CREATE TABLE IF NOT EXISTS DETECTED_MALWARE_FILE(path TEXT PRIMARY KEY NOT NULL,
data_version TEXT NOT NULL,
severity INTEGER NOT NULL,
- threat INTEGER NOT NULL,
malware_name TEXT NOT NULL,
detailed_url TEXT NOT NULL,
detected_time INTEGER NOT NULL,
}
API
-int csr_cs_detected_get_threat_type(csr_cs_detected_h detected,
- csr_cs_threat_type_e *pthreat_type)
-{
- EXCEPTION_SAFE_START
-
- if (detected == nullptr || pthreat_type == nullptr)
- return CSR_ERROR_INVALID_PARAMETER;
-
- *pthreat_type = reinterpret_cast<CsDetected *>(detected)->threat;
-
- return CSR_ERROR_NONE;
-
- EXCEPTION_SAFE_END
-}
-
-API
int csr_cs_detected_get_malware_name(csr_cs_detected_h detected,
const char **pmalware_name)
{
malwareName(),
detailedUrl(),
severity(CSR_CS_SEVERITY_LOW),
- threat(CSR_CS_THREAT_GENERIC),
response(CSR_CS_NO_ASK_USER),
isApp(false),
ts(0)
CsDetected::CsDetected(IStream &stream)
{
int intSeverity;
- int intThreat;
int intResponse;
- Deserializer<std::string, std::string, std::string, int, int, int, time_t>::Deserialize(
- stream, targetName, malwareName, detailedUrl, intSeverity, intThreat,
- intResponse, ts);
+ Deserializer<std::string, std::string, std::string, int, int, time_t>::Deserialize(
+ stream, targetName, malwareName, detailedUrl, intSeverity, intResponse, ts);
severity = static_cast<csr_cs_severity_level_e>(intSeverity);
- threat = static_cast<csr_cs_threat_type_e>(intThreat);
response = static_cast<csr_cs_user_response_e>(intResponse);
}
void CsDetected::Serialize(IStream &stream) const
{
- Serializer<std::string, std::string, std::string, int, int, int, time_t>::Serialize(
- stream, targetName, malwareName, detailedUrl,
- static_cast<int>(severity), static_cast<int>(threat),
+ Serializer<std::string, std::string, std::string, int, int, time_t>::Serialize(
+ stream, targetName, malwareName, detailedUrl, static_cast<int>(severity),
static_cast<int>(response), ts);
}
malwareName(std::move(other.malwareName)),
detailedUrl(std::move(other.detailedUrl)),
severity(other.severity),
- threat(other.threat),
response(other.response),
ts(other.ts)
{
malwareName = std::move(other.malwareName);
detailedUrl = std::move(other.detailedUrl);
severity = other.severity;
- threat = other.threat;
response = other.response;
ts = other.ts;
std::string detailedUrl;
std::string pkgId;
csr_cs_severity_level_e severity;
- csr_cs_threat_type_e threat;
csr_cs_user_response_e response;
bool isApp;
time_t ts;
row->targetName = stmt.getText();
row->dataVersion = stmt.getText();
row->severity = static_cast<csr_cs_severity_level_e>(stmt.getInt());
- row->threat = static_cast<csr_cs_threat_type_e>(stmt.getInt());
row->malwareName = stmt.getText();
row->detailedUrl = stmt.getText();
row->ts = static_cast<time_t>(stmt.getInt64());
row->targetName = stmt.getText();
row->dataVersion = stmt.getText();
row->severity = static_cast<csr_cs_severity_level_e>(stmt.getInt());
- row->threat = static_cast<csr_cs_threat_type_e>(stmt.getInt());
row->malwareName = stmt.getText();
row->detailedUrl = stmt.getText();
