[backend] Add capability in dev mode to load python venv libraries

OpenCTI-Platform · Nov 14, 2024 · f72a2a7 · f72a2a7
1 parent a2f1e62
commit f72a2a7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/opencti-platform/opencti-graphql/config/default.json b/opencti-platform/opencti-graphql/config/default.json
@@ -102,6 +102,7 @@
     "map_tile_server_light": "https://map.opencti.io/styles/filigran-light2/{z}/{x}/{y}.png",
     "reference_attachment": false,
     "python_execution": "native",
+    "python_execution_venv": "",
     "artifact_zip_password": "infected",
     "admin": {
       "email": "[email protected]",

diff --git a/opencti-platform/opencti-graphql/src/python/pythonBridge.js b/opencti-platform/opencti-graphql/src/python/pythonBridge.js
@@ -6,14 +6,19 @@ import { DEV_MODE, logApp } from '../config/conf';
 import { UnknownError, UnsupportedError } from '../config/errors';
 import { telemetry } from '../config/tracing';
 import { cleanupIndicatorPattern, STIX_PATTERN_TYPE } from '../utils/syntax';
-import { isEmptyField } from '../database/utils';
+import { isEmptyField, isNotEmptyField } from '../database/utils';
 
 const PYTHON_EXECUTOR = nconf.get('app:python_execution') ?? 'native';
+const PYTHON_VENV = nconf.get('app:python_execution_venv');
 const USE_NATIVE_EXEC = PYTHON_EXECUTOR === 'native';
 const SUPPORTED_CHECKED_PATTERN_TYPES = ['stix', 'yara', 'sigma', 'snort', 'suricata', 'eql'];
 
 // Importing python runtime scripts
 const py = nodecallspython.interpreter;
+// In a venv is available import the site-packages
+if (DEV_MODE && isNotEmptyField(PYTHON_VENV)) {
+  py.addImportPath(PYTHON_VENV);
+}
 const pyCheckIndicator = py.importSync('./src/python/runtime/check_indicator.py');
 const CHECK_INDICATOR_SCRIPT = { fn: 'check_indicator', py: pyCheckIndicator };