Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
16 changed files
with
279 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
import requests | ||
import logging | ||
|
||
from api_app.helpers import get_binary | ||
from api_app.script_analyzers.classes import FileAnalyzer, DockerBasedAnalyzer | ||
from api_app.exceptions import AnalyzerConfigurationException | ||
|
||
logger = logging.getLogger(__name__) | ||
|
||
|
||
class BoxJS(FileAnalyzer, DockerBasedAnalyzer): | ||
name: str = "box-js" | ||
base_url: str = "http://boxjs:4003" | ||
url: str = f"{base_url}/boxjs" | ||
# http request polling max number of tries | ||
max_tries: int = 20 | ||
# interval between http request polling (in secs) | ||
poll_distance: int = 10 | ||
|
||
def run(self): | ||
# construct a valid filename into which thug will save the result | ||
fname = str(self.filename).replace("/", "_").replace(" ", "_") | ||
# get the file to send | ||
binary = get_binary(self.job_id) | ||
# construct arguments, For example this corresponds to, | ||
# box-js sample.js --output-dir=result --timeout 200 --no-kill --no-shell-error | ||
args = [ | ||
f"@{fname}", | ||
"--output-dir=/tmp/boxjs", | ||
"--timeout 200", | ||
"--no-kill", | ||
"--no-shell-error", | ||
"--no-echo", | ||
] | ||
|
||
# step #1: request new analysis | ||
logger.debug(f"Making request with arguments: {args} <- {self.__repr__()}") | ||
try: | ||
resp1 = requests.post( | ||
self.url, files={fname: binary}, data={"args": args,}, | ||
) | ||
except requests.exceptions.ConnectionError: | ||
raise AnalyzerConfigurationException( | ||
f"{self.name} docker container is not running." | ||
) | ||
|
||
# step #2: raise AnalyzerRunException in case of error | ||
assert self._raise_in_case_bad_request(self.name, resp1) | ||
|
||
# step #3: if no error, continue try to fetch result | ||
key = resp1.json().get("key", None) | ||
return self._get_result_from_a_dir(key, fname) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
FROM python:3.8.4-alpine3.12 | ||
|
||
ENV PROJECT_PATH /opt/deploy | ||
ENV LOG_PATH /var/log/intel_owl/box-js | ||
|
||
# update and install packages | ||
RUN apk update && apk add --no-cache git nodejs npm file gcc m4 | ||
|
||
# Add a new low-privileged user | ||
RUN adduser -DH --shell /sbin/login boxjs-user | ||
|
||
# Install Box-js | ||
RUN apk add --no-cache -U --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing aufs-util \ | ||
&& npm install box-js --global --production \ | ||
&& mkdir -p /tmp/boxjs \ | ||
&& chown -R boxjs-user:boxjs-user /tmp/boxjs | ||
|
||
# Build Flask REST API | ||
WORKDIR ${PROJECT_PATH}/boxjs-flask | ||
COPY entrypoint.sh app.py requirements.txt ./ | ||
RUN pip3 install -r requirements.txt --no-cache-dir \ | ||
&& chown -R boxjs-user:boxjs-user . \ | ||
&& chmod +x entrypoint.sh | ||
|
||
# Serve Flask application using gunicorn | ||
EXPOSE 4003 | ||
ENTRYPOINT ["./entrypoint.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
# system imports | ||
import os | ||
import logging | ||
import json | ||
import shutil | ||
import secrets | ||
|
||
# web imports | ||
from flask import Flask, jsonify, make_response, safe_join, request | ||
from flask_executor import Executor | ||
from flask_shell2http import Shell2HTTP | ||
|
||
# Logging configuration | ||
# get flask-shell2http logger instance | ||
logger = logging.getLogger("flask_shell2http") | ||
# logger config | ||
formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s") | ||
log_level = os.getenv("LOG_LEVEL", logging.INFO) | ||
log_path = os.getenv("LOG_PATH", "/var/log/intel_owl/box-js") | ||
# create new file handlers, files are created if doesn't already exists | ||
fh = logging.FileHandler(f"{log_path}/box-js.log") | ||
