Skip to content

Url phishing analysis framework#2552

Merged
mlodic merged 158 commits intodevelopfrom
url-phishing-analysis-framework
Nov 6, 2024
Merged

Url phishing analysis framework#2552
mlodic merged 158 commits intodevelopfrom
url-phishing-analysis-framework

Conversation

@fgibertoni
Copy link
Contributor

@fgibertoni fgibertoni commented Oct 24, 2024

Description

Added a framework for dumping information about web pages and interact with phishing pages.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue).
  • New feature (non-breaking change which adds functionality).
  • Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

  • I have read and understood the rules about how to Contribute to this project
  • The pull request is for the branch develop
  • A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
    • I strictly followed the documentation "How to create a Plugin"
    • Usage file was updated.
    • Advanced-Usage was updated (in case the plugin provides additional optional configuration).
    • I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. ("How to share a plugin with the community")
    • If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip and you added the default tests for that mimetype in test_classes.py.
    • If you created a new analyzer and it is free (does not require any API key), please add it in the FREE_TO_USE_ANALYZERS playbook by following this guide.
    • Check if it could make sense to add that analyzer/connector to other freely available playbooks.
    • I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
    • If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information. This is required for Health Checks.
    • If the plugin requires mocked testing, _monkeypatch() was used in its class to apply the necessary decorators.
    • I have added that raw JSON sample to the MockUpResponse of the _monkeypatch() method. This serves us to provide a valid sample for testing.
  • If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
  • Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
  • I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
  • If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md).
  • If the GUI has been modified:
    • I have a provided a screenshot of the result in the PR.
    • I have created new frontend tests for the new component or updated existing ones.
  • After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Important Rules

  • If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
  • Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review. After being reviewed and received a "change request", you should explicitly ask for a review again once you have made the requested changes.

fgibertoni added 30 commits April 30, 2024 15:27
@fgibertoni
Added selenium dependency
c5422a4
@fgibertoni
Added driver creation with custom proxy
892e6d9
@fgibertoni
Merge branch 'refs/heads/develop' into url-phishing-analysis-framework
041436f 
# Conflicts:
#	requirements/project-requirements.txt
@fgibertoni
Fixed load_env() parsing of .env files
347c6fe
@fgibertoni
Merge branch 'refs/heads/fix-load-env-parsing' into url-phishing-anal…
03d2977 
…ysis-framework
@fgibertoni
Merge branch 'develop' of github.com:intelowlproject/IntelOwl into ur…
a5bbc4f 
…l-phishing-analysis-framework
@fgibertoni
Added config proxy server as parameter
c1accc4
@fgibertoni
Added return for source and server response
d2ecd34
@fgibertoni
Also added request data
980d141
@fgibertoni
Added error handling
c8b991f
@fgibertoni
Added mockup test
b8d6c52
@fgibertoni
Added default value for parameters
e836caa
@fgibertoni
Converted proxy port to int instead of string
8359dd1
@fgibertoni
Added migration for new analyzer
6cb76ae
@fgibertoni
Merge branch 'refs/heads/develop' into playbook-phishing-analysis
3bcc345 
# Conflicts:
#	requirements/project-requirements.txt
@fgibertoni
Merge branch 'refs/heads/develop' into playbook-phishing-analysis
2680454
@fgibertoni
Moved migration to avoid conflicts
cbdc205
@fgibertoni
Updated selenium version
91c6866
@fgibertoni
Merge branch 'develop' of github.com:intelowlproject/IntelOwl into pl…
76a5080 
…aybook-phishing-analysis
@fgibertoni
Changed migration name
ab928a0
@fgibertoni
Added more logging
b2efd3f
@fgibertoni
Added phishing analyzer integration
8ef58e6
@fgibertoni
Removed deprecated version tag from compose
f3a11a6
@fgibertoni
Removed selenium from IO requirements
2596f41
@fgibertoni
Re-added requirements in integration
54fc329
@fgibertoni
Used Ubuntu 24.04.1 python version
46dc9a8
@fgibertoni
Used UC
7673c55
@fgibertoni
First working draft with shell2http flask and docker image
517ce92
@fgibertoni
Improved Dockerfile directives order
f287f5f
@fgibertoni
Fixed headless ambiguity
a1ba84d
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 5, 2024
View reviewed changes
api_app/analyzers_manager/file_analyzers/phishing/phishing_form_compiler.py
)

logger.info(
f"Job #{self.job_id}: Sending value {value_to_set} for {input_name=}"

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

This expression logs [sensitive data (password)](1) as clear text.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to ensure that sensitive information such as passwords is not logged in clear text. Instead of logging the actual value of sensitive fields, we can log a placeholder or a generic message indicating that a sensitive value was processed. This way, we maintain the logging functionality without exposing sensitive data.

