Commenting of code

4fb86faf · Odin K. Henriksen · 0f651bae · 4fb86faf · 4fb86faf
Commit 4fb86faf authored May 19, 2022 by Odin K. Henriksen
--- a/api/url-intelligence.go
+++ b/api/url-intelligence.go
@@ -36,15 +36,11 @@ func UrlIntelligence(c *gin.Context) {

 		// Add the data to the redis backend.
 		if completeInt {
-			response, err := utils.Conn.Do("SETEX", "url:"+url, utils.CacheDurationUrl, URLint)
+			_, err := utils.Conn.Do("SETEX", "url:"+url, utils.CacheDurationUrl, URLint)
 			if err != nil {
 				fmt.Println("Error adding data to redis:" + err.Error())
 				logging.Logerror(err, "Error addding data to redis - Url-intelligence:")
 			}
-
-			// Print the response to adding the data (should be "OK")
-			fmt.Println("Bool is true")
-			fmt.Println(response)
 		}

 		// Cache hit
@@ -85,26 +81,24 @@ func urlSearch(url string) (data []byte, err error, complete bool) {
 	alienvault = &responseData[3]

 	wg.Add(3)
-	fmt.Println(url)
-	if checkUrlAgainstFilter(url) {
-		go CallGoogleUrl(url, p, &wg)
+	if checkUrlAgainstFilter(url) { //Checks if the URL is in the POC urlfilter.
+		go CallGoogleUrl(url, p, &wg) //Calls different functions to contact intelligence sources.
 		go CallHybridAnalyisUrl(url, VirusTotal, urlscanio, &wg)
 		go CallAlienVaultUrl(url, alienvault, &wg)
-	} else {
+	} else { //If URL is in urlfilter, set google to safe as POC (Proof of concept.).
 		go giveTrueGoogleUrl(url, p, &wg)
 		go CallHybridAnalyisUrl(url, VirusTotal, urlscanio, &wg)
 		go CallAlienVaultUrl(url, alienvault, &wg)
 	}
 	wg.Wait()

-	var resultResponse utils.ResultFrontendResponse
-
-	resultResponse.FrontendResponse = responseData[:]
+	var resultResponse utils.ResultFrontendResponse //Creat new struct that will be sent to frontend.

-	setResults := &resultResponse
+	resultResponse.FrontendResponse = responseData[:] //Move frontend response structs into resultresponse struct.

-	utils.SetResultURL(setResults, len(responseData))
+	setResults := &resultResponse //Create pointer to resultresponse.

+	utils.SetResultURL(setResults, len(responseData)) //Set the result string.

 	//FUNCTIONALITY FOR SCREENSHOT OF URLS
 	utils.ScreenshotURL(url, setResults) ////
@@ -115,7 +109,7 @@ func urlSearch(url string) (data []byte, err error, complete bool) {
 	//If complete is true the intelligence will be cached,
 	//If it is not complete the result won't be cached.

-	URLint, err = json.Marshal(resultResponse)
+	URLint, err = json.Marshal(resultResponse) //Marshal data to be sent to frontend.
 	if err != nil {
 		fmt.Println(err)
 		return URLint, err, complete
@@ -124,6 +118,7 @@ func urlSearch(url string) (data []byte, err error, complete bool) {
 	return URLint, nil, complete
 }

+//Function to check if the intelligence is complete and ready to be cached, returns a complete bool - False = not ready, True = ready.
 func checkIfIntelligenceComplete(jsonData utils.ResultFrontendResponse, size int) (complete bool) {
 	complete = true


--- a/utils/validation.go
+++ b/utils/validation.go
@@ -9,13 +9,12 @@ func SetResponseObjectAlienVault(jsonResponse AlienVaultURL, response *FrontendR
 	whitelisted := false

 	for i := 0; i < len(jsonResponse.Validation); i++ {
-		if jsonResponse.Validation[i].Source == "whitelist" {
-			fmt.Println("This is whitelisted")
+		if jsonResponse.Validation[i].Source == "whitelist" {	//Check to see if the URL or domain is whitelisted
 			whitelisted = true
 		}
 	}

