def analyze_by_hash_command(intezer_api: IntezerApi, args: Dict[str, str]) -> CommandResults: file_hash = args.get('file_hash') if not file_hash: raise ValueError('Missing file hash') analysis = Analysis(file_hash=file_hash, api=intezer_api) try: analysis.send() analysis_id = analysis.analysis_id context_json = { 'ID': analysis.analysis_id, 'Status': 'Created', 'type': 'File' } return CommandResults( outputs_prefix='Intezer.Analysis', outputs_key_field='ID', outputs=context_json, readable_output='Analysis created successfully: {}'.format( analysis_id)) except HashDoesNotExistError: return _get_missing_file_result(file_hash) except AnalysisIsAlreadyRunning as error: return _get_analysis_running_result(response=error.response)
def test_send_analysis_by_file_with_disable_unpacking(self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze', status=201, json={'result_url': 'a/sd/asd'}) mock.add('GET', url=self.full_url + '/analyses/asd', status=200, json={'result': 'report'}) analysis = Analysis(file_path='a', disable_dynamic_unpacking=True, disable_static_unpacking=True) with patch(self.patch_prop, mock_open(read_data='data')): # Act analysis.send(wait=True) # Assert self.assertEqual(analysis.status, consts.AnalysisStatusCode.FINISH) self.assertEqual(analysis.result(), 'report') request_body = mock.calls[0].request.body.decode() self.assertTrue( 'Content-Disposition: form-data; name="disable_static_extraction"\r\n\r\nTrue' in request_body) self.assertTrue( 'Content-Disposition: form-data; name="disable_dynamic_execution"\r\n\r\nTrue' in request_body)
def test_send_analysis_by_file_sent_analysis_with_pulling_and_get_status_finish( self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze', status=201, json={'result_url': 'a/sd/asd'}) mock.add('GET', url=self.full_url + '/analyses/asd', status=202) mock.add('GET', url=self.full_url + '/analyses/asd', status=202) mock.add('GET', url=self.full_url + '/analyses/asd', status=200, json={'result': 'report'}) analysis = Analysis(file_path='a') with patch(self.patch_prop, mock_open(read_data='data')): # Act analysis.send() analysis.check_status() analysis.check_status() analysis.check_status() # Assert self.assertEqual(analysis.status, consts.AnalysisStatusCode.FINISH)
def test_send_analysis_by_sha256_that_dont_exist_raise_error(self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze-by-hash', status=404) analysis = Analysis(file_hash='a' * 64) # Act + Assert with self.assertRaises(errors.HashDoesNotExistError): analysis.send()
def send_file_with_wait( file_path, dynamic_unpacking=None, static_unpacking=None): # type: (str, bool, bool) -> None api.set_global_api('<api_key>') analysis = Analysis(file_path=file_path, dynamic_unpacking=dynamic_unpacking, static_unpacking=static_unpacking) analysis.send(wait=True) pprint(analysis.result())
def send_file_without_wait( file_path, dynamic_unpacking, static_unpacking): # type: (str, bool, bool) -> None api.set_global_api('<api_key>') analysis = Analysis(file_path=file_path, dynamic_unpacking=dynamic_unpacking, static_unpacking=static_unpacking) analysis.send() analysis.wait_for_completion() pprint(analysis.result())
def test_send_analysis_that_running_on_server_raise_error(self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze-by-hash', status=409, json={'result_url': 'a/sd/asd'}) analysis = Analysis(file_hash='a' * 64) # Act + Assert with self.assertRaises(errors.AnalysisIsAlreadyRunning): analysis.send()
def test_send_analysis_by_sha256_sent_analysis_and_sets_status(self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze-by-hash', status=201, json={'result_url': 'a/sd/asd'}) analysis = Analysis(file_hash='a' * 64) # Act analysis.send() # Assert self.assertEqual(analysis.status, consts.AnalysisStatusCode.CREATED)
def test_send_analysis_by_file_with_file_stream_sent_analysis(self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze', status=201, json={'result_url': 'a/sd/asd'}) analysis = Analysis(file_stream=__file__) # Act analysis.send() # Assert self.assertEqual(analysis.status, consts.AnalysisStatusCode.CREATED)
