search

PUNCH-Cyber / stoq-plugins-public

stoQ Public Plugins
https://stoq.punchcyber.com
Apache License 2.0
72 stars 24 forks source link

Mimetype: 'mime' is not defined? #73

Closed Kolano closed 4 years ago

Kolano commented 5 years ago

On Ubuntu 19.04 I'm seeing this error from the mimetype plugin...

"worker:failed to scan: File \"/home/pass/.stoq/plugins/mimetype/mimetype.py\", line 45, in scan ; NameError: name 'mime' is not defined"

Something seems to be in conflict with stoQ's mime handling, I'm not able to replicate the error with only stoQ and the mimetype plug-in installed; still trying to pin down what else being installed specifically results in the error.

Kolano commented 5 years ago

This seems to occur post installing the symhash plugin, even if that plugin isn't used on a particular scan.

Here are instructions on how to replicate the error on a fresh Ubuntu 19.04 install...

#Install stoq
sudo apt-get install -y python3-pip python3-venv
mkdir -v -p ~/.stoq/plugins
python3 -m venv ~/.stoq/.venv
source ~/.stoq/.venv/bin/activate
pip3 install -U wheel
pip3 install -U stoq-framework

#Install mimetype plug-in
stoq install --github stoq:mimetype

#Test run which works
stoq scan ~/.stoq/.venv/bin/stoq -a mimetype

#Install symhash plug-in
stoq install --github stoq:symhash

#Test run which fails with error
stoq scan ~/.stoq/.venv/bin/stoq -a mimetype
mlaferrera commented 5 years ago

Thanks @Kolano. It appears as though this is due to symhash using the outdated filemagic instead of python-magic. Normally I'd say we could do a PR in symhash to update it, but that project appears to be abandoned. I'll see if there is a better way of handling it. I'm open to suggestions if you have any.

Kolano commented 5 years ago

Thanks for the quick response as usual.

I don't have an alternative atm, but the documentation on the symhash plugin should at least be updated to indicate that it's incompatible with the mimetype one in the meantime.

Kolano commented 5 years ago

And could we run symhash in a separate venv from stoq to allow for the differing versions of filemagic between them?

I'm guessing that may add some extra complexity to how plug-ins are deployed/launched, but it would probably be a good idea since I'd have a feeling this won't be the last time stoQ will need to handle version mismatches between all the tools it utilizes.

mlaferrera commented 4 years ago

This is fixed in the v3 branch. Essentially the mimetype stoQ plugin is now a dependency for this plugin to run properly. The mimetype plugin is able to handle both magic libraries.