Skip to content

Commit f13a0d3

Browse files
mlodicdrosetti0ssigenodependabot[bot]carellamartina
authored
Merge pull request #2321 from intelowlproject/develop
* updated yeti analyzer and connector to support new major * updated default pycti version * fixed MaxMind data extraction for the country flag * Fix pivot + file Signed-off-by: 0ssigeno <s.berni@certego.net> * healthcheck available for Plugins with `url` option by default (#2320) * healthcheck available for Plugins with `url` option * doc * fix * Bump quark-engine from 24.4.1 to 24.5.1 in /requirements (#2313) Bumps [quark-engine](https://github.com/quark-engine/quark-engine) from 24.4.1 to 24.5.1. - [Release notes](https://github.com/quark-engine/quark-engine/releases) - [Commits](quark-engine/quark-engine@v24.4.1...v24.5.1) --- updated-dependencies: - dependency-name: quark-engine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jsonschema from 4.21.1 to 4.22.0 in /requirements (#2311) Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.21.1 to 4.22.0. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.21.1...v4.22.0) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docutils from 0.20.1 to 0.21.2 in /requirements (#2312) Bumps [docutils](https://docutils.sourceforge.io) from 0.20.1 to 0.21.2. --- updated-dependencies: - dependency-name: docutils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Revert "Bump docutils from 0.20.1 to 0.21.2 in /requirements (#2312)" This reverts commit 9e5106e. * prettier * changes (#2322) * Phoneinfoga analyzer adjustment (#2324) * Phoneinfoga Signed-off-by: 0ssigeno <s.berni@certego.net> * Linters Signed-off-by: 0ssigeno <s.berni@certego.net> * adjusted phoneinfoga * Update api_app/analyzers_manager/migrations/0088_phoneinfoga_parameters.py --------- Signed-off-by: 0ssigeno <s.berni@certego.net> Co-authored-by: Matteo Lodi <30625432+mlodic@users.noreply.github.com> * Fix serializer Signed-off-by: 0ssigeno <s.berni@certego.net> * Fix sender Signed-off-by: 0ssigeno <s.berni@certego.net> * pcap_analyzers adjusts + new playbook for PCAP files + upgraded Suricata to v7 (#2325) * pcap_analyzers adjusts + new playbook for PCAP files + upgraded Suricata to v7 * adjusted hfinger * adjust test * adjust test and upgraded watchman * tests * fix custom analysis (#2323) * hudsonrock (#2327) * hudsonrock * tests * test * add params * migration * tests * migration * i always overlook this lol * tlp to amber --------- Co-authored-by: g4ze <bhaiyajionline@gmail.com> * Update api_app/analyzers_manager/observable_analyzers/hudsonrock.py Co-authored-by: code-review-doctor[bot] <72320148+code-review-doctor[bot]@users.noreply.github.com> * black * Fixes frontend regex (#2329) * support phone numbers * moved phone number validation to E.164 format * removed dates from parsing as IP addresses * prettier * Cy cat#1479 (#2328) * cycat * cycat * cycat wrapper done * migration * docs * tests * tests --------- Co-authored-by: g4ze <bhaiyajionline@gmail.com> * updated changelog * fix loading visualizer navbar (#2335) * fix visualizer loading * changes * --- (#2332) updated-dependencies: - dependency-name: celery[redis,sqs] dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * --- (#2334) updated-dependencies: - dependency-name: intezer-sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * --- (#2333) updated-dependencies: - dependency-name: docutils dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Speed up (#2336) Signed-off-by: 0ssigeno <s.berni@certego.net> * Revert "--- (#2333)" This reverts commit 12802eb. --------- Signed-off-by: 0ssigeno <s.berni@certego.net> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Daniele Rosetti <d.rosetti@certego.net> Co-authored-by: 0ssigeno <s.berni@certego.net> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Martina Carella <m.carella@certego.net> Co-authored-by: Simone Berni <simone.berni2@studio.unibo.it> Co-authored-by: Nilay Gupta <102874321+g4ze@users.noreply.github.com> Co-authored-by: g4ze <bhaiyajionline@gmail.com> Co-authored-by: code-review-doctor[bot] <72320148+code-review-doctor[bot]@users.noreply.github.com> Co-authored-by: Daniele Rosetti <55402684+drosetti@users.noreply.github.com>
2 parents 98197f7 + 824b8f4 commit f13a0d3

