Trying to add a binary file as observable returns error:
Traceback (most recent call last): File "/opt/cortex/analyzers/VirusTotal/virustotal.py", line 273, in <module> VirusTotalAnalyzer().run() File "/opt/cortex/analyzers/VirusTotal/virustotal.py", line 262, in run self.report(results) File "/usr/local/lib/python3.7/dist-packages/cortexutils/analyzer.py", line 104, in report 'artifacts': self.artifacts(full_report), File "/opt/cortex/analyzers/VirusTotal/virustotal.py", line 114, in artifacts artifacts.append(self.build_artifact("file", self.obs_path)) File "/usr/local/lib/python3.7/dist-packages/cortexutils/analyzer.py", line 81, in build_artifact copyfileobj(src, os.fdopen(dst, 'w')) File "/usr/lib/python3.7/shutil.py", line 79, in copyfileobj buf = fsrc.read(length) File "/usr/lib/python3.7/codecs.py", line 322, in decode (result, consumed) = self._buffer_decode(data, self.errors, final)UnicodeDecodeError: 'utf-8' codec can't decode byte 0xd0 in position 0: invalid continuation byte
Probably due to python3 migration.
At the moment there are no analyzer that are adding file as observable so I could make a pull with binary support but I'm not sure if str support must be kept for any reason.
def build_artifact(self, data_type, data, **kwargs):
if data_type == 'file':
if os.path.isfile(data):
(dst, filename) = tempfile.mkstemp(dir=os.path.join(self.job_directory, "output"))
with open(data, 'rb') as src:
copyfileobj(src, os.fdopen(dst, 'wb'))
kwargs.update({'dataType': data_type, 'file': ntpath.basename(filename),
'filename': ntpath.basename(data)})
return kwargs
else:
kwargs.update({'dataType': data_type, 'data': data})
return kwargs
Trying to add a binary file as observable returns error:
Probably due to python3 migration.
At the moment there are no analyzer that are adding file as observable so I could make a pull with binary support but I'm not sure if str support must be kept for any reason.