Open Fryyyyy opened 9 years ago
KillerInstinct
commented
9 years ago Ahh yes. This code was migrated from api.py which does not delete the MongoDB data. It only deletes it from the main Cuckoo DB. I assume this was done back when Django wasn't as 'mainstream'.
Will see about fixing it sometime soon.
Question, are you using the Django API or the standalone api.py?
Fryyyyy
commented
9 years ago We're using api.py
Fryyyyy
commented
9 years ago Hopefully by 'fixing it' you mean allowing the search and not "also deleting from Mongo" :)
KillerInstinct
commented
9 years ago If a task has been deleted, the data should be deleted from mongo and not searchable -- should it not? Otherwise I'm not sure what functionality you're looking for.
Fryyyyy
commented
9 years ago I guess this has raised an interesting use case - we delete processed samples to save on space, the report and binary are cleaned up after analysis, but we still extensively (want to search and) view those analyses in the web interface.
KillerInstinct
commented
9 years ago So, there's a couple issues here.
1) api.py isn't kept up to date with upstream, because django has a more feature-rich api. Upstream has actually switched from bottle to flask, which we have not done (not really sure why the switched -- but regardless their api.py also does not have MongoDB imports.) 2) api.py was developed before cuckoo 1.0 which means it didn't have any interoperability with MongoDB
So, if you simply want to retain the database and MongoDB, i could just add that functionality to the Django API. As I said, I don't really keep up with api.py.
Not sure if this bug exists in upstream, but we're running -modified so reporting here.
A task that has been deleted through the API is still accessible through /analysis/taskid/ and all the relevant information still exists in the MongoDB.
However you cannot search for those tasks, by any field.