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

61 files changed

+1654
-301
lines changed

.github/CHANGELOG.md

+1
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ We added **Pivot** buttons to enable manual Pivoting from an Observable/File ana
1010
As usual, we add new plugins. This release brings the following new ones:
1111
* a complete **TakedownRequest** playbook to automate TakeDown requests for malicious domains
1212
* new File Analyzers for tools like [HFinger](https://github.com/CERT-Polska/hfinger), [Permhash](https://github.com/google/permhash) and [Blint](https://github.com/owasp-dep-scan/blint)
13+
* new Observable Analyzers for [CyCat](https://cycat.org/) and [Hudson Rock](https://cavalier.hudsonrock.com/docs)
1314
* improvement of the existing Maxmind analyzer: it now downloads the ASN database too.
1415

1516
## [v6.0.1](https://github.com/intelowlproject/IntelOwl/releases/tag/v6.0.1)

.github/pull_request_template.md

+4-3
Original file line numberDiff line numberDiff line change
@@ -20,12 +20,13 @@ Please delete options that are not relevant.
2020
- [ ] I strictly followed the documentation ["How to create a Plugin"](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-add-a-new-plugin)
2121
- [ ] [Usage](https://github.com/intelowlproject/IntelOwl/blob/master/docs/source/Usage.md) file was updated.
2222
- [ ] [Advanced-Usage](https://github.com/intelowlproject/IntelOwl/blob/master/docs/source/Advanced-Usage.md) was updated (in case the plugin provides additional optional configuration).
23-
- [ ] If the plugin requires mocked testing, `_monkeypatch()` was used in its class to apply the necessary decorators.
2423
- [ ] I have dumped the configuration from Django Admin using the `dumpplugin` command and added it in the project as a data migration. (["How to share a plugin with the community"](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-share-your-plugin-with-the-community))
2524
- [ ] If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive `test_files.zip` and you added the default tests for that mimetype in [test_classes.py](https://github.com/intelowlproject/IntelOwl/blob/master/tests/analyzers_manager/test_classes.py).
26-
- [ ] If you created a new analyzer and it is free (does not require API keys), please add it in the `FREE_TO_USE_ANALYZERS` playbook by following [this guide](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-modify-a-plugin).
25+
- [ ] If you created a new analyzer and it is free (does not require any API key), please add it in the `FREE_TO_USE_ANALYZERS` playbook by following [this guide](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-modify-a-plugin).
2726
- [ ] Check if it could make sense to add that analyzer/connector to other [freely available playbooks](https://intelowl.readthedocs.io/en/develop/Usage.html#list-of-pre-built-playbooks).
28-
- [ ] I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
27+
- [ ] I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
28+
- [ ] If the plugin interacts with an external service, I have created an attribute called precisely `url` that contains this information. This is required for Health Checks.
29+
- [ ] If the plugin requires mocked testing, `_monkeypatch()` was used in its class to apply the necessary decorators.
2930
- [ ] I have added that raw JSON sample to the `MockUpResponse` of the `_monkeypatch()` method. This serves us to provide a valid sample for testing.
3031
- [ ] If external libraries/packages with restrictive licenses were used, they were added in the [Legal Notice](https://github.com/certego/IntelOwl/blob/master/.github/legal_notice.md) section.
3132
- [ ] Linters (`Black`, `Flake`, `Isort`) gave 0 errors. If you have correctly installed [pre-commit](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-start-setup-project-and-development-instance), it does these checks and adjustments on your behalf.

api_app/analyzers_manager/file_analyzers/docguard.py

+2-2
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313

1414

1515
class DocGuardUpload(FileAnalyzer):
16-
base_url = "https://api.docguard.io:8443/api"
16+
url = "https://api.docguard.io:8443/api"
1717
_api_key_name: str
1818

1919
def run(self):
@@ -31,7 +31,7 @@ def run(self):
3131
if not binary:
3232
raise AnalyzerRunException("File is empty")
3333
response = requests.post(
34-
self.base_url + "/FileAnalyzing/AnalyzeFile",
34+
self.url + "/FileAnalyzing/AnalyzeFile",
3535
headers=headers,
3636
files={"file": (self.filename, binary)},
3737
)

api_app/analyzers_manager/file_analyzers/filescan.py

+3-3
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ class FileScanUpload(FileAnalyzer):
1818

1919
max_tries: int = 30
2020
poll_distance: int = 10
21-
base_url = "https://www.filescan.io/api"
21+
url = "https://www.filescan.io/api"
2222
_api_key: str
2323

