Lazy load implementation

Author: danielhuici

apotheosis.py

@@ -224,7 +224,7 @@ def _load_node_from_fp(cls, f, data_to_node: dict,
         data_neighs = {}
         if db_manager:
             if data_to_node.get(data) is None:
-                new_node = hash_node_class.create_node_from_DB(db_manager, data, algorithm)
+                new_node = hash_node_class.create_node_from_DB(db_manager, data, algorithm, lazy=True)
                 if with_layer:
                     new_node.set_max_layer(max_layer)
                 # store it for next iterations

datalayer/db_manager.py

@@ -5,7 +5,6 @@
 import mysql.connector
 from mysql.connector import errorcode
 
-from datalayer.node.winpage_hash_node import WinPageHashNode
 from datalayer.hash_algorithm.hash_algorithm import HashAlgorithm
 from datalayer.hash_algorithm.tlsh_algorithm import TLSHHashAlgorithm
 from datalayer.hash_algorithm.ssdeep_algorithm import SSDEEPHashAlgorithm
@@ -35,7 +34,14 @@
     JOIN os o ON m.os_id = o.id
     """
 
-SQL_GET_WINMODULE_BY_HASH = """
+SQL_GET_ALL_PAGES_LAZY = """
+    SELECT p.{}
+    FROM pages p
+    JOIN modules m ON p.module_id = m.id
+    JOIN os o ON m.os_id = o.id
+    """
+
+SQL_GET_MODULE_BY_HASH = """
     SELECT p.{}, m.id AS module_id, m.file_version, m.original_filename, 
         m.internal_filename, m.product_filename, m.company_name, 
         m.legal_copyright, m.classification, m.size, m.base_address, o.*
@@ -107,61 +113,51 @@ def _row_to_module(self, row, os=None):
             base_address=row["base_address"]
             )
 
-
-    def get_winmodule_data_by_pageid(self, page_id=0, algorithm=HashAlgorithm):
-        logger.info(f"Getting results for \"{page_id}\" from DB ({algorithm.__name__}) ...")
-        hash_column = "hashTLSH" if algorithm == TLSHHashAlgorithm else "hashSSDEEP"
-        query = SQL_GET_WINMODULE_BY_PAGEID.format(hash_column)
-        self.cursor.execute(query, (page_id,))
-        row = self.cursor.fetchone()
-        if not row:
-            logger.debug(f"Error! Page ID {page_id} not in DB (algorithm: {algorithm})")
-            raise PageIdValueNotInDBError
-        
-        module = self._row_to_module(row)
-        return WinPageHashNode(id=row[hash_column], hash_algorithm=algorithm, module=module)
-
-
-    def get_winmodule_data_by_hash(self, algorithm, hash_value: str = ""):
+    def get_winpage_module_by_hash(self, algorithm : HashAlgorithm, hash_value: str = ""):
         logger.info(f"Getting results for \"{hash_value}\" from DB ({algorithm})")
         hash_column = "hashTLSH" if algorithm == TLSHHashAlgorithm else "hashSSDEEP"
-        query = SQL_GET_WINMODULE_BY_HASH.format(hash_column, hash_column)
+
+        query = SQL_GET_MODULE_BY_HASH.format(hash_column, hash_column)
         self.cursor.execute(query, (hash_value,))
         row = self.cursor.fetchone()
+
         if not row:
             logger.debug(f"Error! Hash value {hash_value} not in DB (algorithm: {algorithm})")
             raise HashValueNotInDBError
 
         module = self._row_to_module(row)
-        return WinPageHashNode(id=hash_value, hash_algorithm=algorithm, module=module)
-
+        return module
 
     def get_organized_modules(self, algorithm: HashAlgorithm = TLSHHashAlgorithm) -> dict:
         result = {}
 
         self.cursor.execute(SQL_GET_ALL_OS)
         db_operating_systems = self.cursor.fetchall()
         for db_os in db_operating_systems:
-            os_name = db_os['name']
+            os_name = db_os['version']
             result[os_name] = {}
 
             self.cursor.execute(SQL_GET_MODULES_BY_OS, (db_os['id'],))
             modules = self.cursor.fetchall()
             for module in modules:
                 module_name = module['internal_filename']
-                result[os_name][module_name] = set()
+                original_name = module['original_filename']
+                result[os_name][original_name] = set()
 
