collect stalkware apps from IOC stalkware indicators submodule

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "data/stalkerware-indicators"]
+	path = data/stalkerware-indicators
+	url = [email protected]:AssoEchap/stalkerware-indicators.git

config.py

@@ -43,6 +43,11 @@
 APP_INFO_SQLITE_FILE = 'sqlite:///static_data/app-info.db' + \
     ("~test" if TEST else "")
 
+# IOC stalkware indicators
+IOC_PATH = "data/stalkerware-indicators/"
+IOC_FILE = IOC_PATH + "ioc.yaml"
+
+
 # we will resolve the database path using an absolute path to __FILE__ because
 # there are a couple of sources of truth that may disagree with their "path
 # relavitity". Needless to say, FIXME

requirements.txt

@@ -1,12 +1,36 @@
-# appJar==0.90.0
-pandas
-flask
-dataset
-rsonlite==0.1.0
-Flask-WTF==0.14.2
+alembic==1.8.1
+autopep8==2.0.1
+banal==1.0.6
+click==8.1.3
+dataset==1.5.2
+decorator==5.1.1
+Flask==2.2.2
+Flask-Migrate==2.5.2
 Flask-SQLAlchemy==2.5.1
+Flask-WTF==0.14.2
+greenlet==2.0.1
+importlib-metadata==5.1.0
+infinity==1.5
+intervals==0.9.2
+itsdangerous==2.1.2
+Jinja2==3.1.2
+Mako==1.2.4
+MarkupSafe==2.1.1
+numpy==1.23.5
+pandas==1.5.2
+pycodestyle==2.10.0
+python-dateutil==2.8.2
+python-dotenv==0.10.3
+pytz==2022.6
+PyYAML==6.0
+rsonlite==0.1.0
+six==1.16.0
+SQLAlchemy==1.4.44
+SQLAlchemy-Utils==0.38.3
+tomli==2.0.1
+validators==0.20.0
+Werkzeug==2.2.2
 WTForms==2.2.1
 WTForms-Alchemy==0.16.9
 WTForms-Components==0.10.4
-Flask-Migrate==2.5.2
-python-dotenv==0.10.3
+zipp==3.11.0

scripts/get-stalkerware-indicators.py

@@ -0,0 +1,60 @@
+import os
+import yaml
+import csv
+import sys
+
+# set current path to root
+os.chdir(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+# setting path
+sys.path.append(os.getcwd())
+
+import config
+
+# check if submodule is initialized
+if not os.path.exists(config.IOC_PATH):
+    print("Submodule not initialized. Initializing now...")
+    os.system("git submodule update --init --recursive")
+
+# update submodule
+os.system("git submodule update --recursive --remote")
+
+# parse ioc.yaml
+ioc = {}
+with open(config.IOC_FILE, "r") as f:
+    ioc = yaml.load(f, Loader=yaml.FullLoader)
+
+# get packages from every element of ioc dict
+apps = []
+for element in ioc:
+    # add ioc[element]['packages'] to apps
+    if 'packages' in element:
+        apps.extend(element['packages'])
+
+
+# print all indicators
+print("Found " + str(len(apps)) + " apps from the IOC stalkware indicators repostiory!")
+
+# read app-flags.csv csv file
+old_apps = []
+with open(config.APP_FLAGS_FILE, "r") as f:
+    reader = csv.reader(f)
+    for row in reader:
+        old_apps.append(row[0])
+
+new_app_count = 0
+
+# append new apps to app-flags.csv for all ioc apps
+with open(config.APP_FLAGS_FILE, "a") as f:
+    writer = csv.writer(f)
+    for element in ioc:
+        if 'packages' not in element:
+            continue
+        for app in element['packages']:
+            # if app is not in the csv file, add it
+            if app not in old_apps:
+                new_app_count += 1
+                writer.writerow([app, "", "", element['name']])
+
+print("\nFound and added " + str(new_app_count) + " new apps!")
+