From 4fb86faf08772153b7677b4187a882b4667559f1 Mon Sep 17 00:00:00 2001
From: odinkh <odinkh@stud.ntnu.no>
Date: Thu, 19 May 2022 19:00:05 +0200
Subject: [PATCH] Commenting of code
---
api/url-intelligence.go | 25 ++++++++------------
utils/validation.go | 52 ++++++++++++++++++++---------------------
2 files changed, 35 insertions(+), 42 deletions(-)
diff --git a/api/url-intelligence.go b/api/url-intelligence.go
index 9843a98..c777127 100644
--- a/api/url-intelligence.go
+++ b/api/url-intelligence.go
@@ -36,15 +36,11 @@ func UrlIntelligence(c *gin.Context) {
// Add the data to the redis backend.
if completeInt {
- response, err := utils.Conn.Do("SETEX", "url:"+url, utils.CacheDurationUrl, URLint)
+ _, err := utils.Conn.Do("SETEX", "url:"+url, utils.CacheDurationUrl, URLint)
if err != nil {
fmt.Println("Error adding data to redis:" + err.Error())
logging.Logerror(err, "Error addding data to redis - Url-intelligence:")
}
-
- // Print the response to adding the data (should be "OK")
- fmt.Println("Bool is true")
- fmt.Println(response)
}
// Cache hit
@@ -85,26 +81,24 @@ func urlSearch(url string) (data []byte, err error, complete bool) {
alienvault = &responseData[3]
wg.Add(3)
- fmt.Println(url)
- if checkUrlAgainstFilter(url) {
- go CallGoogleUrl(url, p, &wg)
+ if checkUrlAgainstFilter(url) { //Checks if the URL is in the POC urlfilter.
+ go CallGoogleUrl(url, p, &wg) //Calls different functions to contact intelligence sources.
go CallHybridAnalyisUrl(url, VirusTotal, urlscanio, &wg)
go CallAlienVaultUrl(url, alienvault, &wg)
- } else {
+ } else { //If URL is in urlfilter, set google to safe as POC (Proof of concept.).
go giveTrueGoogleUrl(url, p, &wg)
go CallHybridAnalyisUrl(url, VirusTotal, urlscanio, &wg)
go CallAlienVaultUrl(url, alienvault, &wg)
}
wg.Wait()
- var resultResponse utils.ResultFrontendResponse
-
- resultResponse.FrontendResponse = responseData[:]
+ var resultResponse utils.ResultFrontendResponse //Creat new struct that will be sent to frontend.
- setResults := &resultResponse
+ resultResponse.FrontendResponse = responseData[:] //Move frontend response structs into resultresponse struct.
- utils.SetResultURL(setResults, len(responseData))
+ setResults := &resultResponse //Create pointer to resultresponse.
+ utils.SetResultURL(setResults, len(responseData)) //Set the result string.
//FUNCTIONALITY FOR SCREENSHOT OF URLS
utils.ScreenshotURL(url, setResults) ////
@@ -115,7 +109,7 @@ func urlSearch(url string) (data []byte, err error, complete bool) {
//If complete is true the intelligence will be cached,
//If it is not complete the result won't be cached.
- URLint, err = json.Marshal(resultResponse)
+ URLint, err = json.Marshal(resultResponse) //Marshal data to be sent to frontend.
if err != nil {
fmt.Println(err)
return URLint, err, complete
@@ -124,6 +118,7 @@ func urlSearch(url string) (data []byte, err error, complete bool) {
return URLint, nil, complete
}
+//Function to check if the intelligence is complete and ready to be cached, returns a complete bool - False = not ready, True = ready.
func checkIfIntelligenceComplete(jsonData utils.ResultFrontendResponse, size int) (complete bool) {
complete = true
diff --git a/utils/validation.go b/utils/validation.go
index 8fa5835..14772cc 100644
--- a/utils/validation.go
+++ b/utils/validation.go
@@ -9,13 +9,12 @@ func SetResponseObjectAlienVault(jsonResponse AlienVaultURL, response *FrontendR
whitelisted := false
for i := 0; i < len(jsonResponse.Validation); i++ {
- if jsonResponse.Validation[i].Source == "whitelist" {
- fmt.Println("This is whitelisted")
+ if jsonResponse.Validation[i].Source == "whitelist" { //Check to see if the URL or domain is whitelisted
whitelisted = true
}
}
- if whitelisted {
+ if whitelisted { //If it is whitelisted set SAFE.
