patched bulk download API; refactoring

Author: marcobizzarr1

README.md

@@ -56,9 +56,15 @@ md5_list = [
 ]
 
 result = sbx.bulk_download_request(md5_list=md5_list, api_key="my-api-key")
-print result
 if result.status == SUCCESS:
-    print sbx.bulk_download_retrieve(id_request=result.msg['id_request'], api_key="my-api-key", path="output\\directory\\")
+    print result
+    while True:
+        result2 = sbx.bulk_download_retrieve(id_request=result.msg['id_request'], api_key="my-api-key", path="output\\directory\\")
+        if result2.status != PROCESSING:
+            print result2
+            break
+
+        time.sleep(1)
 ```
 
 To retrieve scan result of a specific MD5
@@ -174,29 +180,41 @@ print result
 
 # More advanced usage examples
 
-Find all domains registered in the last 7 days, print out the malware tags related to them and 
+Find all domains registered in the last 3 days, print out the malware tags related to them and
 list all MD5 samples connecting to them. Then for each one of the samples retrieve the matched
 behavioral rules
 
 ```python
 from deepviz import intel, sandbox
 API_KEY = "0000000000000000000000000000000000000000000000000000000000000000"
 ThreatIntel = intel.Intel()
-ThreatSbx = sandbox.Sandbox()
-result_domains = ThreatIntel.domain_info(api_key=API_KEY, time_delta="7d")
-domains = result_domains.msg
-for domain in domains.keys():
-    result_list_samples = ThreatIntel.advanced_search(api_key=API_KEY, domain=[domain], classification="M")
-    if isinstance(result_list_samples.msg, list):
-        if len(domains[domain]['tag']):
-            print "DOMAIN: %s ==> %s samples [TAG: %s]" % (domain, len(result_list_samples.msg), ", ".join((tag['key'] for tag in domains[domain]['tag'])))
+ThreatSbx = Sandbox()
+result_domains = ThreatIntel.domain_info(api_key=API_KEY, time_delta="3d")
+if result_domains.status == SUCCESS:
+    domains = result_domains.msg
+    for domain in domains.keys():
+        result_list_samples = ThreatIntel.advanced_search(api_key=API_KEY, domain=[domain], classification="M")
+        if result_list_samples.status == SUCCESS:
+            if isinstance(result_list_samples.msg, list):
+                if len(domains[domain]['tag']):
+                    print "DOMAIN: %s ==> %s samples [TAG: %s]" % (domain, len(result_list_samples.msg), ", ".join((tag for tag in domains[domain]['tag'])))
+                else:
+                    print "DOMAIN: %s ==> %s samples" % (domain, len(result_list_samples.msg))
+
+                for sample in result_list_samples.msg:
+                    result_report = ThreatSbx.sample_report(md5=sample, api_key=API_KEY, filters=["rules"])
+                    if result_report.status == SUCCESS:
+                        print "%s => [%s]" % (sample, ", ".join([rule for rule in result_report.msg['rules']]))
+                    else:
+                        print result_report
+                        break
+            else:
+                print "DOMAIN: %s ==> No samples found" % domain
         else:
-            print "DOMAIN: %s ==> %s samples" % (domain, len(result_list_samples.msg))
-        for sample in result_list_samples.msg:
-            result_report = ThreatSbx.sample_report(md5=sample, api_key=API_KEY, filters=["rules"])
-            print "%s => [%s]" % (sample, ", ".join((rule for rule in result_report.msg['rules'])))
-    else:
-        print "DOMAIN: %s ==> No samples found" % domain
+            print result_list_samples
+            break
+else:
+    print result_domains
 ```
 result:
 

deepviz/intel.py

@@ -59,12 +59,14 @@ def ip_info(self, api_key=None, ip=None, time_delta=None, history=False):
         except Exception as e:
             return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)
 
-        data = json.loads(r.content)
+        try:
+            data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
 
         if r.status_code == 200:
             return Result(status=SUCCESS, msg=data['data'])
         else:
-            data = json.loads(r.content)
             if r.status_code >= 500:
                 return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
             else:
@@ -137,7 +139,10 @@ def domain_info(self, api_key=None, domain=None, time_delta=None, history=False,
             msg = "Error while connecting to Deepviz: %s" % e
             return Result(status=NETWORK_ERROR, msg=msg)
 
-        data = json.loads(r.content)
+        try:
+            data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
 
