v6.1.0

.flake8

@@ -1,5 +1,5 @@
 [flake8]
-max-line-length = 88
+max-line-length = 140
 ignore =
     W503,
     E231,

.github/pull_request_template.md

@@ -18,8 +18,8 @@ Please delete options that are not relevant.
 - [ ] The pull request is for the branch `develop`
 - [ ] A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
     - [ ] I strictly followed the documentation ["How to create a Plugin"](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-add-a-new-plugin)
-    - [ ] [Usage](https://github.com/intelowlproject/IntelOwl/blob/master/docs/source/Usage.md) file was updated.
-    - [ ] [Advanced-Usage](https://github.com/intelowlproject/IntelOwl/blob/master/docs/source/Advanced-Usage.md) was updated (in case the plugin provides additional optional configuration).
+    - [ ] [Usage](https://github.com/intelowlproject/docs/blob/main/docs/IntelOwl/usage.md) file was updated.
+    - [ ] [Advanced-Usage](https://github.com/intelowlproject/docs/blob/main/docs/IntelOwl/advanced_usage.md) was updated (in case the plugin provides additional optional configuration).
     - [ ] I have dumped the configuration from Django Admin using the `dumpplugin` command and added it in the project as a data migration. (["How to share a plugin with the community"](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-share-your-plugin-with-the-community))
     - [ ] If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive `test_files.zip` and you added the default tests for that mimetype in [test_classes.py](https://github.com/intelowlproject/IntelOwl/blob/master/tests/analyzers_manager/test_classes.py).
     - [ ] If you created a new analyzer and it is free (does not require any API key), please add it in the `FREE_TO_USE_ANALYZERS` playbook by following [this guide](https://intelowl.readthedocs.io/en/latest/Contribute.html#how-to-modify-a-plugin).

.github/workflows/pull_request_automation.yml

@@ -87,7 +87,6 @@ jobs:
           BUILDKIT_PROGRESS: "plain"
           STAGE: "ci"
           REPO_DOWNLOADER_ENABLED: false
-          WATCHMAN: false
 
       - name: Startup script launch (Fast)
         if: "!contains(github.base_ref, 'master')"
@@ -98,7 +97,6 @@ jobs:
           BUILDKIT_PROGRESS: "plain"
           STAGE: "ci"
           REPO_DOWNLOADER_ENABLED: false
-          WATCHMAN: false
 
       - name: Docker debug
         if: always()

.gitignore

@@ -45,3 +45,6 @@ coverage.xml
 *.cover
 .hypothesis/
 /.env
+
+# post run dev
+integrations/malware_tools_analyzers/clamav/sigs

.pre-commit-config.yaml

@@ -1,10 +1,10 @@
 repos:
   - repo: https://github.com/psf/black
-    rev: 23.7.0
+    rev: 24.8.0
     hooks:
       - id: black
   - repo: https://github.com/PyCQA/flake8
-    rev: 6.1.0
+    rev: 7.1.1
     hooks:
       - id: flake8
   - repo: https://github.com/pycqa/isort

README.md

@@ -1,4 +1,4 @@
-<img src="docs/static/intel_owl_positive.png" width=547 height=150 alt="Intel Owl"/>
+<img src="static/intel_owl_positive.png" width=547 height=150 alt="Intel Owl"/>
 
 [![GitHub release (latest by date)](https://img.shields.io/github/v/release/intelowlproject/IntelOwl)](https://github.com/intelowlproject/IntelOwl/releases)
 [![GitHub Repo stars](https://img.shields.io/github/stars/intelowlproject/IntelOwl?style=social)](https://github.com/intelowlproject/IntelOwl/stargazers)
@@ -42,9 +42,9 @@ It provides:
   - *playbooks* that are meant to make analysis easily repeatable
 
 
-### Documentation [![Documentation Status](https://readthedocs.org/projects/intelowl/badge/?version=latest)](https://intelowl.readthedocs.io/en/latest/?badge=latest)
+### Documentation
 We try hard to keep our documentation well written, easy to understand and always updated.
-All info about installation, usage, configuration and contribution can be found [here](https://intelowl.readthedocs.io/)
+All info about installation, usage, configuration and contribution can be found [here](https://intelowlproject.github.io/docs/)
 
