Closed Kolano closed 4 years ago
This seems to occur post installing the symhash plugin, even if that plugin isn't used on a particular scan.
Here are instructions on how to replicate the error on a fresh Ubuntu 19.04 install...
#Install stoq
sudo apt-get install -y python3-pip python3-venv
mkdir -v -p ~/.stoq/plugins
python3 -m venv ~/.stoq/.venv
source ~/.stoq/.venv/bin/activate
pip3 install -U wheel
pip3 install -U stoq-framework
#Install mimetype plug-in
stoq install --github stoq:mimetype
#Test run which works
stoq scan ~/.stoq/.venv/bin/stoq -a mimetype
#Install symhash plug-in
stoq install --github stoq:symhash
#Test run which fails with error
stoq scan ~/.stoq/.venv/bin/stoq -a mimetype
Thanks @Kolano. It appears as though this is due to symhash using the outdated filemagic instead of python-magic. Normally I'd say we could do a PR in symhash to update it, but that project appears to be abandoned. I'll see if there is a better way of handling it. I'm open to suggestions if you have any.
Thanks for the quick response as usual.
I don't have an alternative atm, but the documentation on the symhash plugin should at least be updated to indicate that it's incompatible with the mimetype one in the meantime.
And could we run symhash in a separate venv from stoq to allow for the differing versions of filemagic between them?
I'm guessing that may add some extra complexity to how plug-ins are deployed/launched, but it would probably be a good idea since I'd have a feeling this won't be the last time stoQ will need to handle version mismatches between all the tools it utilizes.
This is fixed in the v3 branch. Essentially the mimetype
stoQ plugin is now a dependency for this plugin to run properly. The mimetype
plugin is able to handle both magic libraries.
On Ubuntu 19.04 I'm seeing this error from the mimetype plugin...
"worker:failed to scan: File \"/home/pass/.stoq/plugins/mimetype/mimetype.py\", line 45, in scan ; NameError: name 'mime' is not defined"
Something seems to be in conflict with stoQ's mime handling, I'm not able to replicate the error with only stoQ and the mimetype plug-in installed; still trying to pin down what else being installed specifically results in the error.