         if r.status_code == 200:
             return Result(status=SUCCESS, msg=data['data'])
@@ -177,7 +182,10 @@ def search(self, api_key=None, search_string=None, start_offset=None, elements=N
         except Exception as e:
             return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)
 
-        data = json.loads(r.content)
+        try:
+            data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
 
         if r.status_code == 200:
             return Result(status=SUCCESS, msg=data['data'])
@@ -224,7 +232,10 @@ def advanced_search(self, api_key=None, sim_hash=None, created_files=None, imp_h
         except Exception as e:
             return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)
 
-        data = json.loads(r.content)
+        try:
+            data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
 
         if r.status_code == 200:
             msg = data['data']

deepviz/result.py

@@ -4,6 +4,7 @@
 CLIENT_ERROR = "DEEPVIZ_STATUS_CLIENT_ERROR"        # Http 4xx
 NETWORK_ERROR = "DEEPVIZ_STATUS_NETWORK_ERROR"      # Cannot contact Deepviz
 INTERNAL_ERROR = "DEEPVIZ_STATUS_INTERNAL_ERROR"
+PROCESSING = "DEEPVIZ_STATUS_PROCESSING"            # Result is not ready yet
 
 
 class Result:

deepviz/sandbox.py

@@ -55,12 +55,15 @@ def upload_sample(self, path=None, api_key=None):
             msg = "Error while connecting to Deepviz: %s" % e
             return Result(status=NETWORK_ERROR, msg=msg)
 
-        if r.status_code == 200:
+        try:
             data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
+
+        if r.status_code == 200:
             msg = data['data']
             return Result(status=SUCCESS, msg=msg)
         else:
-            data = json.loads(r.content)
             if r.status_code >= 500:
                 return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
             else:
@@ -119,10 +122,10 @@ def download_sample(self, md5=None, path=None, api_key=None):
             return Result(status=INTERNAL_ERROR, msg=msg)
 
         body = json.dumps(
-                {
-                    "api_key": api_key,
-                    "md5": md5
-                })
+            {
+                "api_key": api_key,
+                "md5": md5
+            })
         try:
             r = requests.post(URL_DOWNLOAD_SAMPLE, data=body)
         except Exception as e:
@@ -133,7 +136,11 @@ def download_sample(self, md5=None, path=None, api_key=None):
             _file.close()
             return Result(status=SUCCESS, msg="Sample downloaded to '%s'" % finalpath)
         else:
-            data = json.loads(r.content)
+            try:
+                data = json.loads(r.content)
+            except Exception as e:
+                return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
+
             if r.status_code >= 500:
                 return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
             else:
@@ -159,7 +166,10 @@ def sample_result(self, md5=None, api_key=None):
         except Exception as e:
             return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)
 
-        data = json.loads(r.content)
+        try:
+            data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
 
         if r.status_code == 200:
             return Result(status=SUCCESS, msg=data['data'])
@@ -198,7 +208,10 @@ def sample_report(self, md5=None, api_key=None, filters=None):
         except Exception as e:
             return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)
 
-        data = json.loads(r.content)
+        try:
+            data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
 
         if r.status_code == 200:
             return Result(status=SUCCESS, msg=data['data'])
@@ -227,7 +240,10 @@ def bulk_download_request(self, md5_list=None, api_key=None):
             msg = "Error while connecting to Deepviz. [%s]" % e
             return Result(status=NETWORK_ERROR, msg=msg)
 
-        data = json.loads(r.content)
+        try:
+            data = json.loads(r.content)
+        except Exception as e:
+            return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
 
         if r.status_code == 200:
             return Result(status=SUCCESS, msg=data['data'])
@@ -261,21 +277,30 @@ def bulk_download_retrieve(self, id_request=None, path=None, api_key=None):
             return Result(status=INTERNAL_ERROR, msg="Cannot create file '%s'" % finalpath)
 
         body = json.dumps(
