVulnerabilityHitStatus) get_crontab)MalwareDatabaseHitInfoc~eZdZdZGddZedZedZedZ ede d e j e je je je je je jfg Zedd Zedd Zedd Zedd Zede d ejjejjfg ZedZ edd Z!e" de j e je jfd ddZ#d S) MalwareScanzRepresents a batch of files scanned for malware Usually a single AI-BOLIT execution. See :class:`.MalwareScanType` for possible kinds of scans. c eZdZejZdZdS)MalwareScan.Meta malware_scansN__name__ __module__ __qualname__r!dbdatabasedb_tableJ/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/model.pyMetar4Us;"r>r@T primary_keyFnullz type in {}rD constraintsrrDdefaultNresource_type in {}c8ttSNintrr=r>r?zMalwareScan.sTVVr>)typespathsc v||j|j|j|j|j|j|j|j d|j |j | |j|k |j|k}|r-| |j |}| |j|j|j|jtj||}|t'|||}|dt+|fS)N scan_typeT clear_limit)selecttotal_resourcespathscanidstarted completederrortotal_malicioustypealias resource_typewherein_group_byorder_byr2desclimitoffsetr$countlistdicts) clssincetorfrgrdrPrQquerys r? ondemand_listzMalwareScan.ondemand_listsd" JJ#    #{++!  U38<<&& ' ' U3;%' ( ( U3;"$ % % "  5KK U 3 344E NN#SXsz3;  Xk)..00 1 1 U5\\ VF^^   "8S%88E{{t{,,d5;;==.A.AAAr>rL)$r7r8r9__doc__r@rrYrrZr[rformatr- ON_DEMANDREALTIMEMALWARE_RESPONSE BACKGROUNDRESCANUSERRESCAN_OUTDATEDr^rWr#rXrr\r]r,DBvalueFILEr` initiator timestamp classmethodror=r>r?r2r2Ns ######## Y4 ( ( (Fl&&&G $'''I 9  E##'1'0'8'2'.','7        D&#lq999O =dB / / /D I4 . . .E"lq999OI  E%,,/28/4:       M t$$$I %1D1DEEEI /B  %  &   /B/B/B/B[/B/B/Br>r2c  eZdZdZGddZeZeedddZ e dZ e dZ e dZe dZedd Ze d Ze d Zed Ze ej Zed Ze ded ejjejjfg Z e d Z!e d Z"e d Z#e d Z$e d Z%e&dCdZ'e&dZ(GddZ)e* dDdEdZ+e* dFdZ,e*dGdZ-e*dddZ.e*dGdZ/e*dHdZ0e*dId!Z1e*dJd#Z2e*d$Z3e* dKd%Z4e*dd&d'Z5e*dLd*Z6e*dMd,Z7e*d-Z8d.Z9e*dNdOd0Z:e*dPd3Z;e*dQd5Ze*dQd8Z?e*d9Z@e*d:ZAe*d;ZBeCdRd@ZDdAZEdBZFdS)S MalwareHitz*Represents a malicious or suspicious file.c eZdZejZdZdS)MalwareHit.Meta malware_hitsNr6r=r>r?r@rs;!r>r@FhitsCASCADErD related_name on_deleterCrGTrHrJrEreturnstrc6tt|jSrL)rrr^selfs r? signature_idzMalwareHit.signature_idsC###r>cTtt|j}t|SrLrr orig_filerrrs r?orig_file_pathzMalwareHit.orig_file_pathdn-- Ir>c$eZdZedZdS)MalwareHit.OrderByc ttjtjdftjdftjdftjdftjdffdfS)Nrd) rrstatusr+CLEANUP_PENDINGCLEANUP_STARTEDFOUND CLEANUP_DONECLEANUP_REMOVEDr=r>r?rzMalwareHit.OrderBy.status sb%)91=)91=)/3)6:)91=     r>N)r7r8r9 staticmethodrr=r>r?OrderByr s-       r>rrN Tuple[int, List[dict[str, Any]]]c , ||tt}|p t}|tj|ktj|kzg}|5d|d}|t