response.EN.Status = "Safe"
response.EN.Content = "Alienvault has whitelisted this domain/URL."
response.NO.Status = "Trygg"
@@ -45,21 +44,21 @@ func SetResponeObjectGoogle(jsonResponse GoogleSafeBrowsing, response *FrontendR
response.EN.Content = "This URL has been marked as malicious by Google Safebrowsing, visiting is NOT recommended"
response.NO.Content = "Denne URLen har blitt markert som ondsinnet av Google Safebrowsing, besøk er IKKE anbefalt"
switch jsonResponse.Matches[0].ThreatType {
- case "MALWARE":
+ case "MALWARE": //Contains malware, set risky.
response.EN.Status = "Risk"
response.NO.Status = "Utrygg"
response.EN.Tags = "MALWARE"
response.NO.Tags = "SKADEVARE"
- case "SOCIAL_ENGINEERING":
+ case "SOCIAL_ENGINEERING": //Social engineering attempt on this page, risky.
response.EN.Status = "Risk"
response.NO.Status = "Utrygg"
response.EN.Tags = "SOCIAL_ENGINEERING"
response.NO.Tags = "SOSIAL_MANIPULERING"
- case "UNWANTED_SOFTWARE":
+ case "UNWANTED_SOFTWARE": //Unwanted software, risky.
response.EN.Status = "Risk"
response.NO.Status = "Utrygg"
@@ -67,7 +66,7 @@ func SetResponeObjectGoogle(jsonResponse GoogleSafeBrowsing, response *FrontendR
response.NO.Tags = "UØNSKET_PROGRAMVARE"
default:
- response.EN.Status = "Potentially unsafe"
+ response.EN.Status = "Potentially unsafe" //Catch all potentially unsafe because of limited information.
response.EN.Content = "This URL has been marked as suspicious, not recommended to visit."
response.EN.Tags = "N/A"
@@ -88,14 +87,14 @@ func SetResponeObjectGoogle(jsonResponse GoogleSafeBrowsing, response *FrontendR
// SetResponseObjectVirusTotal takes the VirusTotal reponse object from HybridAnalysis and formats it accroding to our return object struct with translations.
func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *FrontendResponse2) {
- if jsonResponse.Scanners[0].Status == "clean" {
+ if jsonResponse.Scanners[0].Status == "clean" { //If clean, set safe.
VirusTotal.EN.Status = "Safe"
VirusTotal.EN.Content = fmt.Sprintf("%s has no information that indicates this URL is malicious", jsonResponse.Scanners[0].Name)
VirusTotal.NO.Status = "Trygg"
VirusTotal.NO.Content = fmt.Sprintf("%s har ingen informasjon som tilsier at denne URL'en er skadelig.", jsonResponse.Scanners[0].Name)
- } else if jsonResponse.Scanners[0].Status == "malicious" {
+ } else if jsonResponse.Scanners[0].Status == "malicious" { //If malicious set response to risky.
VirusTotal.EN.Status = "Risk"
VirusTotal.EN.Content = fmt.Sprintf("%d / %d Antivirus agents has detected this URL/Domain as malicious", jsonResponse.Scanners[0].Positives, jsonResponse.Scanners[0].Total)
@@ -108,7 +107,7 @@ func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *Fro
VirusTotal.NO.Status = "Venter på analyse."
VirusTotal.NO.Content = "Venter på analyse forsøk å laste inn siden på nytt om 20 sekunder."
- } else if jsonResponse.Scanners[0].Status == "no-result" {
+ } else if jsonResponse.Scanners[0].Status == "no-result" { //If no result set safe.