-	if whitelisted {
+	if whitelisted {	//If it is whitelisted set SAFE. 
 		response.EN.Status = "Safe"
 		response.EN.Content = "Alienvault has whitelisted this domain/URL."
 		response.NO.Status = "Trygg"
@@ -45,21 +44,21 @@ func SetResponeObjectGoogle(jsonResponse GoogleSafeBrowsing, response *FrontendR
 		response.EN.Content = "This URL has been marked as malicious by Google Safebrowsing, visiting is NOT recommended"
 		response.NO.Content = "Denne URLen har blitt markert som ondsinnet av Google Safebrowsing, besøk er IKKE anbefalt"
 		switch jsonResponse.Matches[0].ThreatType {
-		case "MALWARE":
+		case "MALWARE":		//Contains malware, set risky. 
 			response.EN.Status = "Risk"
 			response.NO.Status = "Utrygg"

 			response.EN.Tags = "MALWARE"
 			response.NO.Tags = "SKADEVARE"

-		case "SOCIAL_ENGINEERING":
+		case "SOCIAL_ENGINEERING":	//Social engineering attempt on this page, risky. 
 			response.EN.Status = "Risk"
 			response.NO.Status = "Utrygg"

 			response.EN.Tags = "SOCIAL_ENGINEERING"
 			response.NO.Tags = "SOSIAL_MANIPULERING"

-		case "UNWANTED_SOFTWARE":
+		case "UNWANTED_SOFTWARE":	//Unwanted software, risky.
 			response.EN.Status = "Risk"
 			response.NO.Status = "Utrygg"

@@ -67,7 +66,7 @@ func SetResponeObjectGoogle(jsonResponse GoogleSafeBrowsing, response *FrontendR
 			response.NO.Tags = "UØNSKET_PROGRAMVARE"

 		default:
-			response.EN.Status = "Potentially unsafe"
+			response.EN.Status = "Potentially unsafe"	//Catch all potentially unsafe because of limited information. 
 			response.EN.Content = "This URL has been marked as suspicious, not recommended to visit."
 			response.EN.Tags = "N/A"

@@ -88,14 +87,14 @@ func SetResponeObjectGoogle(jsonResponse GoogleSafeBrowsing, response *FrontendR

 // SetResponseObjectVirusTotal takes the VirusTotal reponse object from HybridAnalysis and formats it accroding to our return object struct with translations.
 func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *FrontendResponse2) {
-	if jsonResponse.Scanners[0].Status == "clean" {
+	if jsonResponse.Scanners[0].Status == "clean" {		//If clean, set safe. 

 		VirusTotal.EN.Status = "Safe"
 		VirusTotal.EN.Content = fmt.Sprintf("%s has no information that indicates this URL is malicious", jsonResponse.Scanners[0].Name)

 		VirusTotal.NO.Status = "Trygg"
 		VirusTotal.NO.Content = fmt.Sprintf("%s har ingen informasjon som tilsier at denne URL'en er skadelig.", jsonResponse.Scanners[0].Name)
-	} else if jsonResponse.Scanners[0].Status == "malicious" {
+	} else if jsonResponse.Scanners[0].Status == "malicious" {	//If malicious set response to risky. 
 		VirusTotal.EN.Status = "Risk"
 		VirusTotal.EN.Content = fmt.Sprintf("%d / %d Antivirus agents has detected this URL/Domain as malicious", jsonResponse.Scanners[0].Positives, jsonResponse.Scanners[0].Total)

@@ -108,7 +107,7 @@ func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *Fro
 		VirusTotal.NO.Status = "Venter på analyse."
 		VirusTotal.NO.Content = "Venter på analyse forsøk å laste inn siden på nytt om 20 sekunder."

-	} else if jsonResponse.Scanners[0].Status == "no-result" {
+	} else if jsonResponse.Scanners[0].Status == "no-result" {	//If no result set safe. 