row->ts = static_cast<time_t>(stmt.getInt64());
stmt.bind(d.targetName);
stmt.bind(dataVersion);
stmt.bind(static_cast<int>(d.severity));
- stmt.bind(static_cast<int>(d.threat));
stmt.bind(d.malwareName);
stmt.bind(d.detailedUrl);
stmt.bind(static_cast<sqlite3_int64>(d.ts));
"select last_scan from SCAN_REQUEST where dir = ? and data_version = ?";
const std::string INS_SCAN_REQUEST =
- "insert or replace into SCAN_REQUEST (dir, last_scan, data_version) "
+ "insert or replace into SCAN_REQUEST (dir, last_scan, data_version)"
"values (?, ?, ?)";
const std::string DEL_SCAN_REQUEST_BY_DIR =
"delete from SCAN_REQUEST where dir = ?";
const std::string DEL_SCAN_REQUEST =
- "delete from SCAN_REQUEST ";
+ "delete from SCAN_REQUEST";
const std::string SEL_DETECTED_BY_DIR =
"SELECT path, data_version, "
- " severity, threat, malware_name, "
- " detailed_url, detected_time, ignored "
- " FROM detected_malware_file where path like ? || '%' ";
+ "severity, malware_name, "
+ "detailed_url, detected_time, ignored "
+ "FROM detected_malware_file where path like ? || '%'";
const std::string SEL_DETECTED_BY_PATH =
"SELECT path, data_version, "
- " severity, threat, malware_name, "
- " detailed_url, detected_time, ignored "
- " FROM detected_malware_file where path = ? ";
+ "severity, malware_name, "
+ "detailed_url, detected_time, ignored "
+ "FROM detected_malware_file where path = ?";
const std::string INS_DETECTED =
"insert or replace into DETECTED_MALWARE_FILE "
- " (path, data_version, severity, threat, malware_name, "
- " detailed_url, detected_time, ignored) "
- " values (?, ?, ?, ?, ?, ?, ?, ?)";
+ "(path, data_version, severity, malware_name, "
+ "detailed_url, detected_time, ignored) "
+ "values (?, ?, ?, ?, ?, ?, ?)";
const std::string UPD_DETECTED_INGNORED =
"update DETECTED_MALWARE_FILE set ignored = ? where path = ?";
const std::string DEL_DETECTED_DEPRECATED =
"delete from DETECTED_MALWARE_FILE where path like ? || '%' "
- " and data_version != ?";
+ "and data_version != ?";
} // namespace Query
} // namespace Db
return m_pc.fpGetSeverity(d, pseverity);
}
-int CsLoader::getThreatType(csre_cs_detected_h d,
- csre_cs_threat_type_e *pthreat)
-{
- if (d == nullptr || pthreat == nullptr)
- ThrowExc(InvalidParam, "cs loader get threat type");
-
- return m_pc.fpGetThreatType(d, pthreat);
-}
-
int CsLoader::getMalwareName(csre_cs_detected_h d, std::string &value)
{
if (d == nullptr)
"csre_cs_scan_app_on_cloud"));
m_pc.fpGetSeverity = reinterpret_cast<FpGetSeverity>(dlsym(handle,
"csre_cs_detected_get_severity"));
- m_pc.fpGetThreatType = reinterpret_cast<FpGetThreatType>(dlsym(handle,
- "csre_cs_detected_get_threat_type"));
m_pc.fpGetMalwareName = reinterpret_cast<FpGetMalwareName>(dlsym(handle,
"csre_cs_detected_get_malware_name"));
m_pc.fpGetDetailedUrl = reinterpret_cast<FpGetDetailedUrl>(dlsym(handle,
m_pc.fpContextCreate == nullptr || m_pc.fpContextDestroy == nullptr ||
m_pc.fpScanData == nullptr || m_pc.fpScanFile == nullptr ||
