malwaredb 0.3.2

Service for storing malicious, benign, or unknown files and related metadata and relationships.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229

// SPDX-License-Identifier: Apache-2.0

mod compression;
mod config;
mod groups;
mod keys;
mod labels;
mod load;
mod sources;
mod users;

#[cfg(feature = "vt")]
mod vt;

mod unknowns;

use super::config::Config;
use malwaredb_server::State;
use std::io::Write;

use std::process::ExitCode;

use clap::{Args, Subcommand, ValueHint};
use malwaredb_server::db::DatabaseType;

/// Administrative Options for Malware Database Server
#[derive(Clone, Debug, Args, PartialEq)]
pub struct Admin {
    /// Config file: specify or search; needed for the database connection information.
    /// Specifying the path is best to avoid mix-up between instances.
    #[arg(short = 'c', value_name = "FILE", value_hint = ValueHint::FilePath)]
    pub config_file: Option<std::path::PathBuf>,

    /// Administrative subcommands
    #[clap(subcommand)]
    pub action: AdminActions,
}

impl Admin {
    pub async fn execute(&self) -> anyhow::Result<ExitCode> {
        if let AdminActions::DefaultConfig(default_config) = &self.action {
            return default_config.execute();
        }

        let cfg = if let Some(path) = &self.config_file {
            Config::from_file(path)
        } else {
            Config::from_found_files()
        }?;

        if self.action == AdminActions::Migrate {
            eprintln!("Back up the database before proceeding. This migration may take a while if there is a lot of data.");
            let mut s = String::new();
            print!("Please enter \"CONFIRM\" to proceed: ");
            let _ = std::io::stdout().flush();
            std::io::stdin().read_line(&mut s)?;
            return if s.trim() == "CONFIRM" {
                match DatabaseType::migrate(&cfg.db, cfg.pg_cert).await {
                    Ok(_) => Ok(ExitCode::SUCCESS),
                    Err(e) => {
                        eprintln!("Migration failed: {e}");
                        Err(e)
                    }
                }
            } else {
                eprintln!("Migration aborted.");
                Ok(ExitCode::FAILURE)
            };
        }

        let state = cfg.into_state().await?;

        match &self.action {
            AdminActions::AddUserToGroup(cmd) => cmd.execute(state).await,
            AdminActions::ClearAPIKeys(cmd) => cmd.execute(state).await,
            AdminActions::ResetPassword(cmd) => cmd.execute(state).await,
            AdminActions::AddGroupToSource(cmd) => cmd.execute(state).await,
            AdminActions::BulkAdd(cmd) => cmd.execute(state).await,
            AdminActions::Create(sub) => sub.execute(state).await,
            AdminActions::List(sub) => sub.execute(state).await,
            AdminActions::Compression(comp) => comp.execute(state).await,
            #[cfg(feature = "vt")]
            AdminActions::VirusTotal(vt) => vt.execute(state).await,
            AdminActions::UnknownFiles(unk) => unk.execute(state).await,
            AdminActions::DefaultConfig(_) | AdminActions::Migrate => unreachable!(),
            AdminActions::RenameInstance(cmd) => cmd.execute(state).await,
            AdminActions::Stats => {
                let db_info = state.db_type.db_info().await?;
                println!("-- {} --", state.db_config.name);
                println!(
                    "Number of samples: {}\nNumber of users: {}\nNumber of groups: {}\nNumber of sources: {}\nDatabase size: {}\nDatabase version: {}",
                    db_info.num_files, db_info.num_users, db_info.num_groups, db_info.num_sources, db_info.size, db_info.version
                );

                if db_info.num_files > 0 {
                    println!("File counts by type:");
                    let file_types_counts = state.db_type.file_types_counts().await?;
                    for (name, count) in file_types_counts {
                        println!("{name}: {count}");
                    }
                }

