Closed g4ze closed 1 month ago
>>> from domaincheck import domaincheck
>>> result = domaincheck.main(["google.com"],resolver="8.8.8.8")
performAllChecks2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
lookup2: resolver= 8.8.8.8
>>> print(result)
@mlodic this script works perfectly fine inside the docker container, but for some reason, when using the same logic inside the analyzer this is shown:
logs:
2024-07-23 18:42:03,722 - api_app.views - analyze_multiple_observables - INFO - received analyze_multiple_observables from user admin
2024-07-23 18:42:03,730 - api_app.serializers.job - validate - DEBUG - before attrs: {'user': <SimpleLazyObject: <User: admin>>, 'delay': 0, 'is_sample': False, 'tlp': 'AMBER', 'analyzers_requested': [<AnalyzerConfig: Domaincheck>], 'connectors_requested': <PythonConfigQuerySet []>, 'tags_labels': <generator object _AbstractJobCreateSerializer.validate_tags_labels at 0x7f72d6fd3040>, 'scan_mode': 1, 'investigation': None, 'observable_name': 'google.com'}
2024-07-23 18:42:03,764 - api_app.serializers.job - validate - DEBUG - after attrs: {'user': <SimpleLazyObject: <User: admin>>, 'delay': 0, 'is_sample': False, 'tlp': 'AMBER', 'analyzers_requested': [<AnalyzerConfig: Domaincheck>], 'connectors_requested': <PythonConfigQuerySet []>, 'scan_mode': 1, 'investigation': None, 'observable_name': 'google.com', 'observable_classification': ObservableTypes.DOMAIN, 'md5': '1d5920f4b44b27a802bd77c4f0536f5a', 'scan_check_time': None, 'analyzers_to_execute': [<AnalyzerConfig: Domaincheck>], 'connectors_to_execute': [], 'visualizers_to_execute': [], 'warnings': [], 'tags': <generator object _AbstractJobCreateSerializer.validate_tags_labels at 0x7f72d6fd3040>}
2024-07-23 18:42:03,807 - api_app.serializers.job - create - INFO - Job 107 created
2024-07-23 18:42:03,807 - api_app.serializers.job - create - INFO - Sending task for job 107
2024-07-23 18:42:03,830 - api_app.views - analyze_multiple_observables - INFO - finished analyze_multiple_observables from user admin
Am I missing something obvious here?
from your log it seems that your main function is delivering results to the standard output instead of as a return to the function itself so "results" is never populated. Otherwise you should not see anything in the shell logs
maybe enable json result? https://github.com/intelowlproject/domaincheck/blob/main/domaincheck/domaincheck.py#L388
I'm not sure I understood what you meant. In the python shell, the result
variable does contain a proper json result. when I doprint(result)
in the shell, it does print the complete result.
secondly, the only output supported(and by default) in the new package is json. so it is inevitable for the funnction to return anything else.
The result in the python shell is always populated and the main function does return the result in a json format.
Moreover, I have put some start and end logs in the analyzer class, which dont seem to be working, as seen in the api logs. So my guess is that the control flow isint even reaching the analyzer class in this case. Please let me know if it makes sense.
abandoned cause main code is too raw
closes #1682
Description
Please include a summary of the change and link to the related issue.
Type of change
Please delete options that are not relevant.
Checklist
develop
dumpplugin
command and added it in the project as a data migration. ("How to share a plugin with the community")test_files.zip
and you added the default tests for that mimetype in test_classes.py.FREE_TO_USE_ANALYZERS
playbook by following this guide.url
that contains this information. This is required for Health Checks._monkeypatch()
was used in its class to apply the necessary decorators.MockUpResponse
of the_monkeypatch()
method. This serves us to provide a valid sample for testing.Black
,Flake
,Isort
) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.tests
folder). All the tests (new and old ones) gave 0 errors.DeepSource
,Django Doctors
or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.Important Rules