From 6aaa34a6d275c8d83343ece10258f18ba3669148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20B=C3=BClow?= Date: Sun, 15 Jun 2025 21:14:09 +0200 Subject: [PATCH] tentative work on python wrappers --- scanners/capa/routes/capa.py | 50 ++++++++++++++++++---------------- scanners/ole/routes/mraptor.py | 10 +++---- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/scanners/capa/routes/capa.py b/scanners/capa/routes/capa.py index d8bc386..9e73cd7 100644 --- a/scanners/capa/routes/capa.py +++ b/scanners/capa/routes/capa.py @@ -1,31 +1,35 @@ -from logging import log -import logging -from flask import Blueprint, request, jsonify, abort +from flask import Blueprint, request, abort +from werkzeug.utils import secure_filename +import capa.main +import capa.rules +import capa.loader +import capa.render.json +import capa.capabilities.common +from capa.features.common import OS_AUTO, FORMAT_AUTO from os import path +from pathlib import Path import config +import json +import os capa_bp = Blueprint('capa', __name__) @capa_bp.route('/analyze', methods=['GET']) -def analyze_mraptor(): - file = request.args.get('file', '') +def analyze_capa(): + file = secure_filename(request.args.get('file', '')) if file == '': abort(400) - filepath = path.join(config.Config.FILE_DIRECTORY, file) - # Analyze with olevba - vbaparser = olevba.VBA_Parser(filepath) - if vbaparser.detect_vba_macros(): - vba_code = '' - try: - vba_code = vbaparser.get_vba_code_all_modules() - except Exception as e: - logging.error(e) - abort(500) - raptor = mraptor.MacroRaptor(vba_code) - raptor.scan() - if raptor.suspicious: - return jsonify({'filename': file, 'result': mraptor.Result_Suspicious, 'flags': raptor.get_flags(), 'matches': raptor.matches}) - else: - return jsonify({'filename': file, 'result': mraptor.Result_MacroOK, 'flags': raptor.get_flags(), 'matches': raptor.matches}) - else: - return jsonify({'filename': file, 'result': mraptor.Result_NoMacro}) + filepath = Path(path.join(config.Config.FILE_DIRECTORY, file)) + if not os.path.exists(filepath): + print(f"Error: File not found at '{filepath}'") + abort(400) + + + rules = capa.rules.get_rules([capa.main.get_default_root()/ "rules"]) + extractor = capa.loader.get_extractor(filepath, FORMAT_AUTO, OS_AUTO, capa.main.BACKEND_VIV, [], should_save_workspace=False, disable_progress=True) + capabilities = capa.capabilities.common.find_capabilities(rules, extractor, disable_progress=True) + + meta = capa.loader.collect_metadata([], filepath, FORMAT_AUTO, OS_AUTO, [capa.main.get_default_root()/ "rules"], extractor, capabilities) + + + return json.loads(capa.render.json.render(meta=meta, rules=rules, capabilities=capabilities.matches)) diff --git a/scanners/ole/routes/mraptor.py b/scanners/ole/routes/mraptor.py index ad9b2a9..b471688 100644 --- a/scanners/ole/routes/mraptor.py +++ b/scanners/ole/routes/mraptor.py @@ -1,7 +1,7 @@ -from logging import log import logging from flask import Blueprint, request, jsonify, abort from os import path +from werkzeug.utils import secure_filename from oletools import olevba, mraptor import config @@ -9,7 +9,7 @@ mraptor_bp = Blueprint('mraptor', __name__) @mraptor_bp.route('/analyze', methods=['GET']) def analyze_mraptor(): - file = request.args.get('file', '') + file = secure_filename(request.args.get('file', '')) if file == '': abort(400) filepath = path.join(config.Config.FILE_DIRECTORY, file) @@ -25,8 +25,8 @@ def analyze_mraptor(): raptor = mraptor.MacroRaptor(vba_code) raptor.scan() if raptor.suspicious: - return jsonify({'filename': file, 'result': mraptor.Result_Suspicious, 'flags': raptor.get_flags(), 'matches': raptor.matches}) + return jsonify({'result': mraptor.Result_Suspicious.name, 'flags': raptor.get_flags(), 'matches': raptor.matches}) else: - return jsonify({'filename': file, 'result': mraptor.Result_MacroOK, 'flags': raptor.get_flags(), 'matches': raptor.matches}) + return jsonify({'result': mraptor.Result_MacroOK.name, 'flags': raptor.get_flags(), 'matches': raptor.matches}) else: - return jsonify({'filename': file, 'result': mraptor.Result_NoMacro}) + return jsonify({'result': mraptor.Result_NoMacro.name})