undo-ransomware /
ransomware_detection
@@ -45,7 +45,7 @@ |
||
| 45 | 45 | ['mimeType' => '', 'extensions' => ['xls'], 'signature' => ['starting' => ['offset' => 512, 'bytes' => ['/0908100000060500/']]]], |
| 46 | 46 | ['mimeType' => '', 'extensions' => ['doc'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/0d444f43/']]]], |
| 47 | 47 | ['mimeType' => '', 'extensions' => ['webm'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1a45dfa3/']]]], |
| 48 | - ['mimeType' => '', 'extensions' => ['mkv','mka', 'mks', 'mk3d', 'webm'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/45dfa3934282886d6174726f736b61/', '/1a45dfa3/']]]], |
|
| 48 | + ['mimeType' => '', 'extensions' => ['mkv', 'mka', 'mks', 'mk3d', 'webm'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/45dfa3934282886d6174726f736b61/', '/1a45dfa3/']]]], |
|
| 49 | 49 | ['mimeType' => '', 'extensions' => ['gz', 'tgz', 'vlt'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1f8b08/']]]], |
| 50 | 50 | ['mimeType' => '', 'extensions' => ['tar'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/1f9d/', '/1fA0/']]]], |
| 51 | 51 | ['mimeType' => '', 'extensions' => ['eps'], 'signature' => ['starting' => ['offset' => 0, 'bytes' => ['/252150532d41646f62652d332e3020455053462d332030/']]]], |
@@ -124,7 +124,7 @@ discard block |
||
| 124 | 124 | |
| 125 | 125 | foreach ($sequences as $sequenceId => $sequence) { |
| 126 | 126 | if (sizeof($sequence) >= $this->config->getAppValue(Application::APP_ID, 'minimum_sequence_length', 0)) { |
| 127 | - usort($sequence, function ($a, $b) { |
|
| 127 | + usort($sequence, function($a, $b) { |
|
| 128 | 128 | return $b->getId() - $a->getId(); |
| 129 | 129 | }); |
| 130 | 130 | $sequenceResult = $this->sequenceAnalyzer->analyze($sequenceId, $sequence); |
@@ -133,7 +133,7 @@ discard block |
||
| 133 | 133 | } |
| 134 | 134 | } |
| 135 | 135 | |
| 136 | - usort($result, function ($a, $b) { |
|
| 136 | + usort($result, function($a, $b) { |
|
| 137 | 137 | return $b['id'] - $a['id']; |
| 138 | 138 | }); |
| 139 | 139 | |
@@ -80,7 +80,7 @@ discard block |
||
| 80 | 80 | protected $fileExtensionAnalyzer; |
| 81 | 81 | |
| 82 | 82 | /** @var IDBConnection */ |
| 83 | - protected $connection; |
|
| 83 | + protected $connection; |
|
| 84 | 84 | |
| 85 | 85 | /** @var string */ |
| 86 | 86 | protected $userId; |
@@ -296,7 +296,7 @@ discard block |
||
| 296 | 296 | protected function getLastActivity($objectId) |
| 297 | 297 | { |
| 298 | 298 | $query = $this->connection->getQueryBuilder(); |
| 299 | - $query->select('*')->from('activity'); |
|
| 299 | + $query->select('*')->from('activity'); |
|
| 300 | 300 | $query->where($query->expr()->eq('affecteduser', $query->createNamedParameter($this->userId))) |
| 301 | 301 | ->andWhere($query->expr()->eq('object_id', $query->createNamedParameter($objectId))); |
| 302 | 302 | $result = $query->execute(); |
@@ -151,14 +151,14 @@ discard block |
||
| 151 | 151 | { |
| 152 | 152 | if ($command === Monitor::WRITE) { |
| 153 | 153 | // Delete file |
| 154 | - if ($this->deleteFromStorage($path . '/' . $name)) { |
|
| 154 | + if ($this->deleteFromStorage($path.'/'.$name)) { |
|
| 155 | 155 | return new JSONResponse(['status' => 'success', 'id' => $id, 'sequence' => $sequence], Http::STATUS_OK); |
| 156 | 156 | } else { |
| 157 | 157 | return new JSONResponse(['status' => 'error', 'message' => 'File cannot be deleted.'], Http::STATUS_OK); |
| 158 | 158 | } |
| 159 | 159 | } else if ($command === Monitor::DELETE) { |
| 160 | 160 | // Restore file |
| 161 | - $trashPath = '/'.$name.'.d'.$timestamp;; |
