malwaredb/

lib.rs

// SPDX-License-Identifier: Apache-2.0

#![doc = include_str!("../README.md")]
#![deny(clippy::all)]
#![deny(clippy::pedantic)]
#![forbid(unsafe_code)]

/// `CaRT` file I/O
pub mod cart;

/// Python wrapper types for some Malware DB API types
pub mod types;

use std::path::PathBuf;

use crate::types::{Label, ServerInfo, Source, SupportedFileType, UserInfo};
use malwaredb_client::blocking::MdbClient;

use anyhow::{anyhow, Result};
use pyo3::prelude::*;

/// MDB version
pub const MDB_VERSION: &str = env!("CARGO_PKG_VERSION");

pub const VERSION: &str = concat!(
    "v",
    env!("CARGO_PKG_VERSION"),
    "-",
    env!("VERGEN_GIT_DESCRIBE"),
    " ",
    env!("VERGEN_BUILD_DATE")
);

/// Malware DB client
#[pyclass(frozen)]
pub struct MalwareDBClient {
    inner: MdbClient,
}

#[pymethods]
impl MalwareDBClient {
    /// Load a configuration from a file if it can be found
    ///
    /// # Errors
    ///
    /// Returns an error if the configuration file can't be found or isn't valid.
    #[new]
    pub fn new() -> PyResult<Self> {
        Ok(MalwareDBClient {
            inner: MdbClient::load()?,
        })
    }

    /// Login with a username and password
    ///
    /// # Errors
    ///
    /// Returns an error if the server URL, username, or password were incorrect, or if a network
    /// issue occurred.
    #[staticmethod]
    pub fn login(
        url: String,
        username: String,
        password: String,
        save: bool,
        cert_path: Option<PathBuf>,
    ) -> PyResult<Self> {
        Ok(MalwareDBClient {
            inner: MdbClient::login(url, username, password, save, cert_path)?,
        })
    }

    /// Connect if an API key is already known
    ///
    /// # Errors
    ///
    /// Returns an error if a list of certificates was passed and any were not in the expected
    /// DER or PEM format or could not be parsed.
    #[staticmethod]
    pub fn connect(url: String, api_key: String, cert_path: Option<PathBuf>) -> PyResult<Self> {
        Ok(MalwareDBClient {
            inner: MdbClient::new(url, api_key, cert_path)?,
        })
    }

    /// Connect using a specific configuration file
    ///
    /// # Errors
    ///
    /// Returns an error if the configuration file cannot be read, possibly because it
    /// doesn't exist or due to a permission error or a parsing error.
    #[staticmethod]
    pub fn from_file(path: PathBuf) -> Result<Self> {
        Ok(MalwareDBClient {
            inner: MdbClient::from_file(path)?,
        })
    }

    /// Get the server's URL
    #[getter]
    #[must_use]
    pub fn url(&self) -> String {
        self.inner.url.clone()
    }

    /// Get the bytes of a sample from the database
    ///
    /// # Errors
    ///
    /// This may return an error if there's a network situation or if the user is not logged in
    /// or not properly authorized to connect.
    pub fn get_file_bytes(&self, hash: &str) -> Result<Vec<u8>> {
        self.inner.retrieve(hash, false)
    }

    /// Submit a file to the database, which requires the file name and source ID. Returns true if stored.
    ///
    /// # Errors
    ///
    /// This may return an error if there's a network situation or if the user is not logged in
    /// or not properly authorized to connect.
    pub fn submit_file(
        &self,
        contents: Vec<u8>,
        file_name: String,
        source_id: u32,
    ) -> Result<bool> {
        self.inner.submit(contents, file_name, source_id)
    }

