Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add sandbox machine type to SDK TKT-3138 #136

Merged
merged 1 commit into from
Mar 18, 2024
Merged

feat: Add sandbox machine type to SDK TKT-3138 #136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGES
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
1.19.17
_______
- Add sandbox_machine_type to FileAnalysis

1.19.15
_______
- Remove pip-system-certs from dependencies
Expand Down
2 changes: 1 addition & 1 deletion intezer_sdk/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = '1.19.16'
__version__ = '1.19.17'
13 changes: 13 additions & 0 deletions intezer_sdk/_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
from intezer_sdk.api import raise_for_status
from intezer_sdk.consts import IndexType
from intezer_sdk.consts import OnPremiseVersion
from intezer_sdk.consts import SandboxMachineType


class IntezerApi:
Expand All @@ -33,6 +34,7 @@ def analyze_by_hash(self,
disable_dynamic_unpacking: Optional[bool],
disable_static_unpacking: Optional[bool],
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
file_name: str = None,
**additional_parameters) -> str:
"""
Expand All @@ -42,13 +44,15 @@ def analyze_by_hash(self,
:param disable_dynamic_unpacking: Whether to disable dynamic unpacking.
:param disable_static_unpacking: Whether to disable static unpacking.
:param sandbox_command_line_arguments: Command line arguments to pass to the sandbox.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
:param file_name: The file name of the file if exists.
:param additional_parameters: Additional parameters to pass to the API.
:return: The analysis id.
"""
data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)
if file_name and (not self.api.on_premise_version or self.api.on_premise_version > OnPremiseVersion.V22_10):
data['file_name'] = file_name
Expand All @@ -66,6 +70,7 @@ def analyze_by_download_url(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> str:
"""
Analyze a file by its download URL.
Expand All @@ -76,6 +81,7 @@ def analyze_by_download_url(self,
:param code_item_type: The type of the code item to analyze.
:param zip_password: The password of the zip file to analyze.
:param sandbox_command_line_arguments: Command line arguments to pass to the sandbox.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
:param additional_parameters: Additional parameters to pass to the API.
:return: The analysis id.
"""
Expand All @@ -84,6 +90,7 @@ def analyze_by_download_url(self,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

data['download_url'] = download_url
Expand Down Expand Up @@ -116,6 +123,7 @@ def analyze_by_file(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> Optional[str]:
"""
Analyze a file by its path or stream.
Expand All @@ -128,6 +136,7 @@ def analyze_by_file(self,
:param code_item_type: The type of the code item to analyze.
:param zip_password: The password of the zip file to analyze.
:param sandbox_command_line_arguments: Command line arguments to pass to the sandbox.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10.

:param additional_parameters: Additional parameters to pass to the API.
:return: The analysis id.
"""
Expand All @@ -136,6 +145,7 @@ def analyze_by_file(self,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

if file_stream:
Expand Down Expand Up @@ -727,6 +737,7 @@ def _param_initialize(disable_dynamic_unpacking: bool,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters):
data = {}

Expand All @@ -740,6 +751,8 @@ def _param_initialize(disable_dynamic_unpacking: bool,
data['zip_password'] = zip_password
if sandbox_command_line_arguments:
data['sandbox_command_line_arguments'] = sandbox_command_line_arguments
if sandbox_machine_type:
data['sandbox_machine_type'] = sandbox_machine_type.value

data.update(additional_parameters)

Expand Down
9 changes: 8 additions & 1 deletion intezer_sdk/analysis.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
from intezer_sdk.api import IntezerApiClient
from intezer_sdk.api import get_global_api
from intezer_sdk.base_analysis import Analysis
from intezer_sdk.consts import SandboxMachineType
from intezer_sdk.sub_analysis import SubAnalysis

logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -50,7 +51,8 @@ def __init__(self,
code_item_type: str = None,
zip_password: str = None,
download_url: str = None,
sandbox_command_line_arguments: str = None):
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None):
"""
FileAnalysis is a class for analyzing files. It is a subclass of the BaseAnalysis class and requires an API connection to Intezer.

