diff --git a/api_app/analyzers_manager/file_analyzers/artifacts.py b/api_app/analyzers_manager/file_analyzers/artifacts.py index ce0912935a..d26b6ce1a4 100644 --- a/api_app/analyzers_manager/file_analyzers/artifacts.py +++ b/api_app/analyzers_manager/file_analyzers/artifacts.py @@ -13,23 +13,15 @@ class Artifacts(FileAnalyzer, DockerBasedAnalyzer): # interval between http request polling poll_distance: int = 2 # http request polling max number of tries - max_tries: int = 10 - artifacts_report: bool = False - artifacts_analysis: bool = True + max_tries: int = 30 def update(self) -> bool: pass def run(self): - if self.artifacts_report and self.artifacts_analysis: - raise AnalyzerRunException( - "You can't run both report and analysis at the same time" - ) binary = self.read_file_bytes() fname = str(self.filename).replace("/", "_").replace(" ", "_") - args = [f"@{fname}"] - if self.artifacts_report: - args.append("--report") + args = [f"@{fname}", "-a", "-r"] req_data = {"args": args} req_files = {fname: binary} logger.info( diff --git a/api_app/analyzers_manager/file_analyzers/doc_info.py b/api_app/analyzers_manager/file_analyzers/doc_info.py index ceacaa84a6..5a7876fc5a 100644 --- a/api_app/analyzers_manager/file_analyzers/doc_info.py +++ b/api_app/analyzers_manager/file_analyzers/doc_info.py @@ -141,6 +141,20 @@ def run(self): if self.file_mimetype != MimeTypes.ONE_NOTE.value: results["msodde"] = self.analyze_msodde() + except CannotDecryptException as e: + logger.info(e) + except Exception as e: + error_message = ( + f"job_id {self.job_id} doc info extraction failed. Error: {e}" + ) + logger.warning(error_message, stack_info=True) + self.report.errors.append(error_message) + self.report.save() + finally: + if self.vbaparser: + self.vbaparser.close() + + try: if self.file_mimetype in [ MimeTypes.WORD1.value, MimeTypes.WORD2.value, @@ -154,19 +168,13 @@ def run(self): results["uris"].extend(self.get_external_relationships()) results["uris"].extend(self.extract_urls_from_IOCs()) results["uris"] = list(set(results["uris"])) # make it uniq - - except CannotDecryptException as e: - logger.info(e) except Exception as e: error_message = ( - f"job_id {self.job_id} doc info extraction failed. Error: {e}" + f"job_id {self.job_id} special extractions failed. Error: {e}" ) logger.warning(error_message, stack_info=True) self.report.errors.append(error_message) self.report.save() - finally: - if self.vbaparser: - self.vbaparser.close() return results diff --git a/api_app/analyzers_manager/file_analyzers/droidlysis.py b/api_app/analyzers_manager/file_analyzers/droidlysis.py index 039a4350c4..bf2b88703a 100644 --- a/api_app/analyzers_manager/file_analyzers/droidlysis.py +++ b/api_app/analyzers_manager/file_analyzers/droidlysis.py @@ -12,7 +12,7 @@ class DroidLysis(FileAnalyzer, DockerBasedAnalyzer): # interval between http request polling poll_distance: int = 2 # http request polling max number of tries - max_tries: int = 10 + max_tries: int = 30 def update(self) -> bool: pass diff --git a/api_app/analyzers_manager/migrations/0120_alter_analyzerconfig_not_supported_filetypes_and_more.py b/api_app/analyzers_manager/migrations/0120_alter_analyzerconfig_not_supported_filetypes_and_more.py index f37b18ae4a..2396c6a3e0 100644 --- a/api_app/analyzers_manager/migrations/0120_alter_analyzerconfig_not_supported_filetypes_and_more.py +++ b/api_app/analyzers_manager/migrations/0120_alter_analyzerconfig_not_supported_filetypes_and_more.py @@ -82,6 +82,10 @@ class Migration(migrations.Migration): ("application/json", "Json"), ("application/x-executable", "Executable"), ("application/x-ms-shortcut", "Lnk"), + ("text/x-java", "Java2"), + ("text/x-kotlin", "Kotlin"), + ("text/x-swift", "Swift"), + ("text/x-objective-c", "Objective C"), ], max_length=90, ), @@ -161,6 +165,10 @@ class Migration(migrations.Migration): ("application/json", "Json"), ("application/x-executable", "Executable"), ("application/x-ms-shortcut", "Lnk"), + ("text/x-java", "Java2"), + ("text/x-kotlin", "Kotlin"), + ("text/x-swift", "Swift"), + ("text/x-objective-c", "Objective C"), ], max_length=90, ), diff --git a/api_app/analyzers_manager/migrations/0122.alter_soft_time_limit.py b/api_app/analyzers_manager/migrations/0122.alter_soft_time_limit.py new file mode 100644 index 0000000000..13f1391d10 --- /dev/null +++ b/api_app/analyzers_manager/migrations/0122.alter_soft_time_limit.py @@ -0,0 +1,34 @@ +from django.db import migrations + + +def migrate(apps, schema_editor): + AnalyzerConfig = apps.get_model("analyzers_manager", "AnalyzerConfig") + plugin_name = "Droidlysis" + + try: + plugin = AnalyzerConfig.objects.get(name=plugin_name) + plugin.soft_time_limit = 60 + plugin.save() + except AnalyzerConfig.DoesNotExist: + pass + + +def reverse_migrate(apps, schema_editor): + AnalyzerConfig = apps.get_model("analyzers_manager", "AnalyzerConfig") + plugin_name = "Droidlysis" + + try: + plugin = AnalyzerConfig.objects.get(name=plugin_name) + plugin.soft_time_limit = 20 + plugin.save() + except AnalyzerConfig.DoesNotExist: + pass + + +class Migration(migrations.Migration): + atomic = False + + dependencies = [ + ("analyzers_manager", "0121_analyzer_config_lnk_info"), + ] + operations = [migrations.RunPython(migrate, reverse_migrate)]