async def test_analysis_request_serialization(system):
root = system.new_root()
observable = root.add_observable("test", "1.2.3.4")
request = observable.create_analysis_request(amt)
assert request == AnalysisRequest.from_dict(request.to_dict(), system)
assert request == AnalysisRequest.from_json(request.to_json(), system)
other = AnalysisRequest.from_dict(request.to_dict(), system)
assert request.id == other.id
assert request.observable == other.observable
assert request.type == other.type
assert request.status == other.status
assert request.owner == other.owner
assert request.original_root == other.original_root
assert request.modified_root == other.modified_root
other = AnalysisRequest.from_json(request.to_json(), system)
assert request.id == other.id
assert request.observable == other.observable
assert request.type == other.type
assert request.status == other.status
assert request.owner == other.owner
assert request.original_root == other.original_root
assert request.modified_root == other.modified_root
async def i_get_work(self, amt: str, timeout: float) -> Union[AnalysisRequest, None]:
async with self.get_redis_connection() as rc:
if not await rc.hexists(KEY_WORK_QUEUES, amt):
raise UnknownAnalysisModuleTypeError()
# if we're not looking to wait then we use LPOP
# this always returns a single result
if timeout == 0:
result = await rc.lpop(get_queue_name(amt))
if result is None:
return None
return AnalysisRequest.from_json(result.decode(), system=self)
else:
# if we have a timeout when we use BLPOP
result = await rc.blpop(get_queue_name(amt), timeout=timeout)
if result is None:
return None
# this can return a tuple of results (key, item1, item2, ...)
_, result = result
return AnalysisRequest.from_json(result.decode(), system=self)
async def i_get_cached_analysis_result(
self, cache_key: str) -> Union[AnalysisRequest, None]:
async with self.get_db() as db:
result = (await db.execute(
select(AnalysisResultCache).where(
AnalysisResultCache.cache_key == cache_key)
)).one_or_none()
if result is None:
return None
result = result[0]
if result.expiration_date is not None and utc_now(
) > result.expiration_date:
return None
return AnalysisRequest.from_json(result.json_data, system=self)
async def i_process_expired_analysis_requests(
self, amt: AnalysisModuleType) -> int:
assert isinstance(amt, AnalysisModuleType)
async with self.get_db() as db:
for db_request in await db.execute(
select(AnalysisRequestTracking).where(
and_(
AnalysisRequestTracking.analysis_module_type ==
amt.name,
datetime.datetime.now() >
AnalysisRequestTracking.expiration_date,
))):
request = AnalysisRequest.from_json(db_request[0].json_data,
self)
await self.fire_event(EVENT_AR_EXPIRED, request)
try:
await self.queue_analysis_request(request)
except UnknownAnalysisModuleTypeError:
self.delete_analysis_request(request)