assemblyline-core 4.5.1.dev368__tar.gz → 4.5.1.dev369__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of assemblyline-core might be problematic. Click here for more details.

Files changed (89) hide show
  1. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/PKG-INFO +1 -1
  2. assemblyline-core-4.5.1.dev369/assemblyline_core/VERSION +1 -0
  3. assemblyline-core-4.5.1.dev369/assemblyline_core/__init__.py +10 -0
  4. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/badlist_client.py +6 -1
  5. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/safelist_client.py +5 -0
  6. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core.egg-info/PKG-INFO +1 -1
  7. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_badlist_client.py +44 -2
  8. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_safelist_client.py +43 -3
  9. assemblyline-core-4.5.1.dev368/assemblyline_core/VERSION +0 -1
  10. assemblyline-core-4.5.1.dev368/assemblyline_core/__init__.py +0 -1
  11. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/LICENCE.md +0 -0
  12. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/README.md +0 -0
  13. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/alerter/__init__.py +0 -0
  14. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/alerter/processing.py +0 -0
  15. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/alerter/run_alerter.py +0 -0
  16. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/archiver/__init__.py +0 -0
  17. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/archiver/run_archiver.py +0 -0
  18. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/dispatching/__init__.py +0 -0
  19. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/dispatching/__main__.py +0 -0
  20. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/dispatching/client.py +0 -0
  21. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/dispatching/dispatcher.py +0 -0
  22. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/dispatching/schedules.py +0 -0
  23. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/dispatching/timeout.py +0 -0
  24. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/expiry/__init__.py +0 -0
  25. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/expiry/run_expiry.py +0 -0
  26. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/ingester/__init__.py +0 -0
  27. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/ingester/__main__.py +0 -0
  28. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/ingester/constants.py +0 -0
  29. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/ingester/ingester.py +0 -0
  30. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/__init__.py +0 -0
  31. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/es_metrics.py +0 -0
  32. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/heartbeat_formatter.py +0 -0
  33. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/helper.py +0 -0
  34. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/metrics_server.py +0 -0
  35. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/run_heartbeat_manager.py +0 -0
  36. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/run_metrics_aggregator.py +0 -0
  37. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/metrics/run_statistics_aggregator.py +0 -0
  38. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/plumber/__init__.py +0 -0
  39. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/plumber/run_plumber.py +0 -0
  40. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/__init__.py +0 -0
  41. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/client.py +0 -0
  42. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/creator/__init__.py +0 -0
  43. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/creator/run.py +0 -0
  44. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/creator/run_worker.py +0 -0
  45. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/loader/__init__.py +0 -0
  46. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/loader/run.py +0 -0
  47. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/loader/run_worker.py +0 -0
  48. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/replay/replay.py +0 -0
  49. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/__init__.py +0 -0
  50. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/collection.py +0 -0
  51. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/controllers/__init__.py +0 -0
  52. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/controllers/docker_ctl.py +0 -0
  53. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/controllers/interface.py +0 -0
  54. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/controllers/kubernetes_ctl.py +0 -0
  55. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/run_scaler.py +0 -0
  56. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/scaler/scaler_server.py +0 -0
  57. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/server_base.py +0 -0
  58. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/signature_client.py +0 -0
  59. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/submission_client.py +0 -0
  60. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/tasking_client.py +0 -0
  61. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/updater/__init__.py +0 -0
  62. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/updater/helper.py +0 -0
  63. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/updater/run_updater.py +0 -0
  64. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/vacuum/__init__.py +0 -0
  65. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/vacuum/crawler.py +0 -0
  66. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/vacuum/department_map.py +0 -0
  67. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/vacuum/safelist.py +0 -0
  68. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/vacuum/stream_map.py +0 -0
  69. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/vacuum/worker.py +0 -0
  70. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/workflow/__init__.py +0 -0
  71. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/workflow/run_workflow.py +0 -0
  72. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core.egg-info/SOURCES.txt +0 -0
  73. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core.egg-info/dependency_links.txt +0 -0
  74. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core.egg-info/requires.txt +0 -0
  75. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core.egg-info/top_level.txt +0 -0
  76. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/setup.cfg +0 -0
  77. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/setup.py +0 -0
  78. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_alerter.py +0 -0
  79. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_dispatcher.py +0 -0
  80. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_expiry.py +0 -0
  81. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_plumber.py +0 -0
  82. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_replay.py +0 -0
  83. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_scaler.py +0 -0
  84. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_scheduler.py +0 -0
  85. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_signature_client.py +0 -0
  86. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_simulation.py +0 -0
  87. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_vacuum.py +0 -0
  88. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_worker_ingest.py +0 -0
  89. {assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_worker_submit.py +0 -0
{assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline-core
3
- Version: 4.5.1.dev368
3
+ Version: 4.5.1.dev369
4
4
  Summary: Assemblyline 4 - Core components
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-core/
6
6
  Author: CCCS Assemblyline development team
assemblyline-core-4.5.1.dev369/assemblyline_core/VERSION ADDED
@@ -0,0 +1 @@
1
+ 4.5.1.dev369
assemblyline-core-4.5.1.dev369/assemblyline_core/__init__.py ADDED
@@ -0,0 +1,10 @@
1
+ PAUSABLE_COMPONENTS = ['ingester', 'dispatcher']
2
+
3
+ def normalize_hashlist_item(tag_type: str, tag_value: str) -> str:
4
+ # Normalize tag data pertaining to domains or URIs
5
+ if tag_type.endswith('.domain'):
6
+ tag_value = tag_value.lower()
7
+ elif tag_type.endswith('.uri'):
8
+ hostname = tag_value.split('//', 1)[1].split('/', 1)[0]
9
+ tag_value = tag_value.replace(hostname, hostname.lower(), 1)
10
+ return tag_value
{assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/badlist_client.py RENAMED
@@ -8,6 +8,8 @@ from assemblyline.datastore.helper import AssemblylineDatastore
8
8
  from assemblyline.odm.models.user import ROLES
9
9
  from assemblyline.remote.datatypes.lock import Lock
10
10
 