|
| 161 | + $trashPath = '/'.$name.'.d'.$timestamp; ; |
|
| 162 | 162 | if ($this->restoreFromTrashbin($trashPath, $name, $timestamp) !== false) { |
| 163 | 163 | return new JSONResponse(['status' => 'success', 'id' => $id, 'sequence' => $sequence], Http::STATUS_OK); |
| 164 | 164 | } |
@@ -199,7 +199,7 @@ discard block |
||
| 199 | 199 | } |
| 200 | 200 | |
| 201 | 201 | // sort ASC for timestamp |
| 202 | - usort($allFiles, function ($a, $b) { |
|
| 202 | + usort($allFiles, function($a, $b) { |
|
| 203 | 203 | if ($a['timestamp'] === $b['timestamp']) { |
| 204 | 204 | return 0; |
| 205 | 205 | } |
@@ -323,7 +323,7 @@ discard block |
||
| 323 | 323 | $fileOperation = new FileOperation(); |
| 324 | 324 | $fileOperation->setUserId($this->userId); |
| 325 | 325 | if (strpos($file['path'], 'files_trashbin') !== false) { |
| 326 | - $node = $this->userFolder->getParent()->get($file['path'] . '.d' . $file['timestamp']); |
|
| 326 | + $node = $this->userFolder->getParent()->get($file['path'].'.d'.$file['timestamp']); |
|
| 327 | 327 | $fileOperation->setCommand(Monitor::DELETE); |
| 328 | 328 | $fileOperation->setTimestamp($file['timestamp']); |
| 329 | 329 | $pathInfo = pathinfo($node->getInternalPath()); |
@@ -406,14 +406,12 @@ |
||
| 406 | 406 | $storageStructure->setNumberOfFiles($storageStructure->getNumberOfFiles() + $tmpStorageStructure->getNumberOfFiles()); |
| 407 | 407 | } |
| 408 | 408 | return $storageStructure; |
| 409 | - } |
|
| 410 | - else if ($node instanceof File) { |
|
| 409 | + } else if ($node instanceof File) { |
|
| 411 | 410 | // it's a file |
| 412 | 411 | $storageStructure->addFile($node); |
| 413 | 412 | $storageStructure->increaseNumberOfFiles(); |
| 414 | 413 | return $storageStructure; |
| 415 | - } |
|
| 416 | - else { |
|
| 414 | + } else { |
|
| 417 | 415 | // it's me Mario. |
| 418 | 416 | // there is nothing else than file or folder |
| 419 | 417 | $this->logger->error('getStorageStructure: Neither file nor folder.', array('app' => Application::APP_ID)); |
@@ -94,22 +94,22 @@ |
||
| 94 | 94 | } |
| 95 | 95 | // starting byte sequence |
| 96 | 96 | if (array_key_exists('starting', $signature['signature'])) { |
| 97 | - foreach ($signature['signature']['starting']['bytes'] as $bytes) { |
|
| 98 | - if (preg_match($bytes, strtolower(bin2hex(substr($data, $signature['signature']['starting']['offset'], strlen($bytes) / 2))))) { |
|
| 99 | - $isFileCorrupted = false; |
|
| 100 | - } |
|
| 101 | - } |
|
| 97 | + foreach ($signature['signature']['starting']['bytes'] as $bytes) { |
|
| 98 | + if (preg_match($bytes, strtolower(bin2hex(substr($data, $signature['signature']['starting']['offset'], strlen($bytes) / 2))))) { |
|
| 99 | + $isFileCorrupted = false; |
|
| 100 | + } |
|
| 101 | + } |
|
| 102 | 102 | } |
| 103 | 103 | // trailing byte sequence |
| 104 | 104 | if (array_key_exists('trailing', $signature['signature'])) { |
| 105 | 105 | $trailingIsNotMatching = true; |
| 106 | - foreach ($signature['signature']['trailing']['bytes'] as $bytes) { |
|
| 107 | - $trailingOffset = strlen($data) - $signature['signature']['trailing']['offset'] - strlen($bytes) / 2; |
|
| 108 | - if (preg_match($bytes, strtolower(bin2hex(substr($data, $trailingOffset, strlen($bytes) / 2))))) { |
|
| 109 | - $trailingIsNotMatching = false; |
|
| 110 | - } |
|
| 111 | - } |
|
| 112 | - $isFileCorrupted = $isFileCorrupted || $trailingIsNotMatching; |
|
| 106 | + foreach ($signature['signature']['trailing']['bytes'] as $bytes) { |
|
| 107 | + $trailingOffset = strlen($data) - $signature['signature']['trailing']['offset'] - strlen($bytes) / 2; |
