search

viper-framework / viper-modules

BSD 3-Clause "New" or "Revised" License
6 stars 11 forks source link

[misp] some exceptions #8

Closed adulau closed 4 years ago

adulau commented 4 years ago

@Rafiot for your info

viper  [MISP 73155] > misp check_hashes -p 69109
WARNING [api.py:128 - __init__() ] The version of PyMISP recommended by the MISP instance (2.4.130) is newer than the one you're using now (2.4.128). Please upgrade PyMISP.
[!] aa5e8e21c79b0b4a02726233b9f5eb4994c87ad3: The requested resource is not among the finished, queued or pending scans
[!] dbea8daf48cc54c7cfb0dcc689d4c9549d3dd23f: The requested resource is not among the finished, queued or pending scans
[!] 20ff1a290a53b39c4e54a670e8c27852be8bcff4: The requested resource is not among the finished, queued or pending scans
[!] 3b923fa1e5dcb4f65daa138beceb123d7c431d1b: The requested resource is not among the finished, queued or pending scans
[!] The command misp raised an exception:
Traceback (most recent call last):
  File "/home/adulau/.local/lib/python3.6/site-packages/viper/core/ui/console.py", line 322, in start
    module.run()
  File "/home/adulau/.viper/modules/misp.py", line 642, in run
    self.check_hashes()
  File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 178, in check_hashes
    vt_object = self._make_VT_object(to_expand, original_attribute)
  File "/home/adulau/.viper/modules/misp_methods/check_hashes.py", line 67, in _make_VT_object
    default_attributes_parameters=default_attributes_parameters)
  File "/home/adulau/.local/lib/python3.6/site-packages/pymisp/tools/vtreportobject.py", line 35, in __init__
    self._report = self.__query_virustotal(apikey, indicator)
  File "/home/adulau/.local/lib/python3.6/site-packages/pymisp/tools/vtreportobject.py", line 82, in __query_virustotal
    report_json = report.json()
  File "/home/adulau/.local/lib/python3.6/site-packages/requests/models.py", line 898, in json
    return complexjson.loads(self.text, **kwargs)
  File "/usr/lib/python3/dist-packages/simplejson/__init__.py", line 518, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 370, in decode
    obj, end = self.raw_decode(s)
  File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 400, in raw_decode
    return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
Rafiot commented 4 years ago

I see it fails after 4 queries... could it be because we reach the 4 requests/min limit? Can you try again with virustotal_has_private_key=False ?

adulau commented 4 years ago

Same behaviour with virustotal_has_private_key=False.

Rafiot commented 4 years ago

Right, it's ignored. Working on that, but that's the reason: VT returns an empty blob when we reach the limit.