d|f|j|zz|#|tj|k|#|tj |k| "|tj | z| rω r||j dk||j  fd| D}|rrg}g}|D]/}|d||d0d|}|t d|d|ttj|}|}| "|tj| z}||||}| t-| t|}||}d |D}||fS) N%CAST(orig_file AS TEXT) LIKE ?filec~g|]9}t|tk"|7|:Sr=)len startswith).0p site_searchs r? z)MalwareHit._hits_list..LsMq66C ,,,,k1J1J,,,,r>zorig_file NOT LIKE ?z AND ()c6g|]}|Sr=as_dictrrows r?rz)MalwareHit._hits_list..s 333C#++--333r>)rVr2joinrrZappendruserrrYrr`rrroperatorand_idrbrarfrgr$ _hits_num)rkclausesrlrmrfrgsearch by_scan_idrrd by_statusidsr user_siteskwargsrwhere_conditionspattern longer_paths sql_chunks sql_paramsrXcombined_sql_string full_clausesmax_count_clausesordered max_countresults ` r? _hits_listzMalwareHit._hits_lists$zz#{++00== \466   E )k.AR.G H   #&mmmG  # #4wjAA8W$&       # #JOt$; < < <  !  # #K$6*$D E E E   # #J$5$B C C C  +   # #C$5$? @ @ @  # #CM$<$<[$I$I J J J#L    (22D%%&<===%%jjj1111&-ll:&>&># ''2/222J?? hm-=>> ) ? JM--c22 2L**\**0077>>vFF  $Xz7CCGMM"344 337333&  r>cx|r&|r$|tj|ktj|kzz}|||j|kz}|t j|jt|}|t|t|}| SrL) r2rZrrVrCOUNTrrrar$rscalar)rkrrlrmrrdqs r?rzMalwareHit._hits_numws  R   +u4#r) G   sx4' 'G JJrx'' ( ( - -k : : @ @ I I  xQ77Axxzzr>c||jtj|jz|||SrL)rrnot_inr+CLEANUP malicious)rkrlrmrs r? malicious_numzMalwareHit.malicious_nums?}} Z  /7 8 83= H       r>)ignore_cleanedc|j}|r'||jtjz}|j|g|Ri|SrL)rrrr+rr)rkrargsrrs r?malicious_listzMalwareHit.malicious_listsR-  C sz(()9)ABB BGs~g7777777r>cFd|D}d}t|||||S)Ncg|] }|j Sr=rrs r?rz)MalwareHit.set_status..'''3'''r>cd|i}|||d<|jdi||j|S)Nr cleaned_atr=updaterarrb)rrkrrfields_to_updates r? expressionz)MalwareHit.set_status..expressionU&  %1; .3:11 01177 3HH Hr>r%)rkrrrrs r? set_statuszMalwareHit.set_statusF''$''' I I I+ c6:   r> to_deletericFd|D}fd}t||S)Ncg|] }|j Sr=rrs r?rz/MalwareHit.delete_instances..s111SV111r>cj|SrL)deleterarrb)rrks r?rz/MalwareHit.delete_instances..expressions+::<<%%cfjjoo66 6r>r)rkrrs` r?delete_instanceszMalwareHit.delete_instancessA11y111  7 7 7 7 7+:yAAAr> to_updatec|D][}|D]D\}}|D]\}}t||||E\dSrL)itemssetattrsave)rkrdata _instancenew_fields_datafieldrzs r?update_instanceszMalwareHit.update_instancess ! !D.2jjll ! !* ?