adulau/hashlookup-server
1
0
Fork 0
mirror of https://github.com/adulau/hashlookup-server.git synced 2024-11-23 18:47:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

new: [api] hashlookup:trust added in the output

Browse source 
The trust level is calculated based on the number of parent to the file.
If the file has been seen on many sources, the trust level increase.

The scale of the trust level is between 0 and 100. By default, the trust
level is 50 meaning we don't know the trust. Below 50, the file is
suspicious. Above 50, we have evidences that the file is more
legitimate. The calculation is based on the number of parents seen per
file. If a file is seen more often in various sources, it increases the
trust level to reach a maximum of 100.
This commit is contained in:
Alexandre Dulaunoy 2021-12-02 07:33:20 +01:00
parent d8ac479d72
commit a928c4e51e
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
bin/server.py
View file

@ -84,6 +84,20 @@ def get_session():
ttl = rdb.ttl("session:{}".format(session_name))
return ttl
def calculate_trust(hobject=None):
"""Trust level is between 0 and 100. 50 means we don't know the trust. Above 50, the trust level is more important as the file has been seen on various sources."""
if hobject is None:
return False
hashlookup_trust = 50
if 'hashlookup:parent-total' in hobject:
hashlookup_trust = hashlookup_trust + (5*hobject['hashlookup:parent-total'])
if 'KnownMalicious' in hobject:
hashlookup_trust = hashlookup_trust - 20
if hashlookup_trust > 100:
hashlookup_trust = 100
hobject['hashlookup:trust'] = hashlookup_trust
return hobject
@api.route('/lookup/md5/<string:md5>')
@api.doc(description="Lookup MD5.")
class lookup(Resource):
@ -141,6 +155,7 @@ class lookup(Resource):
for child in rdb.smembers("c:{}".format(sha1)):
children.append(child)
h['children'] = children
h = calculate_trust(hobject=h)
return h
@api.route('/lookup/sha1/<string:sha1>')
@ -196,6 +211,7 @@ class lookup(Resource):
for child in rdb.smembers("c:{}".format(k)):
children.append(child)
h['children'] = children
h = calculate_trust(hobject=h)
return h
@api.route('/lookup/sha256/<string:sha256>')
@ -255,6 +271,7 @@ class lookup(Resource):
for child in rdb.smembers("c:{}".format(sha1)):
children.append(child)
h['children'] = children
h = calculate_trust(hobject=h)
return h