From ebf71a371b67fcdfcd7f8548d135716c9286d90d Mon Sep 17 00:00:00 2001
From: Matthias Meidinger <extern@labs.vmray.com>
Date: Thu, 23 Apr 2020 14:47:48 +0200
Subject: [PATCH] Update vmray_submit

The submit module hat some smaller issues with the reanalyze flag.
The source for the enrichment object has been changed and the robustness
of user supplied config parsing improved.
---
 .../modules/expansion/vmray_submit.py         | 51 +++++++------------
 1 file changed, 19 insertions(+), 32 deletions(-)

diff --git a/misp_modules/modules/expansion/vmray_submit.py b/misp_modules/modules/expansion/vmray_submit.py
index 4d34c4b..73a0cdf 100644
--- a/misp_modules/modules/expansion/vmray_submit.py
+++ b/misp_modules/modules/expansion/vmray_submit.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 
 '''
-Submit sample to  VMRay.
+Submit sample to VMRay.
 
 Requires "vmray_rest_api"
 
@@ -14,6 +14,7 @@ as a cron job
 
 import json
 import base64
+from distutils.util import strtobool
 
 import io
 import zipfile
@@ -22,7 +23,7 @@ from ._vmray.vmray_rest_api import VMRayRESTAPI
 
 misperrors = {'error': 'Error'}
 mispattributes = {'input': ['attachment', 'malware-sample'], 'output': ['text', 'sha1', 'sha256', 'md5', 'link']}
-moduleinfo = {'version': '0.2', 'author': 'Koen Van Impe',
+moduleinfo = {'version': '0.3', 'author': 'Koen Van Impe',
               'description': 'Submit a sample to VMRay',
               'module-type': ['expansion']}
 moduleconfig = ['apikey', 'url', 'shareable', 'do_not_reanalyze', 'do_not_include_vmrayjobids']
@@ -71,25 +72,13 @@ def handler(q=False):
     do_not_reanalyze = request["config"].get("do_not_reanalyze")
     do_not_include_vmrayjobids = request["config"].get("do_not_include_vmrayjobids")
 
-    # Do we want the sample to be shared?
-    if shareable == "True":
-        shareable = True
-    else:
-        shareable = False
-
-    # Always reanalyze the sample?
-    if do_not_reanalyze == "True":
-        do_not_reanalyze = True
-    else:
-        do_not_reanalyze = False
-    reanalyze = not do_not_reanalyze
-
-    # Include the references to VMRay job IDs
-    if do_not_include_vmrayjobids == "True":
-        do_not_include_vmrayjobids = True
-    else:
-        do_not_include_vmrayjobids = False
-    include_vmrayjobids = not do_not_include_vmrayjobids
+    try:
+        shareable = bool(strtobool(shareable))                                # Do we want the sample to be shared?
+        reanalyze = not bool(strtobool(do_not_reanalyze))                     # Always reanalyze the sample?
+        include_vmrayjobids = not bool(strtobool(do_not_include_vmrayjobids)) # Include the references to VMRay job IDs
+    except ValueError:
+        misperrors["error"] = "Error while processing settings. Please double-check your values."
+        return misperrors
 
     if data and sample_filename:
         args = {}
@@ -99,7 +88,7 @@ def handler(q=False):
 
         try:
             vmraydata = vmraySubmit(api, args)
-            if vmraydata["errors"]:
+            if vmraydata["errors"] and "Submission not stored" not in vmraydata["errors"][0]["error_msg"]:
                 misperrors['error'] = "VMRay: %s" % vmraydata["errors"][0]["error_msg"]
                 return misperrors
             else:
@@ -125,22 +114,20 @@ def vmrayProcess(vmraydata):
     ''' Process the JSON file returned by vmray'''
     if vmraydata:
         try:
-            submissions = vmraydata["submissions"][0]
+            sample = vmraydata["samples"][0]
             jobs = vmraydata["jobs"]
 
             # Result received?
-            if submissions and jobs:
+            if sample:
                 r = {'results': []}
-                r['results'].append({'types': 'md5', 'values': submissions['submission_sample_md5']})
-                r['results'].append({'types': 'sha1', 'values': submissions['submission_sample_sha1']})
-                r['results'].append({'types': 'sha256', 'values': submissions['submission_sample_sha256']})
-                r['results'].append({'types': 'text', 'values': 'VMRay Sample ID: %s' % submissions['submission_sample_id'], 'tags': 'workflow:state="incomplete"'})
-                r['results'].append({'types': 'text', 'values': 'VMRay Submission ID: %s' % submissions['submission_id']})
-                r['results'].append({'types': 'text', 'values': 'VMRay Submission Sample IP: %s' % submissions['submission_ip_ip']})
-                r['results'].append({'types': 'link', 'values': submissions['submission_webif_url']})
+                r['results'].append({'types': 'md5', 'values': sample['sample_md5hash']})
+                r['results'].append({'types': 'sha1', 'values': sample['sample_sha1hash']})
+                r['results'].append({'types': 'sha256', 'values': sample['sample_sha256hash']})
+                r['results'].append({'types': 'text', 'values': 'VMRay Sample ID: %s' % sample['sample_id'], 'tags': 'workflow:state="incomplete"'})
+                r['results'].append({'types': 'link', 'values': sample['sample_webif_url']})
 
                 # Include data from different jobs
-                if include_vmrayjobids:
+                if include_vmrayjobids and len(jobs) > 0:
                     for job in jobs:
                         job_id = job["job_id"]
                         job_vm_name = job["job_vm_name"]