$3$9$9$;$;55LE5Iue4444     ! ! !r>rc`|jtjg|jz}|SrL)rrbr+rr)rkrs r? is_infectedzMalwareHit.is_infecteds: JNN$*   m   r>c|jSrL)rrks r? is_suspiciouszMalwareHit.is_suspiciouss  ~r>c Tfd}tt||||dS)Nc|j}|||j|z}nSr(||jt jz}n)r'||jt jz}|5t|tr|g}||j |z}| |SrL) rrrbrrr+r RESTORABLE isinstancerrrVra) chunk_of_idsrkrrcleanuprestores r?rz/MalwareHit.malicious_select..expressionsmG'36::l333 G3:,,-=-EFFF G3:>>*:*EFFFdC((" 6D38<<---::<<%%g.. .r>T)exec_expr_with_empty_iterrir')rkrrr r rrs `` r?malicious_selectzMalwareHit.malicious_selectsS / / / / / / +Cdd      r>statusesc2fd}t||S)Ncj|}r|jz}|SrLrrbrrVrafilesrrkrs r?rz'MalwareHit.get_hits..expressionTm''..G 43:>>(333::<<%%g.. .r>r'rkrrrs` ` r?get_hitszMalwareHit.get_hits4 / / / / / / /z5AAAr> hits_infoSet[MalwareDatabaseHitInfo]cxd|D}d|D}d|Dtttj|tj|}fd|D}|S)Ncg|] }|j Sr=rXrentrys r?rz*MalwareHit.get_db_hits..s333333r>cg|] }|j Sr=app_namers r?rz*MalwareHit.get_db_hits..6665666r>c*g|]}|j|jfSr=rXr#rs r?rz*MalwareHit.get_db_hits..s!JJJuuz5>2JJJr>c4g|]}|j|jfv|Sr=rr#rhit paths_appss r?rz*MalwareHit.get_db_hits..s3   CM3<#@J#N#NC#N#N#Nr>)rirrVrarrbr#)rkrrQappsrr+s @r? get_db_hitszMalwareHit.get_db_hitss3333366I666JJ JJJ       U:'++E22 3 3 U:&**400 1 1           r>list[RemoteRevertHitInfo]cdd|D}d|D}d|D}d|Dtttj|tj|tj|tjtj }fd|D}|S)Ncg|] }|j Sr=) app_root_pathrs r?rz.s<<<$<<cg|] }|j Sr=r"rs r?rz.r$r>cg|] }|j Sr=)sig_idrs r?rz.s:::uel:::r>c6g|]}|j|j|jfSr=)r1r#r4rs r?rz.s6    %.%, ?   r>c@g|]}|j|j|jfv|Sr=)rr#rr)s r?rz. s<    s|S-=>*LL LLLr>) rirdb_hitsrarrbr#r^rr+r)rkrrQr, signaturesrr+s @r?get_db_hits_for_remote_revertz(MalwareHit.get_db_hits_for_remote_reverts&=<)<<<66I666:: :::   "   "&    U:'++E22 3 3 U:&**400 1 1 U:?&&z22 3 3 U:$(()9)DEE F F " "          r>c.fd}t||S)Ncj|SrLrrarrbrrks r?rz*MalwareHit.delete_hits..expression/::<<%%cm&7&7&>&>?? ?r>rrkrrs` r? delete_hitszMalwareHit.delete_hits3 @ @ @ @ @+:u===r>cjt||SrL)r^get_pk_exprrs r?refreshzMalwareHit.refreshs"Dzz~~dmmoo...r>Iterable[MalwareHit]cLfd}tt||S)Nc}r3tt}|jd|DS)Ncg|] }|j Sr=rrr*s r?rz?MalwareHit.refresh_hits..expression.."s*B*B*Bc36*B*B*Br>)rVr2rrarrb)rrnrkinclude_scan_infos r?rz+MalwareHit.refresh_hits..expressionsiJJLLE  G 3 4499+FF;;svzz*B*BT*B*B*BCCDD Dr>r )rkrrKrs` ` r? refresh_hitszMalwareHit.refresh_hitssC E E E E E E 3JEEFFFr>r}rNc||j|k|jt jz|jdzS)NF)rVrarrrbr+CLEANEDis_null)rkr}s r? cleaned_sincezMalwareHit.cleaned_since&s^zz||!! ^y (z~~.677 9~%%e,, .   r>rc||jtjjkSrL)rVrar`r,ryrzrs r?r7zMalwareHit.db_hits.s4zz||!!  !8!;!A A   r>cv||jtjkS)z,Return db hits that are in queue for cleanup)r7rarr+rrs r?db_hits_pending_cleanupz"MalwareHit.db_hits_pending_cleanup42{{}}"" J*: :   r>cv||jtjkS)z3Return db hits for which the cleanup is in progress)r7rarr+rrs r?db_hits_under_cleanupz MalwareHit.db_hits_under_cleanup;rTr>cv||jtjkS)z3Return db hits for which the restore is in progressr7rarr+CLEANUP_RESTORE_STARTEDrs r?db_hits_under_restorationz$MalwareHit.db_hits_under_restorationBs2{{}}"" J*B B   r>c<d|D}d|D}d|D||j||j|}fd|DS)z Return db hits for which the cleanup is in progress specified by the provided set of MalwareDatabaseHitInfo ch|] }|j Sr=rrhit_infos r? z6MalwareHit.db_hits_under_cleanup_in..Qs???hHM???r>ch|] }|j Sr=r"r]s r?r_z6MalwareHit.db_hits_under_cleanup_in..RsGGGh)GGGr>c*h|]}|j|jfSr=r&r]s r?r_z6MalwareHit.db_hits_under_cleanup_in..Ss/   3;X]H- .   r>c4g|]}|j|jfv|Sr=r()rr*path_app_name_sets r?rz7MalwareHit.db_hits_under_cleanup_in..[s8    s|,0AAA AAAr>)rVrarrbr#)rk hit_info_setpath_set app_name_setrnrcs @r?db_hits_under_cleanup_inz#MalwareHit.db_hits_under_cleanup_inIs@?,???GG,GGG   ?K     % % ' ' U3=$$X.. / / U3<##L11 2 2          r>c||jtjtjgSrL)r7rarrbr+CLEANUP_RESTORE_PENDINGCLEANUP_REMOTE_RESTORE_PENDINGrs r?db_hits_pending_cleanup_restorez*MalwareHit.db_hits_pending_cleanup_restoreasF{{}}"" JNN$<$C     r>cv||jtjkSrLrXrs r?db_hits_under_cleanup_restorez(MalwareHit.db_hits_under_cleanup_restorels0{{}}"" J*B B   r> hit_list_listList['MalwareHit'] attributeDict[str, List['MalwareHit']]ctdtj|Dt |}dtj|t |DS)Nc3K|]}|VdSrLr=rJs r? z0MalwareHit.group_by_attribute..w" I ISS I I I I I Ir>keyc4i|]\}}|t|Sr=rir attr_valuers r? z1MalwareHit.group_by_attribute..z4    D T    r>sorted itertoolschain from_iterablergroupbyrprnhit_lists r?group_by_attributezMalwareHit.group_by_attributer I IIO99-HH I I I9%%     $-$5y))%%%    r>c@id|jd|jd|jd|jjd|jd|jjd|jd|jd |jd |j d |j d |j d |j did|j d|jd|j|j|j|jt$jjkret+t,t,jt,jt,jt,j|jkt,j|jkt,j|jkt,j |j kt,j|jkt,j|jkt,j|jkt,j|jkt,jdt,jdt,jd ngdS)Nrusernamercreatedscan_idrSr`r^hashsizerrr extra_datadb_namer#db_hostF)db_portsnippet table_fields)!rrrrYrZ scanid_idr^r`rrrrrrr#rrrr,ryrzriMalwareHistoryrV table_name table_field table_row_infrarXrrrOrjrs r?rzMalwareHit.as_dicts-- $'-  -  DN-  t{* - t~ - ) -  T/-  DI-  DI-  DI-  -  dk-  $/-  "-  t|-  !- " t|#- $||.%)@)C)III+"))&1&2&4 U&/4=@&.$,>&.$,>&.$,>&+t~=&48JJ&.$+=&3ty@&199%@@&2::5AA&4<c||jr|jjd|jd|jdS|jjd|jdS)Nz (orig_file=z , app_name=r)r# __class__r7rrs r?__repr__zMalwareHit.