ANSSI-FR
diff --git a/‎.gitignore
+8 b/‎.gitignore
+8
diff --git a/‎LICENSE
+518 b/‎LICENSE
+518
diff --git a/‎__init__.py
+30 b/‎__init__.py
+30
diff --git a/‎app/controllers/__init__.py b/‎app/controllers/__init__.py
diff --git a/‎app/controllers/analysis.py
+201 b/‎app/controllers/analysis.py
+201
diff --git a/‎app/controllers/api.py
+103 b/‎app/controllers/api.py
+103
@@ -0,0 +1,8 @@
+flask
+*.swp
+*.swo
+*.pyc
+*.db
+*.db-journal
+app/storage/*
+db_repository
@@ -0,0 +1,30 @@
+from flask import Flask, render_template
+
+from flask.ext.sqlalchemy import SQLAlchemy
+from flask_bootstrap import Bootstrap
+from flask_login import LoginManager
+from flask_marshmallow import Marshmallow
+from flask.ext.misaka import Misaka
+app = Flask(__name__)
+
+app.config.from_object('config')
+
+
+# Init bootstrap extension
+Bootstrap(app)
+
+
+# Init SQL extension
+db = SQLAlchemy(app)
+ma = Marshmallow(app)
+Misaka(app)
+# Init login manager extension
+login_manager = LoginManager()
+login_manager.init_app(app)
+
+from app.controllers.api import APIControl
+
+api = APIControl(db)
+
+from app.models import models
+from app.views import webui, apiview
@@ -0,0 +1,201 @@
+"""
+    Analysis
+"""
+import os
+import re
+import importlib
+import inspect
+
+from app import app, db
+from app.models.sample import Sample, AnalysisStatus
+from app.controllers.jobpool import JobPool
+
+
+class AnalysisFactory(object):
+    """
+        Dynamically loads tasks from directory
+    """
+    tasks_classes_container = None
+
+    def __init__(self):
+        self.tasks_classes_container = []
+        self.load_tasks()
+
+    def load_tasks(self):
+        """
+        Dynamically loads the tasks in the tasks/ folder. The tasks must
+        be loaded here in order to avoid too much memory usage.
+        """
+        app.logger.info("Loading tasks")
+        srcre = re.compile('.py$', re.IGNORECASE)
+        tasks_files = filter(srcre.search,
+                             os.listdir(app.config['TASKS_PATH']))
+        form_module = lambda fp: os.path.splitext(fp)[0]
+        tasks_modules = map(form_module, tasks_files)
+        for task_filename in tasks_modules:
+            if not task_filename.startswith('__'):
+                try:
+                    package_name = app.config['TASKS_PATH'].replace("/", ".")
+                    task_module = importlib.import_module(
+                        "." + task_filename, package=package_name)
+                    for task_name, task_class in inspect.getmembers(
+                            task_module):
+                        if task_name == task_filename and inspect.isclass(
+                                task_class):
+                            self.tasks_classes_container.append(
+                                (task_class, task_filename))
+                            app.logger.info("Loaded task %s" % (task_filename))
+                except Exception as e:
+                    app.logger.error(
+                        "Could not load %s : %s" %
+                        (task_filename, e))
+                    continue
+        return True
+
+    def create_analysis(self, sample):
+        """
+        Creates a simple analysis from a sample.
+        """
+        analysis = Analysis(sample)
+        if analysis is None:
+            app.logger.error("The factory couldn't generate an analysis...")
+            return None
+        self.assign_tasks(analysis, sample)
+        return analysis
+
+    def assign_tasks(self, analysis, sample):
+        """
+        Creates tasks, and, if they will run on the sample, add them to the
+        analysis.
+        """
+        for p_class, p_name in self.tasks_classes_container:
+            try:
+                p_instance = p_class(sample)
+                if p_instance.will_run():
+                    analysis.add_task(p_instance, p_name)
+            except Exception as e:
+                app.logger.error("Could not load task %s : %s" % (p_name, e))
+                app.logger.exception(e)
+                pass
+        return True
+
+
+class AnalysisController(object):
+    """
+    Manages the creation, dispatch and management of analysis tasks
+    """
+    jobpool = None
+    factory = None
+
+    def __init__(self, max_instances=4):
+        self.jobpool = JobPool(max_instances)
+        self.factory = AnalysisFactory()
+
+    def create_analysis(self, sid, force=False):
+        """
+        Creates an analysis for SID sample. If force, will create the analysis
+        even if the analysis status is FINISHED or RUNNING.
+        """
+        sample = Sample.query.get(sid)
+        if sample is None:
+            return None
+        if sample.analysis_status == AnalysisStatus.RUNNING and not force:
+            return None
+        if sample.analysis_status == AnalysisStatus.FINISHED and not force:
+            return None
+        return self.factory.create_analysis(sample)
+
+    def dispatch_analysis(self, analysis):
+        """
+        Send the analysis to the job queue.
+        """
+        if analysis.tasks is None or len(analysis.tasks) == 0:
+            return False
+        self.jobpool.add_analysis(analysis)
+        return True
+
+    def schedule_sample_analysis(self, sid, force=False):
+        """
+        Create analysis, and dispatch it to execution pool.
+        """
+        analysis = self.create_analysis(sid, force)
+        if analysis is None:
+            app.logger.error("No analysis generated for sample %d" % (sid))
+            return False
+        app.logger.info("Launching full analysis of sample %d" % (sid))
+        self.dispatch_analysis(analysis)
+        return True
+
+    def reschedule_all_analysis(self, force=False):
+        """
+        Schedule all analyses in database. If "force" has been set to True,
+        even FINISHED analyses are re-scheduled. RUNNING are also scheduled
+        in order to recover from crashes.
