BndZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZddlmZddlmZdd lmZdd lmZmZdd lmZdd lmZdd lmZddlm Z ej!e"Z#dZ$dZ%dZ&edZ'Gdde(Z)Gddej*Z+GddZ,dS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)ThreadPoolExecutor)cached_property)BytesIO)Path) DoesNotExist) safe_fileops)Malware)MalwareHitStatusMalwareScanResourceType)MalwareCleaner)CleanupStorage) MalwareHit)get_files_diff_imunifyi) max_workersceZdZdS) DiffErrorN)__name__ __module__ __qualname__S/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/difflib/differ.pyrr6sDrrc<eZdZd dZdZdZdZdefdZd d Z dS) SafeFilePathNFcJt||_||_||_dSN)r_path_user _missing_ok)selfpathuser missing_oks r__init__zSafeFilePath.__init__;s$$ZZ  %rc*t|jSr)strrr"s r__str__zSafeFilePath.__str__@s4:rc*|Sr)r*r)s r __fspath__zSafeFilePath.__fspath__Cs||~~rc,t|j|Sr)getattrr)r"attrs r __getattr__zSafeFilePath.__getattr__Fstz4(((rreturncb|5 ddddS#1swxYwYdS)zp Return True if the file is readable by the user or raise UnsafeFileOperation otherwise NT) safe_openr)s rcheck_readabilityzSafeFilePath.check_readabilityIs{ ^^                      s $((rbc|jr(|jstdS|jr"t j|j||jdS||S)NrF)moder$respect_homedir)r!rexistsrr rsafe_open_fileopen)r"r7s rr3zSafeFilePath.safe_openQst   DJ$5$5$7$7 3<<  : #. Z %  99T?? "r)NF)r5) rrrr&r*r,r0boolr4r3rrrrr:s&&&& )))4 # # # # # #rrcfeZdZdZddedefdZedZde fdZ de fd Z d e d e d e fd ZdS)MalwareHitDiffzL Used to compare infected and cleaned versions of a malicious file. Nidr$cP||_||_tddd|_dS)NF)loopsinkwatch_progress)_idr r _cleaner)r"r?r$s rr&zMalwareHitDiff.__init__ds1 &D    rcV tjtj|jktjt jjktjdkgtj |j kgt|j zRS#t$r!td|jd|j dwxYw)NTzNo malware file hit found (id=z, user=).)rgetr?rD resource_typer FILEvalue maliciousr$r r<rrr)s rhitzMalwareHitDiff.hitks > )(,C,H,NN$,?dj01D4D4DD      ((((((  s A:A==+B(r1clKd}|jjtjvrrt |jj|jd}t tj|jd}| |||jj d{V}n%t d|jj|S)NrTr$r%r$ cleaned_at9Malware hit has unexpected status=%s. Use the empty diff.) rMstatusr CLEANEDrorig_file_pathr r get_hit_store_path _get_diffrRloggerwarning)r"diffcleaned_file_pathinfected_file_paths r!get_unified_diff_for_cleaned_filez0MalwareHitDiff.get_unified_diff_for_cleaned_filezs 8?.6 6 6 ,'Z!!!  ".1$(;;""" "!8.(DD NNK    rc Kd}|jjtjkrt |jj|j}|tj dtj 5}t |j dd}tj|jj|ddddd{Vt!j|t$t& |jt$t-|gd{V\}}}|t-|}|rX|s|r0|||t7j d{V}n(t8d |jj|||dddn #1swxYwYn%t8d |jj|S) NrrPzw+)r7dirTrOF) src_unlink dst_overwritesafe_srcsafe_dst)r$grouprQz1File %s was not cleaned to check diff: %s, %s, %srS)rMrTr FOUNDrrVr r4tempfileNamedTemporaryFileConfigTEMP_CLEANUP_DIRnamer safe_move orig_fileshutilchown IMUNIFY_USER IMUNIFY_GROUPrEstartr(rH is_cleaned is_removedrXtimerYrZ) r"r[r] temp_filer\resulterrorcmd hit_results rclean_and_get_unified_diffz)MalwareHitDiff.clean_and_get_unified_diffs 8?.4 4 4!-'dj"""   0 0 2 2 2,v6% $0N$%%%!#,H&%$"&"!  %L ,0=+>+> 3'8#9#9":,,&&&&&&"s$ZZ,=(>(>?? ))++/9/D/D/F/F"&*)#'9;;"0""DD NNK* ?% % % % % % % % % % % % % % % N NNK    s4D?F??GGr]r\rRc K|std|jjdt |j|r|jnd}|tkrtd|dtd|r,|j |krtd| 5}| 5}tj }| tt||d{VcdddcdddS#1swxYwYddddS#1swxYwYdS)Nz#Original file not found for hit(id=rGrz#File is too large to compute diff (z bytes, limit is z bytes).z8The file was modified after cleaning, diff is not valid.)r9FileNotFoundErrorrMr?maxstatst_sizeMAX_DIFF_FILE_SIZErst_ctimer3asyncioget_event_looprun_in_executor_diff_executorr)r"r]r\rR file_size infected_file cleaned_filerAs rrXzMalwareHitDiff._get_diffsb"((** #EdhkEEE   # # % % - ''))   " " $ $ , ,   ) ) )111&111   $ $ & & !&&((1J>>J  ) ) + + }>O>Y>Y>[>[ _k)++D-- |                                         s6F;E+ F+E/ /F2E/ 3FF Fr)rrr__doc__intr(r&rrMbytesr^r{rfloatrXrrrr>r>_s  3 c      _ 25%5555n"("("  """"""rr>)-rrloggingosrnrgruconcurrent.futuresr functoolsriorpathlibrpeeweerdefence360agent.utilsrimav.contracts.configr riimav.malwarelib.configr r imav.malwarelib.cleanup.cleanerr imav.malwarelib.cleanup.storager imav.malwarelib.modelr imav.utilsr getLoggerrrYrprqrr ExceptionrPathLikerr>rrrrs*  111111%%%%%%......333333LLLLLLLL::::::::::::,,,,,,%%%%%%  8 $ $  $$#222        "#"#"#"#"#2;"#"#"#JMMMMMMMMMMr