✨ Toy workflow addition

2023-06-09 10:57:08 +02:00
parent 52ac5b6576
commit e4b07c385c
10 changed files with 198 additions and 63 deletions
--- a/patterns/network_event_pattern.py
+++ b/patterns/network_event_pattern.py
@ -2,6 +2,7 @@ import sys
 import socket
 import threading
 import tempfile
+import hashlib
 from os import unlink

 from time import time
@ -16,10 +17,11 @@ from meow_base.core.base_pattern import BasePattern
 from meow_base.functionality.meow import create_event
 from meow_base.functionality.debug import setup_debugging, print_debug
 from meow_base.core.meow import EVENT_KEYS
+from meow_base.patterns.file_event_pattern import WATCHDOG_BASE, WATCHDOG_HASH

 # network events
 EVENT_TYPE_NETWORK = "network"
-TRIGGERING_PORT = "triggering port"
+TRIGGERING_PORT = "triggering_port"

 NETWORK_EVENT_KEYS = {
    TRIGGERING_PORT: int,
@ -27,7 +29,8 @@ NETWORK_EVENT_KEYS = {
 }

 def create_network_event(temp_path:str, rule:Any, time:float,
-                         port: int, extras:Dict[Any,Any]={})->Dict[Any,Any]:
+                         port: int, file_hash: str,
+                         extras:Dict[Any,Any]={})->Dict[Any,Any]:
    """Function to create a MEOW event dictionary."""
    return create_event(
        EVENT_TYPE_NETWORK,
@ -36,6 +39,8 @@ def create_network_event(temp_path:str, rule:Any, time:float,
        time,
        extras={
            TRIGGERING_PORT: port,
+            WATCHDOG_HASH: file_hash,
+            WATCHDOG_BASE: "",
            **extras
        }
    )
@ -120,7 +125,8 @@ class NetworkMonitor(BaseMonitor):
                        event["tmp file"],
                        rule,
                        event["time stamp"],
-                        event["triggering port"]
+                        event["triggering port"],
+                        event["file hash"]
                    )
                    print_debug(self._print_target, self.debug_level,
                        f"Event at {event['triggering port']} hit rule {rule.name}",
@ -206,10 +212,14 @@ class Listener():

                tmp_name = tmp.name

+        with open(tmp_name, "rb") as file_pointer:
+            file_hash = hashlib.sha256(file_pointer.read()).hexdigest()
+
        event = {
            "triggering port": self.port,
            "tmp file": tmp_name,
-            "time stamp": time_stamp
+            "time stamp": time_stamp,
+            "file hash": file_hash
        }
        self.monitor.match(event)