Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix bug on preview_service & pdf2txt_service & macro_extract_service #330

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix bug on preview_service & pdf2txt_service & macro_extract_service #330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions macro_extract_service/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ def run(self, obj, config):
if result['success']:
obj.add_relationship(
result['object'],
RelationshipTypes.RELATED_TO,
analyst=username,
RelationshipTypes.CONTAINED_WITHIN,
analyst=username.username,
rel_reason="Extracted from related Sample"
)
obj.save()
Expand Down
5 changes: 3 additions & 2 deletions pdf2txt_service/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,11 +167,12 @@ def run(self, obj, config):
self._warning("obj.id: %s, raw_id:%s, suc: %s" % (str(obj.id), str(raw_obj.id), repr(res['success']) ) )
# update relationship if a related top-level object is supplied
rel_type = RelationshipTypes.RELATED_TO
rel_type = RelationshipTypes.CONTAINED_WITHIN #bug in crits, display contains instead of contained within ...
if obj.id != raw_obj.id: #don't form relationship to itself
resy = obj.add_relationship(rel_item=raw_obj,
rel_type=rel_type,
rel_date=datetime.now(),
analyst=self.current_task.user)
rel_date=datetime.now()) #,
#analyst=self.current_task.user) #remove analyste because make error: Error running service: Cannot encode object: <SimpleLazyObject: <CRITsUser: $user>>
obj.save(username=self.current_task.user.username)
raw_obj.save(username=self.current_task.user.username)
self._warning("resy: %s" % (str(resy)) )
Expand Down
15 changes: 11 additions & 4 deletions preview_service/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ def parse_config(config):
if not 'antiword' in antiword_path.lower():
raise ServiceConfigError("Executable does not appear to be antiword.")

tlp_value = config.get("tlp_value", "")

@staticmethod
def get_config(existing_config):
# Generate default config from form and initial values.
Expand All @@ -75,7 +77,8 @@ def get_config(existing_config):
@staticmethod
def get_config_details(config):
return {'pdftoppm_path': config['pdftoppm_path'],
'antiword_path': config['antiword_path']}
'antiword_path': config['antiword_path'],
'tlp_value': config['tlp_value']}

@classmethod
def generate_config_form(self, config):
Expand Down Expand Up @@ -117,6 +120,7 @@ def run(self, obj, config):
obj.filedata.seek(0)
data8 = obj.filedata.read(8)
obj.filedata.seek(0)
tlp_value = self.config.get("tlp_value", "tlp_value")
if not obj.is_pdf() and not data8.startswith("\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1"):
self._debug("preview image started.")
try:
Expand All @@ -138,10 +142,11 @@ def run(self, obj, config):
method=self.name,
source=obj.source,
reference=None,
analyst=self.current_task.user,
analyst=self.current_task.user.username,
screenshot=ofile,
screenshot_ids=None,
oid=obj.id,
tlp=tlp_value,
otype="Sample")
if res.get('message') and res.get('success') == True:
self._warning("res-message: %s id:%s" % (res.get('message'), res.get('id') ) )
Expand Down Expand Up @@ -190,10 +195,11 @@ def run(self, obj, config):
method=self.name,
source=obj.source,
reference=None,
analyst=self.current_task.user,
analyst=self.current_task.user.username,
screenshot=fileh,
screenshot_ids=None,
oid=obj.id,
tlp=tlp_value,
otype="Sample")
if res.get('message') and res.get('success') == True:
self._warning("res-message: %s id:%s" % (res.get('message'), res.get('id') ) )
Expand Down Expand Up @@ -236,10 +242,11 @@ def run(self, obj, config):
method=self.name,
source=obj.source,
reference=None,
analyst=self.current_task.user,
analyst=self.current_task.user.username,
screenshot=fileh,
screenshot_ids=None,
oid=obj.id,
tlp=tlp_value,
otype="Sample")
if res.get('message') and res.get('success') == True:
self._warning("res-message: %s id:%s" % (res.get('message'), res.get('id') ) )
Expand Down
7 changes: 7 additions & 0 deletions preview_service/forms.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,13 @@ class previewConfigForm(forms.Form):
widget=forms.TextInput(),
help_text="Full path to antiword binary.")

tlp_value = forms.CharField(required=True,
label="Tlp value",
initial='red',
widget=forms.TextInput(),
help_text="Indicate TLP value.")

def __init__(self, *args, **kwargs):
kwargs.setdefault('label_suffix', ':')
super(previewConfigForm, self).__init__(*args, **kwargs)