VirusTotal.EN.Status = "Safe"
VirusTotal.EN.Content = fmt.Sprintf("%s has no information that indicates this URL is malicious", jsonResponse.Scanners[0].Name)
@@ -116,7 +115,7 @@ func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *Fro
VirusTotal.NO.Status = "Trygg"
VirusTotal.NO.Content = fmt.Sprintf("%s har ingen informasjon som tilsier at denne URL'en er skadelig.", jsonResponse.Scanners[0].Name)
- } else {
+ } else { //If anything else unexpected set error.
VirusTotal.EN.Status = "Error"
VirusTotal.NO.Status = "Error"
}
@@ -124,20 +123,20 @@ func SetResponseObjectVirusTotal(jsonResponse HybridAnalysisURL, VirusTotal *Fro
// SetResponseObjectAlienVault takes the UrlScanio response from HybridAnalysis and formats it accroding to our return object struct with translations.
func SetResponseObjectUrlscanio(jsonResponse HybridAnalysisURL, urlscanio *FrontendResponse2) {
- if jsonResponse.Scanners[1].Status == "clean" || jsonResponse.Scanners[1].Status == "no-classification" || jsonResponse.Scanners[1].Status == "no-result" {
+ if jsonResponse.Scanners[1].Status == "clean" || jsonResponse.Scanners[1].Status == "no-classification" || jsonResponse.Scanners[1].Status == "no-result" { //Incase of any of these outputs set to safe.
urlscanio.EN.Status = "Safe"
urlscanio.EN.Content = fmt.Sprintf("%s has no information that indicates this URL is malicious", jsonResponse.Scanners[1].Name)
urlscanio.NO.Status = "Trygg"
urlscanio.NO.Content = fmt.Sprintf("%s har ingen informasjon som tilsier at denne URL'en er skadelig.", jsonResponse.Scanners[1].Name)
- } else if jsonResponse.Scanners[1].Status == "malicious" {
+ } else if jsonResponse.Scanners[1].Status == "malicious" { //If malicious set to risk
urlscanio.EN.Status = "Risk"
urlscanio.EN.Content = fmt.Sprintf("%s has detected this URL/Domain as malicious", jsonResponse.Scanners[1].Name)
urlscanio.NO.Status = "Utrygg"
urlscanio.NO.Content = fmt.Sprintf("%s har detektert denne URLen / domenet som skadelig", jsonResponse.Scanners[1].Name)
- } else if jsonResponse.Scanners[1].Status == "in-queue" {
+ } else if jsonResponse.Scanners[1].Status == "in-queue" { //If in que, set awaiting analysis
urlscanio.EN.Status = "Awaiting analysis"
urlscanio.EN.Content = "Awaiting analysis attempt to refresh in 20 seconds."
@@ -145,20 +144,20 @@ func SetResponseObjectUrlscanio(jsonResponse HybridAnalysisURL, urlscanio *Front
urlscanio.NO.Content = "Venter på analyse forsøk å laste inn siden på nytt om 20 sekunder."
} else {
- urlscanio.EN.Status = "Error"
+ urlscanio.EN.Status = "Error" //Anything else unexpected, set ERROR.
urlscanio.NO.Status = "Error"
}
}
// SetResponseObjectVirusTotal takes the Alienvault api response and formats it accroding to our return object struct with translations.
func SetResponseObjectAlienVaultHash(jsonResponse AlienVaultHash, response *FrontendResponse2) {
- if jsonResponse.PulseInfo.Count == 0 || len(jsonResponse.PulseInfo.Related.Other.MalwareFamilies) == 0 {
+ if jsonResponse.PulseInfo.Count == 0 || len(jsonResponse.PulseInfo.Related.Other.MalwareFamilies) == 0 { //Set safe if this is correct
response.EN.Status = "Safe"
response.EN.Content = "We have no information indicating that this file is malicious."
response.NO.Status = "Trygg"
response.NO.Content = "Vi har ingen informasjon som tyder på at dette er en ondsinnet fil."