m_pc.fpScanAppOnCloud == nullptr || m_pc.fpGetSeverity == nullptr ||
- m_pc.fpGetThreatType == nullptr || m_pc.fpGetMalwareName == nullptr ||
+ m_pc.fpGetMalwareName == nullptr ||
m_pc.fpGetDetailedUrl == nullptr || m_pc.fpGetTimestamp == nullptr ||
m_pc.fpGetErrorString == nullptr || m_pc.fpGetEngineInfo == nullptr ||
m_pc.fpGetEngineApiVersion == nullptr || m_pc.fpGetEngineVendor == nullptr ||
csre_cs_detected_h *);
int getSeverity(csre_cs_detected_h, csre_cs_severity_level_e *);
- int getThreatType(csre_cs_detected_h, csre_cs_threat_type_e *);
int getMalwareName(csre_cs_detected_h, std::string &);
int getDetailedUrl(csre_cs_detected_h, std::string &);
int getTimestamp(csre_cs_detected_h, time_t *);
using FpScanAppOnCloud = int(*)(csre_cs_context_h, const char *,
csre_cs_detected_h *);
using FpGetSeverity = int(*)(csre_cs_detected_h, csre_cs_severity_level_e *);
- using FpGetThreatType = int(*)(csre_cs_detected_h, csre_cs_threat_type_e *);
using FpGetMalwareName = int(*)(csre_cs_detected_h, const char **);
using FpGetDetailedUrl = int(*)(csre_cs_detected_h, const char **);
using FpGetTimestamp = int(*)(csre_cs_detected_h, time_t *);
FpScanFile fpScanFile;
FpScanAppOnCloud fpScanAppOnCloud;
FpGetSeverity fpGetSeverity;
- FpGetThreatType fpGetThreatType;
FpGetMalwareName fpGetMalwareName;
FpGetDetailedUrl fpGetDetailedUrl;
FpGetTimestamp fpGetTimestamp;
d.severity = Csr::convert(eseverity);
- // getting threat type
- csre_cs_threat_type_e ethreat = CSRE_CS_THREAT_GENERIC;
- eret = m_cs->getThreatType(result, ðreat);
-
- if (eret != CSRE_ERROR_NONE)
- ThrowExc(EngineError, "getting threat of cs detected. ret: " << eret);
-
- d.threat = Csr::convert(ethreat);
-
// getting malware name
eret = m_cs->getMalwareName(result, d.malwareName);
}
}
-csr_cs_threat_type_e convert(const csre_cs_threat_type_e &e)
-{
- switch (e) {
- case CSRE_CS_THREAT_MALWARE:
- return CSR_CS_THREAT_MALWARE;
-
- case CSRE_CS_THREAT_RISKY:
- return CSR_CS_THREAT_RISKY;
-
- case CSRE_CS_THREAT_GENERIC:
- return CSR_CS_THREAT_GENERIC;
-
- default:
- ThrowExc(InternalError, "Invalid ethreat: " << static_cast<int>(e));
- }
-}
-
csr_wp_risk_level_e convert(const csre_wp_risk_level_e &e)
{
switch (e) {
namespace Csr {
csr_cs_severity_level_e convert(const csre_cs_severity_level_e &);
-csr_cs_threat_type_e convert(const csre_cs_threat_type_e &);
csr_wp_risk_level_e convert(const csre_wp_risk_level_e &);
} csr_cs_severity_level_e;
/**
- * @brief the type of a threat detected
- */
-typedef enum {
- CSR_CS_THREAT_MALWARE = 0x00, /**< Malware. */
- CSR_CS_THREAT_RISKY = 0x01, /**< It's not a malware but still risky. */
- CSR_CS_THREAT_GENERIC = 0x02 /**< Generic threat */
-} csr_cs_threat_type_e;
-
-/**
* @brief the options about prompting a popup to a user.
*/
typedef enum {
csr_cs_severity_level_e *pseverity);
/**
- * @brief extracts the threat type of a detected malware from the detected malware handle.
- *
- * @param[in] detected A detected malware handle.
- * @param[out] pthreat_type A pointer of the threat type of a detected malware.
