tentative work on python wrappers

scanners/capa/routes/capa.py

@@ -1,31 +1,35 @@
-from logging import log
+from flask import Blueprint, request, abort
-import logging
+from werkzeug.utils import secure_filename
-from flask import Blueprint, request, jsonify, abort
+import capa.main
+import capa.rules
+import capa.loader
+import capa.render.json
+import capa.capabilities.common
+from capa.features.common import OS_AUTO, FORMAT_AUTO
 from os import path
+from pathlib import Path
 import config
+import json
+import os
 
 capa_bp = Blueprint('capa', __name__)
 
 @capa_bp.route('/analyze', methods=['GET'])
-def analyze_mraptor():
+def analyze_capa():
-    file = request.args.get('file', '')
+    file = secure_filename(request.args.get('file', ''))
     if file == '':
         abort(400)
-    filepath = path.join(config.Config.FILE_DIRECTORY, file)
+    filepath = Path(path.join(config.Config.FILE_DIRECTORY, file))
-    # Analyze with olevba
+    if not os.path.exists(filepath):
-    vbaparser = olevba.VBA_Parser(filepath)
+        print(f"Error: File not found at '{filepath}'")
-    if vbaparser.detect_vba_macros():
+        abort(400)
-        vba_code = ''
+
-        try:
+    
-            vba_code = vbaparser.get_vba_code_all_modules()
+    rules = capa.rules.get_rules([capa.main.get_default_root()/ "rules"])
-        except Exception as e:
+    extractor = capa.loader.get_extractor(filepath, FORMAT_AUTO, OS_AUTO, capa.main.BACKEND_VIV, [], should_save_workspace=False, disable_progress=True)
-            logging.error(e)
+    capabilities = capa.capabilities.common.find_capabilities(rules, extractor, disable_progress=True)
-            abort(500)
+
-        raptor = mraptor.MacroRaptor(vba_code)
+    meta = capa.loader.collect_metadata([], filepath, FORMAT_AUTO, OS_AUTO, [capa.main.get_default_root()/ "rules"], extractor, capabilities)
-        raptor.scan()
+
-        if raptor.suspicious:
+
-            return jsonify({'filename': file, 'result': mraptor.Result_Suspicious, 'flags': raptor.get_flags(), 'matches': raptor.matches})
+    return json.loads(capa.render.json.render(meta=meta, rules=rules, capabilities=capabilities.matches))
-        else: 
-            return jsonify({'filename': file, 'result': mraptor.Result_MacroOK, 'flags': raptor.get_flags(), 'matches': raptor.matches})
-    else:
-        return jsonify({'filename': file, 'result': mraptor.Result_NoMacro})

scanners/ole/routes/mraptor.py

@@ -1,7 +1,7 @@
-from logging import log
 import logging
 from flask import Blueprint, request, jsonify, abort
 from os import path
+from werkzeug.utils import secure_filename
 from oletools import olevba, mraptor
 import config
 
@@ -9,7 +9,7 @@ mraptor_bp = Blueprint('mraptor', __name__)
 
 @mraptor_bp.route('/analyze', methods=['GET'])
 def analyze_mraptor():
-    file = request.args.get('file', '')
+    file = secure_filename(request.args.get('file', ''))
     if file == '':
         abort(400)
     filepath = path.join(config.Config.FILE_DIRECTORY, file)
@@ -25,8 +25,8 @@ def analyze_mraptor():
         raptor = mraptor.MacroRaptor(vba_code)
         raptor.scan()
         if raptor.suspicious:
-            return jsonify({'filename': file, 'result': mraptor.Result_Suspicious, 'flags': raptor.get_flags(), 'matches': raptor.matches})
+            return jsonify({'result': mraptor.Result_Suspicious.name, 'flags': raptor.get_flags(), 'matches': raptor.matches})
         else: 
-            return jsonify({'filename': file, 'result': mraptor.Result_MacroOK, 'flags': raptor.get_flags(), 'matches': raptor.matches})
+            return jsonify({'result': mraptor.Result_MacroOK.name, 'flags': raptor.get_flags(), 'matches': raptor.matches})
     else:
-        return jsonify({'filename': file, 'result': mraptor.Result_NoMacro})
+        return jsonify({'result': mraptor.Result_NoMacro.name})