__repr__sT = '''   &*^%<%<%)rr) rNNNNNNNNNNN)rr)NNNNNrL)rri)rri)rr)NNFF)rr)rr.)F)rrF)r}rN)rr)rnrorprrrq)Gr7r8r9rpr@rrrr2rYrownerrr"rr^rrrrrr}r+rrrrrqr,ryrzr{r`r#rrrrpropertyrrrr~rrrrrrrrrr rr-r9r@rErLrPr7rSrVrZrgrkrmrrrrr=r>r?rrs44""""""""   B _%f F I5 ! ! !E 9% D 5)))I 9% D  %777I 9$   D 9$   D %%%IY/5 6 6 6F&&&JI  E%,,/28/4:       Myd###HiT"""GiT"""GiT"""GiT"""G $$$X$X"   X!X!X!X![X!tDH   [    [ 278888[8    [ BBB[B!!![!   [ [9>   [ .)-BBBB[B   [ [0>>[> ///GGGG[G   [    [    [    [    [   [ .  [   [     \  . . . `NNNNNr>rT)frozenceZdZUdZded<ded<ded<ded<ded<d ed <ded <ded <d ed <ded<edZedZdS)MalwareHitAlternatezA Used as a replacement for MalwareHit for file hits only rrYrNoner#rrrNrrr^r}boolrc |||d|d|d|d|d|ddd|ddd|ddd  S) Nrrrrrrmatchesr} suspicious) rYrr#rrrrr^r}rr=)rkrYfilenamers r?createzMalwareHitAlternate.createsssw-ffffa+6l1ok2v,q/,77    r>cNttj|jSrL)rosfsdecoderrs r?rz"MalwareHitAlternate.orig_file_pathsBK//000r>N) r7r8r9rp__annotations__r~rrrr=r>r?rrsKKKNNNNNNJJJ III III III IIINNNOOO   [  11X111r>rcJeZdZdZGddZdZeZeZ ede dgZ e dd Z ed Zefd Zefd Ze dddZeddZedZxZS)MalwareIgnorePathz+A path that must be excluded from all scansc$eZdZejZdZdZdS)MalwareIgnorePath.Metamalware_ignore_path)))rXr`TN)r7r8r9r!r:r;r<indexesr=r>r?r@rs;(6r>r@NFzresource_type in ('file','db')rEc8ttSrLrMr=r>r?rOzMalwareIgnorePath.s#dff++r>rGct||j}||_dSrL)rirVrdrXrjCACHE)rkrs r? _update_cachezMalwareIgnorePath._update_caches>SZZ\\**3844::<<== r>c Rd|_tt|jdi|S)Nr=)rsuperrr)rkrrs r?rzMalwareIgnorePath.creates. 3u&,,3==f===r>c`d|_tt|SrL)rrrr)rkrs r?rzMalwareIgnorePath.deletes' &,,33555r>r` str | Nonec \||j} || |j|k} || |j|k} |-| |j|} || |j|k} || |} || |} |t||| } |t|} | |j t| dz|jt| kz|jtt|kz} | d} | d| DfS)N/TrTc,g|]}t|Sr=rrs r?rz:MalwareIgnorePath.paths_count_and_list..*s - - -C]3   - - -r>)rVrdrXra added_datecontainsr`rgrfr$r&rrr/rh) rkrfrgrr`rrlrmrdr user_homers r?paths_count_and_listz&MalwareIgnorePath.paths_count_and_lists JJLL ! !#( + +  %/00A >",--A  ))&1122A  $)]:;;A    A  A  xa00A  1$77I$$S^^c%9::8s9~~-/8s;t#4#45557A GGG--  - -1 - - -  r>r List[str]c:|j|i|\}}d|DS)Ncg|] }|d Srr=rs r?rz/MalwareIgnorePath.path_list..0s111F 111r>)r)rkrr_ path_lists r?rzMalwareIgnorePath.path_list-s1/s/@@@ 911y1111r>cK|j|t|}|jrK|jD]C}tjdd{Vt|d}||ks ||jvrdSDdS)zChecks whether path stored in MalwareIgnorePath cache or if it's belongs to path from cache or if it matches patters from cache :param str check_path: path to check :return: bool: is ignored according MalwareIgnorePath NrrXTF)rrrasynciosleepparents)rk