Merge branch 'release/2.2.0'

Author: nadouani

CHANGELOG.md

@@ -0,0 +1,32 @@
+# Change Log
+
+## [2.1.0](https://github.com/TheHive-Project/cortexutils/tree/2.1.0) (2021-02-25)
+[Full Changelog](https://github.com/TheHive-Project/cortexutils/compare/2.0.0...2.1.0)
+
+**Implemented enhancements:**
+
+- API secret logging in Cortex analyzers [\#10](https://github.com/TheHive-Project/cortexutils/issues/10)
+
+**Fixed bugs:**
+
+- Various errors in unittests [\#17](https://github.com/TheHive-Project/cortexutils/issues/17)
+- \[Bug\] manage files in artifacts [\#16](https://github.com/TheHive-Project/cortexutils/issues/16)
+- The tests fail for the Worker Class:  io.UnsupportedOperation: fileno [\#7](https://github.com/TheHive-Project/cortexutils/issues/7)
+
+**Closed issues:**
+
+- Trying to add a binary file as observable from analyzer returns error [\#14](https://github.com/TheHive-Project/cortexutils/issues/14)
+- diagnostic output is not valid JSON [\#6](https://github.com/TheHive-Project/cortexutils/issues/6)
+
+**Merged pull requests:**
+
+- file attachment must be managed as binary [\#15](https://github.com/TheHive-Project/cortexutils/pull/15) ([dadokkio](https://github.com/dadokkio))
+
+## [2.0.0](https://github.com/TheHive-Project/cortexutils/tree/2.0.0) (2019-04-04)
+**Implemented enhancements:**
+
+- Deduplicate extracted artifacts from a job report [\#3](https://github.com/TheHive-Project/cortexutils/issues/3)
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

cortexutils/analyzer.py

@@ -14,8 +14,8 @@
 
 class Analyzer(Worker):
 
-    def __init__(self, job_directory=None):
-        Worker.__init__(self, job_directory)
+    def __init__(self, job_directory=None, secret_phrases=None):
+        Worker.__init__(self, job_directory, secret_phrases)
 
         # Not breaking compatibility
         self.artifact = self._input
@@ -102,11 +102,16 @@ def report(self, full_report, ensure_ascii=False):
             summary = self.summary(full_report)
         except Exception:
             pass
-
+        operation_list = []
+        try:
+            operation_list = self.operations(full_report)
+        except Exception:
+            pass
         super(Analyzer, self).report({
             'success': True,
             'summary': summary,
             'artifacts': self.artifacts(full_report),
+            'operations': operation_list,
             'full': full_report
         }, ensure_ascii)
 

cortexutils/responder.py

@@ -8,8 +8,8 @@
 
 class Responder(Worker):
 
-    def __init__(self, job_directory=None):
-        Worker.__init__(self, job_directory)
+    def __init__(self, job_directory=None, secret_phrases=None):
+        Worker.__init__(self, job_directory, secret_phrases)
 
         # Not breaking compatibility
         self.artifact = self._input
@@ -20,26 +20,6 @@ def get_data(self):
         :return: Data (observable value) given through Cortex"""
         return self.get_param('data', None, 'Missing data field')
 
-    @staticmethod
-    def build_operation(op_type, **parameters):
-        """
-        :param op_type: an operation type as a string
-        :param parameters: a dict including the operation's params
-        :return: dict
-        """
-        operation = {
-            'type': op_type
-        }
-        operation.update(parameters)
-
-        return operation
-
-    def operations(self, raw):
-        """Returns the list of operations to be executed after the job completes
-
-        :returns: by default return an empty array"""
-        return []
-
     def report(self, full_report, ensure_ascii=False):
         """Returns a json dict via stdout.
 

cortexutils/worker.py

@@ -1,23 +1,28 @@
 #!/usr/bin/env python
 # encoding: utf-8
 
-import os
-import sys
 import codecs
 import json
+import os
 import select
+import sys
 
+DEFAULT_SECRET_PHRASES = ("key", "password", "secret")
 
 class Worker(object):
     READ_TIMEOUT = 3  # seconds
 
-    def __init__(self, job_directory):
+    def __init__(self, job_directory, secret_phrases):
         if job_directory is None:
             if len(sys.argv) > 1:
                 job_directory = sys.argv[1]
             else:
                 job_directory = '/job'
         self.job_directory = job_directory
+        if secret_phrases is None:
+            self.secret_phrases = DEFAULT_SECRET_PHRASES
+        else:
+            self.secret_phrases = secret_phrases
         # Load input
         self._input = {}
         if os.path.isfile('%s/input/input.json' % self.job_directory):
@@ -127,6 +132,26 @@ def get_data(self):
         :return: Data (observable value) given through Cortex"""
         return self.get_param('data', None, 'Missing data field')
 
+    @staticmethod
+    def build_operation(op_type, **parameters):
+        """
+        :param op_type: an operation type as a string
+        :param parameters: a dict including the operation's params
+        :return: dict
+        """
+        operation = {
+            'type': op_type
+        }
+        operation.update(parameters)
+
+        return operation
+
+    def operations(self, raw):
+        """Returns the list of operations to be executed after the job completes
+
+        :returns: by default return an empty array"""
+        return []
+
     def get_param(self, name, default=None, message=None):
         """Just a wrapper for Analyzer.__get_param.
         :param name: Name of the parameter to get. JSON-like syntax, e.g. `config.username`
@@ -144,13 +169,13 @@ def error(self, message, ensure_ascii=False):
         # Get analyzer input
         analyzer_input = self._input
 
-        # Define sensitive key values
-        secrets = ['password', 'key', 'secret']
-
         # Loop over all the sensitive config names and clean them
-        for config_key, v in analyzer_input.get('config', {}).items():
-            if any(secret in config_key.lower() for secret in secrets):
-                analyzer_input.get('config', {})[config_key] = 'REMOVED'
+        for config_key in analyzer_input.get('config', {}).keys():
+            if any(
+                secret_phrase in config_key.lower() 
+                for secret_phrase in self.secret_phrases
+            ):
+                analyzer_input['config'][config_key] = 'REMOVED'
 
         self.__write_output({'success': False,
                              'input': analyzer_input,

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name='cortexutils',
-    version='2.1.0',
+    version='2.2.0',
     description='A Python library for including utility classes for Cortex analyzers and responders',
     long_description=open('README').read(),
     author='TheHive-Project',