Skip to content

Commit

Permalink
feat: Add sandbox machine type to SDK TKT-3138
Browse files Browse the repository at this point in the history
  • Loading branch information
yoniabrahamy committed Mar 18, 2024
1 parent b56c8ad commit a9b3a3b
Show file tree
Hide file tree
Showing 6 changed files with 42 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGES
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
1.19.17
_______
- Add sandbox_machine_type to FileAnalysis

1.19.15
_______
- Remove pip-system-certs from dependencies
Expand Down
2 changes: 1 addition & 1 deletion intezer_sdk/__init__.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = '1.19.16'
__version__ = '1.19.17'
13 changes: 13 additions & 0 deletions intezer_sdk/_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
from intezer_sdk.api import raise_for_status
from intezer_sdk.consts import IndexType
from intezer_sdk.consts import OnPremiseVersion
from intezer_sdk.consts import SandboxMachineType


class IntezerApi:
Expand All @@ -33,6 +34,7 @@ def analyze_by_hash(self,
disable_dynamic_unpacking: Optional[bool],
disable_static_unpacking: Optional[bool],
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
file_name: str = None,
**additional_parameters) -> str:
"""
Expand All @@ -42,13 +44,15 @@ def analyze_by_hash(self,
:param disable_dynamic_unpacking: Whether to disable dynamic unpacking.
:param disable_static_unpacking: Whether to disable static unpacking.
:param sandbox_command_line_arguments: Command line arguments to pass to the sandbox.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
:param file_name: The file name of the file if exists.
:param additional_parameters: Additional parameters to pass to the API.
:return: The analysis id.
"""
data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)
if file_name and (not self.api.on_premise_version or self.api.on_premise_version > OnPremiseVersion.V22_10):
data['file_name'] = file_name
Expand All @@ -66,6 +70,7 @@ def analyze_by_download_url(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> str:
"""
Analyze a file by its download URL.
Expand All @@ -76,6 +81,7 @@ def analyze_by_download_url(self,
:param code_item_type: The type of the code item to analyze.
:param zip_password: The password of the zip file to analyze.
:param sandbox_command_line_arguments: Command line arguments to pass to the sandbox.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
:param additional_parameters: Additional parameters to pass to the API.
:return: The analysis id.
"""
Expand All @@ -84,6 +90,7 @@ def analyze_by_download_url(self,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

data['download_url'] = download_url
Expand Down Expand Up @@ -116,6 +123,7 @@ def analyze_by_file(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> Optional[str]:
"""
Analyze a file by its path or stream.
Expand All @@ -128,6 +136,7 @@ def analyze_by_file(self,
:param code_item_type: The type of the code item to analyze.
:param zip_password: The password of the zip file to analyze.
:param sandbox_command_line_arguments: Command line arguments to pass to the sandbox.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
:param additional_parameters: Additional parameters to pass to the API.
:return: The analysis id.
"""
Expand All @@ -136,6 +145,7 @@ def analyze_by_file(self,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

if file_stream:
Expand Down Expand Up @@ -727,6 +737,7 @@ def _param_initialize(disable_dynamic_unpacking: bool,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters):
data = {}

Expand All @@ -740,6 +751,8 @@ def _param_initialize(disable_dynamic_unpacking: bool,
data['zip_password'] = zip_password
if sandbox_command_line_arguments:
data['sandbox_command_line_arguments'] = sandbox_command_line_arguments
if sandbox_machine_type:
data['sandbox_machine_type'] = sandbox_machine_type.value

data.update(additional_parameters)

Expand Down
9 changes: 8 additions & 1 deletion intezer_sdk/analysis.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
from intezer_sdk.api import IntezerApiClient
from intezer_sdk.api import get_global_api
from intezer_sdk.base_analysis import Analysis
from intezer_sdk.consts import SandboxMachineType
from intezer_sdk.sub_analysis import SubAnalysis