- *
- * @return #CSR_ERROR_NONE on success, otherwise a negative error value
- *
- * @retval #CSR_ERROR_NONE Successful
- * @retval #CSR_ERROR_INVALID_HANDLE Invalid detected malware handle
- * @retval #CSR_ERROR_INVALID_PARAMETER pharmful_type is invalid.
- * @retval #CSR_ERROR_UNKNOWN Error with unknown reason
- */
-int csr_cs_detected_get_threat_type(csr_cs_detected_h detected,
- csr_cs_threat_type_e *pthreat_type);
-
-/**
* @brief extracts the name of a detected malware from the detected malware handle.
*
* @param[in] detected A detected malware handle.
inline void checkDetected(Csr::CsLoader &loader,
csre_cs_detected_h detected,
csre_cs_severity_level_e expected_severity,
- csre_cs_threat_type_e expected_threat_type,
const char *expected_malware_name,
const char *expected_detailed_url,
time_t expected_timestamp)
ASSERT_IF(loader.getSeverity(detected, &severity), CSRE_ERROR_NONE);
ASSERT_IF(severity, expected_severity);
- csre_cs_threat_type_e threat_type;
- ASSERT_IF(loader.getThreatType(detected, &threat_type), CSRE_ERROR_NONE);
- ASSERT_IF(threat_type, expected_threat_type);
-
std::string malware_name;
ASSERT_IF(loader.getMalwareName(detected, malware_name), CSRE_ERROR_NONE);
if (expected_malware_name != nullptr)
checkDetected(h.loader,
detected,
CSRE_CS_SEVERITY_HIGH,
- CSRE_CS_THREAT_MALWARE,
"test_malware",
"http://high.malware.com",
0);
checkDetected(h.loader,
detected,
CSRE_CS_SEVERITY_MEDIUM,
- CSRE_CS_THREAT_RISKY,
"test_risk",
nullptr,
0);
checkDetected(h.loader,
detected,
CSRE_CS_SEVERITY_HIGH,
- CSRE_CS_THREAT_MALWARE,
"test_malware",
"http://high.malware.com",
0);
checkDetected(h.loader,
detected,
CSRE_CS_SEVERITY_MEDIUM,
- CSRE_CS_THREAT_RISKY,
"test_risk",
"http://medium.malware.com",
0);
checkDetected(h.loader,
detected,
CSRE_CS_SEVERITY_HIGH,
- CSRE_CS_THREAT_MALWARE,
"test_malware",
"http://high.malware.com",
0);
{
ASSERT_IF(d.targetName, r.targetName);
ASSERT_IF(d.severity, r.severity);
- ASSERT_IF(d.threat, r.threat);
ASSERT_IF(d.malwareName, r.malwareName);
ASSERT_IF(d.detailedUrl, r.detailedUrl);
ASSERT_IF(d.ts, r.ts);
CsDetected malware1;
malware1.targetName = "/opt/testmalware1";
malware1.severity = CSR_CS_SEVERITY_MEDIUM;
- malware1.threat = CSR_CS_THREAT_MALWARE;
malware1.malwareName = "testmalware1";
malware1.detailedUrl = "http://detailed.malware.com";
malware1.ts = 100;
CsDetected malware2;
malware2.targetName = "/opt/testmalware2";
malware2.severity = CSR_CS_SEVERITY_HIGH;
- malware2.threat = CSR_CS_THREAT_RISKY;
malware2.malwareName = "testmalware2";
malware2.detailedUrl = "http://detailed2.malware.com";
malware2.ts = 210;
CsDetected malware3;
malware3.targetName = "/opt/testmalware3";
malware3.severity = CSR_CS_SEVERITY_LOW;
- malware3.threat = CSR_CS_THREAT_GENERIC;
malware3.malwareName = "testmalware3";
