Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VirusTotal Analyzer requirements missing from docker image #230

Closed
geekscrapy opened this issue Apr 13, 2018 · 2 comments
Closed

VirusTotal Analyzer requirements missing from docker image #230

geekscrapy opened this issue Apr 13, 2018 · 2 comments
Labels
scope:question

Comments

@geekscrapy
Copy link

geekscrapy commented Apr 13, 2018
edited
Loading

Request Type

Bug

Work Environment

Question Answer
OS version (server) Linux 4.13.0-38-generic 43~16.04.1-Ubuntu SMP Wed Mar 14 17:48:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux - Docker
OS version (client) Version 65.0.3325.181 (Official Build) Built on Ubuntu , running on Ubuntu 16.04 (64-bit)
Cortex Analyzer Name VirusTotal_GetReport_3_0, maybe more
Cortex Analyzer Version 3.0
Cortex Version 2.0.3

Docker info

Client:
Version: 17.12.0-ce
API version: 1.35
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:10:45 2017
OS/Arch: linux/amd64

Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:09:19 2017
OS/Arch: linux/amd64
Experimental: false

Description

Error when running analyzer. Python errors with requirements

Steps to Reproduce

  1. Run docker with the following compose file:

https://github.com/TheHive-Project/Cortex/blob/master/docker/cortex/docker-compose.yml

  1. Setup analyzer with api and if required, proxy
  2. Try to run analyzer, get the following error:

Invalid output
Traceback (most recent call last):
File "VirusTotal/virustotal.py", line 8, in
from cortexutils.analyzer import Analyzer
ImportError: No module named cortexutils.analyzer

Possible Solutions

The following is a trace of the fix and next issue. These commands were conducted from the docker exec command as follows: docker exec -itu 0 cortextest_cortex_1 bash

pip2 install cortexutils
rm /usr/local/lib/python2.7/dist-packages/cortexutils/*.pyc

This gave the following error:

Invalid output
Traceback (most recent call last):
File "VirusTotal/virustotal.py", line 8, in
from cortexutils.analyzer import Analyzer
File "/usr/local/lib/python2.7/dist-packages/cortexutils/analyzer.py", line 7, in
from cortexutils.extractor import Extractor
File "/usr/local/lib/python2.7/dist-packages/cortexutils/extractor.py", line 2, in
from builtins import str as unicode
ImportError: No module named builtins

Fix:

pip2 install future

Provided the following error:

Invalid output
Traceback (most recent call last):
File "VirusTotal/virustotal.py", line 176, in
VirusTotalAnalyzer().run()
File "VirusTotal/virustotal.py", line 153, in run
self.report(self.check_response(self.vt.get_ip_report(data)))
File "/opt/Cortex-Analyzers/analyzers/VirusTotal/virustotal_api.py", line 200, in get_ip_report
except requests.RequestException as e:
NameError: global name 'requests' is not defined

Fix:

pip2 install requests

This then provided a working analyzer.

This should be addressed in the docker image.

Also, what's the reason for the following in virustotal_api.py ?

try:
import requests
except ImportError:
pass
@nadouani
Copy link
Contributor

Hello, 2.0.4 version has just been released, please try it, it's supposed to fix these issues too.

@geekscrapy
Copy link
Author

Brilliant! Think this was just bad timing then! Confirmed - all working

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope:question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nadouani @geekscrapy