check_pathrXr ignored_paths r?is_path_ignoredz!MalwareIgnorePath.is_path_ignored2s 9       J 9 Y  mA&&&&&&&&&#AfI L((ldl.J.J44/Kur>)NNNNNNNN)r`r)rr)r7r8r9rpr@rrrrrXrr`rrr~rrrrrr __classcell__)rs@r?rrs5577777777 E   B 9;;DI 'G!H!H IM52E2EFFFJ[>>>>[>6666[6$(  & & & & [& P222[2[r>rc eZdZdZGddZedZedZede d e j j e jj fge jj ZedZedZedZedZedZedd ZedZedZedZedZedZedZedZedZe dd Z ed Z!eddZ"eddZ#d S)rz:Records every event related to :class:`MalwareHit` recordsc eZdZejZdZdS)MalwareHistory.Metamalware_historyNr6r=r>r?r@rIs;$r>r@FrCTrJ)rDrFrHc8ttSrLrMr=r>r?rOzMalwareHistory.jsS[[r>rGNc|j|k|j|kz}|r/||j|td|fzz}|r||j|kz}|||| } |t|t| } t| } | d| fS)Nz(INSTR(path, ?))TrT)ctimeeventrr file_userrVrarfrgrjr$rrirh) rkrlrmrfrgrrrdrrn list_results r? get_historyzMalwareHistory.get_history|s9%#)r/:    **622& 22 G  - s}, ,G ""7++11%88??GGMMOO  "8^UCCE5kk {{t{,,k99r>c |jd|ddp tj|ddp tj|ddpt jjd| dS)Nr|causer`)r|rr`r=) insertpoprROOTr-MANUALr,r{rzexecute)rkrs r? save_eventzMalwareHistory.save_events  jjd33Dx}**Wd++E/E **_d;;2&+1      ')))))r>r List[dict]c tj5t|dt |jjzD])}||* ddddS#1swxYwYdS)Ni) chunk_size) r!r:atomicr(r_metacolumns insert_manyr)rkr hits_chunks r? save_eventszMalwareHistory.save_eventss [   ! ! 6 6 .CI,=(>(>!> 6 6  ++335555 6  6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6sABB BrQrirlrNc>||jtj|j||jtkz|j|kz |j SrL) rVrXrrrarbrr*rrctuples)rkrQrls r?get_failed_cleanup_events_countz.MalwareHistory.get_failed_cleanup_events_counts{ JJsx , , U U##9 1139%' Xch   VXX r>)NNN)rr)rQrirlrN)$r7r8r9rpr@r"rXrr#rrqr,ryrzr{r`rrr| file_ownerrrrrrrrrrrrr~rrrrr=r>r?rrFsLDD%%%%%%%% =e $ $ $Dyd###HI  E%,,/28/4:    (,2   M I5 ! ! !E I5 ! ! !E u%%%I&&&J u%%%I Le-@-@ A A AEiT"""GiT"""GiT"""G%%%J)&&&K Ld+++MiT"""G9$'''LHL:::[:&[ 6 6 6[ 6    [    r>rcHeZdZdZGddZeZeedddZ e dZ e dZ e dZe dZe d Ze d Zed Ze ej Zed Zed Zed$dZed%dZedddZedZe d&dZedZ e!d'dZ"ed(d!Z#ed)d"Z$d#Z%dS)*VulnerabilityHitzRepresents a vulnerable file.c eZdZejZdZdS)VulnerabilityHit.Metavulnerability_hitsNr6r=r>r?r@rs;'r>r@FvulnerabilitiesrrrCTrcTtt|j}t|SrLrrs r?rzVulnerabilityHit.orig_file_pathrr> signaturerrrc,|dS)Nz VULN-ESUS-)r)rkrs r?matchzVulnerabilityHit.matchs##L111r>rictjd|x}r-|ddSgS)NzVULN-ESUS-([\d,]+)r,)rergroupssplit)rkrrs r?get_vulnerability_idsz&VulnerabilityHit.get_vulnerability_idssBI3Y?? ?5 0<<>>!