intelowlproject · AnshSinghal · Aug 28, 2024 · Jan 2, 2025 · Jan 7, 2025 · Feb 13, 2025
diff --git a/api_app/analyzers_manager/file_analyzers/debloat.py b/api_app/analyzers_manager/file_analyzers/debloat.py
@@ -0,0 +1,75 @@
+# This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl
+# See the file 'LICENSE' for copying permission.
+
+
+import subprocess
+
+from api_app.analyzers_manager.classes import FileAnalyzer
+from api_app.analyzers_manager.exceptions import AnalyzerRunException
+from tests.mock_utils import MockUpResponse, if_mock_connections, patch
+
+
+class DebloatAnalyzer(FileAnalyzer):
+    """
+    DebloatAnalyzer:
+    This analyzer uses the Debloat tool to process large files by removing unnecessary data.
+    It inherits common file handling and logging methods from FileAnalyzer.
+    """
+
+    tool_name: str = "Debloat"
+
+    @classmethod
+    def update(cls) -> bool:
+        # Minimal implementation to satisfy the abstract method requirement.
+        return True
+
+    def run(self):
+        try:
+            file_path = self.filepath
+            if not file_path:
+                raise AnalyzerRunException("File path not found.")
+
+            install_command = ["pip", "install", "debloat"]
+            process = subprocess.run(
+                install_command,
+                capture_output=True,
+                text=True,
+                timeout=300,
+                check=False,
+            )
+            command = [
+                "/usr/local/bin/debloat",
+                file_path,
+                "--output",
+                file_path + "_cleaned",
+            ]
+            process = subprocess.run(
+                command, capture_output=True, text=True, timeout=300, check=False
+            )
+
+            if process.returncode != 0:
+                raise AnalyzerRunException(
+                    f"Debloat failed with error: {process.stderr}"
+                )
+
+            return {
+                "status": "success",
+                "message": "Debloat successfully cleaned the file.",
+            }
+
+        except subprocess.TimeoutExpired:
+            raise AnalyzerRunException("Debloat took too long to process the file.")
+        except Exception as e:
+            raise AnalyzerRunException(f"Debloat failed with error: {str(e)}")
+
+    @classmethod
+    def _monkeypatch(cls):
+        patches = [
+            if_mock_connections(
+                patch(
+                    "subprocess.run",
+                    return_value=MockUpResponse({"status": "success"}, 200),
+                ),
+            )
+        ]
+        return super()._monkeypatch(patches=patches)
diff --git a/api_app/analyzers_manager/migrations/0144_analyzer_config_debloat.py b/api_app/analyzers_manager/migrations/0144_analyzer_config_debloat.py
@@ -0,0 +1,128 @@
+from django.db import migrations
+from django.db.models.fields.related_descriptors import (
+    ForwardManyToOneDescriptor,
+    ForwardOneToOneDescriptor,
+    ManyToManyDescriptor,
+    ReverseManyToOneDescriptor,
+    ReverseOneToOneDescriptor,
+)
+
+plugin = {
+    "python_module": {
+        "health_check_schedule": None,
+        "update_schedule": None,
+        "module": "debloat.DebloatAnalyzer",
+        "base_path": "api_app.analyzers_manager.file_analyzers",
+    },
+    "name": "Debloat",
+    "description": "The Debloat tool is integrated as a pip library and is useful when a file is too large or not accepted by a malware analysis service.",
+    "disabled": False,
+    "soft_time_limit": 60,
+    "routing_key": "default",
+    "health_check_status": True,
+    "type": "file",
+    "docker_based": False,
+    "maximum_tlp": "RED",
+    "observable_supported": [],
+    "supported_filetypes": ["application/vnd.microsoft.portable-executable"],
+    "run_hash": False,
+    "run_hash_type": "",
+    "not_supported_filetypes": [],
+    "mapping_data_model": {},
+    "model": "analyzers_manager.AnalyzerConfig",
+}
+
+params = []
+
+values = []
+
+
+def _get_real_obj(Model, field, value):
+    def _get_obj(Model, other_model, value):
+        if isinstance(value, dict):
+            real_vals = {}
+            for key, real_val in value.items():
+                real_vals[key] = _get_real_obj(other_model, key, real_val)
+            value = other_model.objects.get_or_create(**real_vals)[0]
+        # it is just the primary key serialized
+        else:
+            if isinstance(value, int):
+                if Model.__name__ == "PluginConfig":
+                    value = other_model.objects.get(name=plugin["name"])
+                else:
+                    value = other_model.objects.get(pk=value)
+            else:
+                value = other_model.objects.get(name=value)
+        return value
+
+    if (
+        type(getattr(Model, field))
+        in [
+            ForwardManyToOneDescriptor,
+            ReverseManyToOneDescriptor,
+            ReverseOneToOneDescriptor,
+            ForwardOneToOneDescriptor,
+        ]
+        and value
+    ):
+        other_model = getattr(Model, field).get_queryset().model
+        value = _get_obj(Model, other_model, value)
+    elif type(getattr(Model, field)) in [ManyToManyDescriptor] and value:
+        other_model = getattr(Model, field).rel.model
+        value = [_get_obj(Model, other_model, val) for val in value]
+    return value
+
+
+def _create_object(Model, data):
+    mtm, no_mtm = {}, {}
+    for field, value in data.items():
+        value = _get_real_obj(Model, field, value)
+        if type(getattr(Model, field)) is ManyToManyDescriptor:
+            mtm[field] = value
+        else:
+            no_mtm[field] = value
+    try:
+        o = Model.objects.get(**no_mtm)
+    except Model.DoesNotExist:
+        o = Model(**no_mtm)
+        o.full_clean()
+        o.save()
+        for field, value in mtm.items():
+            attribute = getattr(o, field)
+            if value is not None:
+                attribute.set(value)
+        return False
+    return True
+
+
+def migrate(apps, schema_editor):
+    Parameter = apps.get_model("api_app", "Parameter")
+    PluginConfig = apps.get_model("api_app", "PluginConfig")
+    python_path = plugin.pop("model")
+    Model = apps.get_model(*python_path.split("."))
+    if not Model.objects.filter(name=plugin["name"]).exists():
+        exists = _create_object(Model, plugin)
+        if not exists:
+            for param in params:
+                _create_object(Parameter, param)
+            for value in values:
+                _create_object(PluginConfig, value)
+
+
+def reverse_migrate(apps, schema_editor):
+    python_path = plugin.pop("model")
+    Model = apps.get_model(*python_path.split("."))
+    Model.objects.get(name=plugin["name"]).delete()
+
+
+class Migration(migrations.Migration):
+    atomic = False
+    dependencies = [
+        ("api_app", "0065_job_mpnodesearch"),
+        (
+            "analyzers_manager",
+            "0143_alter_analyzer_config_phishing_extractor_and_form_compiler",
+        ),
+    ]
+
+    operations = [migrations.RunPython(migrate, reverse_migrate)]
diff --git a/requirements/project-requirements.txt b/requirements/project-requirements.txt
@@ -88,7 +88,7 @@ dotnetfile==0.2.4
 docxpy==0.8.5
 pylnk3==0.4.2
 androguard==3.4.0a1 # version >=4.x of androguard raises a dependency conflict with quark-engine==25.1.1
-wad==0.4.6
+debloat==1.6.3
 
 # this is required because XLMMacroDeobfuscator does not pin the following packages
 pyxlsb2==0.0.8