logger = logging.getLogger(__name__)
Expand Down Expand Up @@ -50,7 +51,8 @@ def __init__(self,
code_item_type: str = None,
zip_password: str = None,
download_url: str = None,
sandbox_command_line_arguments: str = None):
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None):
"""
FileAnalysis is a class for analyzing files. It is a subclass of the BaseAnalysis class and requires an API connection to Intezer.
Expand All @@ -65,6 +67,7 @@ def __init__(self,
:param zip_password: The password for a password-protected zip file.
:param download_url: A URL from which to download the file to be analyzed.
:param sandbox_command_line_arguments: The command line arguments for sandbox analysis.
:param sandbox_machine_type: The machine type to use in the sandbox. options are WIN7 or WIN10
"""
super().__init__(api)
if [file_path, file_hash, file_stream, download_url].count(None) < 3:
Expand All @@ -88,6 +91,7 @@ def __init__(self,
self._code_item_type = code_item_type
self._zip_password = zip_password
self._sandbox_command_line_arguments = sandbox_command_line_arguments
self._sandbox_machine_type = sandbox_machine_type
self._sub_analyses: List[SubAnalysis] = None
self._root_analysis = None
self._iocs_report = None
Expand Down Expand Up @@ -170,6 +174,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str:
self._disable_dynamic_unpacking,
self._disable_static_unpacking,
self._sandbox_command_line_arguments,
self._sandbox_machine_type,
self._file_name,
**additional_parameters)
elif self._download_url:
Expand All @@ -180,6 +185,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str:
code_item_type=self._code_item_type,
zip_password=self._zip_password,
sandbox_command_line_arguments=self._sandbox_command_line_arguments,
sandbox_machine_type=self._sandbox_machine_type,
**additional_parameters)
else:
return self._api.analyze_by_file(self._file_path,
Expand All @@ -190,6 +196,7 @@ def _send_analyze_to_api(self, **additional_parameters) -> str:
code_item_type=self._code_item_type,
zip_password=self._zip_password,
sandbox_command_line_arguments=self._sandbox_command_line_arguments,
sandbox_machine_type=self._sandbox_machine_type,
**additional_parameters)

def get_sub_analyses(self) -> List[SubAnalysis]:
Expand Down
11 changes: 11 additions & 0 deletions intezer_sdk/api.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import datetime
import logging
import os
import typing
from http import HTTPStatus
from typing import Any
from typing import BinaryIO
Expand All @@ -19,6 +20,7 @@
from intezer_sdk._util import deprecated
from intezer_sdk.consts import IndexType
from intezer_sdk.consts import OnPremiseVersion
from intezer_sdk.consts import SandboxMachineType

_global_api: Optional['IntezerApi'] = None

Expand Down Expand Up @@ -262,10 +264,12 @@ def analyze_by_hash(self,
disable_dynamic_unpacking: Optional[bool],
disable_static_unpacking: Optional[bool],
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> str:
data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

data['hash'] = file_hash
Expand All @@ -282,12 +286,14 @@ def analyze_by_download_url(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> str:
data = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

data['download_url'] = download_url
Expand Down Expand Up @@ -318,12 +324,14 @@ def analyze_by_file(self,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters) -> Optional[str]:
options = self._param_initialize(disable_dynamic_unpacking=disable_dynamic_unpacking,
disable_static_unpacking=disable_static_unpacking,
code_item_type=code_item_type,
zip_password=zip_password,
sandbox_command_line_arguments=sandbox_command_line_arguments,
sandbox_machine_type=sandbox_machine_type,
**additional_parameters)

if file_stream:
Expand Down Expand Up @@ -654,6 +662,7 @@ def _param_initialize(disable_dynamic_unpacking: bool,
code_item_type: str = None,
zip_password: str = None,
sandbox_command_line_arguments: str = None,
sandbox_machine_type: SandboxMachineType = None,
**additional_parameters):
data = {}

Expand All @@ -667,6 +676,8 @@ def _param_initialize(disable_dynamic_unpacking: bool,
data['zip_password'] = zip_password
if sandbox_command_line_arguments:
data['sandbox_command_line_arguments'] = sandbox_command_line_arguments
if sandbox_machine_type:
data['sandbox_machine_type'] = sandbox_machine_type.value

data.update(additional_parameters)

Expand Down
5 changes: 5 additions & 0 deletions intezer_sdk/consts.py
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,11 @@ class OnPremiseVersion(enum.IntEnum):
V23_10 = 23.10


class SandboxMachineType(AutoName):
WIN7 = enum.auto()
WIN10 = enum.auto()


ANALYZE_URL = 'https://analyze.intezer.com'
BASE_URL = f'{ANALYZE_URL}/api/'
API_VERSION = 'v2-0'
Expand Down

0 comments on commit a9b3a3b

Please sign in to comment.