Merge pull request #1325 from TheHive-Project/yeti-patch-1

Alpine docker images support + dockerfile & Requirements.txt cleanup

analyzers/Abuse_Finder/abusefinder.py

@@ -6,8 +6,8 @@
 """
 
 from cortexutils.analyzer import Analyzer
-from abuse_finder import domain_abuse, ip_abuse, \
-    email_abuse, url_abuse
+from abuse_finder import domain_abuse, ip_abuse, email_abuse, url_abuse
+
 import logging
 logging.getLogger("tldextract").setLevel(logging.CRITICAL)
 

analyzers/Autofocus/requirements.txt

@@ -1,2 +1,2 @@
 cortexutils
-git+https://github.com/PaloAltoNetworks/autofocus-client-library
+autofocus-client-library

analyzers/Capa/Dockerfile

@@ -1,17 +1,20 @@
-FROM python:3
+FROM python:3-alpine
 WORKDIR /worker
-COPY . Capa
-
 # Install required tools
-RUN apt-get update && apt-get install -y \
+RUN apk add --no-cache \
     curl \
     jq \
-    unzip && \
-    rm -rf /var/lib/apt/lists/*
+    unzip \
+    bash && \
+    rm -rf /var/cache/apk/*
+
+COPY requirements.txt Capa/
+RUN test ! -e Capa/requirements.txt || pip install --no-cache-dir -r Capa/requirements.txt
 
 # Add a script to fetch the latest capa release and extract it
 COPY fetch_capa.sh /worker/fetch_capa.sh
 RUN chmod +x /worker/fetch_capa.sh && /worker/fetch_capa.sh
 
-RUN test ! -e Capa/requirements.txt || pip install --no-cache-dir -r Capa/requirements.txt
-ENTRYPOINT "Capa/CapaAnalyze.py"
+COPY . Capa/
+
+ENTRYPOINT ["python", "Capa/CapaAnalyze.py"]

analyzers/Censys/censys_analyzer.py

@@ -2,11 +2,7 @@
 from cortexutils.analyzer import Analyzer
 from censys.search import CensysHosts, CensysCerts
 
-from censys.common.exceptions import (
-    CensysNotFoundException,
-    CensysRateLimitExceededException,
-    CensysUnauthorizedException,
-)
+from censys.common.exceptions import CensysNotFoundException, CensysRateLimitExceededException, CensysUnauthorizedException
 
 import iocextract
 

analyzers/Cylance/requirements.txt

@@ -1,2 +1,3 @@
 cortexutils
 cyapi
+setuptools

analyzers/Elasticsearch/requirements.txt

@@ -2,3 +2,4 @@ elasticsearch
 cortexutils
 pytz
 requests
+python-dateutil

analyzers/GRR/requirements.txt

@@ -1,2 +1,3 @@
 cortexutils
 grr-api-client
+setuptools

analyzers/Malwares/malwares.py

@@ -6,10 +6,7 @@
 from malwares_api import Api
 from cortexutils.analyzer import Analyzer
 
-try:
-    from StringIO import StringIO
-except ImportError:
-    from io import StringIO
+from io import StringIO
 
 
 class MalwaresAnalyzer(Analyzer):

analyzers/OpenCTI/Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3-alpine
+WORKDIR /worker
+
+# Install libmagic (development package provides libmagic.so symlink)
+RUN apk add --no-cache file-dev
+
+COPY requirements.txt OpenCTI/
+RUN test ! -e OpenCTI/requirements.txt || pip install --no-cache-dir -r OpenCTI/requirements.txt
+COPY . OpenCTI/
+
+ENTRYPOINT ["python", "OpenCTI/opencti.py"]

analyzers/QrDecode/Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3
+FROM python:3-slim
 WORKDIR /worker
 COPY . QrDecode
 RUN test ! -e QrDecode/requirements.txt || pip install --no-cache-dir -r QrDecode/requirements.txt

analyzers/VirusTotal/Dockerfile

@@ -1,11 +1,15 @@
-FROM python:3.9
+FROM python:3-alpine
 
 WORKDIR /worker
-COPY . VirusTotal
-RUN apt update
-RUN apt install -y -q libimage-exiftool-perl       && \
-    rm -rf /var/lib/apt/lists/*
 
