public function buildAPIRequest($query_params, $optional_params = array())
{
$uri = ThreatExchangeConfig::FACEBOOK_SERVER . $this->getEndpoint() . '/?';
// build the param array
$params = array('access_token' => ThreatExchangeConfig::getAccessToken());
if (isset($query_params['q'])) {
$params['text'] = $query_params['q'];
}
if (isset($query_params['m'])) {
$params['strict_text'] = true;
}
if (isset($query_params['s'])) {
$params['since'] = $query_params['s'];
}
if (isset($query_params['u'])) {
$params['until'] = $query_params['u'];
}
foreach ($optional_params as $cli_opt => $param_name) {
if (isset($query_params[$cli_opt])) {
$params[$param_name] = $query_params[$cli_opt];
}
}
$param_str = http_build_query($params);
$uri .= $param_str;
return $uri;
}
public static function init()
{
// bootstraping method, forces call to __autoload()
// load credentials from system environment variables
self::$appID = $_ENV['TX_APP_ID'];
self::$appSecret = $_ENV['TX_APP_SECRET'];
}
<?php
/*
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
if (!defined('__ROOT__')) {
define('__ROOT__', realpath(dirname(__FILE__) . '/../'));
}
require_once __ROOT__ . '/ThreatExchangeConfig.php';
ThreatExchangeConfig::init();
final class MalwareSearch extends BaseSearch
{
public function getEndpoint()
{
return '/malware_analyses';
}
public function getResultsAsCSV($results)
{
$csv = "# ThreatExchange Results - queried at " . time() . "\n" . "id,is_malicious,added_on,crx,md5,sha1,sha256,xpi,imphash,pe_rich_header,ssdeep,victims\n";
foreach ($results as $result) {
$row = array($result['id'], $result['malicious'], $result['added_on'], isset($result['crx']) ? $result['crx'] : '', isset($result['md5']) ? $result['md5'] : '', isset($result['sha1']) ? $result['sha1'] : '', isset($result['sha256']) ? $result['sha256'] : '', isset($result['xpi']) ? $result['xpi'] : '', isset($result['imphash']) ? $result['imphash'] : '', isset($result['pe_rich_hash']) ? $result['pe_rich_hash'] : '', isset($result['ssdeep']) ? $result['ssdeep'] : '', $result['victim_count']);
$csv .= implode(',', $row) . "\n";
}
return $csv;
}
*
*/
if (!defined('__ROOT__')) {
define('__ROOT__', realpath(dirname(__FILE__)));
}
require_once __ROOT__ . '/ThreatExchangeConfig.php';
ThreatExchangeConfig::init();
// Get the command line options
$options = getopt('b:f:hmq:s:u:t:');
if (!isset($options['t'])) {
echo print_usage();
exit(1);
}
// Load user details
$app_id = ThreatExchangeConfig::getAppID();
$app_secret = ThreatExchangeConfig::getAppSecret();
$searcher = BaseSearch::getSearcher($options['t']);
if (!$searcher->hasValidOptions($options)) {
echo print_usage() . $searcher->getUsage();
exit(1);
}
// Build query sets
$requests = array();
if (isset($options['q']) || isset($options['s']) && isset($options['u'])) {
$requests[] = $searcher->buildAPIRequest($options);
} else {
if (isset($options['f'])) {
$queries = ThreatExchangeUtils::parseQueryFile($options['f']);
foreach ($queries as $query) {
$options['q'] = $query;
$requests[] = $searcher->buildAPIRequest($options);
public function buildAPIUploadRequest()
{
$uri = ThreatExchangeConfig::FACEBOOK_SERVER . $this->getEndpoint() . '/?';
// build the param array
$params = array('access_token' => ThreatExchangeConfig::getAccessToken());
$param_str = http_build_query($params);
$uri .= $param_str;
return $uri;
}
