Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Playbooks (solves #628) #1123

Merged
merged 224 commits into from Oct 10, 2022
Merged

Playbooks (solves #628) #1123

merged 224 commits into from Oct 10, 2022

Conversation

0x0elliot
Copy link
Member

@0x0elliot 0x0elliot commented Jul 23, 2022
edited

Description

Playbooks are simple JSON configs that help scan observables/files in mass properly.

  • New feature (non-breaking change which adds functionality).

Checklist

  • I have read and understood the rules about how to Contribute to this project
  • The pull request is for the branch develop
  • If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
  • The tests gave 0 errors.
  • Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
  • If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md).

Important Rules

  • If your changes decrease the overall tests coverage (you will know after the Codecov CI job is done), you should add the required tests to fix the problem
  • Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review

Real World Example

image

@0x0elliot
Initialising work on Playbooks
98b4ed4
@0x0elliot
Setting up playbook_config.json
ead6745
@0x0elliot
Setting up playbook_config.json
1ecb583
@0x0elliot
Debugging playbook dataclass file
5006db3
@0x0elliot
Debugging playbook serializer file
f773eeb
@0x0elliot
Debugging playbook serializer file
40b2390
@0x0elliot
Debugging playbook serializer file
e276dd2
@0x0elliot
Debugging core serializer file for playbooks
bbf2da3
@0x0elliot
Debugging core serializer file for playbooks
722f300
@0x0elliot
Setting up test cases, urls and views for playbooks
167412f
@0x0elliot
Fixing playbook tests
34fc9e2
@0x0elliot
Adding playbooks urls
326e4da
@0x0elliot
Fixing playbooks urls
fc7047f
@0x0elliot
Debugging playbooks python_module
5cdcbad
@0x0elliot
Saving progress
5097914
@0x0elliot
Analyze request update.
dada182
@0x0elliot
Updated Job models
24b0e16
@0x0elliot
Cleaning playbooks_manager
2922df4
@0x0elliot
Cleaning playbooks_manager
b0687f7
@0x0elliot
Adding test playbook values
cfc99c9
@0x0elliot
Cleaning playbooks dataclass
d59b94d
@0x0elliot
Updating playbook_config.json for testin
47fe138
@0x0elliot
Debugging controller file
6344144
@0x0elliot
Debugging controller file
e04d42a
@0x0elliot
Debugging controller file
4d28516
@0x0elliot
Debugging controller file
96750fb
@0x0elliot
Adding playbook specific responses
9d7a9be
@0x0elliot
Debugging backend
7f25656
@0x0elliot
Optimising job reports for playbooks
cc9d67d
@0x0elliot
Adding frontend scanning support for IntelOwl.
9987bf5
@0x0elliot
Copy link
Member Author

ready for a merge?

@0x0elliot 0x0elliot requested a review from mlodic October 5, 2022 00:02
@mlodic
Copy link
Member

mlodic commented Oct 5, 2022

I have been busy again, I'll check this tomorrow afternoon

@mlodic
Copy link
Member

mlodic commented Oct 6, 2022
edited

encountered weird errors for ClamAV. you might need to test that one. couldn't myself because the container keeps dying on my current machine. the error is on this line, explaining how the reports variable is a dictionary that can't be split. then why is it being split in the first place? ClamAV isn't covered in the file analyzers test cases as well.

do you have the triggered error stack trace or something similar more detailed?

@mlodic
Copy link
Member

mlodic commented Oct 6, 2022
edited by 0x0elliot

  • can you please fix the lines like I pushed here? (second one is missing and the first one is short) should be a fast change

image

EDIT:

  • Tags selection for playbooks still do not work:

Tags selection in playbooks do not work but this is caused to the problem we already talked about (we need to use the same validation/serializers that we use for classic analysis)

  • even if they fail, I would re-add the analyzers that you removed from the free-to-use playbook. They will be fixed. We can maintain them here so we don't forget that they exist as free analyzers. Another option could be to maintain both cases. A free-to-use playbook like the original one you made with all the free analyzers plus an "optimized" one with only the ones that are fast and more reliable. That would make sense and we would have 2 playbooks instead of 1 by default.

  • could you please add in the doc of the contributors in the section regardin new analyzers that when a contributor creates a new analyzer and that is free, he should add it in the free-to-use playbook too? A reminder in the pull request template would help too

@mlodic mlodic mentioned this pull request Oct 6, 2022
Closed
@dependabot
Bump django from 3.2.14 to 3.2.15 in /requirements (#1144)
03c7a7d 
Bumps [django](https://github.com/django/django) from 3.2.14 to 3.2.15.
- [Release notes](https://github.com/django/django/releases)
- [Commits](django/django@3.2.14...3.2.15)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mlodic
mlodic reviewed Oct 6, 2022
View reviewed changes
frontend/package.json Outdated Show resolved Hide resolved
@0x0elliot
Copy link
Member Author

please review once again.

@mlodic
Copy link
Member

mlodic commented Oct 7, 2022

please squash migrations and I'll merge! OMG I cant't believe it :) I am so excited to close this!

mlodic
mlodic reviewed Oct 7, 2022
View reviewed changes
.github/ISSUE_TEMPLATE/new_analyzer.md Outdated
@@ -14,6 +14,8 @@ assignees: ''
## Type of analyzer
**this can be observable, file, and docker**

**Please Note:** If the analyzer is free, Please add it in the `FREE_TO_USE_ANALYZERS` playbook in `playbook_config.json`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah one last thing, this should be put here: https://github.com/intelowlproject/IntelOwl/blob/master/.github/release_template.md. Can you move that please?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yessir let me do that quickly

@0x0elliot
Copy link
Member Author

🎉 🎉 🎉 🎉 🎉 and we are done with Playbooks now!

@mlodic
Copy link
Member

mlodic commented Oct 10, 2022

squashing was not done properly, I'll adjust it and merge

@mlodic mlodic merged commit d4756f1 into develop Oct 10, 2022
@mlodic mlodic deleted the Playbooks branch December 27, 2022 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0ssigeno 0ssigeno 0ssigeno requested changes

@mlodic mlodic mlodic requested changes

@drosetti drosetti drosetti requested changes

@code-review-doctor code-review-doctor[bot] code-review-doctor requested changes

Assignees

@0x0elliot 0x0elliot

Labels
None yet
Projects
GSoC'22 - Playbooks
Status: Done, But code review needed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[GSoC'22] Playbooks
4 participants
@0x0elliot @0ssigeno @drosetti @mlodic