                 pages = self.get_winmodules(algorithm, modules_of_interest={module_name}, os_id=db_os['id'])
                 for page in pages:
-                    result[os_name][module_name].add(page)
+                    result[os_name][original_name].add(page)
 
         return result
 
-    def get_winmodules(self, algorithm: HashAlgorithm = TLSHHashAlgorithm, limit: int = None, modules_of_interest: set = None, os_id: int = None) -> set:
+    def get_winmodules(self, algorithm: HashAlgorithm = TLSHHashAlgorithm, limit: int = None, modules_of_interest: set = None, os_id: int = None,
+                       lazy: bool = True) -> set:
+        from datalayer.node.winpage_hash_node import WinPageHashNode # Avoid circular deps   
         try:
+            query = SQL_GET_ALL_PAGES_LAZY if lazy else SQL_GET_ALL_PAGES
+
             winmodules = set()
-            operating_systems = set()
-            modules = set()
+            
 
             hash_column = "hashTLSH" if algorithm == TLSHHashAlgorithm else "hashSSDEEP"
             query = SQL_GET_ALL_PAGES.format(hash_column)  # Inject hash column
@@ -192,20 +188,27 @@ def get_winmodules(self, algorithm: HashAlgorithm = TLSHHashAlgorithm, limit: in
             self.cursor.execute(query, params)
             results = self.cursor.fetchall()
 
-            for row in results:
-                os_id = row["id"]
-                os_version = row["version"]
-                os_name = row["name"]
-                hash_value = row[hash_column]
-
-                current_os = OS(os_id, os_name, os_version)
-                if current_os in operating_systems:
-                    current_os = next(os for os in operating_systems if os == current_os)
-                else:
-                    operating_systems.add(current_os)
-
-                current_module = self._row_to_module(row)
-                winmodules.add(WinPageHashNode(hash_value, algorithm, current_module))
+            if lazy:
+                for row in results:
+                    hash_value = row[hash_column]
+                    winmodules.add(WinPageHashNode(hash_value, algorithm, None))
+            else:
+                operating_systems = set()
+                modules = set()
+                for row in results:
+                    os_id = row["id"]
+                    os_version = row["version"]
+                    os_name = row["name"]
+                    hash_value = row[hash_column]
+
+                    current_os = OS(os_id, os_name, os_version)
+                    if current_os in operating_systems:
+                        current_os = next(os for os in operating_systems if os == current_os)
+                    else:
+                        operating_systems.add(current_os)
+
+                    current_module = self._row_to_module(row)
+                    winmodules.add(WinPageHashNode(hash_value, algorithm, current_module))
 
             return winmodules
         except mysql.connector.Error as err:

datalayer/node/node.py

@@ -53,7 +53,7 @@ def internal_load(cls, f):
         raise NotImplementedError
     # to be implemented in final classes
     @classmethod
-    def create_node_from_DB(cls, db_manager, _id, hash_algoritmh):
+    def create_node_from_DB(cls, db_manager, _id, hash_algoritmh, lazy):
         raise NotImplementedError
     # to be implemented in final classes
     @classmethod

datalayer/node/winpage_hash_node.py

@@ -1,36 +1,35 @@
 #TODO docstring
 from datalayer.node.hash_node import HashNode
 from datalayer.hash_algorithm.hash_algorithm import HashAlgorithm
-from datalayer.hash_algorithm.tlsh_algorithm import TLSHHashAlgorithm
-from datalayer.hash_algorithm.ssdeep_algorithm import SSDEEPHashAlgorithm
 from datalayer.database.module import Module
+from datalayer.db_manager import DBManager
 from common.constants import *
 from common.errors import NodeUnsupportedAlgorithm
 
 class WinPageHashNode(HashNode):
-    def __init__(self, id, hash_algorithm: HashAlgorithm, module: Module=None):
+    def __init__(self, id, hash_algorithm: HashAlgorithm, module: Module=None, db_manager: DBManager=None):
         super().__init__(id, hash_algorithm)
-        self._module = module
+        self._real_module = module
+        self._db_manager = db_manager
+
+    @property
+    def _module(self):
+        if not self._real_module and self._db_manager is not None:
+            self._real_module = self._db_manager.get_winpage_module_by_id(self._hash_algorithm, self._id)
+        return self._real_module
 
     def __lt__(self, other): # Hack for priority queue. TODO: not needed here?
         return False
 
     def get_module(self):
         return self._module
 
-    def get_page(self):
-        return self._page
-
-    def get_internal_page_id(self):
-        return self._page.id if self._page else 0
-    
     def get_draw_features(self):
         return {"module_names": { self._id: self._module.original_filename + " " + self._module.file_version},
                 "module_version": {self._id: self._module.file_version},
                 "os_version": {self._id: self._module.os.version}
                 }
 
