fixes to thug, domain visualizer and goresym

Author: mlodic

api_app/analyzers_manager/file_analyzers/goresym.py

@@ -49,12 +49,19 @@ def run(self):
         )
         result = self._docker_run(req_data, req_files, analyzer_name=self.analyzer_name)
         if "error" in result:
-            er = (
-                "Failed to parse file: failed to read pclntab: failed to locate pclntab"
-            )
-            if result["error"] == er:
-                logger.warning(f"Not a GO-compiled file: {result['error']}")
-                return f"Not a Go-compiled file: {result['error']}"
+            # the error message may change based on the version of the program
+            partial_error_keywords = ["failed", "no"]
+            found_negative_clause = False
+            if "pclntab" in result["error"]:
+                for partial_error_keyword in partial_error_keywords:
+                    if partial_error_keyword in result["error"]:
+                        found_negative_clause = True
+                        break
+            if found_negative_clause:
+                message = f"Not a GO-compiled file: {result['error']}"
+                logger.warning(message)
+                self.report.errors.append(message)
+                raise AnalyzerRunException(message)
             raise AnalyzerRunException(result["error"])
         return result
 

api_app/analyzers_manager/observable_analyzers/thug_url.py

@@ -23,19 +23,16 @@ class ThugUrl(ObservableAnalyzer, DockerBasedAnalyzer):
 
     def _thug_args_builder(self):
         user_agent = self.user_agent
-        if not user_agent:
-            user_agent = (
-                "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
-                "(KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/131.0.2903.86"
-            )
         dom_events = self.dom_events
         use_proxy = self.use_proxy
         proxy = self.proxy
         enable_awis = self.enable_awis
         enable_img_proc = self.enable_image_processing_analysis
         # make request arguments
         # analysis timeout is set to 5 minutes
-        args = ["-T", "300", "-u", str(user_agent)]
+        args = ["-T", "300"]
+        if user_agent:
+            args.extend(["-u", str(user_agent)])
         if dom_events:
             args.extend(["-e", str(dom_events)])
         if use_proxy and proxy:
@@ -53,7 +50,6 @@ def run(self):
         tmp_dir = secrets.token_hex(4)
         tmp_dir_full_path = "/opt/deploy/thug" + tmp_dir
         # make request data
-        # the option -n is bugged and does not work https://github.com/intelowlproject/IntelOwl/issues/2656
         args.extend(["-n", tmp_dir_full_path, self.observable_name])
 
         req_data = {

api_app/visualizers_manager/visualizers/domain_reputation_services.py

@@ -238,7 +238,7 @@ def run(self) -> List[Dict]:
             third_level_elements.append(
                 self.Bool(
                     value=printable_analyzer_name,
-                    disable=not analyzer_report.report["malicious"],
+                    disable=not analyzer_report.report.get("malicious"),
                 )
             )
 

integrations/thug/Dockerfile

@@ -1,5 +1,6 @@
 # This base image is the one currently (02/2025) updated by the maintainer
 # but it does not support ARM
+# CAREFUL! This is still bugged and does not provide analysis.json
 FROM thughoneyclient/thug:v6.12
 
 USER root