lib

package
v0.0.0-...-17a9646 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 9, 2015 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SafeResponseClose 

func SafeResponseClose(r *http.Response)

Types

type CheckResultsReq 

type CheckResultsReq struct {
	CuckooURL string
	TaskId    int
	CritsData *CritsData
}

CheckResultsReq is the amqp msg sent from check_results to parse_and_submit

func (*CheckResultsReq) Validate 

func (r *CheckResultsReq) Validate() error

type CkoStatus 

type CkoStatus struct {
	Tasks     *CkoStatusTasks     `json:"tasks"`
	Diskspace *CkoStatusDiskspace `json:"diskspace"`
}

type CkoStatusDiskspace 

type CkoStatusDiskspace struct {
	Analyses *CkoStatusSamples `json:"samples"`
}

type CkoStatusSamples 

type CkoStatusSamples struct {
	Total int `json:"total"`
	Free  int `json:"free"`
	Used  int `json:"used"`
}

type CkoStatusTasks 

type CkoStatusTasks struct {
	Running int `json:"running"`
	Pending int `json:"pending"`
}

type CkoTasksCreateResp 

type CkoTasksCreateResp struct {
	TaskId int `json:"task_id"`
}

type CkoTasksReport 

type CkoTasksReport struct {
	Info       *CkoTasksReportInfo        `json:"info"`
	Signatures []*CkoTasksReportSignature `json;"signatures"`
	Behavior   *CkoTasksReportBehavior    `json:"behavior"`
}

type CkoTasksReportBehavior 

type CkoTasksReportBehavior struct {
	Processes []*CkoTasksReportBhvPcs   `json:"processes"`
	Summary   *CkoTasksReportBhvSummary `json:"summary"`
}

type CkoTasksReportBhvPcs 

type CkoTasksReportBhvPcs struct {
	Name      string                      `json:"process_name"`
	Id        int                         `json:"process_id"`
	ParentId  int                         `json:"parent_id"`
	FirstSeen string                      `json:"first_seen"`
	Calls     []*CkoTasksReportBhvPcsCall `json:"calls"`
}

type CkoTasksReportBhvPcsCall 

type CkoTasksReportBhvPcsCall struct {
	Category  string                         `json:"category"`
	Status    bool                           `json:"status"`
	Return    string                         `json:"return"`
	Timestamp string                         `json:"timestamp"`
	ThreadId  string                         `json:"thread_id"`
	Repeated  int                            `json:"repeated"`
	Api       string                         `json:"api"`
	Arguments []*CkoTasksReportBhvPcsCallArg `json:"arguments"`
	Id        int                            `json:"id"`
}

type CkoTasksReportBhvPcsCallArg 

type CkoTasksReportBhvPcsCallArg struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

type CkoTasksReportBhvSummary 

type CkoTasksReportBhvSummary struct {
	Files   []string `json:"files"`
	Keys    []string `json:"keys"`
	Mutexes []string `json:"mutexes"`
}

type CkoTasksReportInfo 

type CkoTasksReportInfo struct {
	Started string          `json:"started"`
	Ended   string          `json:"ended"`
	Id      int             `json:"id"`
	Machine json.RawMessage `json:"machine"` //can be CkoTasksReportInfoMachine OR string
}

type CkoTasksReportInfoMachine 

type CkoTasksReportInfoMachine struct {
	Name string `json:"name"`
}

type CkoTasksReportSignature 

type CkoTasksReportSignature struct {
	Severity    int    `json:"severity"`
	Description string `json:"description"`
	Name        string `json:"name"`
}

type CkoTasksViewResp 

type CkoTasksViewResp struct {
	Task *CkoTasksViewTask
}

type CkoTasksViewTask 

type CkoTasksViewTask struct {
	Status string `json:"status"`
}

type Core 

type Core struct {
	AmqpConn    *amqp.Connection
	Debug       *log.Logger
	Info        *log.Logger
	Warning     *log.Logger
	Client      *http.Client
	ServiceName string
	// contains filtered or unexported fields
}

Core struct contains all vital information for the microservices to run. Connection to amqp server, global HTTP client, loggers, and the queue for failed messages.

func Init 

func Init(service, amqpConnectionPath, logPath, logLevel, failedQueue string, verifySSL bool) *Core

Init creates a new Core struct containing all the necessary information. The function also initializes loggin, the amqp connection, the failed queue, and HTTP client.

func (*Core) Consume 

func (c *Core) Consume(queue string, prefetchCount int, fn func(msg amqp.Delivery))

Consume connects to a queue as a consumer, sets the QoS and relays all incoming messages to the supplied function.

func (*Core) FailOnError 

func (c *Core) FailOnError(err error, msg string)

FailOnError accepts an error and message. If the error is not nil the programm will panic with said message.

func (*Core) FastGet 

func (c *Core) FastGet(url string, structPointer interface{}) ([]byte, int, error)

FastGet is a wrapper for http.Get which returns only the important data from the request.

func (*Core) FastPostForm 

func (c *Core) FastPostForm(url string, data url.Values, structPointer interface{}) ([]byte, int, error)