 		VirusTotal.EN.Status = "Safe"
 		VirusTotal.EN.Content = fmt.Sprintf("%s has no information that indicates this URL is malicious", jsonResponse.Scanners[0].Name)
@@ -116,7 +115,7 @@ func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *Fro
 		VirusTotal.NO.Status = "Trygg"
 		VirusTotal.NO.Content = fmt.Sprintf("%s har ingen informasjon som tilsier at denne URL'en er skadelig.", jsonResponse.Scanners[0].Name)

-	} else {
+	} else {		//If anything else unexpected set error.
 		VirusTotal.EN.Status = "Error"
 		VirusTotal.NO.Status = "Error"
 	}
@@ -124,20 +123,20 @@ func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *Fro

 // SetResponseObjectAlienVault takes the UrlScanio response from HybridAnalysis and formats it accroding to our return object struct with translations.
 func SetResponseObjectUrlscanio(jsonResponse HybridAnalysisURL, urlscanio *FrontendResponse2) {
-	if jsonResponse.Scanners[1].Status == "clean" || jsonResponse.Scanners[1].Status == "no-classification" || jsonResponse.Scanners[1].Status == "no-result" {
+	if jsonResponse.Scanners[1].Status == "clean" || jsonResponse.Scanners[1].Status == "no-classification" || jsonResponse.Scanners[1].Status == "no-result" {	//Incase of any of these outputs set to safe. 

 		urlscanio.EN.Status = "Safe"
 		urlscanio.EN.Content = fmt.Sprintf("%s has no information that indicates this URL is malicious", jsonResponse.Scanners[1].Name)

 		urlscanio.NO.Status = "Trygg"
 		urlscanio.NO.Content = fmt.Sprintf("%s har ingen informasjon som tilsier at denne URL'en er skadelig.", jsonResponse.Scanners[1].Name)
-	} else if jsonResponse.Scanners[1].Status == "malicious" {
+	} else if jsonResponse.Scanners[1].Status == "malicious" {		//If malicious set to risk
 		urlscanio.EN.Status = "Risk"
 		urlscanio.EN.Content = fmt.Sprintf("%s has detected this URL/Domain as malicious", jsonResponse.Scanners[1].Name)

 		urlscanio.NO.Status = "Utrygg"
 		urlscanio.NO.Content = fmt.Sprintf("%s har detektert denne URLen / domenet som skadelig", jsonResponse.Scanners[1].Name)
-	} else if jsonResponse.Scanners[1].Status == "in-queue" {
+	} else if jsonResponse.Scanners[1].Status == "in-queue" {		//If in que, set awaiting analysis
 		urlscanio.EN.Status = "Awaiting analysis"
 		urlscanio.EN.Content = "Awaiting analysis attempt to refresh in 20 seconds."

@@ -145,20 +144,20 @@ func SetResponseObjectUrlscanio(jsonResponse HybridAnalysisURL, urlscanio *Front
 		urlscanio.NO.Content = "Venter på analyse forsøk å laste inn siden på nytt om 20 sekunder."

 	} else {
-		urlscanio.EN.Status = "Error"
+		urlscanio.EN.Status = "Error"		//Anything else unexpected, set ERROR.
 		urlscanio.NO.Status = "Error"
 	}
 }

 // SetResponseObjectVirusTotal takes the Alienvault api response and formats it accroding to our return object struct with translations.
 func SetResponseObjectAlienVaultHash(jsonResponse AlienVaultHash, response *FrontendResponse2) {
-	if jsonResponse.PulseInfo.Count == 0 || len(jsonResponse.PulseInfo.Related.Other.MalwareFamilies) == 0 {
+	if jsonResponse.PulseInfo.Count == 0 || len(jsonResponse.PulseInfo.Related.Other.MalwareFamilies) == 0 {	//Set safe if this is correct
 		response.EN.Status = "Safe"
 		response.EN.Content = "We have no information indicating that this file is malicious."

 		response.NO.Status = "Trygg"
 		response.NO.Content = "Vi har ingen informasjon som tyder på at dette er en ondsinnet fil."
-	} else {
+	} else {		//Else set malicious 
 		response.EN.Status = "Risk"
 		response.EN.Tags = "Malicious"
 		response.EN.Content = jsonResponse.PulseInfo.Related.Other.MalwareFamilies[0]
@@ -173,23 +172,22 @@ func SetResponseObjectAlienVaultHash(jsonResponse AlienVaultHash, response *Fron
 func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, response *FrontendResponse2) {
 	response.SourceName = "Hybrid Analysis"

-	if len(jsonResponse) >= 1 {
-		fmt.Println(len(jsonResponse))
+	if len(jsonResponse) >= 1 {		//Check to see if response is not empty. 