malware3.detailedUrl = "http://detailed3.malware.com";
malware3.ts = 310;
d.malwareName = "dummy malware in data";
d.detailedUrl = "http://detailedurl/cs_prompt_data";
d.severity = CSR_CS_SEVERITY_MEDIUM;
- d.threat = CSR_CS_THREAT_RISKY;
Ui::AskUser askuser;
printPressed(askuser.cs(Ui::CommandId::CS_PROMPT_DATA,
d.malwareName = "dummy malware in app";
d.detailedUrl = "http://detailedurl/cs_prompt_app";
d.severity = CSR_CS_SEVERITY_MEDIUM;
- d.threat = CSR_CS_THREAT_RISKY;
Ui::AskUser askuser;
printPressed(askuser.cs(Ui::CommandId::CS_PROMPT_APP,
d.malwareName = "dummy malware";
d.detailedUrl = "http://detailedurl/cs_prompt_file";
d.severity = CSR_CS_SEVERITY_MEDIUM;
- d.threat = CSR_CS_THREAT_RISKY;
Ui::AskUser askuser;
printPressed(askuser.cs(Ui::CommandId::CS_PROMPT_FILE,
d.malwareName = "dummy malware in data";
d.detailedUrl = "http://detailedurl/cs_notify_data";
d.severity = CSR_CS_SEVERITY_HIGH;
- d.threat = CSR_CS_THREAT_RISKY;
Ui::AskUser askuser;
printPressed(askuser.cs(Ui::CommandId::CS_NOTIFY_DATA,
d.malwareName = "dummy malware in app";
d.detailedUrl = "http://detailedurl/cs_notify_app";
d.severity = CSR_CS_SEVERITY_HIGH;
- d.threat = CSR_CS_THREAT_RISKY;
Ui::AskUser askuser;
printPressed(askuser.cs(Ui::CommandId::CS_NOTIFY_APP,
d.malwareName = "dummy malware";
d.detailedUrl = "http://detailedurl/cs_notify_file";
d.severity = CSR_CS_SEVERITY_HIGH;
- d.threat = CSR_CS_THREAT_RISKY;
Ui::AskUser askuser;
auto response = askuser.cs(Ui::CommandId::CS_NOTIFY_FILE,
inline void checkDetected(csre_cs_detected_h detected,
csre_cs_severity_level_e expected_severity,
- csre_cs_threat_type_e expected_threat_type,
const char *expected_malware_name,
const char *expected_detailed_url,
long expected_timestamp)
"severity isn't expected value. "
"val: " << severity << " expected: " << expected_severity);
- csre_cs_threat_type_e threat_type;
- ASSERT_IF(csre_cs_detected_get_threat_type(detected, &threat_type),
- CSRE_ERROR_NONE);
- BOOST_REQUIRE_MESSAGE(threat_type == expected_threat_type,
- "threat type isn't expected value. "
- "val: " << threat_type << " expected: " << expected_threat_type);
-
const char *malware_name = nullptr;
ASSERT_IF(csre_cs_detected_get_malware_name(detected, &malware_name),
CSRE_ERROR_NONE);
checkDetected(detected,
CSRE_CS_SEVERITY_HIGH,
- CSRE_CS_THREAT_MALWARE,
"test_malware",
"http://high.malware.com",
0);
checkDetected(detected,
CSRE_CS_SEVERITY_MEDIUM,
- CSRE_CS_THREAT_RISKY,
"test_risk",
nullptr,
0);
checkDetected(detected,
CSRE_CS_SEVERITY_HIGH,
- CSRE_CS_THREAT_MALWARE,
"test_malware",
"http://high.malware.com",
0);
checkDetected(detected,
CSRE_CS_SEVERITY_MEDIUM,
- CSRE_CS_THREAT_RISKY,
"test_risk",
"http://medium.malware.com",
0);
checkDetected(detected,
CSRE_CS_SEVERITY_HIGH,
- CSRE_CS_THREAT_MALWARE,
"test_malware",
"http://high.malware.com",
0);