Bugfixes Hash analysis

638af34c · Odin K. Henriksen · bf28be98 · 638af34c · 638af34c · 638af34c
Commit 638af34c authored 3 years ago by Odin K. Henriksen
--- a/api/hash-intelligence.go
+++ b/api/hash-intelligence.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"strings"
 	"sync"

 	"github.com/gin-gonic/gin"
@@ -16,7 +17,7 @@ func HashIntelligence(c *gin.Context) {
 	var hashInt []byte
 	var err error

-	hash := c.Query("hash")
+	hash := strings.TrimSpace(c.Query("hash"))

 	value, err := utils.Conn.Do("GET", "hash:"+hash)
 	if value == nil {

--- a/api/hybridanalysis.go
+++ b/api/hybridanalysis.go
 package api

 import (
+	logging "dcsg2900-threattotal/logs"
 	"dcsg2900-threattotal/utils"
-	"dcsg2900-threattotal/logs"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -59,7 +59,6 @@ func CallHybridAnalysisHash(hash string, response *utils.FrontendResponse2, wg *

 		err = json.Unmarshal(body, &jsonResponse)
 		if err != nil {
-			fmt.Println(string(body))
 			fmt.Println(err)
 			if len(string(body)) == 2 { //If this statement is true it means that the request
 				//is sucessful but it cant be unmarshalled because it returns empty

--- a/utils/struct.go
+++ b/utils/struct.go
@@ -82,7 +82,7 @@ type GoogleSafeBrowsing struct {
 	} `json:"matches"`
 }

-type HybridAnalysishash struct {
+type HybridAnalysishash []struct {
 	JobID                   string        `json:"job_id"`
 	EnvironmentID           int           `json:"environment_id"`
 	EnvironmentDescription  string        `json:"environment_description"`

--- a/utils/validation.go
+++ b/utils/validation.go
@@ -165,20 +165,26 @@ func SetResponseObjectAlienVaultHash(jsonResponse AlienVaultHash, response *Fron
 func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, response *FrontendResponse2) {
 	response.SourceName = "Hybrid Analysis"

-	if jsonResponse.Verdict == "malicious" {
+	if jsonResponse[0].Verdict == "malicious" {
 		response.EN.Status = "Risk"
 		response.EN.Content = "This file is malicious"

 		response.NO.Status = "Utrygg"
 		response.EN.Content = "Denne filen er gjenkjent som ondsinnet"
 		//response.SourceName = jsonResponse.Submissions[0].Filename
-	} else if jsonResponse.Verdict == "whitelisted" {
+	} else if jsonResponse[0].Verdict == "whitelisted" {
 		response.EN.Status = "Safe"
 		response.EN.Content = "This file is known to be good"

 		response.NO.Status = "Trygg"
 		response.EN.Content = "Denne filen er hvitelistet av HybridAnalysis - Ikke ondsinnet."
 		//response.SourceName = jsonResponse.Submissions[0].Filename
+	} else if jsonResponse[0].Verdict == "no specific threat" {
+		response.EN.Status = "Safe"
+		response.EN.Content = "According to HybridAnalysis does this file not pose any specific threat."
+
+		response.NO.Status = "Trygg"
+		response.EN.Content = "I henhold til informasjon gitt av HybridAnalysis tilsier ikke denne filen noen trussel."
 	} else {
 		response.EN.Status = "Unknown" //Denne må byttes til at den er ukjent // grå farge elns på frontend.
 		response.EN.Content = "This filehash is not known to Hybrid Analysis"
@@ -188,10 +194,10 @@ func SetResponseObjectHybridAnalysisHash(jsonResponse HybridAnalysishash, respon
 	}

 	// Set the filename field if known
-	if jsonResponse.Submissions != nil {
-		if jsonResponse.Submissions[0].Filename != "" {
-			response.EN.Content = response.EN.Content + " " + jsonResponse.Submissions[0].Filename
-			response.NO.Content = response.NO.Content + " " + jsonResponse.Submissions[0].Filename
+	if jsonResponse[0].Submissions != nil {
+		if jsonResponse[0].Submissions[0].Filename != "" {
+			response.EN.Content = response.EN.Content + " " + jsonResponse[0].Submissions[0].Filename
+			response.NO.Content = response.NO.Content + " " + jsonResponse[0].Submissions[0].Filename
 		}
 	}
 }