    /// Search by partial hash and/or partial file name, returning a list of hashes by specified hash type
    ///
    /// # Errors
    ///
    /// * Invalid hash types will result in an error
    /// * This may return an error if there's a network situation or if the user is not logged in or the request isn't valid
    #[pyo3(signature = (hash = None, hash_type="sha256", file_name = None, limit = 100, response_hash = "sha256"))]
    pub fn partial_search(
        &self,
        hash: Option<String>,
        hash_type: &str,
        file_name: Option<String>,
        limit: u32,
        response_hash: &str,
    ) -> Result<Vec<String>> {
        let hash_type = hash_type.try_into().map_err(|e: String| anyhow!(e))?;
        let response_hash = response_hash.try_into().map_err(|e: String| anyhow!(e))?;
        self.inner.partial_search(
            hash.map(|h| (hash_type, h)),
            file_name,
            response_hash,
            limit,
        )
    }

    /// Get sources available to the user
    ///
    /// # Errors
    ///
    /// This may return an error if there's a network situation or if the user is not logged in
    /// or not properly authorized to connect.
    pub fn get_sources(&self) -> Result<Vec<Source>> {
        let sources = self
            .inner
            .sources()?
            .sources
            .into_iter()
            .map(|s| Source {
                id: s.id,
                name: s.name,
                description: s.description,
                url: s.url,
                first_acquisition: s.first_acquisition.to_rfc3339(),
                malicious: s.malicious,
            })
            .collect();
        Ok(sources)
    }

    /// Get information about the server
    ///
    /// # Errors
    ///
    /// This may return an error if there's a network problem or the server is down.
    pub fn server_info(&self) -> Result<ServerInfo> {
        let info = self.inner.server_info()?;
        Ok(ServerInfo {
            os_name: info.os_name,
            memory_used: info.memory_used,
            mdb_version: info.mdb_version,
            db_version: info.db_version,
            db_size: info.db_size,
            num_samples: info.num_samples,
            num_users: info.num_users,
            uptime: info.uptime,
        })
    }

    /// Get supported file types; Malware DB only accepts file types it knows about
    ///
    /// # Errors
    ///
    /// This may return an error if there's a network problem or the server is down.
    pub fn get_supported_file_types(&self) -> Result<Vec<SupportedFileType>> {
        let supported_types = self
            .inner
            .supported_types()?
            .types
            .into_iter()
            .map(|t| SupportedFileType {
                name: t.name,
                magic: t.magic,
                is_executable: t.is_executable,
                description: t.description,
            })
            .collect();
        Ok(supported_types)
    }

    /// Get information about the user
    ///
    /// # Errors
    ///
    /// This may return an error if there's a network problem or if the user is not logged in
    /// or not properly authorized to connect.
    pub fn whoami(&self) -> Result<UserInfo> {
        self.inner.whoami().map(|w| UserInfo {
            id: w.id,
            username: w.username,
            groups: w.groups,
            sources: w.sources,
            is_admin: w.is_admin,
            created: w.created.to_rfc3339(),
            is_readonly: w.is_readonly,
        })
    }

    /// Get labels
    ///
    /// # Errors
    ///
    /// This may return an error if there's a network problem or if the user is not logged in
    /// or not properly authorized to connect.
    pub fn labels(&self) -> Result<Vec<Label>> {
        self.inner.labels().map(|labels| {
            labels
                .0
                .into_iter()
                .map(|l| Label {
                    id: l.id,
                    name: l.name,
                    parent: l.parent,
                })
                .collect()
        })
    }
}

/// Only used by this crate directly to register the module. If this crate is used as a module,
/// that other crate must register the Rust types with that new Python module.
#[cfg(not(feature = "rust_lib"))]
#[pymodule]
fn malwaredb(m: &Bound<'_, PyModule>) -> PyResult<()> {
    m.add_class::<MalwareDBClient>()?;
    m.add_class::<Label>()?;
    m.add_class::<ServerInfo>()?;
    m.add_class::<Source>()?;
    m.add_class::<SupportedFileType>()?;
    m.add_class::<UserInfo>()?;
    cart::register_cart_module(m)?;
    m.add("__version__", MDB_VERSION)?;
    m.add("full_version", VERSION)?;
    Ok(())
}