maco 1.2.11__py3-none-any.whl → 1.2.12__py3-none-any.whl

demo_extractors/requirements.txt

@@ -1 +1,4 @@
 httpx
+
+# Install maco from source for testing
+../

demo_extractors/terminator.py

@@ -0,0 +1,17 @@
+from io import BytesIO
+from typing import List, Optional
+
+from maco import extractor, model, yara
+from maco.exceptions import AnalysisAbortedException
+
+
+class Terminator(extractor.Extractor):
+    """Terminates early during extraction"""
+
+    family = "terminator"
+    author = "skynet"
+    last_modified = "1997-08-29"
+
+    def run(self, stream: BytesIO, matches: List[yara.Match]) -> Optional[model.ExtractorModel]:
+        # Terminate early and indicate I can't run on this sample
+        raise AnalysisAbortedException("I can't run on this sample")

maco/cli.py

@@ -3,18 +3,20 @@
 import argparse
 import base64
 import binascii
+import cart
 import hashlib
 import io
 import json
 import logging
 import os
 import sys
-from typing import BinaryIO, List, Tuple
 
-import cart
+from importlib.metadata import version
+from typing import BinaryIO, List, Tuple
 
 from maco import collector
 
+
 logger = logging.getLogger("maco.lib.cli")
 
 
@@ -199,6 +201,13 @@ def main():
         action="store_true",
         help="Force installation of Python dependencies for extractors (in both host and virtual environments).",
     )
+    parser.add_argument(
+        "--version",
+        action="version",
+        version=f"version: {version('maco')}",
+        help="Show version of MACO",
+    )
+
     args = parser.parse_args()
     inc = args.include.split(",") if args.include else []
     exc = args.exclude.split(",") if args.exclude else []

maco/collector.py

@@ -13,6 +13,7 @@ from multiprocess import Manager, Process, Queue
 from pydantic import BaseModel
 
 from maco import extractor, model, utils, yara
+from maco.exceptions import AnalysisAbortedException
 
 
 class ExtractorLoadError(Exception):
@@ -191,6 +192,9 @@ class Collector:
                         venv=extractor["venv"],
                     )
                 )
+        except AnalysisAbortedException:
+            # Extractor voluntarily aborted analysis of sample
+            return
         except Exception:
             # caller can deal with the exception
             raise

maco/exceptions.py

@@ -0,0 +1,3 @@
+# Can be raised by extractors to abort analysis of a sample
+# ie. Can abort if preliminary checks at start of run indicate the file shouldn't be analyzed by extractor
+class AnalysisAbortedException(Exception): ...

maco/utils.py

@@ -34,6 +34,7 @@ from uv import find_uv_bin
 
 from maco import model
 from maco.extractor import Extractor
+from maco.exceptions import AnalysisAbortedException
 
 logger = logging.getLogger("maco.lib.utils")
 
@@ -514,9 +515,15 @@ def run_extractor(
                     exception = stderr
                     if delim in exception:
                         exception = f"{delim}{exception.split(delim, 1)[1]}"
-                    # print extractor logging at error level
-                    logger.error(f"maco extractor raised exception, stderr:\n{stderr}")
-                    raise Exception(exception) from e
+                    if "maco.exceptions.AnalysisAbortedException" in exception:
+                        # Extractor voluntarily terminated, re-raise exception to be handled by collector
+                        raise AnalysisAbortedException(
+                            exception.split("maco.exceptions.AnalysisAbortedException: ")[-1]
+                        )
+                    else:
+                        # print extractor logging at error level
+                        logger.error(f"maco extractor raised exception, stderr:\n{stderr}")
+                        raise Exception(exception) from e
                 # ensure that extractor logging is available
                 logger.info(f"maco extractor stderr:\n{stderr}")
     return loaded

{maco-1.2.11.dist-info → maco-1.2.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: maco
-Version: 1.2.11
+Version: 1.2.12
 Author: sl-govau
 Maintainer: cccs-rs
 License: MIT License

