Adding catch for FileExistsError, changing tags for families, is_exte…

…rnal=false
CybercentreCanada · May 26, 2022 · bb8b320 · bb8b320
1 parent eece907
commit bb8b320
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 17 deletions.
diff --git a/intezer_static.py b/intezer_static.py
@@ -207,6 +207,9 @@ def download_file_by_sha256(self, sha256: str, dir_path: str) -> bool:
                 return False
             else:
                 raise
+        except FileExistsError:
+            # Duplicate file
+            pass
 
 
 class IntezerStatic(ServiceBase):
@@ -273,8 +276,12 @@ def execute(self, request: ServiceRequest) -> None:
         )
         main_kv_section.update_items(processed_main_api_result)
         if "family_name" in main_api_result:
+            # Tag both, ask forgiveness later
             main_kv_section.add_tag(
-                "attribution.family", main_api_result["family_name"]
+                "attribution.implant", main_api_result["family_name"]
+            )
+            main_kv_section.add_tag(
+                "attribution.actor", main_api_result["family_name"]
             )
 
         # This file-verdict map will be used later on to assign heuristics to sub-analyses
@@ -612,8 +619,9 @@ def _process_families(
             )
             family_section.add_row(TableRow(**processed_family))
             family_type = family["family_type"]
-            if family_type not in FAMILIES_TO_NOT_TAG:
-                family_section.add_tag("attribution.family", family["family_name"])
+            # TODO: Do not tag these sub families, for the time being at least
+            # if family_type not in FAMILIES_TO_NOT_TAG:
+            #     family_section.add_tag("attribution.family", family["family_name"])
 
             # Overwrite value if not malicious
             if family_type in MALICIOUS_FAMILY_TYPES and (

diff --git a/service_manifest.yml b/service_manifest.yml
@@ -22,7 +22,7 @@ timeout: 60
 disable_cache: false
 
 enabled: false
-is_external: true
+is_external: false
 licence_count: 0
 
 config:

diff --git a/tests/test_intezer_static.py b/tests/test_intezer_static.py
@@ -596,44 +596,35 @@ def test_handle_subanalyses(intezer_static_class_instance, dummy_request_class,
         assert dummy_request_class_instance.extracted[0]["name"] == "blah2.sample"
 
     @staticmethod
-    @pytest.mark.parametrize("families, file_verdict_map, correct_tags, correct_fvp",
+    @pytest.mark.parametrize("families, file_verdict_map, correct_fvp",
                              [([],
                                {},
-                               [],
                                {}),
                               ([{"blah": "blah", "family_type": "blah", "family_name": "blah"}],
                                {},
-                               [("attribution.family", "blah")],
                                {}),
                               ([{"family_id": "blah", "family_type": "blah", "family_name": "blah"}],
                                {},
-                               [("attribution.family", "blah")],
                                {}),
                               ([{"family_id": "blah", "family_type": "application", "family_name": "blah"}],
                                {},
-                               [],
                                {}),
                               ([{"family_id": "blah", "family_type": "malware", "family_name": "blah"}],
                                {},
-                               [("attribution.family", "blah")],
                                {"blah": "malicious"}),
                               ([{"family_id": "blah", "family_type": "malware", "family_name": "blah"}],
                                {"blah": "blah"},
-                               [("attribution.family", "blah")],
                                {"blah": "malicious"}),
                               ([{"family_id": "blah", "family_type": "malware", "family_name": "blah"}],
                                {"blah": "malicious"},
-                               [("attribution.family", "blah")],
                                {"blah": "malicious"}),
                               ([{"family_id": "blah", "family_type": "packer", "family_name": "blah"}],
                                {},
-                               [("attribution.family", "blah")],
                                {"blah": "suspicious"}),
                               ([{"family_id": "blah", "family_type": "packer", "family_name": "blah"}],
                                {"blah": "malicious"},
-                               [("attribution.family", "blah")],
                                {"blah": "malicious"}), ])
-    def test_process_families(families, file_verdict_map, correct_tags, correct_fvp, intezer_static_class_instance):
+    def test_process_families(families, file_verdict_map, correct_fvp, intezer_static_class_instance):
         from assemblyline_v4_service.common.result import ResultSection, ResultTableSection, TableRow
 
         parent_section = ResultSection("blah")
@@ -647,8 +638,6 @@ def test_process_families(families, file_verdict_map, correct_tags, correct_fvp,
                 if "family_id" in family:
                     family.pop("family_id")
                 correct_result_section.add_row(TableRow(**family))
-            for tag in correct_tags:
-                correct_result_section.add_tag(tag[0], tag[1])
 
             assert check_section_equality(parent_section.subsections[0], correct_result_section)
             assert file_verdict_map == correct_fvp