2424
def run(self):
@@ -31,7 +31,7 @@ def __upload_file_for_scan(self) -> int:
3131
if not binary:
3232
raise AnalyzerRunException("File is empty")
3333
response = requests.post(
34-
self.base_url + "/scan/file",
34+
self.url + "/scan/file",
3535
files={"file": (self.filename, binary)},
3636
headers={"X-Api-Key": self._api_key},
3737
)
@@ -41,7 +41,7 @@ def __upload_file_for_scan(self) -> int:
4141

4242
def __fetch_report(self, task_id: int) -> dict:
4343
report = {}
44-
url = f"{self.base_url}/scan/{task_id}/report"
44+
url = f"{self.url}/scan/{task_id}/report"
4545
params = {
4646
"filter": [
4747
"general",

api_app/analyzers_manager/file_analyzers/hfinger.py

+11-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,17 @@ class Hfinger(FileAnalyzer):
1616
fingerprint_report_mode: int = 2
1717

1818
def run(self):
19-
return hfinger_analyze(self.filepath, self.fingerprint_report_mode)
19+
reports = dict()
20+
reports["extraction"] = hfinger_analyze(
21+
self.filepath, self.fingerprint_report_mode
22+
)
23+
fingerprints = set()
24+
for report in reports["extraction"]:
25+
fingerprint = report.get("fingerprint", "")
26+
if fingerprint:
27+
fingerprints.add(fingerprint)
28+
reports["fingerprints_summary"] = list(fingerprints)
29+
return reports
2030

2131
@classmethod
2232
def update(cls) -> bool:

api_app/analyzers_manager/file_analyzers/malpedia_scan.py

+3-3
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,8 @@ class MalpediaScan(FileAnalyzer):
1212
Scan a binary against all YARA rules in Malpedia.
1313
"""
1414

15-
base_url = "https://malpedia.caad.fkie.fraunhofer.de/api"
16-
url = base_url + "/scan/binary"
15+
url = "https://malpedia.caad.fkie.fraunhofer.de/api"
16+
binary_url = url + "/scan/binary"
1717

1818
_api_key_name: str
1919

@@ -23,7 +23,7 @@ def run(self):
2323
# construct req
2424
headers = {"Authorization": f"APIToken {self._api_key_name}"}
2525
files = {"file": binary}
26-
response = requests.post(self.url, headers=headers, files=files)
26+
response = requests.post(self.binary_url, headers=headers, files=files)
2727
response.raise_for_status()
2828

2929
result = response.json()

api_app/analyzers_manager/file_analyzers/triage_scan.py

+1-1
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ def run(self):
2626
logger.info(f"triage md5 {self.md5} sending sample for analysis")
2727
for _try in range(self.max_tries):
2828
logger.info(f"triage md5 {self.md5} polling for result try #{_try + 1}")
29-
self.response = self.session.post(self.base_url + "samples", files=files)
29+
self.response = self.session.post(self.url + "samples", files=files)
3030
if self.response.status_code == 200:
3131
break
3232
time.sleep(self.poll_distance)

api_app/analyzers_manager/file_analyzers/unpac_me.py

+3-5
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515

1616

1717
class UnpacMe(FileAnalyzer):
18-
base_url: str = "https://api.unpac.me/api/v1/"
18+
url: str = "https://api.unpac.me/api/v1/"
1919

2020
_api_key_name: str
2121
private: bool
@@ -60,12 +60,10 @@ def run(self):
6060
def _req_with_checks(self, url, files=None, post=False):
6161
try:
6262
if post:
63-
r = requests.post(
64-
self.base_url + url, files=files, headers=self.headers
65-
)
63+
r = requests.post(self.url + url, files=files, headers=self.headers)
6664
else:
6765
headers = self.headers if self.private == "private" else {}
68-
r = requests.get(self.base_url + url, files=files, headers=headers)
66+
r = requests.get(self.url + url, files=files, headers=headers)
6967
r.raise_for_status()
7068
except requests.exceptions.HTTPError as e:
7169
logger.error(

api_app/analyzers_manager/file_analyzers/virushee.py

+4-4
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class VirusheeFileUpload(FileAnalyzer):
1919

2020
max_tries = 30
2121
poll_distance = 10
22-
base_url = "https://api.virushee.com"
22+
url = "https://api.virushee.com"
2323