-
     def as_dict(self):
         node_dict = super().as_dict()
         if self._module:
@@ -64,8 +63,10 @@ def internal_load(cls, f):
         return bpage_id, bpage_id.decode('utf-8').rstrip('\x00')
 
     @classmethod
-    def create_node_from_DB(cls, db_manager, hash_id, hash_algorithm):
-        new_node = db_manager.get_winmodule_data_by_hash(hash_value=hash_id, algorithm=hash_algorithm)
+    def create_node_from_DB(cls, db_manager, hash_id, hash_algorithm, lazy=True):
+        new_node = WinPageHashNode(hash_id, hash_algorithm, None, db_manager)
+        if not lazy:
+            new_node._module # Force load module from database
         return new_node
 
     @classmethod
@@ -74,28 +75,5 @@ def internal_data_needs_DB(cls) -> bool:
                     # to load a WinPageHashNode from an Apotheosis file
 
     def is_equal(self, other):
-        if type(self) != type(other):
-            return False
-        try:
-            same_module = self._module == other._module
-            same_page = self._page == other._page
-            if not same_module or not same_page:
-                return False
-            if type(self._hash_algorithm) != type(other._hash_algorithm):
-                return False
-            # check now the id and the hash, both modules and pages are the same
-            equal = self._id == other._id and self._max_layer == other._max_layer and\
-                        len(self._neighbors) == len(other._neighbors)
-            if not equal:
-                return False
-            # now, check the neighbors
-            for idx, neighs in enumerate(self._neighbors):
-                other_pageid = set([node._page.id for node in other._neighbors[idx]])
-                self_pageid = set([node._page.id for node in self._neighbors[idx]])
-                if other_pageid != self_pageid:
-                    return False
-            
-            return True
-        except:
-            return False
+        return other._id == self._id
 

tests/unit.py

@@ -78,11 +78,6 @@ def test_deletion(self):
 
         self.assertEqual(actual_founds, expected_founds)
 
-
-    def mock_get_winmodule_data_by_hash(self, algorithm, hash_value):
-        """Mock function for get_winmodule_data_by_hash"""
-        return WinPageHashNode(hash_value, algorithm)
-
     def test_dump_load(self):
         self.apo_model = Apotheosis(
             M=4, ef=4, Mmax=8, Mmax0=16,
@@ -97,20 +92,18 @@ def test_dump_load(self):
         node1 = WinPageHashNode(hash1, TLSHHashAlgorithm)
         node2 = WinPageHashNode(hash2, TLSHHashAlgorithm)
 
-        # Using self to reference the mock function
-        with patch.object(DBManager, 'connect', return_value=None), \
-            patch.object(DBManager, 'get_winmodule_data_by_hash', side_effect=self.mock_get_winmodule_data_by_hash) as mock_method:
-            self.apo_model.insert(node1)
-            self.apo_model.insert(node2)
+        
+        self.apo_model.insert(node1)
+        self.apo_model.insert(node2)
 
-            self.apo_model.dump("TestApo", compress=False)
-            self.apo_model.load('TestApo', TLSHHashAlgorithm, WinPageHashNode)
+        self.apo_model.dump("TestApo", compress=False)
+        self.apo_model.load('TestApo', TLSHHashAlgorithm, WinPageHashNode)
 
-            _, exact1, _ = self.apo_model.knn_search(HashNode(hash1, TLSHHashAlgorithm), k=1, ef=4)
-            _, exact2, _ = self.apo_model.knn_search(HashNode(hash2, TLSHHashAlgorithm), k=1, ef=4)
+        _, exact1, _ = self.apo_model.knn_search(HashNode(hash1, TLSHHashAlgorithm), k=1, ef=4)
+        _, exact2, _ = self.apo_model.knn_search(HashNode(hash2, TLSHHashAlgorithm), k=1, ef=4)
 
-            self.assertEqual(exact1.get_id(), hash1)
-            self.assertEqual(exact2.get_id(), hash2)
+        self.assertEqual(exact1.get_id(), hash1)
+        self.assertEqual(exact2.get_id(), hash2)
 
 
 if __name__ == '__main__':