{maco-1.2.11.dist-info → maco-1.2.12.dist-info}/RECORD

@@ -2,26 +2,29 @@ demo_extractors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 demo_extractors/elfy.py,sha256=Jo_GKExCeFOKGENJnNM_9ONfJO7LQFucCNz0ryTAo9U,765
 demo_extractors/limit_other.py,sha256=BWjeyOxB75kw4eRla5zvSzdcXtELOS8R6hc71rLPh1s,1295
 demo_extractors/nothing.py,sha256=MNPlb0IsBjrlU5e438JlJ4DIKoBpBRAaYY3JhD3yHqk,601
-demo_extractors/requirements.txt,sha256=E0tD6xBZldq6sQGTHng6k88lBeASOhmLJcdcjpcqBNE,6
+demo_extractors/requirements.txt,sha256=nD7BPNv7YEPUr9MDcaKYNs2UfHtxvN8FOKKesgC_L5g,50
 demo_extractors/shared.py,sha256=2P1cyuRbHDvM9IRt3UZnwdyhxx7OWqNC83xLyV8Y190,305
+demo_extractors/terminator.py,sha256=G1AQHL1JGI8iMa4-H55nWwLzOlPicWH-2HiADw4aE9M,552
 demo_extractors/complex/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 demo_extractors/complex/complex.py,sha256=tXrzj_zWIXbTOwj7Lezapk-qkrM-lfwcyjd5m-BYzdg,2322
 demo_extractors/complex/complex_utils.py,sha256=aec8kJsYUrMPo-waihkVLt-0QpiOPkw7dDqfT9MNuHk,123
 maco/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maco/base_test.py,sha256=cjGLEy2c69wl9sjn74QFz7X-VxWOfdin4W8MvYsXc4Q,2718
-maco/cli.py,sha256=iXAfSSL8Td8DyOrMtMqZaXO4uGC5NPYrMDR9GklON24,8734
-maco/collector.py,sha256=w4NQ1BcLOICXJxrEyOcXlkWGi_p31D9eK3IghKxq5y0,7576
+maco/cli.py,sha256=K9gjsyGXcmSqBSkRkertVTH-Z4mwGFVk7TQxx8Y2mXo,8937
+maco/collector.py,sha256=T1tGibakx-yfgHzrHC4mqY-G2Y-VhDz8Qx1KoXa7l0g,7752
+maco/exceptions.py,sha256=aUbkX9CZfgp1aZFTEa98Uwge6MeQcQ3LbYkgNOwWaCg,214
 maco/extractor.py,sha256=uGSGiCQ4jd8jFmfw2T99BGcY5iQJzXHcG_RoTIxClTE,2802
-maco/utils.py,sha256=LvrpAa4xfYFMUywtp-5INGdHlWqK8n9fsd31dtMPa1c,21273
+maco/utils.py,sha256=bD2z6xZeR-MNhM834w2vQi4IP-kpQSXL-l71vmGweAU,21726
 maco/yara.py,sha256=8RVaGyeUWY5f8_wfQ25lDX1bcXsb_VoSja85ZC2SqGw,2913
 maco/model/__init__.py,sha256=ULdyHx8R5D2ICHZo3VoCk1YTlewTok36TYIpwx__pNY,45
 maco/model/model.py,sha256=4uY88WphbP3iu-L2WjuYwtgZCS_wNul_hr0bAVuTpvc,23740
 model_setup/maco/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 model_setup/maco/base_test.py,sha256=cjGLEy2c69wl9sjn74QFz7X-VxWOfdin4W8MvYsXc4Q,2718
-model_setup/maco/cli.py,sha256=iXAfSSL8Td8DyOrMtMqZaXO4uGC5NPYrMDR9GklON24,8734
-model_setup/maco/collector.py,sha256=w4NQ1BcLOICXJxrEyOcXlkWGi_p31D9eK3IghKxq5y0,7576
+model_setup/maco/cli.py,sha256=K9gjsyGXcmSqBSkRkertVTH-Z4mwGFVk7TQxx8Y2mXo,8937
+model_setup/maco/collector.py,sha256=T1tGibakx-yfgHzrHC4mqY-G2Y-VhDz8Qx1KoXa7l0g,7752
+model_setup/maco/exceptions.py,sha256=aUbkX9CZfgp1aZFTEa98Uwge6MeQcQ3LbYkgNOwWaCg,214
 model_setup/maco/extractor.py,sha256=uGSGiCQ4jd8jFmfw2T99BGcY5iQJzXHcG_RoTIxClTE,2802
-model_setup/maco/utils.py,sha256=LvrpAa4xfYFMUywtp-5INGdHlWqK8n9fsd31dtMPa1c,21273
+model_setup/maco/utils.py,sha256=bD2z6xZeR-MNhM834w2vQi4IP-kpQSXL-l71vmGweAU,21726
 model_setup/maco/yara.py,sha256=8RVaGyeUWY5f8_wfQ25lDX1bcXsb_VoSja85ZC2SqGw,2913
 model_setup/maco/model/__init__.py,sha256=ULdyHx8R5D2ICHZo3VoCk1YTlewTok36TYIpwx__pNY,45
 model_setup/maco/model/model.py,sha256=4uY88WphbP3iu-L2WjuYwtgZCS_wNul_hr0bAVuTpvc,23740
@@ -36,9 +39,9 @@ tests/extractors/basic_longer.py,sha256=1ClU2QD-Y0TOl_loNFvEqIEpTR5TSVJ6zg9ZmC-E
 tests/extractors/test_basic.py,sha256=FLKekfSGM69HaiF7Vu_7D7KDXHZko-9hZkMO8_DoyYA,697
 tests/extractors/bob/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/extractors/bob/bob.py,sha256=G5aOoz58J0ZQK2_lA7HRxAzeLzBxssWxBTZcv1pSbi8,176
-maco-1.2.11.dist-info/LICENSE.md,sha256=gMSjshPhXvV_F1qxmeNkKdBqGWkd__fEJf4glS504bM,1478
-maco-1.2.11.dist-info/METADATA,sha256=Tq5p2qkCIvlvzc48rskdrBhl6-FUEq0FhE-Xdm6JcL0,15893
-maco-1.2.11.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
-maco-1.2.11.dist-info/entry_points.txt,sha256=TpcwG1gedIg8Y7a9ZOv8aQpuwEUftCefDrAjzeP-o6U,39
-maco-1.2.11.dist-info/top_level.txt,sha256=iMRwuzmrHA3zSwiSeMIl6FWhzRpn_st-I4fAv-kw5_o,49
-maco-1.2.11.dist-info/RECORD,,
+maco-1.2.12.dist-info/LICENSE.md,sha256=gMSjshPhXvV_F1qxmeNkKdBqGWkd__fEJf4glS504bM,1478
+maco-1.2.12.dist-info/METADATA,sha256=fQa29RHfFtLo3isR5emR5qEtpeTTTHwBk4EN1CWzyRs,15893
+maco-1.2.12.dist-info/WHEEL,sha256=In9FTNxeP60KnTkGw7wk6mJPYd_dQSjEZmXdBdMCI-8,91
+maco-1.2.12.dist-info/entry_points.txt,sha256=TpcwG1gedIg8Y7a9ZOv8aQpuwEUftCefDrAjzeP-o6U,39
+maco-1.2.12.dist-info/top_level.txt,sha256=iMRwuzmrHA3zSwiSeMIl6FWhzRpn_st-I4fAv-kw5_o,49
+maco-1.2.12.dist-info/RECORD,,