 ### Publications and Media
 
@@ -73,22 +73,22 @@ Because of this, we joined [Open Collective](https://opencollective.com/intelowl
 
 #### Certego
 
-<a href="https://certego.net/?utm_source=intelowl"> <img style="margin-right: 2px" width=250 height=71 src="docs/static/Certego.png" alt="Certego Logo"/></a>
+<a href="https://certego.net/?utm_source=intelowl"> <img style="margin-right: 2px" width=250 height=71 src="static/Certego.png" alt="Certego Logo"/></a>
 
 [Certego](https://certego.net/?utm_source=intelowl) is a MDR (Managed Detection and Response) and Threat Intelligence Provider based in Italy.
 
 IntelOwl was born out of Certego's Threat intelligence R&D division and is constantly maintained and updated thanks to them.
 
 #### The Honeynet Project
 
-<a href="https://www.honeynet.org"> <img style="border: 0.2px solid black" width=125 height=125 src="docs/static/honeynet_logo.png" alt="Honeynet.org logo"> </a>
+<a href="https://www.honeynet.org"> <img style="border: 0.2px solid black" width=125 height=125 src="static/honeynet_logo.png" alt="Honeynet.org logo"> </a>
 
 [The Honeynet Project](https://www.honeynet.org) is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.
 
 Thanks to Honeynet, we are hosting a public demo of the application [here](https://intelowl.honeynet.org). If you are interested, please contact a member of Honeynet to get access to the public service.
 
 #### Google Summer of Code
-<a href="https://summerofcode.withgoogle.com/"> <img style="border: 0.2px solid black" width=150 height=89 src="docs/static/gsoc_logo.png" alt="GSoC logo"> </a>
+<a href="https://summerofcode.withgoogle.com/"> <img style="border: 0.2px solid black" width=150 height=89 src="static/gsoc_logo.png" alt="GSoC logo"> </a>
 
 Since its birth this project has been participating in the [Google Summer of Code](https://summerofcode.withgoogle.com/) (GSoC)!
 
@@ -99,7 +99,7 @@ If you are interested in participating in the next Google Summer of Code, check
 
 #### ThreatHunter.ai
 
-<a href="https://threathunter.ai?utm_source=intelowl"> <img style="border: 0.2px solid black" width=194 height=80 src="docs/static/threathunter_logo.png" alt="ThreatHunter.ai logo"> </a>
+<a href="https://threathunter.ai?utm_source=intelowl"> <img style="border: 0.2px solid black" width=194 height=80 src="static/threathunter_logo.png" alt="ThreatHunter.ai logo"> </a>
 
 [ThreatHunter.ai®](https://threathunter.ai?utm_source=intelowl), is a 100% Service-Disabled Veteran-Owned Small Business started in 2007 under the name Milton Security Group. ThreatHunter.ai is the global leader in Dynamic Threat Hunting. Operating a true 24x7x365 Security Operation Center with AI/ML-enhanced human Threat Hunters, ThreatHunter.ai has changed the industry in how threats are found, and mitigated in real time. For over 15 years, our teams of Threat Hunters have stopped hundreds of thousands of threats and assisted organizations in defending against threat actors around the clock.
 

api_app/admin.py

@@ -1,8 +1,9 @@
 # This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl
 # See the file 'LICENSE' for copying permission.
+from gettext import ngettext
 from typing import Any
 
-from django.contrib import admin
+from django.contrib import admin, messages
 from django.contrib.admin import widgets
 from django.db.models import JSONField, ManyToManyField
 from django.http import HttpRequest
@@ -69,10 +70,12 @@ class JobAdminView(CustomAdminView):
     )
     list_filter = ("status", "user", "tags")
 
-    def has_add_permission(self, request: HttpRequest) -> bool:
+    @staticmethod
+    def has_add_permission(request: HttpRequest) -> bool:
         return False
 
