def analyze_by_hash_command(intezer_api: IntezerApi,
args: Dict[str, str]) -> CommandResults:
file_hash = args.get('file_hash')
if not file_hash:
raise ValueError('Missing file hash')
analysis = Analysis(file_hash=file_hash, api=intezer_api)
try:
analysis.send()
analysis_id = analysis.analysis_id
context_json = {
'ID': analysis.analysis_id,
'Status': 'Created',
'type': 'File'
}
return CommandResults(
outputs_prefix='Intezer.Analysis',
outputs_key_field='ID',
outputs=context_json,
readable_output='Analysis created successfully: {}'.format(
analysis_id))
except HashDoesNotExistError:
return _get_missing_file_result(file_hash)
except AnalysisIsAlreadyRunning as error:
return _get_analysis_running_result(response=error.response)
def test_send_analysis_by_file_with_disable_unpacking(self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze',
status=201,
json={'result_url': 'a/sd/asd'})
mock.add('GET',
url=self.full_url + '/analyses/asd',
status=200,
json={'result': 'report'})
analysis = Analysis(file_path='a',
disable_dynamic_unpacking=True,
disable_static_unpacking=True)
with patch(self.patch_prop, mock_open(read_data='data')):
# Act
analysis.send(wait=True)
# Assert
self.assertEqual(analysis.status, consts.AnalysisStatusCode.FINISH)
self.assertEqual(analysis.result(), 'report')
request_body = mock.calls[0].request.body.decode()
self.assertTrue(
'Content-Disposition: form-data; name="disable_static_extraction"\r\n\r\nTrue'
in request_body)
self.assertTrue(
'Content-Disposition: form-data; name="disable_dynamic_execution"\r\n\r\nTrue'
in request_body)
def test_send_analysis_by_file_sent_analysis_with_pulling_and_get_status_finish(
self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze',
status=201,
json={'result_url': 'a/sd/asd'})
mock.add('GET', url=self.full_url + '/analyses/asd', status=202)
mock.add('GET', url=self.full_url + '/analyses/asd', status=202)
mock.add('GET',
url=self.full_url + '/analyses/asd',
status=200,
json={'result': 'report'})
analysis = Analysis(file_path='a')
with patch(self.patch_prop, mock_open(read_data='data')):
# Act
analysis.send()
analysis.check_status()
analysis.check_status()
analysis.check_status()
# Assert
self.assertEqual(analysis.status, consts.AnalysisStatusCode.FINISH)
def test_send_analysis_by_sha256_that_dont_exist_raise_error(self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze-by-hash',
status=404)
analysis = Analysis(file_hash='a' * 64)
# Act + Assert
with self.assertRaises(errors.HashDoesNotExistError):
analysis.send()
def send_file_with_wait(
file_path,
dynamic_unpacking=None,
static_unpacking=None): # type: (str, bool, bool) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_path=file_path,
dynamic_unpacking=dynamic_unpacking,
static_unpacking=static_unpacking)
analysis.send(wait=True)
pprint(analysis.result())
def send_file_without_wait(
file_path, dynamic_unpacking,
static_unpacking): # type: (str, bool, bool) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_path=file_path,
dynamic_unpacking=dynamic_unpacking,
static_unpacking=static_unpacking)
analysis.send()
analysis.wait_for_completion()
pprint(analysis.result())
def test_send_analysis_that_running_on_server_raise_error(self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze-by-hash',
status=409,
json={'result_url': 'a/sd/asd'})
analysis = Analysis(file_hash='a' * 64)
# Act + Assert
with self.assertRaises(errors.AnalysisIsAlreadyRunning):
analysis.send()
def test_send_analysis_by_sha256_sent_analysis_and_sets_status(self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze-by-hash',
status=201,
json={'result_url': 'a/sd/asd'})
analysis = Analysis(file_hash='a' * 64)
# Act
analysis.send()
# Assert
self.assertEqual(analysis.status, consts.AnalysisStatusCode.CREATED)
def test_send_analysis_by_file_with_file_stream_sent_analysis(self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze',
status=201,
json={'result_url': 'a/sd/asd'})
analysis = Analysis(file_stream=__file__)
# Act
analysis.send()
# Assert
self.assertEqual(analysis.status, consts.AnalysisStatusCode.CREATED)