-RUN pip install --no-cache-dir -r VirusTotal/requirements.txt
+# install runtime dependencies.
+RUN apk add --no-cache perl-image-exiftool file-dev
+
+COPY requirements.txt VirusTotal/
+
+# Install Python dependencies from requirements.txt
+RUN test ! -e VirusTotal/requirements.txt || pip install --no-cache-dir -r VirusTotal/requirements.txt
+
+COPY . VirusTotal
 
-ENTRYPOINT VirusTotal/virustotal.py
+ENTRYPOINT ["python", "VirusTotal/virustotal.py"]

analyzers/Yeti/Dockerfile

@@ -0,0 +1,10 @@
+FROM python:3-alpine
+WORKDIR /worker
+
+RUN apk add --no-cache git
+
+COPY requirements.txt Yeti/
+RUN test ! -e Yeti/requirements.txt || pip install --no-cache-dir -r Yeti/requirements.txt
+COPY . Yeti/
+
+ENTRYPOINT ["python", "Yeti/yeti.py"]

analyzers/Yeti/requirements.txt

@@ -1,2 +1,2 @@
 cortexutils
-git+https://github.com/yeti-platform/pyeti
+git+https://github.com/yeti-platform/pyeti

analyzers/BinalyzeAIR/binalyze_air_isolation.json → responders/BinalyzeAIR/binalyze_air_isolation.json

@@ -8,7 +8,7 @@
     "dataTypeList": [
         "thehive:case_artifact"
     ],
-    "command": "BinalyzeAIR/air.py",
+    "command": "BinalyzeAIR/binalyze.py",
     "config": {
         "service": "air_isolate"
     },

responders/CheckPoint/requirements.txt

@@ -1,3 +1,4 @@
 cortexutils
+cp-mgmt-api-sdk
 # -e git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk#egg=cpapi cpapi
-git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk
+#git+https://github.com/CheckPointSW/cp_mgmt_api_python_sdk

responders/Gmail/Dockerfile

@@ -1,6 +1,11 @@
-FROM python:3
-
+FROM python:3-alpine
 WORKDIR /worker
-COPY . Gmail
-RUN pip install --no-cache-dir -r Gmail/requirements.txt
-ENTRYPOINT Gmail/Gmail.py
+
+# Install libmagic (development package provides libmagic.so symlink)
+RUN apk add --no-cache file-dev
+
+COPY requirements.txt Gmail/
+RUN test ! -e Gmail/requirements.txt || pip install --no-cache-dir -r Gmail/requirements.txt
+COPY . Gmail/
+
+ENTRYPOINT ["python", "Gmail/Gmail.py"]

responders/MailIncidentStatus/Dockerfile

@@ -0,0 +1,15 @@
+FROM python:3-alpine
+
+WORKDIR /worker
+
+# install runtime dependencies
+RUN apk add --no-cache file-dev
+
+COPY requirements.txt MailIncidentStatus/
+
+# Install Python dependencies from requirements.txt
+RUN test ! -e MailIncidentStatus/requirements.txt || pip install --no-cache-dir -r MailIncidentStatus/requirements.txt
+
+COPY . MailIncidentStatus
+
+ENTRYPOINT ["python", "MailIncidentStatus/mailincidentstatus.py"]

responders/PaloAltoNGFW/requirements.txt

@@ -1,4 +1,5 @@
 cortexutils
 requests
 pan-os-python
-thehive4py~=1.8.1
+thehive4py~=1.8.1
+setuptools

responders/SendGrid/requirements.txt

@@ -1 +1,2 @@
 sendgrid
+cortexutils

responders/Telegram/requirements.txt

@@ -1 +1,2 @@
-cortexutils
+cortexutils
+requests