-    def has_change_permission(self, request: HttpRequest, obj=None) -> bool:
+    @staticmethod
+    def has_change_permission(request: HttpRequest, obj=None) -> bool:
         return False
 
     @admin.display(description="Tags")
@@ -151,7 +154,8 @@ class AbstractReportAdminView(CustomAdminView):
     def has_add_permission(request):
         return False
 
-    def has_change_permission(self, request: HttpRequest, obj=None) -> bool:
+    @staticmethod
+    def has_change_permission(request: HttpRequest, obj=None) -> bool:
         return False
 
 
@@ -193,6 +197,7 @@ class AbstractConfigAdminView(CustomAdminView):
     list_filter = ("disabled",)
     # allow to clone the object
     save_as = True
+    actions = ["disable", "enable"]
 
     @admin.display(description="Disabled in orgs")
     def disabled_in_orgs(self, instance: AbstractConfig):
@@ -202,6 +207,34 @@ def disabled_in_orgs(self, instance: AbstractConfig):
             )
         )
 
+    def disable(self, request, queryset):
+        counter = queryset.update(disabled=True)
+        self.message_user(
+            request,
+            ngettext(
+                f"{counter} {queryset.model._meta.verbose_name} was disabled.",
+                f"{counter} {queryset.model._meta.verbose_name_plural} were disabled.",
+                counter,
+            ),
+            messages.SUCCESS,
+        )
+
+    disable.short_description = "Disable configurations"
+
+    def enable(self, request, queryset):
+        counter = queryset.update(disabled=False)
+        self.message_user(
+            request,
+            ngettext(
+                f"{counter} {queryset.model._meta.verbose_name} was enabled.",
+                f"{counter} {queryset.model._meta.verbose_name_plural} were enabled.",
+                counter,
+            ),
+            messages.SUCCESS,
+        )
+
+    enable.short_description = "Enable configurations"
+
 
 class PythonConfigAdminView(AbstractConfigAdminView):
     list_display = AbstractConfigAdminView.list_display + ("routing_key",)

api_app/analyzers_manager/admin.py

@@ -6,9 +6,9 @@
 from api_app.analyzers_manager.models import AnalyzerConfig, AnalyzerReport
 
 
+# flake8: noqa
 @admin.register(AnalyzerReport)
-class AnalyzerReportAdminView(AbstractReportAdminView):
-    ...
+class AnalyzerReportAdminView(AbstractReportAdminView): ...
 
 
 @admin.register(AnalyzerConfig)

api_app/analyzers_manager/classes.py

@@ -38,20 +38,24 @@ class BaseAnalyzerMixin(Plugin, metaclass=ABCMeta):
     @classmethod
     @property
     def config_exception(cls):
+        """Returns the AnalyzerConfigurationException class."""
         return AnalyzerConfigurationException
 
     @property
     def analyzer_name(self) -> str:
+        """Returns the name of the analyzer."""
         return self._config.name
 
     @classmethod
     @property
     def report_model(cls):
+        """Returns the AnalyzerReport model."""
         return AnalyzerReport
 
     @classmethod
     @property
     def config_model(cls):
+        """Returns the AnalyzerConfig model."""
         return AnalyzerConfig
 
     def get_exceptions_to_catch(self):
@@ -98,6 +102,12 @@ def _validate_result(self, result, level=0, max_recursion=190):
         return result
 
     def after_run_success(self, content):
+        """
+        Handles actions after a successful run.
+
+        Args:
+            content (any): The content to process after a successful run.
+        """
         super().after_run_success(self._validate_result(content, max_recursion=15))
 
 
@@ -194,6 +204,11 @@ def read_file_bytes(self) -> bytes:
 
     @property
     def filepath(self) -> str:
+        """Returns the file path, retrieving the file from storage if necessary.
+
+        Returns:
+            str: The file path.
+        """
         if not self.__filepath:
             self.__filepath = self._job.file.storage.retrieve(
                 file=self._job.file, analyzer=self.analyzer_name