Polyswarm analyzer closes#1255

[g4ze]

Description

Please include a summary of the change and link to the related issue.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue).
• New feature (non-breaking change which adds functionality).
• Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

• I have read and understood the rules about how to Contribute to this project
• The pull request is for the branch develop
• A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
  • I strictly followed the documentation "How to create a Plugin"
  • Usage file was updated.
  • Advanced-Usage was updated (in case the plugin provides additional optional configuration).
  • I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. ("How to share a plugin with the community")
  • If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip and you added the default tests for that mimetype in test_classes.py.
  • If you created a new analyzer and it is free (does not require any API key), please add it in the FREE_TO_USE_ANALYZERS playbook by following this guide.
  • Check if it could make sense to add that analyzer/connector to other freely available playbooks.
  • I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
  • If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information. This is required for Health Checks.
  • If the plugin requires mocked testing, _monkeypatch() was used in its class to apply the necessary decorators.
  • I have added that raw JSON sample to the MockUpResponse of the _monkeypatch() method. This serves us to provide a valid sample for testing.
• If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
• Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
• I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
• If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md).
• If the GUI has been modified:
  • I have a provided a screenshot of the result in the PR.
  • I have created new frontend tests for the new component or updated existing ones.
• After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Important Rules

• If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
• Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review. After being reviewed and received a "change request", you should explicitly ask for a review again once you have made the requested changes.

[mlodic]

is this still a draft?

[g4ze]

Facing the same problem I did on domain check and knockpy.

[g4ze]

I think this problem only arises when I'm implementing analysers that use new libraries or packages.

[mlodic]

are you rebuilding the containers after you change the requirements?

[g4ze]

yes I am, I'll redo it and update you again.

[g4ze]

{
  "assertions": [
    {
      "engine": "XVirus",
      "asserts": "Benign"
    },
    {
      "engine": "Jiangmin",
      "asserts": "Benign"
    },
    {
      "engine": "Qihoo 360",
      "asserts": "Benign"
    },
    {
      "engine": "SecureAge",
      "asserts": "Benign"
    },
    {
      "engine": "Filseclab",
      "asserts": "Benign"
    },
    {
      "engine": "Alibaba",
      "asserts": "Benign"
    },
    {
      "engine": "Crowdstrike Falcon ML",
      "asserts": "Benign"
    },
    {
      "engine": "Proton",
      "asserts": "Benign"
    },
    {
      "engine": "Electron",
      "asserts": "Benign"
    },
    {
      "engine": "DrWeb",
      "asserts": "Benign"
    },
    {
      "engine": "SecondWrite",
      "asserts": "Benign"
    },
    {
      "engine": "NanoAV",
      "asserts": "Benign"
    },
    {
      "engine": "ClamAV",
      "asserts": "Benign"
    },
    {
      "engine": "Ikarus",
      "asserts": "Benign"
    },
    {
      "engine": "RedDrip APT Scanner - RAS",
      "asserts": "Benign"
    }
  ],
  "positives": 0,
  "total": 15,
  "PolyScore": 0.33460048640798623,
  "sha256": "605bbe9256a3f1abffc8b09d011a25674e4fbd631d0f93694766f21190ae32e4",
  "md5": "7598c0b3c9b830502a1103ccae2fab68",
  "sha1": "091329d524469c468b5b2b1659ffac045b9880a0",
  "extended_type": "ASCII text, with CRLF line terminators",
  "first_seen": "2024-08-07T10:06:00.436896",
  "last_seen": "2024-08-07T10:06:00.436896",
  "permalink": "https://polyswarm.network/scan/results/file/605bbe9256a3f1abffc8b09d011a25674e4fbd631d0f93694766f21190ae32e4/54275927186401150"
}

[g4ze]

lmk the migration sequence for once we are ready. Also i think the previous problem was something related to docker build cache and my ISP. All good now.

[mlodic]

polyswarm -> knock so you can finish this while you are here

[gitguardian]

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
6639150	Triggered	Generic Password	ecf9bb9	frontend/tests/components/auth/Login.test.jsx	View secret
6639150	Triggered	Generic Password	ecf9bb9	frontend/tests/components/auth/Login.test.jsx	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}

[g4ze]

i've updated the pr, kindly review. do check the TLP.

[mlodic]

for file analysis this is great!

Are you also able to implement the analyzer for observables, like stated in the issue description?

Hash search
IOC search -> domains/IP addresses

[g4ze]

ah my bad! on it!

[g4ze]

i think the free tier doesnt allow usage of ioc endpoints. hashes seem to be working tho.

[mlodic]

oki, I think you can keep them both and we write in the analyzer description that that specific endpoint is for paid customers only. ty!

[g4ze]

for hashes

[mlodic]

there is an error in the CI, after that I'll merge it! great work!

[g4ze]

seems gtg @mlodic