fh.setFormatter(formatter) | ||
fh.setLevel(log_level) | ||
fh_err = logging.FileHandler(f"{log_path}/box-js_errors.log") | ||
fh_err.setFormatter(formatter) | ||
fh_err.setLevel(logging.ERROR) | ||
# add the handlers to the logger | ||
logger.addHandler(fh) | ||
logger.addHandler(fh_err) | ||
logger.setLevel(log_level) | ||
|
||
# Globals | ||
app = Flask(__name__) | ||
app.config["SECRET_KEY"] = secrets.token_hex(16) | ||
executor = Executor(app) | ||
shell2http = Shell2HTTP(app, executor) | ||
|
||
# with this, we can make http calls to the endpoint: /boxjs | ||
shell2http.register_command(endpoint="boxjs", command_name="box-js") | ||
|
||
|
||
@app.route("/get-result") | ||
def get_result(): | ||
# user provides us with dir_name i.e {filename}.results | ||
fname = request.args.get("name", None) | ||
try: | ||
if not fname: | ||
raise Exception("No name in GET request's query params.") | ||
dir_loc = safe_join("/tmp/boxjs", fname + ".results") | ||
result = read_files_and_make_result(dir_loc) | ||
|
||
return make_response(jsonify(result), 200) | ||
except Exception as e: | ||
return make_response(jsonify(error=str(e)), 400) | ||
|
||
|
||
def read_files_and_make_result(dir_loc): | ||
result = {} | ||
files_to_read = [ | ||
"IOC.json", | ||
"snippets.json", | ||
"resources.json", | ||
"analysis.log", | ||
"urls.json", | ||
"active_urls.json", | ||
] | ||
# Read output from files one by one | ||
for fname in files_to_read: | ||
try: | ||
with open(safe_join(dir_loc, fname)) as fp: | ||
if fname.endswith(".json"): | ||
result[fname] = json.load(fp) | ||
else: | ||
result[fname] = fp.readlines() | ||
except FileNotFoundError: | ||
result[fname] = f"FileNotFoundError: {fname}" | ||
|
||
# Remove the directory | ||
shutil.rmtree(dir_loc, ignore_errors=True) | ||
|
||
return result |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/sh | ||
|
||
touch ${LOG_PATH}/gunicorn_access.log ${LOG_PATH}/gunicorn_errors.log | ||
chown -R boxjs-user:boxjs-user ${LOG_PATH} | ||
su boxjs-user -s /bin/sh | ||
exec gunicorn 'app:app' \ | ||
--bind '0.0.0.0:4003' \ | ||
--user boxjs-user \ | ||
--log-level ${LOG_LEVEL} \ | ||
--access-logfile ${LOG_PATH}/gunicorn_access.log \ | ||
--error-logfile ${LOG_PATH}/gunicorn_errors.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
click==7.1.1 | ||
Flask==1.1.2 | ||
Flask-Executor==0.9.3 | ||
Flask-Shell2HTTP==1.2.0 | ||
itsdangerous==1.1.0 | ||
Jinja2==2.11.2 | ||
MarkupSafe==1.1.1 | ||
Werkzeug==1.0.1 | ||
gunicorn==20.0.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# IMPORTANT: The version must match the version of docker-compose.yml | ||
--- | ||
version: '3' | ||
|
||
# All additional integrations should be added following this format only. | ||
|
||
services: | ||
boxjs: | ||
build: | ||
context: ./integrations/box-js | ||
dockerfile: Dockerfile | ||
container_name: intelowl_boxjs | ||
restart: unless-stopped | ||
expose: | ||
- "4003" | ||
env_file: | ||
- env_file_integrations | ||
volumes: | ||
- generic_logs:/var/log/intel_owl | ||
depends_on: | ||
- uwsgi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
# IMPORTANT: The version must match the version of docker-compose.yml | ||
--- | ||
version: '3' | ||
|
||
# All additional integrations should be added following this format only. | ||
|
||
services: | ||
boxjs: | ||
image: intelowlproject/intelowl_boxjs | ||
container_name: intelowl_boxjs | ||
restart: unless-stopped | ||
expose: | ||
- "4003" | ||
env_file: | ||
- env_file_integrations | ||
volumes: | ||
- generic_logs:/var/log/intel_owl | ||
depends_on: | ||
- uwsgi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.