re-enable VT and fix bug in parsing plugin env vars

maliceio · Apr 16, 2017 · 4513561 · 4513561
1 parent 6cfa8c3
commit 4513561
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 25 deletions.
diff --git a/config/bindata.go b/config/bindata.go
diff --git a/config/config.toml b/config/config.toml
@@ -49,7 +49,7 @@ title = "Malice Runtime Configuration"
   links = "malice-elastic:elasticsearch"
   cpu = 500000000 # 50% of availble CPU
   memory = 524288000 # 500MB
-  timeout = 120
+  timeout = 120  
 
 [logger]
   filename = "malice.log"

diff --git a/plugins/bindata.go b/plugins/bindata.go
diff --git a/plugins/list.go b/plugins/list.go
@@ -2,7 +2,6 @@ package plugins
 
 import (
 	"fmt"
-	"os"
 	"strings"
 
 	"github.com/crackcomm/go-clitable"
@@ -70,22 +69,22 @@ func GetIntelPlugins(hashType string, enabled bool) []Plugin {
 		intelPlugs = getIntel(getInstalled())
 	}
 	// filter down to intel plugins with apikey's set in ENV
-	var allSet bool
-	var hasEnvPlugs []Plugin
-	for _, plugin := range intelPlugs {
-		allSet = true
-		for _, pluginEnv := range plugin.Env {
-			if os.Getenv(pluginEnv) == "" {
-				allSet = false
-			}
-		}
-		if allSet {
-			if utils.StringInSlice(hashType, plugin.HashTypes) {
-				hasEnvPlugs = append(hasEnvPlugs, plugin)
-			}
-		}
-	}
-	return hasEnvPlugs
+	// var allSet bool
+	// var hasEnvPlugs []Plugin
+	// for _, plugin := range intelPlugs {
+	// 	allSet = true
+	// 	for _, pluginEnv := range plugin.Env {
+	// 		if os.Getenv(pluginEnv) == "" {
+	// 			allSet = false
+	// 		}
+	// 	}
+	// 	if allSet {
+	// 		if utils.StringInSlice(hashType, plugin.HashTypes) {
+	// 			hasEnvPlugs = append(hasEnvPlugs, plugin)
+	// 		}
+	// 	}
+	// }
+	return intelPlugs
 }
 
 // GetPluginsForMime will return all plugins that can consume the mime type file

diff --git a/plugins/plugins.go b/plugins/plugins.go
@@ -34,6 +34,10 @@ func (plugin Plugin) StartPlugin(docker *client.Docker, arg string, scanID strin
 	env := plugin.getPluginEnv()
 
 	env = append(env, "MALICE_SCANID="+scanID)
+	log.WithFields(log.Fields{
+		"name": plugin.Name,
+		"env":  config.Conf.Environment.Run,
+	}).Debug("env: ", env)
 	// env = append(env, "MALICE_ELASTICSEARCH="+utils.Getopt("MALICE_ELASTICSEARCH", getDbAddr()))
 
 	contJSON, err := container.Start(
@@ -72,6 +76,9 @@ func getDbAddr() string {
 func (plugin Plugin) buildCmd(args string, logs bool) strslice.StrSlice {
 
 	cmdStr := strslice.StrSlice{}
+	if plugin.APIKey != "" {
+		cmdStr = append(cmdStr, "--api", plugin.APIKey)
+	}
 	if logs {
 		cmdStr = append(cmdStr, "-t")
 	}
@@ -107,7 +114,9 @@ func RunIntelPlugins(docker *client.Docker, hash string, scanID string, logs boo
 func (plugin *Plugin) getPluginEnv() []string {
 	var env []string
 	for _, pluginEnv := range plugin.Env {
-		env = append(env, fmt.Sprintf("%s=%s", pluginEnv, os.Getenv(pluginEnv)))
+		if os.Getenv(pluginEnv) != "" {
+			env = append(env, fmt.Sprintf("%s=%s", pluginEnv, os.Getenv(pluginEnv)))
+		}
 	}
 	return env
 }

diff --git a/plugins/plugins.toml b/plugins/plugins.toml
@@ -21,15 +21,15 @@ title = "Malice Plugin Configurations"
   env = ["MALICE_TIMEOUT"]
 
 [[plugin]]
-  enabled = false
+  enabled = true
   name = "virustotal"
   description = "VirusTotal - files scan and hash lookup"
   category = "intel"
   image = "malice/virustotal"
   repository = "https://github.com/maliceio/malice-virustotal.git"
   build = false
   upload = false # Set upload to `true` if you want to upload sample to virustotal.com
-  apikey = ""
+  apikey = "2539516d471d7beb6b28a720d7a25024edc0f7590d345fc747418645002ac47b" # This is a test key, please replace with your own
   cmd = "lookup"
   mime = "hash"
   hashtypes = [ "md5", "sha1", "sha256" ]