add agent scan.

4 files changed, 29 insertions, 9 deletions

diff --git a/app/views/agents/files/show.json.jbuilder b/app/views/agents/files/show.json.jbuilder
index 88011e6..8394726 100644
--- a/app/views/agents/files/show.json.jbuilder
+++ b/app/views/agents/files/show.json.jbuilder
@@ -1,3 +1,6 @@
 if @file
   json.extract! @file, :fingerprint, :state
+else
+  json.fingerprint params[:fingerprint]
+  json.state "unknown"
 end
diff --git a/app/workers/cloud_queries.rb b/app/workers/cloud_queries.rb
index 06b3dae..e351152 100644
--- a/app/workers/cloud_queries.rb
+++ b/app/workers/cloud_queries.rb
@@ -8,12 +8,6 @@ class CloudQueries
     logger.info "Query for: #{json.inspect}"
     attributes = JSON.parse(json)
 
-    publish(JSON.generate({
-      agent_id: attributes["agent_id"],
-      name: "File #{attributes["name"]}",
-      data: attributes["data"]
-    }), to_queue: "worker.events")
-
     fingerprint = attributes["fingerprint"]
     disposition = Disposition.find_by(fingerprint: fingerprint)
 
diff --git a/lib/fake_agent.rb b/lib/fake_agent.rb
index d23ed03..ac9f5bf 100644
--- a/lib/fake_agent.rb
+++ b/lib/fake_agent.rb
@@ -6,7 +6,7 @@ class FakeAgent
     @endpoint = endpoint
   end
 
-  def run(directory)
+  def watch(directory)
     listener = Listen.to(directory, debug: true) do |modified, added, removed|
       publish_event(:modified, modified)
       publish_event(:added, added)
@@ -17,6 +17,22 @@ class FakeAgent
     sleep
   end
 
+  def scan(directory)
+    Dir["**/**/*"].each do |file|
+      next unless File.file?(file)
+      url = "#{endpoint}/agents/#{id}/files/#{fingerprint_for(file)}"
+      response = Typhoeus.get(url)
+      body = JSON.parse(response.body)
+      puts body.inspect
+      case body["state"]
+      when "malicious"
+        publish_event(:quarantined, [file])
+      when "unknown"
+        puts "file is unknown"
+      end
+    end
+  end
+
   private
 
   def publish_event(event, files)
diff --git a/lib/tasks/agent.rake b/lib/tasks/agent.rake
index 9fe156e..d00de1d 100644
--- a/lib/tasks/agent.rake
+++ b/lib/tasks/agent.rake
@@ -1,8 +1,15 @@
 namespace :agent do
+  require 'fake_agent'
+
   desc "watch all files"
   task watch: :environment do
-    require 'fake_agent'
     agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000')
-    agent.run(Dir.pwd)
+    agent.watch(Dir.pwd)
+  end
+
+  desc "scan directory"
+  task scan: :environment do
+    agent = FakeAgent.new(Agent.first.id, 'http://localhost:3000')
+    agent.scan(Dir.pwd)
   end
 end