jpcertcc / impfuzzy Goto Github PK

Launching the command:
python impfuzzy_for_neo4j.py -d /myfolder/
If in myfolder are present 2 samples with different names but same hash, the script will add in DB both samples and not only one, going to create cluster with itself.

This error appears when you clear the database:
python impfuzzy_for_neo4j.py --delete

Is it possible to add labels or tags to the clusters in Neo4j?
Looking at this example and focusing to the cluster with 4 elements:

:123 cluster: 64 id: 108 impfuzzy: 12:KOFlAJqEccHwu9DK+j7oV4W8IAGAVV4W8xJcD8uw5vn:TTsqEzwu9DK+j0V4WjAVV4WccD8uwBn md5: 4c1017de62ea4788c7c8058a8f825a2d
:139 cluster: 64 id: 124 impfuzzy: 12:KOFlAJqEccHwu9DK+j7oV4W8IAGAVV4W8xJcD8uw5vn:TTsqEzwu9DK+j0V4WjAVV4WccD8uwBn md5: 43e896ede6fe025ee90f7f27c6d376a4
:128 cluster: 64 id: 113 impfuzzy: 12:zJFxJqEccHwu9DK+j7oV4W8IAGAKV4W8xJcDvuw5vn:t1qEzwu9DK+j0V4WjAKV4WccDvuwBn md5: 1fb407a20373f3970f08d3f3c086841d
:122 cluster: 64 id: 107 impfuzzy: 12:zJFxJqEccHwu9DK+j7oV4W8IAGAKV4W8xJcDvuw5vn:t1qEzwu9DK+j0V4WjAKV4WccDvuwBn md5: 91a5594343b47462ebd6266a9c40abbe

I would like to have the possibility to tag the cluster n°64 with "Turla", making the tag also searchable.

What do you think?

To reproduce, using Python 3.10.5

$ docker run -ti --rm fedora:latest bash
# dnf install -y python3-pip gcc python3-devel ssdeep-devel
# pip3 install pyimpfuzzy

Simple test case

# python3
Python 3.10.5 (main, Jun  9 2022, 00:00:00)
>>> import pyimpfuzzy
>>> contents = open('helloworld.exe','rb').read()
>>> pyimpfuzzy.get_impfuzzy_data(contents)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib64/python3.10/site-packages/pyimpfuzzy.py", line 19, in get_impfuzzy_data
    return impfuzzyutil.hash_data(apilist)
SystemError: PY_SSIZE_T_CLEAN macro must be defined for '#' formats

Using 3.8.10 it works as expected

# python3
Python 3.8.10 (default, Mar 15 2022, 12:22:08) 
>>> import pyimpfuzzy
>>> contents = open('helloworld.exe','rb').read()
>>> pyimpfuzzy.get_impfuzzy_data(contents)
'24:wyWPWyWNwUxQSySPXQDMLaocAzAZhDbBSy29fJLhJCBAihTK4Tg9kBb+u5Fi119p:gCNhQSVXQwLwAYunPuBS1119L9'

There is no license file in this repository.
What is the license that impfuzzy is adopting?
I have trouble when referring to the source code.

We are playing with data contained in Neo4j deleting and insertimg nodes.
We are having issue with numerical id because the creation node statement uses the len of db as value for id.
Example: inserting 3 nodes (id=1,id=2,id=3) and delete one of them (id=2), when you add a new node it tries to use id=3 that is already present.
Can the use of uuid be a possible solution?
We will play with it tomorrow.