-		if jsonResponse[0].Verdict == "malicious" {
+		if jsonResponse[0].Verdict == "malicious" {		//Filter data based on different inputs
 			response.EN.Status = "Risk"
 			response.EN.Content = "This file is recognized as malicious."

 			response.NO.Status = "Utrygg"
 			response.NO.Content = "Denne filen er gjenkjent som ondsinnet."
-			//response.SourceName = jsonResponse.Submissions[0].Filename
+		
 		} else if jsonResponse[0].Verdict == "whitelisted." {
 			response.EN.Status = "Safe"
 			response.EN.Content = "This file is known to be good - whitelisted."

 			response.NO.Status = "Trygg"
 			response.NO.Content = "Denne filen er hvitelistet av HybridAnalysis - Ikke ondsinnet."
-			//response.SourceName = jsonResponse.Submissions[0].Filename
+			
 		} else if jsonResponse[0].Verdict == "no specific threat" {
 			response.EN.Status = "Safe"
 			response.EN.Content = "According to HybridAnalysis does this file not pose any specific threat."
@@ -203,7 +201,7 @@ func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, respon
 			response.NO.Status = "Ukjent"
 			response.NO.Content = "Denne filhashen er ukjent for Hybrid Analysis."
 		}
-		fmt.Println(jsonResponse[0].Verdict)
+		//fmt.Println(jsonResponse[0].Verdict)
 		// Set the filename field if known
 		if jsonResponse[0].Submissions != nil {
 			if jsonResponse[0].Submissions[0].Filename != "" {
@@ -215,7 +213,7 @@ func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, respon
 			}
 		}
 	} else {
-		response.EN.Status = "Unknown" //Denne må byttes til at den er ukjent // grå farge elns på frontend.
+		response.EN.Status = "Unknown" 
 		response.EN.Content = "This file hash is not known to Hybrid Analysis."

 		response.NO.Status = "Ukjent"
@@ -228,7 +226,7 @@ func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, respon
 func SetResultURL(Responses *ResultFrontendResponse, size int) {

 	for i := 0; i <= size-1; i++ {
-		if Responses.FrontendResponse[i].EN.Status == "Risk" {
+		if Responses.FrontendResponse[i].EN.Status == "Risk" {		//If any are marked as risk set default risk string. 
 			Responses.EN.Result = "This URL/Domain has been marked as malicious by atleast one of our threat intelligence sources visiting is not reccomended."
 			Responses.NO.Result = "Denne URLen/Domenet har blitt markert som ondsinnet av minst en av våre trusseletteretningskilder, besøk er ikke anbefalt."
 		}
@@ -243,12 +241,12 @@ func SetResultURL(Responses *ResultFrontendResponse, size int) {
 func SetResultHash(Responses *ResultFrontendResponse, size int) {

 	for i := 0; i <= size-1; i++ {
-		if Responses.FrontendResponse[i].EN.Status == "Risk" {
+		if Responses.FrontendResponse[i].EN.Status == "Risk" {	//Set default risk string if malicious
 			Responses.EN.Result = "This file hash has been marked as malicious by atleast one of our threat intelligence sources, if this file is on the machine we reccomend to delete it and run a full antivirus scan of the machine."
 			Responses.NO.Result = "Denne filhashen har blitt markert som ondsinnet av minst en av våre trusseletteretningskilder, hvis du har denne filen på datamaskinen anbefaler vi å slette filen og kjøre en full antivirus skann av maskinen."
 		}
 	}
-	if Responses.EN.Result == "" {
+	if Responses.EN.Result == "" {				//Set default safe string if for loop has not set it as malicious
 		Responses.EN.Result = "We do not have any intelligence indicating that this file is malicious."
 		Responses.NO.Result = "Vi har ingen informasjon som tilsier at denne filen er ondsinnet"
 	}