model_setup/maco/cli.py

@@ -3,18 +3,20 @@
 import argparse
 import base64
 import binascii
+import cart
 import hashlib
 import io
 import json
 import logging
 import os
 import sys
-from typing import BinaryIO, List, Tuple
 
-import cart
+from importlib.metadata import version
+from typing import BinaryIO, List, Tuple
 
 from maco import collector
 
+
 logger = logging.getLogger("maco.lib.cli")
 
 
@@ -199,6 +201,13 @@ def main():
         action="store_true",
         help="Force installation of Python dependencies for extractors (in both host and virtual environments).",
     )
+    parser.add_argument(
+        "--version",
+        action="version",
+        version=f"version: {version('maco')}",
+        help="Show version of MACO",
+    )
+
     args = parser.parse_args()
     inc = args.include.split(",") if args.include else []
     exc = args.exclude.split(",") if args.exclude else []

model_setup/maco/collector.py

@@ -13,6 +13,7 @@ from multiprocess import Manager, Process, Queue
 from pydantic import BaseModel
 
 from maco import extractor, model, utils, yara
+from maco.exceptions import AnalysisAbortedException
 
 
 class ExtractorLoadError(Exception):
@@ -191,6 +192,9 @@ class Collector:
                         venv=extractor["venv"],
                     )
                 )
+        except AnalysisAbortedException:
+            # Extractor voluntarily aborted analysis of sample
+            return
         except Exception:
             # caller can deal with the exception
             raise

model_setup/maco/exceptions.py

@@ -0,0 +1,3 @@
+# Can be raised by extractors to abort analysis of a sample
+# ie. Can abort if preliminary checks at start of run indicate the file shouldn't be analyzed by extractor
+class AnalysisAbortedException(Exception): ...

model_setup/maco/utils.py

@@ -34,6 +34,7 @@ from uv import find_uv_bin
 
 from maco import model
 from maco.extractor import Extractor
+from maco.exceptions import AnalysisAbortedException
 
 logger = logging.getLogger("maco.lib.utils")
 
@@ -514,9 +515,15 @@ def run_extractor(
                     exception = stderr
                     if delim in exception:
                         exception = f"{delim}{exception.split(delim, 1)[1]}"
-                    # print extractor logging at error level
-                    logger.error(f"maco extractor raised exception, stderr:\n{stderr}")
-                    raise Exception(exception) from e
+                    if "maco.exceptions.AnalysisAbortedException" in exception:
+                        # Extractor voluntarily terminated, re-raise exception to be handled by collector
+                        raise AnalysisAbortedException(
+                            exception.split("maco.exceptions.AnalysisAbortedException: ")[-1]
+                        )
+                    else:
+                        # print extractor logging at error level
+                        logger.error(f"maco extractor raised exception, stderr:\n{stderr}")
+                        raise Exception(exception) from e
                 # ensure that extractor logging is available
                 logger.info(f"maco extractor stderr:\n{stderr}")
     return loaded