def test_analysis_by_file_correct_code_item_type(self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze', status=201, json={'result_url': 'a/sd/asd'}) analysis = Analysis(file_path='a', code_item_type='memory_module') with patch(self.patch_prop, mock_open(read_data='data')): # Act analysis.send() # Assert self.assertEqual(analysis.status, consts.AnalysisStatusCode.CREATED)
def analyze_file_command(file_path, no_unpacking, no_static_unpacking): if not utilities.is_supported_file(file_path): click.echo('File is not PE, ELF, DEX or APK') return try: analysis = Analysis(file_path=file_path, dynamic_unpacking=no_unpacking, static_unpacking=no_static_unpacking) analysis.send() if default_config.is_cloud: click.echo( 'Analysis created. In order to check its result, go to: {}/{}'.format(default_config.analyses_url, analysis.analysis_id)) else: click.echo('Analysis created. In order to check its result go to Intezer analyze history page') except sdk_errors.IntezerError as e: click.echo('Analyze error: {}'.format(e))
def intezer_upload(): if not len(config.INTEZER_APIKEY): return jsonify({"error": "NO API KEY"}), 200 path = request.args.get('path', '') if not os.path.isfile(path): return jsonify({"error": "%s is not a valid file or the system could not access it" % path}), 200 try: api.set_global_api(config.INTEZER_APIKEY) analysis = Analysis(file_path=path, dynamic_unpacking=None, static_unpacking=None) analysis.send(True) except errors.IntezerError as e: return jsonify({"error": "Error occurred: " + e.args[0]}), 200 return jsonify(analysis.result()), 200
def test_send_analysis_by_file_sends_analysis_with_waits_to_compilation_when_requested( self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze', status=201, json={'result_url': 'a/sd/asd'}) mock.add('GET', url=self.full_url + '/analyses/asd', status=200, json={'result': 'report'}) analysis = Analysis(file_path='a') with patch(self.patch_prop, mock_open(read_data='data')): # Act analysis.send(wait=True) # Assert self.assertEqual(analysis.status, consts.AnalysisStatusCode.FINISH)
def test_analysis_check_status_after_analysis_finish_raise_error(self): # Arrange with responses.RequestsMock() as mock: mock.add('POST', url=self.full_url + '/analyze', status=201, json={'result_url': 'a/sd/asd'}) mock.add('GET', url=self.full_url + '/analyses/asd', status=200, json={'result': 'report'}) analysis = Analysis(file_path='a') with patch(self.patch_prop, mock_open(read_data='data')): # Act analysis.send(wait=True) # Assert with self.assertRaises(errors.IntezerError): analysis.check_status()
def run(self): result = {} try: intezer_sdk.consts.USER_AGENT = "IntelOwl" # run analysis analysis = Analysis(file_hash=self.observable_name) analysis.send(wait=False) analysis.wait_for_completion( interval=self.poll_interval, sleep_before_first_check=True, timeout=timedelta(seconds=self.timeout), ) result.update(analysis.result(), hash_found=True) except (intezer_errors.HashDoesNotExistError, intezer_errors.InsufficientQuota): result.update(hash_found=False) except intezer_errors.IntezerError as e: raise AnalyzerRunException(e) return result
def analyze_by_uploaded_file_command(intezer_api: IntezerApi, args: dict) -> CommandResults: file_id = args.get('file_entry_id') file_data = demisto.getFilePath(file_id) try: analysis = Analysis(file_path=file_data['path'], api=intezer_api) analysis.send() context_json = { 'ID': analysis.analysis_id, 'Status': 'Created', 'type': 'File' } return CommandResults( outputs_prefix='Intezer.Analysis', outputs_key_field='ID', outputs=context_json, readable_output='Analysis created successfully: {}'.format( analysis.analysis_id)) except AnalysisIsAlreadyRunning as error: return _get_analysis_running_result(response=error.response)
def analysis_by_hash_without_wait(file_hash): # type: (str) -> None api.set_global_api('<api_key>') analysis = Analysis(file_hash=file_hash) analysis.send() analysis.wait_for_completion() pprint(analysis.result())
def analysis_by_hash_with_wait(file_hash): # type: (str) -> None api.set_global_api('<api_key>') analysis = Analysis(file_hash=file_hash) analysis.send(wait=True) pprint(analysis.result())