Skip to content

Commit 781a8a2

Browse files
author
pranavshukla
committed
Initial sync before fix
1 parent 987765d commit 781a8a2

File tree

558 files changed

+87
-102719
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

558 files changed

+87
-102719
lines changed

api_app/analyzers_manager/observable_analyzers/ha_get.py

Lines changed: 87 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -31,53 +31,116 @@ def run(self):
3131
if obs_clsfn == Classification.DOMAIN:
3232
data = {"domain": self.observable_name}
3333
uri = "search/terms"
34+
response = requests.post(self.api_url + uri, data=data, headers=headers)
3435
elif obs_clsfn == Classification.IP:
3536
data = {"host": self.observable_name}
3637
uri = "search/terms"
38+
response = requests.post(self.api_url + uri, data=data, headers=headers)
3739
elif obs_clsfn == Classification.URL:
3840
data = {"url": self.observable_name}
3941
uri = "search/terms"
42+
response = requests.post(self.api_url + uri, data=data, headers=headers)
4043
elif obs_clsfn == Classification.HASH:
41-
data = {"hash": self.observable_name}
4244
uri = "search/hash"
45+
params = {"hash": self.observable_name}
46+
response = requests.get(self.api_url + uri, params=params, headers=headers)
4347
else:
4448
raise AnalyzerRunException(
4549
f"not supported observable type {obs_clsfn}. "
4650
"Supported are: hash, ip, domain and url"
4751
)
4852

49-
response = requests.post(self.api_url + uri, data=data, headers=headers)
5053
response.raise_for_status()
51-
5254
result = response.json()
53-
# adding permalink to results
54-
if isinstance(result, list):
55-
for job in result:
56-
sha256 = job.get("sha256", "")
57-
job_id = job.get("job_id", "")
58-
if sha256:
59-
job["permalink"] = f"{self.sample_url}/{sha256}"
60-
if job_id:
61-
job["permalink"] += f"/{job_id}"
55+
56+
if obs_clsfn == Classification.HASH and isinstance(result, list):
57+
detailed_results = []
58+
for item in result:
59+
if isinstance(item, dict) and (
60+
item.get("job_id") or item.get("verdict") or item.get("threat_score")
61+
):
62+
sha256 = item.get("sha256", "")
63+
job_id = item.get("job_id", "")
64+
if sha256:
65+
item["permalink"] = f"{self.sample_url}/{sha256}"
66+
if job_id:
67+
item["permalink"] += f"/{job_id}"
68+
detailed_results.append(item)
69+
else:
70+
sha256 = item if isinstance(item, str) else item.get("sha256") or item.get("hash")
71+
if sha256:
72+
overview_uri = f"overview/{sha256}"
73+
try:
74+
overview_response = requests.get(
75+
self.api_url + overview_uri, headers=headers
76+
)
77+
overview_response.raise_for_status()
78+
sample_summary = overview_response.json()
79+
job_id = sample_summary.get("job_id", "")
80+
sample_summary["permalink"] = f"{self.sample_url}/{sha256}"
81+
if job_id:
82+
sample_summary["permalink"] += f"/{job_id}"
83+
detailed_results.append(sample_summary)
84+
except requests.RequestException:
85+
if isinstance(item, dict):
86+
item["permalink"] = f"{self.sample_url}/{sha256}"
87+
detailed_results.append(item)
88+
elif isinstance(item, str):
89+
detailed_results.append(
90+
{
91+
"sha256": sha256,
92+
"permalink": f"{self.sample_url}/{sha256}",
93+
}
94+
)
95+
result = detailed_results if detailed_results else result
96+
else:
97+
if isinstance(result, list):
98+
for job in result:
99+
sha256 = job.get("sha256", "")
100+
job_id = job.get("job_id", "")
101+
if sha256:
102+
job["permalink"] = f"{self.sample_url}/{sha256}"
103+
if job_id:
104+
job["permalink"] += f"/{job_id}"
62105

63106
return result
64107

65108
@classmethod
66109
def _monkeypatch(cls):
110+
def side_effect(*args, **kwargs):
111+
url = args[0] if args else kwargs.get("url", "")
112+
# Mock GET /search/hash response (returns list of hashes)
113+
if "search/hash" in url and kwargs.get("params"):
114+
return MockUpResponse(
115+
["abcdefgh"],
116+
200,
117+
)
118+
# Mock GET /overview/{sha256} response (returns full SampleSummary)
119+
elif "overview/" in url:
120+
return MockUpResponse(
121+
{
122+
"job_id": "1",
123+
"sha256": "abcdefgh",
124+
"verdict": "malicious",
125+
},
126+
200,
127+
)
128+
# Mock POST /search/terms response (for domain, IP, URL)
129+
else:
130+
return MockUpResponse(
131+
[
132+
{
133+
"job_id": "1",
134+
"sha256": "abcdefgh",
135+
}
136+
],
137+
200,
138+
)
139+
67140
patches = [
68141
if_mock_connections(
69-
patch(
70-
"requests.post",
71-
return_value=MockUpResponse(
72-
[
73-
{
74-
"job_id": "1",
75-
"sha256": "abcdefgh",
76-
}
77-
],
78-
200,
79-
),
80-
),
142+
patch("requests.get", side_effect=side_effect),
143+
patch("requests.post", side_effect=side_effect),
81144
)
82145
]
83146
return super()._monkeypatch(patches=patches)

configuration/Kibana-Saved-Conf.ndjson

Lines changed: 0 additions & 12 deletions
This file was deleted.

configuration/cyberchef_recipes.json

Lines changed: 0 additions & 10 deletions
This file was deleted.

configuration/elastic_search_mappings/intel_owl_bi.json

Lines changed: 0 additions & 48 deletions
This file was deleted.

configuration/elastic_search_mappings/plugin_report.json

Lines changed: 0 additions & 69 deletions
This file was deleted.

configuration/intel_owl.ini

Lines changed: 0 additions & 29 deletions
This file was deleted.

configuration/ldap_config.py

Lines changed: 0 additions & 59 deletions
This file was deleted.

configuration/nginx/django_server.conf

Lines changed: 0 additions & 29 deletions
This file was deleted.

0 commit comments

Comments
 (0)