2424
_api_key_name: str
2525

@@ -46,7 +46,7 @@ def run(self):
4646

4747
def __check_report_for_hash(self) -> Optional[dict]:
4848
response_json = None
49-
response = self.__session.get(f"{self.base_url}/file/hash/{self.md5}")
49+
response = self.__session.get(f"{self.url}/file/hash/{self.md5}")
5050
if response.status_code == 404: # hash not found in db
5151
return response_json
5252
response.raise_for_status()
@@ -57,13 +57,13 @@ def __check_report_for_hash(self) -> Optional[dict]:
5757
def __upload_file(self, binary: bytes) -> str:
5858
name_to_send = self.filename if self.filename else self.md5
5959
files = {"file": (name_to_send, binary)}
60-
response = self.__session.post(f"{self.base_url}/file/upload", files=files)
60+
response = self.__session.post(f"{self.url}/file/upload", files=files)
6161
response.raise_for_status()
6262
return response.json()["task"]
6363

6464
def __poll_status_and_result(self, task_id: str) -> dict:
6565
response_json = None
66-
url = f"{self.base_url}/file/task/{task_id}"
66+
url = f"{self.url}/file/task/{task_id}"
6767
for chance in range(self.max_tries):
6868
logger.info(f"Polling try#{chance+1}")
6969
response = self.__session.get(url)

api_app/analyzers_manager/migrations/0087_alter_mmdbserver_param.py

+26
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
from django.db import migrations
2+
3+
4+
def migrate(apps, schema_editor):
5+
PythonModule = apps.get_model("api_app", "PythonModule")
6+
7+
pm = PythonModule.objects.get(
8+
module="mmdb_server.MmdbServer",
9+
base_path="api_app.analyzers_manager.observable_analyzers",
10+
)
11+
param = pm.parameters.get(name="base_url")
12+
param.name = "url"
13+
param.save()
14+
15+
16+
def reverse_migrate(apps, schema_editor):
17+
pass
18+
19+
20+
class Migration(migrations.Migration):
21+
dependencies = [
22+
("analyzers_manager", "0086_analyzer_config_blint"),
23+
]
24+
operations = [
25+
migrations.RunPython(migrate, reverse_migrate),
26+
]

api_app/analyzers_manager/migrations/0088_phoneinfoga_parameters.py

+53
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
from django.db import migrations
2+
3+
4+
def migrate(apps, schema_editor):
5+
Parameter = apps.get_model("api_app", "Parameter")
6+
PluginConfig = apps.get_model("api_app", "PluginConfig")
7+
PythonModule = apps.get_model("api_app", "PythonModule")
8+
pm = PythonModule.objects.get(
9+
module="phoneinfoga_scan.Phoneinfoga",
10+
base_path="api_app.analyzers_manager.observable_analyzers",
11+
)
12+
Parameter.objects.create(
13+
name="googlecse_max_results",
14+
type="int",
15+
description="Number of Google results for [Phoneinfoga](https://sundowndev.github.io/phoneinfoga/)",
16+
is_secret=False,
17+
required=False,
18+
python_module=pm,
19+
)
20+
p2 = Parameter.objects.create(
21+
name="scanners",
22+
type="list",
23+
description="List of scanner names for [Phoneinfoga](https://sundowndev.github.io/phoneinfoga/). Available options are: `local,numverify,googlecse,ovh`",
24+
is_secret=False,
25+
required=False,
26+
python_module=pm,
27+
)
28+
p3 = Parameter.objects.get(name="scanner_name", python_module=pm)
29+
for config in pm.analyzerconfigs.all():
30+
pcs = PluginConfig.objects.filter(analyzer_config=config, parameter=p3)
31+
for pc in pcs:
32+
pc.value = [pc.value]
33+
pc.parameter = p2
34+
pc.save()
35+
p3.delete()
36+
Parameter.objects.create(
37+
name="all_scanners",
38+
type="bool",
39+
description="Set this to True to enable all available scanners. "
40+
"If enabled, this overwrite the scanner param",
41+
is_secret=False,
42+
required=False,
43+
python_module=pm,
44+
)
45+
46+
47+
class Migration(migrations.Migration):
48+
atomic = False
49+
dependencies = [
50+
("analyzers_manager", "0087_alter_mmdbserver_param"),
51+
]
52+
53+
operations = [migrations.RunPython(migrate, migrations.RunPython.noop)]

0 commit comments

Comments
 (0)