-                {
-                    "api_key": api_key,
-                    "id_request": str(id_request)
-                })
+            {
+                "api_key": api_key,
+                "id_request": str(id_request)
+            })
         try:
             r = requests.post(URL_DOWNLOAD_BULK, data=body)
         except Exception as e:
+            _file.close()
             return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e)
 
         if r.status_code == 200:
             _file.write(r.content)
             _file.close()
             return Result(status=SUCCESS, msg="File downloaded to '%s'" % finalpath)
+        elif r.status_code == 428:
+            _file.close()
+            return Result(status=PROCESSING, msg="{status_code} - Your request is being processed. Please try again in a few minutes".format(status_code=r.status_code))
         else:
-            data = json.loads(r.content)
+            _file.close()
+            try:
+                data = json.loads(r.content)
+            except Exception as e:
+                return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e)
+
             if r.status_code >= 500:
                 return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg']))
             else:

examples/sandbox_test.py

@@ -50,9 +50,16 @@
 ]
 
 result = sbx.bulk_download_request(md5_list=md5_list, api_key=API_KEY)
-print result
 if result.status == SUCCESS:
-    print sbx.bulk_download_retrieve(id_request=result.msg['id_request'], api_key=API_KEY, path=".")
+    print result
+    while True:
+        result2 = sbx.bulk_download_retrieve(id_request=result.msg['id_request'], api_key=API_KEY, path=".")
+        if result2.status != PROCESSING:
+            print result2
+            break
+
+        time.sleep(1)
+
 
 ########################################################################################################################
 
@@ -90,17 +97,29 @@
 # behavioral rules
 
 ThreatSbx = Sandbox()
-result_domains = ThreatIntel.domain_info(api_key=API_KEY, time_delta="7d")
-domains = result_domains.msg
-for domain in domains.keys():
-    result_list_samples = ThreatIntel.advanced_search(api_key=API_KEY, domain=[domain], classification="M")
-    if isinstance(result_list_samples.msg, list):
-        if len(domains[domain]['tag']):
-            print "DOMAIN: %s ==> %s samples [TAG: %s]" % (domain, len(result_list_samples.msg), ", ".join((tag for tag in domains[domain]['tag'])))
+result_domains = ThreatIntel.domain_info(api_key=API_KEY, time_delta="3d")
+if result_domains.status == SUCCESS:
+    domains = result_domains.msg
+    for domain in domains.keys():
+        result_list_samples = ThreatIntel.advanced_search(api_key=API_KEY, domain=[domain], classification="M")
+        if result_list_samples.status == SUCCESS:
+            if isinstance(result_list_samples.msg, list):
+                if len(domains[domain]['tag']):
+                    print "DOMAIN: %s ==> %s samples [TAG: %s]" % (domain, len(result_list_samples.msg), ", ".join((tag for tag in domains[domain]['tag'])))
+                else:
+                    print "DOMAIN: %s ==> %s samples" % (domain, len(result_list_samples.msg))
+
+                for sample in result_list_samples.msg:
+                    result_report = ThreatSbx.sample_report(md5=sample, api_key=API_KEY, filters=["rules"])
+                    if result_report.status == SUCCESS:
+                        print "%s => [%s]" % (sample, ", ".join([rule for rule in result_report.msg['rules']]))
+                    else:
+                        print result_report
+                        break
+            else:
+                print "DOMAIN: %s ==> No samples found" % domain
         else:
-            print "DOMAIN: %s ==> %s samples" % (domain, len(result_list_samples.msg))
-        for sample in result_list_samples.msg:
-            result_report = ThreatSbx.sample_report(md5=sample, api_key=API_KEY, filters=["rules"])
-            print "%s => [%s]" % (sample, ", ".join((rule for rule in result_report.msg['rules'])))
-    else:
-        print "DOMAIN: %s ==> No samples found" % domain
+            print result_list_samples
+            break
+else:
+    print result_domains

setup.py

@@ -2,7 +2,7 @@
 
 setuptools.setup(
         name='python-deepviz',
-        version='1.1.1',
+        version='1.1.2',
         author='Saferbytes',
         author_email='info@saferbytes.it',
         url="https://github.com/saferbytes/python-deepviz",