11
+ from assemblyline_core import normalize_hashlist_item
12
+
11
13
  CHUNK_SIZE = 1000
12
14
  CLASSIFICATION = forge.get_classification()
13
15
 
@@ -43,6 +45,9 @@ class BadlistClient:
43
45
  if tag_data is None or 'type' not in tag_data or 'value' not in tag_data:
44
46
  raise ValueError("Tag data not found")
45
47
 
48
+ # Normalize tag data before further processing
49
+ tag_data['value'] = normalize_hashlist_item(tag_data['type'], tag_data['value'])
50
+
46
51
  hashed_value = f"{tag_data['type']}: {tag_data['value']}".encode('utf8')
47
52
  data['hashes'] = {
48
53
  'sha256': hashlib.sha256(hashed_value).hexdigest()
@@ -143,7 +148,7 @@ class BadlistClient:
143
148
  lookup_keys = []
144
149
  for tag_type, tag_values in tag_map.items():
145
150
  for tag_value in tag_values:
146
- lookup_keys.append(hashlib.sha256(f"{tag_type}: {tag_value}".encode('utf8')).hexdigest())
151
+ lookup_keys.append(hashlib.sha256(f"{tag_type}: {normalize_hashlist_item(tag_type, tag_value)}".encode('utf8')).hexdigest())
147
152
 
148
153
  # Elasticsearch's result window can't be more than 10000 rows
149
154
  # we will query for matches in chunks
{assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core/safelist_client.py RENAMED
@@ -8,6 +8,8 @@ from assemblyline.datastore.helper import AssemblylineDatastore
8
8
  from assemblyline.odm.models.user import ROLES
9
9
  from assemblyline.remote.datatypes.lock import Lock
10
10
 
11
+ from assemblyline_core import normalize_hashlist_item
12
+
11
13
  CLASSIFICATION = forge.get_classification()
12
14
 
13
15
 
@@ -43,6 +45,9 @@ class SafelistClient:
43
45
  if tag_data is None or 'type' not in tag_data or 'value' not in tag_data:
44
46
  raise ValueError("Tag data not found")
45
47
 
48
+ # Normalize tag data before further processing
49
+ tag_data['value'] = normalize_hashlist_item(tag_data['type'], tag_data['value'])
50
+
46
51
  hashed_value = f"{tag_data['type']}: {tag_data['value']}".encode('utf8')
47
52
  data['hashes'] = {
48
53
  'sha256': hashlib.sha256(hashed_value).hexdigest()
{assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/assemblyline_core.egg-info/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: assemblyline-core
3
- Version: 4.5.1.dev368
3
+ Version: 4.5.1.dev369
4
4
  Summary: Assemblyline 4 - Core components
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-core/
6
6
  Author: CCCS Assemblyline development team
{assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_badlist_client.py RENAMED
@@ -1,12 +1,18 @@
1
1
 
2
2
  import hashlib
3
3
  import random
4
+ import time
4
5
  from copy import deepcopy
5
- import pytest
6
6
 
7
+ import pytest
7
8
  from assemblyline.common.forge import get_classification
8
9
  from assemblyline.common.isotime import iso_to_epoch
9
- from assemblyline.odm.random_data import create_users, create_badlists, wipe_users, wipe_badlist
10
+ from assemblyline.odm.random_data import (
11
+ create_badlists,
12
+ create_users,
13
+ wipe_badlist,
14
+ wipe_users,
15
+ )
10
16
  from assemblyline.odm.randomizer import get_random_hash
11
17
  from assemblyline_core.badlist_client import BadlistClient, InvalidBadhash
12
18
 
