<?php
/*
 *  Copyright (c) 2014-present, Facebook, Inc.
 *  All rights reserved.
 *
 *  This source code is licensed under the BSD-style license found in the
 *  LICENSE file in the root directory of this source tree. An additional grant
 *  of patent rights can be found in the PATENTS file in the same directory.
 *
 */

if (!defined('__ROOT__')) {
  define('__ROOT__', realpath(dirname(__FILE__).'/../'));
}
require_once(__ROOT__.'/ThreatExchangeConfig.php');
ThreatExchangeConfig::init();

final class MalwareSearch extends BaseSearch {
  public function getEndpoint() {
    return '/malware_analyses';
  }

  public function getResultsAsCSV($results) {
    $csv = "# ThreatExchange Results - queried at ".time()."\n".
      "id,is_malicious,added_on,crx,md5,sha1,sha256,xpi,imphash,pe_rich_header,ssdeep,victims\n";
    foreach ($results as $result) {
      $row = array(
        $result['id'],
        $result['malicious'],
        $result['added_on'],
        isset($result['crx']) ? $result['crx']: '',
        isset($result['md5']) ? $result['md5']: '',
        isset($result['sha1']) ? $result['sha1']: '',
        isset($result['sha256']) ? $result['sha256']: '',
        isset($result['xpi']) ? $result['xpi']: '',
        isset($result['imphash']) ? $result['imphash']: '',
        isset($result['pe_rich_hash']) ? $result['pe_rich_hash']: '',
        isset($result['ssdeep']) ? $result['ssdeep']: '',
        $result['victim_count'],
      );
      $csv .= implode(',', $row)."\n";
    }
    return $csv;
  }
}