AbstractFuzzyHashProcessor.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.nifi.processors.cybersecurity;


import com.idealista.tlsh.TLSH;
import info.debatty.java.spamsum.SpamSum;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.util.StandardValidators;

import java.util.List;
import java.util.Set;

abstract class AbstractFuzzyHashProcessor extends AbstractProcessor {
    final protected static String ssdeep = "ssdeep";
    final protected static String tlsh = "tlsh";

    public static final AllowableValue allowableValueSSDEEP = new AllowableValue(
            ssdeep,
            ssdeep,
            "Uses ssdeep / SpamSum 'context triggered piecewise hash'.");
    public static final AllowableValue allowableValueTLSH = new AllowableValue(
            tlsh,
            tlsh,
            "Uses TLSH (Trend 'Locality Sensitive Hash'). Note: FlowFile Content must be at least 512 characters long");

    public static final PropertyDescriptor ATTRIBUTE_NAME = new PropertyDescriptor.Builder()
            .name("ATTRIBUTE_NAME")
            .displayName("Hash Attribute Name")
            .description("The name of the FlowFile Attribute that should hold the Fuzzy Hash Value")
            .required(true)
            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
            .defaultValue("fuzzyhash.value")
            .build();

    public static final PropertyDescriptor HASH_ALGORITHM = new PropertyDescriptor.Builder()
            .name("HASH_ALGORITHM")
            .displayName("Hashing Algorithm")
            .description("The hashing algorithm utilised")
            .allowableValues(allowableValueSSDEEP, allowableValueTLSH)
            .required(true)
            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
            .build();


    protected List<PropertyDescriptor> descriptors;

    protected Set<Relationship> relationships;

    protected boolean checkMinimumAlgorithmRequirements(String algorithm, FlowFile flowFile) {
        // Check if content matches minimum length requirement
        if (algorithm.equals(tlsh) && flowFile.getSize() < 512 ) {
            return false;
        } else {
            return true;
        }
    }


    protected String generateHash(String algorithm, String content) {
        switch (algorithm) {
            case tlsh:
                return new TLSH(content).hash();
            case ssdeep:
                return new SpamSum().HashString(content);
            default:
                return null;
        }
    }
}