polyswarmclient.abstractscanner

Module Contents

polyswarmclient.abstractscanner.logger

class polyswarmclient.abstractscanner.ScanResult(bit=False, verdict=False, confidence=1.0, metadata=Verdict().set_malware_family('').json())

Bases: object

Results from scanning one artifact

__repr__(self)

class polyswarmclient.abstractscanner.ScanMode

Bases: enum.Enum

Denote whether the Scanner is using asynchronous or synchronous scan

SYNC = 0

ASYNC = 1

class polyswarmclient.abstractscanner.AbstractScanner(mode: ScanMode = ScanMode.ASYNC)

Base Scanner class. To be overwritten with other scanning logic.

This class offers two scan options, which can be specified by passing a ScanMode enum value as mode. It uses asynchronous scan by default.

The function scan_async is a coroutine function where everything called from this function must be async compatible, That means it uses only non-blocking IO, and runs nothing cpu-bound, like hash functions.

The function scan_sync is a synchronous function where anything goes. It is called in a ThreadPoolExecutor so it is compatible with the worker that uses asyncio.

Overwriting scan directly is deprecated.

get_executor(self)

scan_sync(self, guid, artifact_type, content, metadata, chain)

Override this to implement custom synchronous scanning logic

Parameters

• guid (str) – GUID of the bounty under analysis, use to track artifacts in the same bounty

• artifact_type (ArtifactType) – Artifact type for the bounty being scanned

• content (bytes) – Content of the artifact to scan

• metadata (dict) – Metadata dict from the ambassador

• chain (str) – What chain are we operating on

Returns

Result of this scan

Return type

ScanResult