|
| 108 | + if (preg_match($bytes, strtolower(bin2hex(substr($data, $trailingOffset, strlen($bytes) / 2))))) { |
|
| 109 | + $trailingIsNotMatching = false; |
|
| 110 | + } |
|
| 111 | + } |
|
| 112 | + $isFileCorrupted = $isFileCorrupted || $trailingIsNotMatching; |
|
| 113 | 113 | return new FileCorruptionResult($isFileCorrupted); |
| 114 | 114 | } |
| 115 | 115 | return new FileCorruptionResult($isFileCorrupted); |
@@ -144,23 +144,23 @@ |
||
| 144 | 144 | return 0.0; |
| 145 | 145 | } |
| 146 | 146 | |
| 147 | - /** |
|
| 148 | - * Calculates the median of an array. |
|
| 149 | - * |
|
| 150 | - * @param array $array |
|
| 151 | - * |
|
| 152 | - * @return float |
|
| 153 | - */ |
|
| 154 | - public function median($array) |
|
| 155 | - { |
|
| 156 | - if (is_array($array) && count($array) > 0) { |
|
| 157 | - $count = count($array); |
|
| 158 | - sort($array); |
|
| 159 | - $mid = floor(($count - 1) / 2); |
|
| 160 | - |
|
| 161 | - return ($array[$mid] + $array[$mid + 1 - $count % 2]) / 2; |
|
| 162 | - } |
|
| 163 | - |
|
| 164 | - return 0.0; |
|
| 165 | - } |
|
| 147 | + /** |
|
| 148 | + * Calculates the median of an array. |
|
| 149 | + * |
|
| 150 | + * @param array $array |
|
| 151 | + * |
|
| 152 | + * @return float |
|
| 153 | + */ |
|
| 154 | + public function median($array) |
|
| 155 | + { |
|
| 156 | + if (is_array($array) && count($array) > 0) { |
|
| 157 | + $count = count($array); |
|
| 158 | + sort($array); |
|
| 159 | + $mid = floor(($count - 1) / 2); |
|
| 160 | + |
|
| 161 | + return ($array[$mid] + $array[$mid + 1 - $count % 2]) / 2; |
|
| 162 | + } |
|
| 163 | + |
|
| 164 | + return 0.0; |
|
| 165 | + } |
|
| 166 | 166 | } |
@@ -41,13 +41,13 @@ |
||
| 41 | 41 | <h3> |
| 42 | 42 | <?php p($l->t('Suspicion threshold for notifications')); ?> |
| 43 | 43 | </h3> |
| 44 | - <select id="sequence-suspicion-level" name="sequence-suspicion-level" class="suspicion-level-<?php p($_['active_suspicion_level']['code']); ?>" data-placeholder="<?php p($l->t('Sequence suspicion level'));?>"> |
|
| 44 | + <select id="sequence-suspicion-level" name="sequence-suspicion-level" class="suspicion-level-<?php p($_['active_suspicion_level']['code']); ?>" data-placeholder="<?php p($l->t('Sequence suspicion level')); ?>"> |
|
| 45 | 45 | <option class="suspicion-level-<?php p($_['active_suspicion_level']['code']); ?>" value="<?php p($_['active_suspicion_level']['code']); ?>"> |
| 46 | 46 | <?php p($_['active_suspicion_level']['name']); ?> |
| 47 | 47 | </option> |
| 48 | 48 | <?php foreach ($_['suspicion_levels'] as $suspicionLevel): ?> |
| 49 | 49 | <option class="suspicion-level-<?php p($suspicionLevel['code']); ?>" value="<?php p($suspicionLevel['code']); ?>"> |
| 50 | - <?php p($suspicionLevel['name']);?> |
|
| 50 | + <?php p($suspicionLevel['name']); ?> |
|
| 51 | 51 | </option> |
| 52 | 52 | <?php endforeach; ?> |
| 53 | 53 | </select> |
@@ -28,7 +28,7 @@ |
||
| 28 | 28 | <h3> |
| 29 | 29 | <?php p($l->t('Current color mode')); ?> |
| 30 | 30 | </h3> |
| 31 | - <select id="color-scheme" name="color-scheme" data-placeholder="<?php p($l->t('Color mode'));?>"> |
|
| 31 | + <select id="color-scheme" name="color-scheme" data-placeholder="<?php p($l->t('Color mode')); ?>"> |
|
| 32 | 32 | <option value="<?php p($_['color_active']['code']); ?>"> |
| 33 | 33 | <?php p($_['color_active']['name']); ?> |
| 34 | 34 | </option> |
@@ -56,14 +56,14 @@ discard block |
||
| 56 | 56 | $container = $this->getContainer(); |
| 57 | 57 | |
| 58 | 58 | // mapper |
| 59 | - $container->registerService('FileOperationMapper', function ($c) { |