The best way to fix the problem without changing existing functionality is to modify the logging statements to exclude sensitive data. Specifically, we will replace the actual values of sensitive fields with a placeholder like "[REDACTED]" or a similar message.

Suggested changeset 1
api_app/analyzers_manager/file_analyzers/phishing/phishing_form_compiler.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api_app/analyzers_manager/file_analyzers/phishing/phishing_form_compiler.py b/api_app/analyzers_manager/file_analyzers/phishing/phishing_form_compiler.py
--- a/api_app/analyzers_manager/file_analyzers/phishing/phishing_form_compiler.py
+++ b/api_app/analyzers_manager/file_analyzers/phishing/phishing_form_compiler.py
@@ -140,3 +140,3 @@
                     logger.info(
-                        f"Job #{self.job_id}: Found hidden input tag with {input_name=} and {input_value=}"
+                        f"Job #{self.job_id}: Found hidden input tag with {input_name=} and value [REDACTED]"
                     )
@@ -157,5 +157,10 @@
 
-            logger.info(
-                f"Job #{self.job_id}: Sending value {value_to_set} for {input_name=}"
-            )
+            if input_type.lower() == "password":
+                logger.info(
+                    f"Job #{self.job_id}: Sending value [REDACTED] for {input_name=}"
+                )
+            else:
+                logger.info(
+                    f"Job #{self.job_id}: Sending value {value_to_set} for {input_name=}"
+                )
             result.setdefault(input_name, value_to_set)
@@ -165,3 +170,4 @@
         params, dest_url = self.compile_form_field(form)
-        logger.info(f"Job #{self.job_id}: Sending {params=} to submit url {dest_url}")
+        redacted_params = {k: (v if k.lower() != "password" else "[REDACTED]") for k, v in params.items()}
+        logger.info(f"Job #{self.job_id}: Sending {redacted_params=} to submit url {dest_url}")
         return requests.post(
EOF
@@ -140,3 +140,3 @@
logger.info(
f"Job #{self.job_id}: Found hidden input tag with {input_name=} and {input_value=}"
f"Job #{self.job_id}: Found hidden input tag with {input_name=} and value [REDACTED]"
)
@@ -157,5 +157,10 @@

logger.info(
f"Job #{self.job_id}: Sending value {value_to_set} for {input_name=}"
)
if input_type.lower() == "password":
logger.info(
f"Job #{self.job_id}: Sending value [REDACTED] for {input_name=}"
)
else:
logger.info(
f"Job #{self.job_id}: Sending value {value_to_set} for {input_name=}"
)
result.setdefault(input_name, value_to_set)
@@ -165,3 +170,4 @@
params, dest_url = self.compile_form_field(form)
logger.info(f"Job #{self.job_id}: Sending {params=} to submit url {dest_url}")
redacted_params = {k: (v if k.lower() != "password" else "[REDACTED]") for k, v in params.items()}
logger.info(f"Job #{self.job_id}: Sending {redacted_params=} to submit url {dest_url}")
return requests.post(
Copilot is powered by AI and may make mistakes. Always verify output.
@fgibertoni fgibertoni requested a review from mlodic November 5, 2024 10:56
@fgibertoni
Copy link
Contributor Author

fgibertoni commented Nov 5, 2024

Regarding deepsource warning: https://github.com/tiran/defusedxml?tab=readme-ov-file#defusedxmllxml

mlodic
mlodic reviewed Nov 5, 2024
View reviewed changes
@fgibertoni fgibertoni requested a review from mlodic November 5, 2024 15:55
mlodic
mlodic requested changes Nov 5, 2024
View reviewed changes
@fgibertoni fgibertoni requested a review from mlodic November 5, 2024 16:25
@mlodic mlodic merged commit 3f7f661 into develop Nov 6, 2024
@fgibertoni fgibertoni deleted the url-phishing-analysis-framework branch November 6, 2024 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0ssigeno 0ssigeno Awaiting requested review from 0ssigeno

@mlodic mlodic Awaiting requested review from mlodic

1 more reviewer

@code-review-doctor code-review-doctor[bot] code-review-doctor[bot] requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Analyzer] Replace Rendertron with Lookyloo

3 participants

@fgibertoni @mlodic @federicofantini