<?php /* * Copyright (c) 2014-present, Facebook, Inc. * All rights reserved. * * This source code is licensed under the BSD-style license found in the * LICENSE file in the root directory of this source tree. An additional grant * of patent rights can be found in the PATENTS file in the same directory. * */ if (!defined('__ROOT__')) { define('__ROOT__', realpath(dirname(__FILE__).'/../')); } require_once(__ROOT__.'/ThreatExchangeConfig.php'); ThreatExchangeConfig::init(); final class MalwareSearch extends BaseSearch { public function getEndpoint() { return '/malware_analyses'; } public function getResultsAsCSV($results) { $csv = "# ThreatExchange Results - queried at ".time()."\n". "id,is_malicious,added_on,crx,md5,sha1,sha256,xpi,imphash,pe_rich_header,ssdeep,victims\n"; foreach ($results as $result) { $row = array( $result['id'], $result['malicious'], $result['added_on'], isset($result['crx']) ? $result['crx']: '', isset($result['md5']) ? $result['md5']: '', isset($result['sha1']) ? $result['sha1']: '', isset($result['sha256']) ? $result['sha256']: '', isset($result['xpi']) ? $result['xpi']: '', isset($result['imphash']) ? $result['imphash']: '', isset($result['pe_rich_hash']) ? $result['pe_rich_hash']: '', isset($result['ssdeep']) ? $result['ssdeep']: '', $result['victim_count'], ); $csv .= implode(',', $row)."\n"; } return $csv; } }