$**3// / r>Nrc2fd}t||S)Ncj|}r|jz}|SrLrrs r?rz-VulnerabilityHit.get_hits..expressionrr>rrs` ` r?rzVulnerabilityHit.get_hitsrr>c.fd}t||S)Ncj|SrLr<r=s r?rz0VulnerabilityHit.delete_hits..expressionr>r>rr?s` r?r@zVulnerabilityHit.delete_hitsrAr>rc  d||tt} |p t}d|} tj|ktj|kz}||t d| f|j| zzz}|||j|kz}|||j|kz}| ||j | zz}|}| ||j | z}| | ||}|t|||}|t!j|j t |}d|D}||fS)Nz%{}%rc6g|]}|Sr=rrs r?rz/VulnerabilityHit._hits_list..(rr>)rVr2rrrqrZrrrYrrrbrarfrgr$rrr)rkrlrmrfrgrrrrdrrrrrrrrrrs r?rzVulnerabilityHit._hits_listszz#{++00== \466--''#+u4  2 %    C07*7"$ $L   CH, ,L  ! CJ*4 4L  CJ)3 3L( ? CFJJsOO +L**\**0077>>vFF  $XsG<c|j|i|SrL)r)rkrrs r?rizVulnerabilityHit.list,ss~t.v...r>rnList['VulnerabilityHit']rp#Dict[str, List['VulnerabilityHit']]ctdtj|Dt |}dtj|t |DS)Nc3K|]}|VdSrLr=rJs r?rtz6VulnerabilityHit.group_by_attribute..5rur>rvc4i|]\}}|t|Sr=ryrzs r?r|z7VulnerabilityHit.group_by_attribute..8r}r>r~rs r?rz#VulnerabilityHit.group_by_attribute0rr>r list[int]ct}|D]2}|tt|dz}3t|S)Nr^)setrrri)rkrvuln_idsr*s r?get_vulnerabilities_idsz(VulnerabilityHit.get_vulnerabilities_ids@sU55  C  66s6{CC HHH~~r>cFd|D}d}t|||||S)Ncg|] }|j Sr=rrs r?rz/VulnerabilityHit.set_status..Krr>cd|i}|||d<|jdi||j|S)Nr patched_atr=r)rrkrrrs r?rz/VulnerabilityHit.set_status..expressionMrr>r)rkrrrrs r?rzVulnerabilityHit.set_statusIrr>c |j|j|j|jj|j|jj|j|j|j|j |j d S)N) rr file_pathrrrSr^rrrr) rrrrYrZrr^rrrrrs r?rzVulnerabilityHit.as_dictZsN' {*~)IIIk/   r>)rrrr)rrrri) rNNNNNNNNN)rnrrprrr)rrirr rL)&r7r8r9rpr@rrrr2rYrrrr"rr^rrrr}r. VULNERABLErrrrr~rrrr@rrirrrrrr=r>r?rrs''((((((((   B _ & F I5 ! ! !E 9% D 5)))I 9% D 9$   D 9$   D %%%IY5@ A A AF&&&J X222[2[ )-BBBB[B>>[>    1!1!1![1!f//[/    \  [   [      r>rcDeZdZdZGddZedZdS)ImunifyPatchSubscriptionz(Stores Imunify Patch user subscriptions.c eZdZejZdZdS)ImunifyPatchSubscription.Metaimunify_patch_subscriptionsN)r7r8r9r!r:r;rr=r>r?r@rms;2 r>r@TrAN)r7r8r9rpr@ruser_idr=r>r?rrjsP2233333333iD)))GGGr>r)Irp __future__rrrrrr dataclassesr functoolsrrpathlibrrtypingr r r r r rrpeeweerrrrrrrrrrrrrplayhouse.shortcutsr defence360agent.contracts.configrdefence360agent.modelr r!$defence360agent.model.simplificationr"r#r$defence360agent.utilsr%r&r'r(imav.api.cleanup_revertr)imav.malwarelib.configr*r+r,r-r.imav.malwarelib.scan.crontabr/imav.malwarelib.scan.mds.reportr0r2rrrrrrr=r>r?r+s+*#""""" !!!!!!>>>>>>>>>>>>>>>>>>.-----55555511111111  877777544444BBBBBBrBrBrBrBrB%rBrBrBjvNvNvNvNvNvNvNvNr $"1"1"1"1"1"1"1"1JaaaaaaaaHk k k k k Uk k k \s s s s s us s s l*****u*****r>