Expand All @@ -65,6 +67,7 @@ def __init__(self,
:param zip_password: The password for a password-protected zip file.
:param download_url: A URL from which to download the file to be analyzed.
:param sandbox_command_line_arguments: The command line arguments for sandbox analysis.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
"""
super().__init__(api)
if [file_path, file_hash, file_stream, download_url].count(None) < 3:
Expand All @@ -88,6 +91,7 @@ def __init__(self,
self._code_item_type = code_item_type
self._zip_password = zip_password
self._sandbox_command_line_arguments = sandbox_command_line_arguments
self._sandbox_machine_type = sandbox_machine_type
self._sub_analyses: List[SubAnalysis] = None
self._root_analysis = None
self._iocs_report = None
Expand Down Expand Up @@ -170,6 +174,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str:
self._disable_dynamic_unpacking,
self._disable_static_unpacking,
self._sandbox_command_line_arguments,
self._sandbox_machine_type,
self._file_name,
**additional_parameters)
elif self._download_url:
Expand All @@ -180,6 +185,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str:
code_item_type=self._code_item_type,
zip_password=self._zip_password,
sandbox_command_line_arguments=self._sandbox_command_line_arguments,
sandbox_machine_type=self._sandbox_machine_type,
**additional_parameters)
else:
return self._api.analyze_by_file(self._file_path,
Expand All @@ -190,6 +196,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str:
code_item_type=self._code_item_type,
zip_password=self._zip_password,
sandbox_command_line_arguments=self._sandbox_command_line_arguments,
sandbox_machine_type=self._sandbox_machine_type,
**additional_parameters)

def get_sub_analyses(self) -> List[SubAnalysis]:
Expand Down
11 changes: 11 additions & 0 deletions intezer_sdk/api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import datetime
import logging
import os
import typing
from http import HTTPStatus
from typing import Any
from typing import BinaryIO
Expand All @@ -19,6 +20,7 @@
from intezer_sdk._util import deprecated
from intezer_sdk.consts import IndexType
from intezer_sdk.consts import OnPremiseVersion
from intezer_sdk.consts import SandboxMachineType

_global_api: Optional['IntezerApi'] = None

Expand Down Expand Up @@ -262,10 +264,12 @@ def analyze_by_hash(self,
disable_dynamic_unpacking: Optional[bool],
disable_static_unpacking: Optional[bool],
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> str:
data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

data['hash'] = file_hash
Expand All @@ -282,12 +286,14 @@ def analyze_by_download_url(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> str:
data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

data['download_url'] = download_url
Expand Down Expand Up @@ -318,12 +324,14 @@ def analyze_by_file(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> Optional[str]:
options = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

if file_stream:
Expand Down Expand Up @@ -654,6 +662,7 @@ def _param_initialize(disable_dynamic_unpacking: bool,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters):
data = {}

Expand All @@ -667,6 +676,8 @@ def _param_initialize(disable_dynamic_unpacking: bool,
data['zip_password'] = zip_password
if sandbox_command_line_arguments:
data['sandbox_command_line_arguments'] = sandbox_command_line_arguments
if sandbox_machine_type:
data['sandbox_machine_type'] = sandbox_machine_type.value

data.update(additional_parameters)

Expand Down
5 changes: 5 additions & 0 deletions intezer_sdk/consts.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,11 @@ class OnPremiseVersion(enum.IntEnum):
V23_10 = 23.10


class SandboxMachineType(AutoName):
WIN7 = enum.auto()
WIN10 = enum.auto()


ANALYZE_URL = 'https://analyze.intezer.com'
BASE_URL = f'{ANALYZE_URL}/api/'
API_VERSION = 'v2-0'
Expand Down
Loading