+        """
+        for sample in Sample.query.all():
+            if force or sample.analysis_status == AnalysisStatus.TOSTART:
+                self.schedule_sample_analysis(sample.id, force)
+            elif sample.analysis_status == AnalysisStatus.RUNNING:
+                self.schedule_sample_analysis(sample.id, force)
+
+
+class Analysis(object):
+    """
+    Analysis object, contains tasks, and manages samples status.
+    """
+    sid = None
+    tasks = None
+
+    def __init__(self, sample=None):
+        """
+        Only the sample ID is copyed, not the sample itself: on different
+        processes/threads, several SQLAlchemy synchronization issues may
+        appear.
+        """
+        self.sid = sample.id
+        self.tasks = []
+        return
+
+    def set_started(self):
+        """
+        Sets the analysis status to RUNNING (scheduled). Sets on dispatch.
+        """
+        if self.sid:
+            s = Sample.query.get(self.sid)
+            if s:
+                s.analysis_status = AnalysisStatus.RUNNING
+                db.session.commit()
+        return True
+
+    def set_finished(self):
+        """
+        Sets the analysis status to FINISHED. Sets by the jobpool after tasks
+        execution.
+        """
+        if self.sid:
+            sample = Sample.query.get(self.sid)
+            if sample:
+                sample.analysis_status = AnalysisStatus.FINISHED
+                db.session.commit()
+        return True
+
+    def add_task(self, task, tname):
+        """
+        Adds a new task to the analysis. The task object is given, and the
+        list is provided along with its execution level, in order to be
+        priorized when the jobpool will execute them.
+        """
+        try:
+            execution_level = task.execution_level
+        except Exception as e:
+            app.logger.warning(
+                "Could not read execution_level for task %s, default to 0" %
+                (tname))
+            execution_level = 0
+        if execution_level < 0:
+            execution_level = 0
+        if execution_level > 32:
+            execution_level = 32
+        self.tasks.append((execution_level, task))
+        app.logger.info("Task loaded: %s" % (tname))
+        return True
@@ -0,0 +1,103 @@
+"""
+    Main API controls for model management
+    and data production.
+"""
+
+import zipfile
+
+
+from app import app, db
+
+from app.models.models import TLPLevel
+from app.models.sample import AnalysisStatus
+from app.controllers.analysis import AnalysisController
+from app.controllers.sample import SampleController
+from app.controllers.yara_rule import YaraController
+from app.controllers.family import FamilyController
+from app.controllers.user import UserController
+from app.controllers.idaactions import IDAActionsController
+from app.models.sample import FunctionInfo
+
+
+class APIControl(object):
+    """
+        Object used as a global API.
+        Data controllers are used for direct data manipulation.
+        Methods are used for complex (cross-data) manipulation.
+            TODO: create a brand new analysis scehduler working on database
+            samples status, and remove the analysis creation from this class.
+    """
+
+    familycontrol = None
+    samplecontrol = None
+    usercontrol = None
+    analysiscontrol = None
+    dbhandle = None
+
+    familycontrol = FamilyController()
+    yaracontrol = YaraController()
+    samplecontrol = SampleController()
+    usercontrol = UserController()
+    analysiscontrol = AnalysisController(
+        app.config['ANALYSIS_PROCESS_POOL_SIZE'])
+    idacontrol = IDAActionsController()
+
+    def __init__(self, dbhandle=None):
+        """
+            Initiate controllers.
+        """
+        pass
+
+    def create_sample_and_run_analysis(
+            self,
+            file_data_stream,
+            originate_filename,
+            user=None,
+            tlp_level=TLPLevel.TLPWHITE,
+            family=None):
+        """
+            Creates a new sample and a schedule an analysis. We also check the
+            file header for ZIP pattern: if a ZIP pattern is found, any file
+            inside the archive will be imported and scheduled for analysis.
+
+            TODO: move this to the SampleController, and start directly on new
+            file submission.
+        """
+        file_data = file_data_stream.read()
+        if file_data.startswith("PK"):
+            with zipfile.ZipFile(file_data, "r") as zcl:
+                for name in zcl.namelist():
+                    mfile = zcl.open(name, "r")
+                    sample = self.samplecontrol.create_sample_from_file(
+                        mfile, name, user, tlp_level)
+                    if family is not None:
+                        self.familycontrol.add_sample(sample, family)
+                    if sample.analysis_status == AnalysisStatus.TOSTART:
+                        self.analysiscontrol.schedule_sample_analysis(
+                            sample.id)
+                zcl.close()
+            return None
+        sample = self.samplecontrol.create_sample_from_file(
+            file_data, originate_filename, user, tlp_level)
+        if sample.analysis_status == AnalysisStatus.TOSTART:
+            self.analysiscontrol.schedule_sample_analysis(sample.id)
+        if family is not None:
+            self.familycontrol.add_sample(sample, family)
+        return sample
+
+    def add_actions_fromfunc_infos(self, funcinfos, sample_dst, sample_src):
+        for fid_dst, fid_src in funcinfos:
+            fsrc = FunctionInfo.query.get(fid_src)
+            fdst = FunctionInfo.query.get(fid_dst)
+            if fsrc is None or fdst is None:
+                return False
+            if fsrc not in sample_src.functions:
+                return False
+            if fdst not in sample_dst.functions:
+                return False
+            if fsrc.name.startswith("sub_"):
+                continue
+            act = self.idacontrol.add_name(int(fdst.address), fsrc.name)
+            self.samplecontrol.add_idaaction(sample_dst.id, act)
+        db.session.commit()
+        return True