FastGet is a wrapper for http.PostForm which returns only the important data from the request.

func (*Core) NackOnError 

func (c *Core) NackOnError(err error, desc string, msg *amqp.Delivery) bool

nackOnError accepts an error, error description, and amqp message. If the error is not nil a NACK is send in replay to the msg. The msg will be redirected to the failed queue so the overseer can handle it.

func (*Core) NewCrits 

func (c *Core) NewCrits(Data *CritsData) *CritsConn

func (*Core) NewCuckoo 

func (c *Core) NewCuckoo(URL string) *CuckooConn

func (*Core) SetupQueue 

func (c *Core) SetupQueue(queue string) *QueueHandler

SetupQueue creates a new channel on top of the established amqp connection and declares a persistent queue with the given name. It then returns a pointer to a QueueHandler.

type CritsConn 

type CritsConn struct {
	C    *Core
	URL  string
	Data *CritsData
}

func (*CritsConn) AddResults 

func (crt *CritsConn) AddResults(results []*CrtResult) error

AddResults is a "semi wrapper" for crits self._add_result and simple sends a batch of results back to crits.

func (*CritsConn) ForgeRelationship 

func (crt *CritsConn) ForgeRelationship(id string) error

ForgeRelationship creates a relationship betwenn the object of the current CritsConn context and the supplied id.

func (*CritsConn) Log 

func (crt *CritsConn) Log(level, msg string) error

func (*CritsConn) MarkAsFinished 

func (crt *CritsConn) MarkAsFinished() error

MarkAsRunnig does exactly what you'd expect.

func (*CritsConn) MarkAsRunning 

func (crt *CritsConn) MarkAsRunning() error

MarkAsRunnig does exactly what you'd expect, except that this does not work in crits so it does nothing currently.

func (*CritsConn) NewSample 

func (crt *CritsConn) NewSample(fileData []byte, fileName string) (string, error)

NewSample uploads the given file to crits.

type CritsData 

type CritsData struct {
	CritsURL   string `json:"crits_url"`
	AnalysisId string `json:"analysis_id"`
	ObjectType string `json:"object_type"`
	ObjectId   string `json:"object_id"`
	Username   string `json:"username"`
	ApiKey     string `json:"api_key"`
	MD5        string `json:"md5"`
	Source     string `json:"source"`
}

critsData contains the most important data about a analysis handled by crits. This data is needed to conntect to crits and is present in every amqp message.

type CrtDefaultResponse 

type CrtDefaultResponse struct {
	ReturnCode int    `json:"return_code"`
	ErrorMsg   string `json:"error_message"`
	Message    string `json:"message"`
	Id         string `json:"id"`
	Type       string `json:"type"`
}

type CrtResult 

type CrtResult struct {
	Subtype string
	Result  string
	Data    map[string]interface{}
}

type CuckooConn 

type CuckooConn struct {
	C   *Core
	URL string
}

func (*CuckooConn) DeleteTask 

func (cko *CuckooConn) DeleteTask(id int) error

func (*CuckooConn) GetDropped 

func (cko *CuckooConn) GetDropped(id int) ([]byte, error)

func (*CuckooConn) GetPending 

func (cko *CuckooConn) GetPending() (int, error)

func (*CuckooConn) GetStatus 

func (cko *CuckooConn) GetStatus() (*CkoStatus, error)

func (*CuckooConn) NewTask 

func (cko *CuckooConn) NewTask(fileBytes []byte, fileName string, params map[string]string) (int, error)

submitTask submits a new task to the cuckoo api.

func (*CuckooConn) TaskReport 

func (cko *CuckooConn) TaskReport(id int) (*CkoTasksReport, error)

func (*CuckooConn) TaskStatus 

func (cko *CuckooConn) TaskStatus(id int) (string, error)

type DistributedCuckooReq 

type DistributedCuckooReq struct {
	Payload   map[string]string `json:"payload"`
	File      map[string]string `json:"file"`
	CritsData *CritsData        `json:"crits_data"`
}

DistributedCuckooReq is the amqp msg sent from crits to feed_cuckoo

func (*DistributedCuckooReq) Validate 

func (r *DistributedCuckooReq) Validate() error

type FailedMsg 

type FailedMsg struct {
	Service string
	Queue   string
	Error   string
	Desc    string
	Msg     string
}

func (*FailedMsg) Validate 

func (r *FailedMsg) Validate() error

type FeedCuckooReq 

type FeedCuckooReq struct {
	TaskId    int
	CuckooURL string
	CritsData *CritsData
}

FeedCuckooReq is the amqp msg sent from feed_cuckoo to check_results

func (*FeedCuckooReq) Validate 

func (r *FeedCuckooReq) Validate() error

type QueueHandler 

type QueueHandler struct {
	Queue   string
	Channel *amqp.Channel
	C       *Core
}

func (*QueueHandler) Send 

func (q *QueueHandler) Send(msg []byte)

Send is used to send a message to a amqp queue. Channel and queue name are taken from the QueueHandler struct.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.