Merge pull request #4 from OPSWAT/fix_sandbox_v2_version_compatibility

Fix sandbox v2 version compatibility, change no_threat score to 0

Dockerfile

@@ -16,7 +16,7 @@ USER assemblyline
 WORKDIR /opt/al_service
 COPY . .
 
-ARG version=4.5.1.dev0
+ARG version=4.5.1.dev1
 USER root
 RUN sed -i -e "s/\$SERVICE_TAG/$version/g" service_manifest.yml
 

README.md

@@ -18,7 +18,7 @@ Heuristic score is the following:
 | score | MetaDefender Sandbox verdict |
 |------:|------------------------------|
 | -1000 | BENIGN                       |
-|   150 | NO THREAT                    |
+|     0 | NO THREAT                    |
 |   299 | UNKNOWN                      |
 |   500 | SUSPICIOUS                   |
 |   850 | LIKELY MALICIOUS             |

metadefender_sandbox_result.py

@@ -10,6 +10,7 @@
 FINAL_VERDICT_HEURISTIC_ID = {
     "benign": 1,
     "informational": 3,
+    "no_threat": 3,
     "unknown": 5,
     "suspicious": 7,
     "likely_malicious": 9,
@@ -19,6 +20,7 @@
 SIGNALS_HEURISTIC_ID = {
     "benign": 2,
     "informational": 4,
+    "no_threat": 4,
     "unknown": 6,
     "suspicious": 8,
     "likely_malicious": 10,

release_notes.md

@@ -1,5 +1,15 @@
 ## Release notes
 
+### 4.5.1.dev1
+
+Date: 13  Aug, 2024
+
+Changed:
+
+- Integration can handle __NO_THREAT__ verdict: Now it's compatible with MetaDefender Sandbox 2.0.0, it is still compatible with the older versions
+
+- Changed risk score of NO_THREAT/INFORMATIVE from 150 to 0 
+
 ### 4.5.1.dev0
 
 Date: 5  April, 2024

service_manifest.yml

@@ -20,7 +20,7 @@ enabled: true
 uses_metadata: true
 
 # -1000: safe
-# 0 - 299: informational
+# 0 - 299: no_threat/informational
 # 300 - 699: suspicious
 # 700 - 999: highly suspicious
 # >= 1000: malicious
@@ -36,16 +36,16 @@ heuristics:
     heur_id: 2
     name: Benign threat indicators
     score: -1000
-  - description: MetaDefender Sandbox determined that the file is informational/no threat.
+  - description: MetaDefender Sandbox determined that the file is no threat/informational.
     filetype: "*"
     heur_id: 3
     name: MetaDefender Sandbox verdict is no threat.
-    score: 150
-  - description: MetaDefender Sandbox signal group is informational/no threat.
+    score: 0
+  - description: MetaDefender Sandbox signal group is no threat/informational.
     filetype: "*"
     heur_id: 4
-    name: Informational threat indicators
-    score: 150
+    name: No threat indicators
+    score: 0
   - description: MetaDefender Sandbox determined that the file is unknown.
     filetype: "*"
     heur_id: 5

tests/metadefender_sandbox_test.py

@@ -94,6 +94,31 @@ def test_parse_compact_result_informational():
         }
         assert target == compact_result
 
+    @staticmethod
+    def test_parse_compact_result_no_threat():
+        raw_response = (
+            (util_load_json("no_threat.json"))
+            .get("reports", {})
+            .get("357042f5-bbf9-4486-b7c4-351495a94a13", {})
+        )
+        compact_result = metadefender_sandbox_result.parse_compact_result(
+            raw_response,
+            "357042f5-bbf9-4486-b7c4-351495a94a13",
+            "66b3763be7dbbbdfcd0a6a96",
+        )
+        target = {
+            "Verdict": "NO_THREAT",
+            "Name": "gabi_bogre.png",
+            "File Magic": "image/png",
+            "SHA-256": "b280719e9f2dd010260e6a023e0d69c64fbee8b6cbb8669c722a1da8142d3325",
+            "Report ID": "357042f5-bbf9-4486-b7c4-351495a94a13",
+            "Submission ID": "66b3763be7dbbbdfcd0a6a96",
+            "Submission Date": "08/07/2024, 13:27:26",
+            "Tags": ["png"],
+            "MITRE Techniques": [],
+        }
+        assert target == compact_result
+
     @staticmethod
     def test_parse_compact_result_badfile2():
         raw_response = (