                #[cfg(feature = "vt")]
                {
                    if state.db_config.send_samples_to_vt {
                        let vt_stats = state.db_type.get_vt_stats().await?;
                        println!("VT Stats:\nClean samples: {}\nSamples with AV hits: {}\nSamples without records: {}", vt_stats.clean_records, vt_stats.hits_records, vt_stats.files_without_records);
                    }
                }

                Ok(ExitCode::SUCCESS)
            }
        }
    }
}

#[derive(Clone, Subcommand, Debug, PartialEq)]
pub enum AdminActions {
    AddUserToGroup(groups::AddUser),
    ClearAPIKeys(users::ResetAPIKeys),
    ResetPassword(users::ResetPassword),
    AddGroupToSource(sources::AddGroup),
    /// Some information about the contents of the Database
    Stats,

    /// Rename the Malware DB instance
    RenameInstance(config::Rename),

    /// Show (or toggle) the state of Malware DB storing incoming files with zstd compression
    Compression(compression::Compression),

    /// Show (or toggle) the state of Malware DB submitting samples to Virus Total
    #[cfg(feature = "vt")]
    VirusTotal(vt::VirusTotal),

    /// Show (or toggle) the state of Malware DB storing unknown files
    UnknownFiles(unknowns::UnknownFiles),

    /// Bulk load files
    BulkAdd(load::Load),

    /// Create users, groups, sources
    #[clap(subcommand)]
    Create(CreateActions),

    /// List users, groups, sources
    #[clap(subcommand)]
    List(ListActions),

    /// Create an example config file optionally in the operating system-specific location
    DefaultConfig(config::CreateDefaultConfig),

    /// Perform a database migration if needed (updating database schema).
    Migrate,
}

#[derive(Clone, Subcommand, Debug, PartialEq)]
pub enum CreateActions {
    /// Create a user account
    User(users::Create),

    /// Create a group
    Group(groups::Create),

    /// Create a key to be used for file encryption
    Key(keys::Create),

    /// Create a sample source
    Source(sources::Create),

    /// Create a label
    Label(labels::Create),
}

impl CreateActions {
    pub async fn execute(&self, state: State) -> anyhow::Result<ExitCode> {
        match self {
            CreateActions::User(cmd) => cmd.execute(state).await,
            CreateActions::Group(cmd) => cmd.execute(state).await,
            CreateActions::Key(cmd) => cmd.execute(state).await,
            CreateActions::Source(cmd) => cmd.execute(state).await,
            CreateActions::Label(cmd) => cmd.execute(state).await,
        }
    }
}

#[derive(Clone, Subcommand, Debug, PartialEq)]
pub enum ListActions {
    /// List users, accounts which may access Malware DB
    Users(users::List),
    /// List file encryption key information
    Keys(keys::List),
    /// List groups, collections of users which may access sample(s)
    Groups(groups::List),
    /// List sources, the origins of file samples
    Sources(sources::List),
    /// List file types known to and supported by Malware DB
    Types,
    /// List labels, a hierarchical taxonomy for file samples
    Labels(labels::List),
}

impl ListActions {
    pub async fn execute(&self, state: State) -> anyhow::Result<ExitCode> {
        match self {
            ListActions::Users(cmd) => cmd.execute(state).await,
            ListActions::Keys(cmd) => cmd.execute(state).await,
            ListActions::Groups(cmd) => cmd.execute(state).await,
            ListActions::Sources(cmd) => cmd.execute(state).await,
            ListActions::Labels(cmd) => cmd.execute(state).await,
            ListActions::Types => {
                for data_type in state.db_type.get_known_data_types().await? {
                    print!("{}", data_type.name);
                    if let Some(desc) = data_type.description {
                        print!(" {desc}");
                    }
                    if data_type.executable {
                        print!(" -- is executable");
                    }
                    println!();
                    for magic in data_type.magic {
                        println!("\t{}", hex::encode(magic));
                    }
                }
                Ok(ExitCode::SUCCESS)
            }
        }
    }
}