|
| 59 | + $container->registerService('FileOperationMapper', function($c) { |
|
| 60 | 60 | return new FileOperationMapper( |
| 61 | 61 | $c->query('ServerContainer')->getDb() |
| 62 | 62 | ); |
| 63 | 63 | }); |
| 64 | 64 | |
| 65 | 65 | // services |
| 66 | - $container->registerService('FileOperationService', function ($c) { |
|
| 66 | + $container->registerService('FileOperationService', function($c) { |
|
| 67 | 67 | return new FileOperationService( |
| 68 | 68 | $c->query('FileOperationMapper'), |
| 69 | 69 | $c->query('ServerContainer')->getUserSession()->getUser()->getUID() |
@@ -71,7 +71,7 @@ discard block |
||
| 71 | 71 | }); |
| 72 | 72 | |
| 73 | 73 | // classifier |
| 74 | - $container->registerService('Classifier', function ($c) { |
|
| 74 | + $container->registerService('Classifier', function($c) { |
|
| 75 | 75 | return new Classifier( |
| 76 | 76 | $c->query(ILogger::class), |
| 77 | 77 | $c->query(FileOperationMapper::class), |
@@ -80,28 +80,28 @@ discard block |
||
| 80 | 80 | }); |
| 81 | 81 | |
| 82 | 82 | // entropy |
| 83 | - $container->registerService('Entropy', function ($c) { |
|
| 83 | + $container->registerService('Entropy', function($c) { |
|
| 84 | 84 | return new Entropy( |
| 85 | 85 | $c->query(ILogger::class) |
| 86 | 86 | ); |
| 87 | 87 | }); |
| 88 | 88 | |
| 89 | 89 | // analyzer |
| 90 | - $container->registerService('SequenceSizeAnalyzer', function ($c) { |
|
| 90 | + $container->registerService('SequenceSizeAnalyzer', function($c) { |
|
| 91 | 91 | return new SequenceSizeAnalyzer(); |
| 92 | 92 | }); |
| 93 | 93 | |
| 94 | - $container->registerService('FileTypeFunnellingAnalyzer', function ($c) { |
|
| 94 | + $container->registerService('FileTypeFunnellingAnalyzer', function($c) { |
|
| 95 | 95 | return new FileTypeFunnellingAnalyzer(); |
| 96 | 96 | }); |
| 97 | 97 | |
| 98 | - $container->registerService('EntropyFunnellingAnalyzer', function ($c) { |
|
| 98 | + $container->registerService('EntropyFunnellingAnalyzer', function($c) { |
|
| 99 | 99 | return new EntropyFunnellingAnalyzer( |
| 100 | 100 | $c->query(ILogger::class) |
| 101 | 101 | ); |
| 102 | 102 | }); |
| 103 | 103 | |
| 104 | - $container->registerService('FileExtensionAnalyzer', function ($c) { |
|
| 104 | + $container->registerService('FileExtensionAnalyzer', function($c) { |
|
| 105 | 105 | return new FileExtensionAnalyzer( |
| 106 | 106 | $c->query(ILogger::class), |
| 107 | 107 | $c->query(Entropy::class) |
@@ -109,7 +109,7 @@ discard block |
||
| 109 | 109 | ); |
| 110 | 110 | }); |
| 111 | 111 | |
| 112 | - $container->registerService('SequenceAnalyzer', function ($c) { |
|
| 112 | + $container->registerService('SequenceAnalyzer', function($c) { |
|
| 113 | 113 | return new SequenceAnalyzer( |
| 114 | 114 | $c->query(SequenceSizeAnalyzer::class), |
| 115 | 115 | $c->query(FileTypeFunnellingAnalyzer::class), |
@@ -125,7 +125,7 @@ discard block |
||
| 125 | 125 | { |
| 126 | 126 | // register sabre plugin to catch the profind requests |
| 127 | 127 | $eventDispatcher = $this->getContainer()->getServer()->getEventDispatcher(); |
| 128 | - $eventDispatcher->addListener('OCA\DAV\Connector\Sabre::addPlugin', function (SabrePluginEvent $event) { |
|
| 128 | + $eventDispatcher->addListener('OCA\DAV\Connector\Sabre::addPlugin', function(SabrePluginEvent $event) { |
|
| 129 | 129 | $logger = $this->getContainer()->query(ILogger::class); |
| 130 | 130 | $config = $this->getContainer()->query(IConfig::class); |
| 131 | 131 | $userSession = $this->getContainer()->query(IUserSession::class); |
