First crack at adding filepaths to samples #568
Conversation
crits/samples/handlers.py
Outdated
There was a problem hiding this comment.
I think this function might be not needed here, I'll have to check.
|
The only other thing I'm mulling over outside of the above is the addition of the Indicator and Object vocab. The |
|
Makes sense, but like file name it would be nice to get to choose and visually see which one you've selected for your file path and to be able to change it whenever you want instead of it being clumped into the list. |
|
Also, about the File Path indicator type. I've talked to a few people about having three distinct types:
Would this make sense? I've gotten positive feedback so far. It would mean we can take the File Paths for a sample and have a "create indicator" feature which can either create a Directory indicator out of the File Path, or a File Path Indicator by combining a File Path and a File Name. But it also begs the question of renaming "File Path" for Samples into "Directories" to make that a more logical transition? |
|
I've stepped across this Then I started thinking about windows path separators vs the rest of the world. In order to have something useful there I think that having the full path where the file was found, would be great. Then someone will ask for globbing, and then for regex. For regular web based interface access patterns passing the absolute paths through os.path.basename(), os.path.dirname(), os.path.splitext() should be fine. My perception is that the pre-chopped forms might be useful for pivoting and querying, but then we'd end up duplicating some data. Perhaps the lowest overhead solution would be to pre-split, then use os.path.join(). Directory and filename make sense, and the only ambiguity will happen when you'll end up with many directories and many filenames, and you'd want to create some actionable indicators, but let's say the filename is dependent on the directory name, and not having connection between filename and directory could be problematic in a sense that it could increase the number of combinations e.g.: For now I mostly rely on CRITs to hold the data for the observed artifact feeds (sandboxes, AV), and there's not much variety when it comes to filepaths. |
I think it was not in use by anything.
crits/samples/urls.py
Outdated
There was a problem hiding this comment.
I think that one of the two can be removed here.
crits/samples/sample.py
Outdated
There was a problem hiding this comment.
What is this for if it's not something that can be set?
- filepath was mistakenly added to unrar_file() - rearanged parameters in handle_file()
There is no need to pass filepath to unzip_file()/unrar_file()
|
Got some more fixes done, even email attachments should work now. Commit times are from May 2015, as I later noticed that the clock on my test VM was not synced) |
|
Do you want it to look like the edit fields for the email properties? |
|
When submitting a zip file (and I assume a rar file) the filepath in the form isn't properly passed along so it is dropped on the floor. |
|
if you get "2 No such file or directory" then the path for 7z is not right. Brew puts it in /usr/local/bin/7z, whereas your default setting might be /usr/bin/7z. |
|
A head's up about the status of this PR: Still waiting for a response to my above comment about filepaths being dropped on the floor for archive files. Not sure about the best solution:
|
|
I think that I'll just add a runtime switch |
|
I'll need to add the logic for this to work. |
…epath logic works like this:
if inherit_filepath:
# if inherit_filepath checked, filepath + the zip's internal paths + filename
filepathz = os.path.join(filepath, rel_fi)
else:
# if inherit_filepath not checked, just use the filepath + filename
filepathz = os.path.join(filepath, filename)
|
This one should be ready for testing, and perhaps some naming changes. |
Comments are welcome