- } else {
+ } else { //Else set malicious
response.EN.Status = "Risk"
response.EN.Tags = "Malicious"
response.EN.Content = jsonResponse.PulseInfo.Related.Other.MalwareFamilies[0]
@@ -173,23 +172,22 @@ func SetResponseObjectAlienVaultHash(jsonResponse AlienVaultHash, response *Fron
func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, response *FrontendResponse2) {
response.SourceName = "Hybrid Analysis"
- if len(jsonResponse) >= 1 {
- fmt.Println(len(jsonResponse))
+ if len(jsonResponse) >= 1 { //Check to see if response is not empty.
- if jsonResponse[0].Verdict == "malicious" {
+ if jsonResponse[0].Verdict == "malicious" { //Filter data based on different inputs
response.EN.Status = "Risk"
response.EN.Content = "This file is recognized as malicious."
response.NO.Status = "Utrygg"
response.NO.Content = "Denne filen er gjenkjent som ondsinnet."
- //response.SourceName = jsonResponse.Submissions[0].Filename
+
} else if jsonResponse[0].Verdict == "whitelisted." {
response.EN.Status = "Safe"
response.EN.Content = "This file is known to be good - whitelisted."
response.NO.Status = "Trygg"
response.NO.Content = "Denne filen er hvitelistet av HybridAnalysis - Ikke ondsinnet."
- //response.SourceName = jsonResponse.Submissions[0].Filename
+
} else if jsonResponse[0].Verdict == "no specific threat" {
response.EN.Status = "Safe"
response.EN.Content = "According to HybridAnalysis does this file not pose any specific threat."
@@ -203,7 +201,7 @@ func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, respon
response.NO.Status = "Ukjent"
response.NO.Content = "Denne filhashen er ukjent for Hybrid Analysis."
}
- fmt.Println(jsonResponse[0].Verdict)
+ //fmt.Println(jsonResponse[0].Verdict)
// Set the filename field if known
if jsonResponse[0].Submissions != nil {
if jsonResponse[0].Submissions[0].Filename != "" {
@@ -215,7 +213,7 @@ func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, respon
}
}
} else {
- response.EN.Status = "Unknown" //Denne må byttes til at den er ukjent // grå farge elns på frontend.
+ response.EN.Status = "Unknown"
response.EN.Content = "This file hash is not known to Hybrid Analysis."
response.NO.Status = "Ukjent"
@@ -228,7 +226,7 @@ func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, respon
func SetResultURL(Responses *ResultFrontendResponse, size int) {
for i := 0; i <= size-1; i++ {
- if Responses.FrontendResponse[i].EN.Status == "Risk" {
+ if Responses.FrontendResponse[i].EN.Status == "Risk" { //If any are marked as risk set default risk string.
Responses.EN.Result = "This URL/Domain has been marked as malicious by atleast one of our threat intelligence sources visiting is not reccomended."
Responses.NO.Result = "Denne URLen/Domenet har blitt markert som ondsinnet av minst en av våre trusseletteretningskilder, besøk er ikke anbefalt."
}
@@ -243,12 +241,12 @@ func SetResultURL(Responses *ResultFrontendResponse, size int) {
func SetResultHash(Responses *ResultFrontendResponse, size int) {
for i := 0; i <= size-1; i++ {
- if Responses.FrontendResponse[i].EN.Status == "Risk" {
+ if Responses.FrontendResponse[i].EN.Status == "Risk" { //Set default risk string if malicious
Responses.EN.Result = "This file hash has been marked as malicious by atleast one of our threat intelligence sources, if this file is on the machine we reccomend to delete it and run a full antivirus scan of the machine."
Responses.NO.Result = "Denne filhashen har blitt markert som ondsinnet av minst en av våre trusseletteretningskilder, hvis du har denne filen på datamaskinen anbefaler vi å slette filen og kjøre en full antivirus skann av maskinen."
}
}
- if Responses.EN.Result == "" {
+ if Responses.EN.Result == "" { //Set default safe string if for loop has not set it as malicious
Responses.EN.Result = "We do not have any intelligence indicating that this file is malicious."
Responses.NO.Result = "Vi har ingen informasjon som tilsier at denne filen er ondsinnet"
}
--
GitLab