public function buildAPIRequest($query_params, $optional_params = array()) { $uri = ThreatExchangeConfig::FACEBOOK_SERVER . $this->getEndpoint() . '/?'; // build the param array $params = array('access_token' => ThreatExchangeConfig::getAccessToken()); if (isset($query_params['q'])) { $params['text'] = $query_params['q']; } if (isset($query_params['m'])) { $params['strict_text'] = true; } if (isset($query_params['s'])) { $params['since'] = $query_params['s']; } if (isset($query_params['u'])) { $params['until'] = $query_params['u']; } foreach ($optional_params as $cli_opt => $param_name) { if (isset($query_params[$cli_opt])) { $params[$param_name] = $query_params[$cli_opt]; } } $param_str = http_build_query($params); $uri .= $param_str; return $uri; }
public static function init() { // bootstraping method, forces call to __autoload() // load credentials from system environment variables self::$appID = $_ENV['TX_APP_ID']; self::$appSecret = $_ENV['TX_APP_SECRET']; }
<?php /* * Copyright (c) 2014-present, Facebook, Inc. * All rights reserved. * * This source code is licensed under the BSD-style license found in the * LICENSE file in the root directory of this source tree. An additional grant * of patent rights can be found in the PATENTS file in the same directory. * */ if (!defined('__ROOT__')) { define('__ROOT__', realpath(dirname(__FILE__) . '/../')); } require_once __ROOT__ . '/ThreatExchangeConfig.php'; ThreatExchangeConfig::init(); final class MalwareSearch extends BaseSearch { public function getEndpoint() { return '/malware_analyses'; } public function getResultsAsCSV($results) { $csv = "# ThreatExchange Results - queried at " . time() . "\n" . "id,is_malicious,added_on,crx,md5,sha1,sha256,xpi,imphash,pe_rich_header,ssdeep,victims\n"; foreach ($results as $result) { $row = array($result['id'], $result['malicious'], $result['added_on'], isset($result['crx']) ? $result['crx'] : '', isset($result['md5']) ? $result['md5'] : '', isset($result['sha1']) ? $result['sha1'] : '', isset($result['sha256']) ? $result['sha256'] : '', isset($result['xpi']) ? $result['xpi'] : '', isset($result['imphash']) ? $result['imphash'] : '', isset($result['pe_rich_hash']) ? $result['pe_rich_hash'] : '', isset($result['ssdeep']) ? $result['ssdeep'] : '', $result['victim_count']); $csv .= implode(',', $row) . "\n"; } return $csv; }
* */ if (!defined('__ROOT__')) { define('__ROOT__', realpath(dirname(__FILE__))); } require_once __ROOT__ . '/ThreatExchangeConfig.php'; ThreatExchangeConfig::init(); // Get the command line options $options = getopt('b:f:hmq:s:u:t:'); if (!isset($options['t'])) { echo print_usage(); exit(1); } // Load user details $app_id = ThreatExchangeConfig::getAppID(); $app_secret = ThreatExchangeConfig::getAppSecret(); $searcher = BaseSearch::getSearcher($options['t']); if (!$searcher->hasValidOptions($options)) { echo print_usage() . $searcher->getUsage(); exit(1); } // Build query sets $requests = array(); if (isset($options['q']) || isset($options['s']) && isset($options['u'])) { $requests[] = $searcher->buildAPIRequest($options); } else { if (isset($options['f'])) { $queries = ThreatExchangeUtils::parseQueryFile($options['f']); foreach ($queries as $query) { $options['q'] = $query; $requests[] = $searcher->buildAPIRequest($options);
public function buildAPIUploadRequest() { $uri = ThreatExchangeConfig::FACEBOOK_SERVER . $this->getEndpoint() . '/?'; // build the param array $params = array('access_token' => ThreatExchangeConfig::getAccessToken()); $param_str = http_build_query($params); $uri .= $param_str; return $uri; }