<?php
/*
* Copyright (c) 2014-present, Facebook, Inc.
* All rights reserved.
*
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
*
*/
if (!defined('__ROOT__')) {
define('__ROOT__', realpath(dirname(__FILE__) . '/../'));
}
require_once __ROOT__ . '/ThreatExchangeConfig.php';
ThreatExchangeConfig::init();
final class MalwareSearch extends BaseSearch
{
public function getEndpoint()
{
return '/malware_analyses';
}
public function getResultsAsCSV($results)
{
$csv = "# ThreatExchange Results - queried at " . time() . "\n" . "id,is_malicious,added_on,crx,md5,sha1,sha256,xpi,imphash,pe_rich_header,ssdeep,victims\n";
foreach ($results as $result) {
$row = array($result['id'], $result['malicious'], $result['added_on'], isset($result['crx']) ? $result['crx'] : '', isset($result['md5']) ? $result['md5'] : '', isset($result['sha1']) ? $result['sha1'] : '', isset($result['sha256']) ? $result['sha256'] : '', isset($result['xpi']) ? $result['xpi'] : '', isset($result['imphash']) ? $result['imphash'] : '', isset($result['pe_rich_hash']) ? $result['pe_rich_hash'] : '', isset($result['ssdeep']) ? $result['ssdeep'] : '', $result['victim_count']);
$csv .= implode(',', $row) . "\n";
}
return $csv;
}
