Source code for workbench.workers.pe_classifier
''' PEClassifier worker (just a placeholder, not a real classifier at this point) '''
class PEClassifier(object):
[docs] ''' This worker classifies PEFiles as Evil or AOK (TOY not a real classifier at this point)'''
dependencies = ['pe_features', 'pe_indicators']
def __init__(self):
''' Initialization '''
self.output = {'classification':'Toy/Fake Classifier says AOK!'}
def execute(self, input_data):
[docs] ''' This worker classifies PEFiles as Evil or AOK (TOY not a real classifier at this point)'''
# In general you'd do something different with these two outputs
# for this toy example will just smash them in a big string
pefile_output = input_data['pe_features']
indicators = input_data['pe_indicators']
all_input = str(pefile_output) + str(indicators)
flag = 'Reported Checksum does not match actual checksum'
if flag in all_input:
self.output['classification'] = 'Toy/Fake Classifier says Evil!'
return self.output
# Unit test: Create the class, the proper input and run the execute() method for a test
def test():
[docs] ''' pe_classifier.py: Unit test'''
import pprint
# This worker test requires a local server running
import zerorpc
workbench = zerorpc.Client(timeout=300, heartbeat=60)
workbench.connect("tcp://127.0.0.1:4242")
# Generate the input data for this worker
import os
data_path = os.path.join(os.path.dirname(os.path.realpath(__file__)),
'../data/pe/bad/033d91aae8ad29ed9fbb858179271232')
md5 = workbench.store_sample(open(data_path, 'rb').read(), 'bad_pe', 'exe')
input_data = workbench.work_request('pe_features', md5)
input_data.update(workbench.work_request('pe_indicators', md5))
# Execute the worker (unit test)
worker = PEClassifier()
output = worker.execute(input_data)
print '\n<<< Unit Test >>>'
pprint.pprint(output)
# Execute the worker (server test)
output = workbench.work_request('pe_classifier', md5)
print '\n<<< Server Test >>>'
pprint.pprint(output)
if __name__ == "__main__":
test()