Merge branch 'release/2.2.0'

TheHive-Project · Oct 1, 2019 · 9d926b1 · 9d926b1
2 parents 97dcc08 + 5f7d99f
commit 9d926b1
Show file tree

Hide file tree

Showing 45 changed files with 796 additions and 340 deletions.
diff --git a/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_File_Analysis.json
@@ -1,6 +1,6 @@
 {
   "name": "CuckooSandbox_File_Analysis_Inet",
-  "version": "1.1",
+  "version": "1.2",
   "author": "Andrea Garavaglia, LDO-CERT",
   "url": "https://github.com/garanews/Cortex-Analyzers",
   "license": "AGPL-V3",
@@ -15,6 +15,14 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "verifyssl",
+      "description": "Verify SSL certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
     }
   ]
 }
diff --git a/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json b/analyzers/CuckooSandbox/CuckooSandbox_Url_Analysis.json
@@ -1,6 +1,6 @@
 {
   "name": "CuckooSandbox_Url_Analysis",
-  "version": "1.1",
+  "version": "1.2",
   "author": "Andrea Garavaglia, LDO-CERT",
   "url": "https://github.com/garanews/Cortex-Analyzers",
   "license": "AGPL-V3",
@@ -15,6 +15,14 @@
       "type": "string",
       "multi": false,
       "required": true
+    },
+    {
+      "name": "verifyssl",
+      "description": "Verify SSL certificate",
+      "type": "boolean",
+      "multi": false,
+      "required": true,
+      "defaultValue": true
     }
   ]
 

diff --git a/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py b/analyzers/CuckooSandbox/cuckoosandbox_analyzer.py
@@ -15,6 +15,10 @@ def __init__(self):
         self.url = self.url + "/" if not self.url.endswith("/") else self.url
         # self.analysistimeout = self.get_param('config.analysistimeout', 30*60, None)
         # self.networktimeout = self.get_param('config.networktimeout', 30, None)
+        self.verify = self.get_param('config.verifyssl', True, None)
+        if not self.verify:
+            from requests.packages.urllib3.exceptions import InsecureRequestWarning
+            requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
 
     def summary(self, raw):
         taxonomies = []
@@ -53,14 +57,15 @@ def run(self):
                 filename = self.get_param('filename', basename(filepath))
                 with open(filepath, "rb") as sample:
                     files = {"file": (filename, sample)}
-                    response = requests.post(self.url + 'tasks/create/file', files=files)
+                    response = requests.post(self.url + 'tasks/create/file', files=files, verify=self.verify)
                 task_id = response.json()['task_ids'][0] if 'task_ids' in response.json().keys() \
                     else response.json()['task_id']
 
             # url analysis
             elif self.data_type == 'url':
                 data = {"url": self.get_data()}
-                response = requests.post(self.url + 'tasks/create/url', data=data)
+                response = requests.post(
+                    self.url + 'tasks/create/url', data=data, verify=self.verify)
                 task_id = response.json()['task_id']
 
             else:
@@ -70,7 +75,8 @@ def run(self):
             tries = 0
             while not finished and tries <= 15:  # wait max 15 mins
                 time.sleep(60)
-                response = requests.get(self.url + 'tasks/view/' + str(task_id))
+                response = requests.get(
+                    self.url + 'tasks/view/' + str(task_id), verify=self.verify)
                 content = response.json()['task']['status']
                 if content == 'reported':
                     finished = True
@@ -79,7 +85,8 @@ def run(self):
                 self.error('CuckooSandbox analysis timed out')
 
             # Download the report
-            response = requests.get(self.url + 'tasks/report/' + str(task_id) + '/json')
+            response = requests.get(
+                self.url + 'tasks/report/' + str(task_id) + '/json', verify=self.verify)
             resp_json = response.json()
             list_description = [x['description'] for x in resp_json['signatures']]
             if 'suricata' in resp_json.keys() and 'alerts' in resp_json['suricata'].keys():

diff --git a/analyzers/Cymon/Cymon_Check_IP.json b/analyzers/Cymon/Cymon_Check_IP.json
diff --git a/analyzers/Cymon/cymon_analyzer.py b/analyzers/Cymon/cymon_analyzer.py
diff --git a/analyzers/Cymon/requirements.txt b/analyzers/Cymon/requirements.txt
diff --git a/analyzers/FileInfo/FileInfo.json b/analyzers/FileInfo/FileInfo.json
@@ -1,6 +1,6 @@
 {
   "name": "FileInfo",
-  "version": "6.0",
+  "version": "7.0",
   "author": "TheHive-Project",
   "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
   "license": "AGPL-V3",

diff --git a/analyzers/FileInfo/submodules/submodule_ioc_parser.py b/analyzers/FileInfo/submodules/submodule_ioc_parser.py
@@ -48,7 +48,10 @@ def iocparser(self, path):
         oformat = 'json'
         try:
             with redirect_stdout(out):
-                P.Parser(output_format=oformat).parse(path)
+                try:
+                    P.Parser(output_format=oformat).parse(path)
+                except TypeError:
+                    pass
             oo = out.getvalue().split('\n')
             if oo[-1] == '':
                 oo.pop()