Library for Polyswarm Microengine Utility Package
Project description
microengine-utils
Utility package for PolySwarm Engines
Supports Python 3.6 and greater.
Installation
From PyPI:
pip install microengine-utils
From source:
python3 setup.py install
OR
pip3 install .
If you get an error about a missing package named
wheel, that means your version of pip or setuptools is too old. You need pip >= 19.0 and setuptools >= 40.8.0. To update pip, runpip install -U pip. To update setuptools, runpip install -U setuptools
Usage
Here is an example for how to use the datadog metrics utility in an Engine.
import asgiref.sync as asgiref_sync
import logging
import os
import platform
import polyswarm_myengine
from polyswarmartifact.schema.verdict import Verdict
from polyswarmclient.abstractscanner import AbstractScanner, ScanResult
from microengine_utils.constants import SCAN_VERDICT, SCAN_FAIL, SCAN_TIME
from microengine_utils.datadog import configure_metrics
logger = logging.getLogger(__name__)
DATADOG_API_KEY = 'my_api_key'
DATADOG_APP_KEY = 'my_app_key'
# Configure Datadog metric keys for use in the application
ENGINE_NAME = 'myengine'
SCANNER_TYPE = 'file'
OS_TYPE = 'windows'
# Set the environment name, "local" is used for testing
POLY_WORK = os.getenv('POLY_WORK', 'local')
# Set the hostname, "local" is used for testing
SOURCE = os.getenv("HOSTNAME", "localhost")
class Scanner(AbstractScanner):
def __init__(self):
self.datadog_api_key = os.getenv('DATADOG_API_KEY', None)
self.datadog_app_key = os.getenv('DATADOG_APP_KEY', None)
self.metrics_collector = configure_metrics(self.datadog_api_key,
self.datadog_app_key,
ENGINE_NAME,
OS_TYPE,
POLY_WORK,
SOURCE)
async def scan(self, guid, artifact_type, content, metadata, chain):
version = await Scanner._get_my_engine_version()
metadata = Verdict().set_malware_family('')\
.set_scanner(operating_system=platform.system(),
architecture=platform.machine(),
vendor_version=version,
version=polyswarm_myengine.__version__)
artifact_name = await asgiref_sync.sync_to_async(self._create_temp_file)(content)
with self.metrics_collector.timer(SCAN_TIME):
try:
exit_code, scan_output = await Scanner._run_system_cmd(Scanner._get_full_command(artifact_name))
logger.info("myengine scan result: %s", scan_output)
finally:
await asgiref_sync.sync_to_async(os.unlink)(artifact_name)
if exit_code != 0:
self.metrics_collector.increment(SCAN_FAIL)
return ScanResult(metadata=metadata.json())
infected_bool, malware_family = Scanner._process_output(scan_output)
metadata.set_malware_family(malware_family)
confidence = 0.8
if infected_bool:
self.metrics_collector.increment(SCAN_VERDICT,
tags=['verdict:malicious',
f'malware_family:{metadata.malware_family}',
'type:file'])
else:
self.metrics_collector.increment(SCAN_VERDICT, tags=['verdict:benign', 'type:file'])
return ScanResult(bit=True, verdict=infected_bool, confidence=confidence, metadata=metadata.json())
Here is an example for using the malwarerepoclient utility in Engine unit tests
import asyncio
import pytest
import sys
from microengine_utils.malwarerepoclient import DummyMalwareRepoClient
from polyswarm_myengine import Scanner
from polyswarmartifact import ArtifactType
@pytest.yield_fixture()
def event_loop():
loop = asyncio.get_event_loop()
if sys.platform == 'win32':
loop = asyncio.ProactorEventLoop()
yield loop
loop.close()
@pytest.mark.asyncio
async def test_scan_random_malicious_and_not():
scanner = Scanner()
for t in [True, False]:
mal_md, mal_content = DummyMalwareRepoClient().get_random_file(malicious_filter=t)
result = await scanner.scan("nocare", ArtifactType.FILE, mal_content, None, "home")
assert result.verdict == t
Testing
git clone https://github.com/polyswarm/microengine-utils.git
cd microengine-utils
pip3 install -r requirements.txt
pip3 install .
pytest -s -v
Questions? Problems?
File a ticket or email us at info@polyswarm.io.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
microengine_utils-1.6.1.tar.gz
(16.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file microengine_utils-1.6.1.tar.gz.
File metadata
- Download URL: microengine_utils-1.6.1.tar.gz
- Upload date:
- Size: 16.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
76167176489ca3bc0b2d911427caa22a8581ae4688dc8b671b0ec2cc3f4c901a
|
|
| MD5 |
e997e8acdd7d8d31a5732e2400ff51af
|
|
| BLAKE2b-256 |
d66246f1ed15ac3b42d81b75e3bee5da6b318fdd009fef86a82e7e816bddaff5
|
File details
Details for the file microengine_utils-1.6.1-py3-none-any.whl.
File metadata
- Download URL: microengine_utils-1.6.1-py3-none-any.whl
- Upload date:
- Size: 14.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67d323c223fa425cf83c00bd6fd15c1c55ce3b9b4f324758f2d5af6df522ef46
|
|
| MD5 |
e7274487e299511386cf00da01e5388e
|
|
| BLAKE2b-256 |
72a78697b26f335f1c3817fb7bb9b4958ba11baec87dfba1ff2159c984f7f63b
|