@@ -288,3 +294,39 @@ def test_badlist_update_conflict(client):
288
294
  client.add_update(sl_data)
289
295
 
290
296
  assert 'has a type conflict:' in conflict_exc.value.args[0]
297
+
298
+ def test_badlist_tag_normalization(client):
299
+ tag_type = 'network.static.uri'
300
+ tag_value = 'https://BaD.com/About'
301
+
302
+ normalized_value = 'https://bad.com/About'
303
+ hashed_value = f"{tag_type}: {normalized_value}".encode('utf8')
304
+ expected_qhash = hashlib.sha256(hashed_value).hexdigest()
305
+
306
+ # Generate a random badlist
307
+ sl_data = {
308
+ 'attribution': {
309
+ 'actor': ["SOMEONE!"],
310
+ 'campaign': None,
311
+ 'category': None,
312
+ 'exploit': None,
313
+ 'implant': None,
314
+ 'family': None,
315
+ 'network': None
316
+ },
317
+ 'dtl': 15,
318
+ 'tag': {'type': tag_type,
319
+ 'value': tag_value},
320
+ 'sources': [BAD_SOURCE, ADMIN_SOURCE],
321
+ 'type': 'tag'
322
+ }
323
+
324
+ client.add_update(sl_data)
325
+
326
+ # Assert that item got created with the expected ID from the normalized tag value
327
+ assert client.datastore.badlist.exists(expected_qhash)
328
+ time.sleep(1)
329
+
330
+ # Assert that the tag exists in either format (within reason)
331
+ assert client.exists_tags({tag_type: [tag_value]})
332
+ assert client.exists_tags({tag_type: [normalized_value]})
{assemblyline-core-4.5.1.dev368 → assemblyline-core-4.5.1.dev369}/test/test_safelist_client.py RENAMED
@@ -1,15 +1,20 @@
1
1
 
2
2
  import hashlib
3
3
  import random
4
+ import time
4
5
  from copy import deepcopy
5
6
 
6
7
  import pytest
7
-
8
8
  from assemblyline.common.forge import get_classification
9
9
  from assemblyline.common.isotime import iso_to_epoch, now_as_iso
10
- from assemblyline.odm.random_data import create_users, create_safelists, wipe_users, wipe_safelist
10
+ from assemblyline.odm.random_data import (
11
+ create_safelists,
12
+ create_users,
13
+ wipe_safelist,
14
+ wipe_users,
15
+ )
11
16
  from assemblyline.odm.randomizer import get_random_hash
12
- from assemblyline_core.safelist_client import SafelistClient, InvalidSafehash
17
+ from assemblyline_core.safelist_client import InvalidSafehash, SafelistClient
13
18
 
14
19
  add_hash_file = "10" + get_random_hash(62)
15
20
  add_error_hash = "11" + get_random_hash(62)
@@ -326,3 +331,38 @@ def test_safelist_update_conflict(client):
326
331
  client.add_update(sl_data)
327
332
 
328
333
  assert 'has a type conflict:' in conflict_exc.value.args[0]
334
+
335
+ def test_safelist_tag_normalization(client):
336
+ tag_type = 'network.static.uri'
337
+ tag_value = 'https://gOOd.com/About'
338
+
339
+ normalized_value = 'https://good.com/About'
340
+ hashed_value = f"{tag_type}: {normalized_value}".encode('utf8')
341
+ expected_qhash = hashlib.sha256(hashed_value).hexdigest()
342
+
343
+ # Generate a safelist item
344
+ sl_data = {
345
+ 'attribution': {
346
+ 'actor': ["SOMEONE!"],
347
+ 'campaign': None,
348
+ 'category': None,
349
+ 'exploit': None,
350
+ 'implant': None,
351
+ 'family': None,
352
+ 'network': None
353
+ },
354
+ 'dtl': 15,
355
+ 'tag': {'type': tag_type,
356
+ 'value': tag_value},
357
+ 'sources': [NSRL_SOURCE, ADMIN_SOURCE],
358
+ 'type': 'tag'
359
+ }
360
+
361
+ client.add_update(sl_data)
362
+
363
+ # Assert that item got created with the expected ID from the normalized tag value
364
+ assert client.datastore.safelist.exists(expected_qhash)
365
+ time.sleep(1)
366
+
367
+ # Assert that the tag exists in either format (within reason)
368
+ assert client.get_safelisted_tags([tag_type])['match'][tag_type] == [normalized_value]
assemblyline-core-4.5.1.dev368/assemblyline_core/VERSION DELETED
@@ -1 +0,0 @@
1
- 4.5.1.dev368
assemblyline-core-4.5.1.dev368/assemblyline_core/__init__.py DELETED
@@ -1 +0,0 @@
1
- PAUSABLE_COMPONENTS = ['ingester', 'dispatcher']