def test_analysis_by_file_correct_code_item_type(self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze',
status=201,
json={'result_url': 'a/sd/asd'})
analysis = Analysis(file_path='a', code_item_type='memory_module')
with patch(self.patch_prop, mock_open(read_data='data')):
# Act
analysis.send()
# Assert
self.assertEqual(analysis.status, consts.AnalysisStatusCode.CREATED)
def analyze_file_command(file_path, no_unpacking, no_static_unpacking):
if not utilities.is_supported_file(file_path):
click.echo('File is not PE, ELF, DEX or APK')
return
try:
analysis = Analysis(file_path=file_path,
dynamic_unpacking=no_unpacking,
static_unpacking=no_static_unpacking)
analysis.send()
if default_config.is_cloud:
click.echo(
'Analysis created. In order to check its result, go to: {}/{}'.format(default_config.analyses_url,
analysis.analysis_id))
else:
click.echo('Analysis created. In order to check its result go to Intezer analyze history page')
except sdk_errors.IntezerError as e:
click.echo('Analyze error: {}'.format(e))
def intezer_upload():
if not len(config.INTEZER_APIKEY):
return jsonify({"error": "NO API KEY"}), 200
path = request.args.get('path', '')
if not os.path.isfile(path):
return jsonify({"error": "%s is not a valid file or the system could not access it" % path}), 200
try:
api.set_global_api(config.INTEZER_APIKEY)
analysis = Analysis(file_path=path,
dynamic_unpacking=None,
static_unpacking=None)
analysis.send(True)
except errors.IntezerError as e:
return jsonify({"error": "Error occurred: " + e.args[0]}), 200
return jsonify(analysis.result()), 200
def test_send_analysis_by_file_sends_analysis_with_waits_to_compilation_when_requested(
self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze',
status=201,
json={'result_url': 'a/sd/asd'})
mock.add('GET',
url=self.full_url + '/analyses/asd',
status=200,
json={'result': 'report'})
analysis = Analysis(file_path='a')
with patch(self.patch_prop, mock_open(read_data='data')):
# Act
analysis.send(wait=True)
# Assert
self.assertEqual(analysis.status, consts.AnalysisStatusCode.FINISH)
def test_analysis_check_status_after_analysis_finish_raise_error(self):
# Arrange
with responses.RequestsMock() as mock:
mock.add('POST',
url=self.full_url + '/analyze',
status=201,
json={'result_url': 'a/sd/asd'})
mock.add('GET',
url=self.full_url + '/analyses/asd',
status=200,
json={'result': 'report'})
analysis = Analysis(file_path='a')
with patch(self.patch_prop, mock_open(read_data='data')):
# Act
analysis.send(wait=True)
# Assert
with self.assertRaises(errors.IntezerError):
analysis.check_status()
def run(self):
result = {}
try:
intezer_sdk.consts.USER_AGENT = "IntelOwl"
# run analysis
analysis = Analysis(file_hash=self.observable_name)
analysis.send(wait=False)
analysis.wait_for_completion(
interval=self.poll_interval,
sleep_before_first_check=True,
timeout=timedelta(seconds=self.timeout),
)
result.update(analysis.result(), hash_found=True)
except (intezer_errors.HashDoesNotExistError,
intezer_errors.InsufficientQuota):
result.update(hash_found=False)
except intezer_errors.IntezerError as e:
raise AnalyzerRunException(e)
return result
def analyze_by_uploaded_file_command(intezer_api: IntezerApi,
args: dict) -> CommandResults:
file_id = args.get('file_entry_id')
file_data = demisto.getFilePath(file_id)
try:
analysis = Analysis(file_path=file_data['path'], api=intezer_api)
analysis.send()
context_json = {
'ID': analysis.analysis_id,
'Status': 'Created',
'type': 'File'
}
return CommandResults(
outputs_prefix='Intezer.Analysis',
outputs_key_field='ID',
outputs=context_json,
readable_output='Analysis created successfully: {}'.format(
analysis.analysis_id))
except AnalysisIsAlreadyRunning as error:
return _get_analysis_running_result(response=error.response)
def analysis_by_hash_without_wait(file_hash): # type: (str) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_hash=file_hash)
analysis.send()
analysis.wait_for_completion()
pprint(analysis.result())
def analysis_by_hash_with_wait(file_hash): # type: (str) -> None
api.set_global_api('<api_key>')
analysis = Analysis(file_hash=file_hash)
analysis.send(wait=True)
pprint(analysis.result())
