Merge branch '2.7.0-branch' into 'develop'

MislavReversingLabs · MislavReversingLabs · commit 0749bd31c10b · 2024-09-23T22:26:00.000Z
v2.7.0

See merge request integrations/reversinglabs-sdk-py3!3
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -332,6 +332,24 @@ v2.5.1 (2024-04-02)
   - Implemented the default user agent string in embedded `FileAnalysis` calls.
 
 
+2.7.0 (2024-07-24)
+-------------------
+
+#### Improvements
+- **ticloud** module:
+  - `rha1_type` is now an optional parameter in the `RHA1FunctionalSimilarity` and `RHA1Analitics` class methods. The user can decide if it should be passed in manually or calculated automatically.
+  - `detonate_url` and `detonate_sample` methods of the `DynamicAnalysis` class now accept optional parameters through `**optional_parameters`. Optional parameters should be passed in as key-value pairs (kwargs). Named parameters `internet_simulation` and `sample_name` are now deprecated and should be used through `**optional_parameters`.
+  - Added the `AdvancedActions` class containing the `enriched_file_analysis` method which returns a File Analysis report enriched with Dynamic Analysis.
+
+#### Deprecations
+- **ticloud** module:
+  - Parameters `internet_simulation` and `sample_name` of the `DynamicAnalysis.detonate_sample` method are now deprecated. Use `**optional_parameters` instead.
+
+
+
+
 ### Scheduled removals
 - **December 2024.**:
-  - In the `ticloud.DynamicAnalysis.detonate_sample` method the `sample_sha1` parameter will be removed.
+  - Parameter `sample_sha1` from the `ticloud.DynamicAnalysis.detonate_sample` method will be removed. Parameter `sample_hash` should be used instead.
+- **March 2025.**:
+  - Parameters `internet_simulation` and `sample_name` from the `ticloud.DynamicAnalysis.detonate_sample` method will be removed and should be further used through `**optional_parameters`.
diff --git a/README.md b/README.md
@@ -879,6 +879,13 @@ class TAXIIRansomwareFeed(TiCloudAPI)
     - Returns objects from a TAXII collection. 
     - This method does the paging automatically and returns a defined number of objects as a list in the end.
 
+#### Class:
+```python
+class AdvancedActions(object)
+````
+#### Methods:
+- `enriched_file_analysis`
+  - Accepts a sample hash and returns a TCA-0104 File Analysis report enriched with a TCA-0106 Dynamic Analysis report.
 
 ***
 
diff --git a/ReversingLabs/SDK/__init__.py b/ReversingLabs/SDK/__init__.py
@@ -5,4 +5,4 @@
 A Python SDK for communicating with ReversingLabs services.
 """
 
-__version__ = "2.6.4"
+__version__ = "2.7.0"
diff --git a/ReversingLabs/SDK/a1000.py b/ReversingLabs/SDK/a1000.py
@@ -74,7 +74,8 @@ class A1000(object):
                    "identification_name", "identification_version", "file_size", "extracted_file_count",
                    "local_first_seen", "local_last_seen", "classification_origin", "classification_reason",
                    "classification_source", "classification", "riskscore", "classification_result", "ticore", "tags",
-                   "summary", "ticloud", "aliases", "networkthreatintelligence", "domainthreatintelligence"
+                   "summary", "ticloud", "aliases", "networkthreatintelligence", "domainthreatintelligence", "imphash",
+                   "discussion", "proposed_filename", "av_scanners", "av_scanners_summary"
                    )
 
     __TITANIUM_CORE_FIELDS = "sha1, sha256, sha512, md5, imphash, info, application, protection, security, behaviour," \
@@ -555,7 +556,8 @@ def upload_sample_and_get_summary_report_v2(self, file_path=None, file_source=No
 
         return response
 
-    def get_detailed_report_v2(self, sample_hashes, retry=False, fields=None, skip_reanalysis=False):
+    def get_detailed_report_v2(self, sample_hashes, retry=False, fields=None, skip_reanalysis=False,
+                               include_networkthreatintelligence=True):
         """Accepts a single hash or a list of hashes and returns a detailed analysis report for the selected samples.
         This method utilizes the set number of retries and wait time in seconds and times out if the
         analysis results are not ready.
@@ -567,6 +569,8 @@ def get_detailed_report_v2(self, sample_hashes, retry=False, fields=None, skip_r
             :type fields: list[str]
             :param skip_reanalysis: skip sample reanalysis when fetching the summary report
             :type skip_reanalysis: bool
+            :param include_networkthreatintelligence: include network threat intelligence in the detailed report
+            :type include_networkthreatintelligence: bool
             :return: :class:`Response <Response>` object
             :rtype: requests.Response
         """
@@ -617,16 +621,22 @@ def get_detailed_report_v2(self, sample_hashes, retry=False, fields=None, skip_r
             "skip_reanalysis": str(skip_reanalysis).lower()
         }
 
-        response = self.__post_request(url=url, data=data)
+        if include_networkthreatintelligence:
+            if "networkthreatintelligence" not in fields or "domainthreatintelligence" not in fields:
+                raise WrongInputError("If include_networkthreatintelligence is set to True, the fields list must "
+                                      "include both 'networkthreatintelligence' and 'domainthreatintelligence'.")
+
+            data["include_networkthreatintelligence"] = str(include_networkthreatintelligence).lower()
 
+        response = self.__post_request(url=url, data=data)
         self.__raise_on_error(response)
 
         return response
 
     def upload_sample_and_get_detailed_report_v2(self, file_path=None, file_source=None, retry=True, fields=None,
                                                  custom_filename=None, tags=None, comment=None, cloud_analysis=True,
                                                  archive_password=None, rl_cloud_sandbox_platform=None,
-                                                 skip_reanalysis=False):
+                                                 skip_reanalysis=False, include_networkthreatintelligence=True):
         """Accepts either a file path string or an open file in 'rb' mode for file upload and returns a detailed
         analysis report response. This method combines uploading a sample and obtaining the detailed analysis report.
         Additional fields can be provided.
@@ -654,6 +664,8 @@ def upload_sample_and_get_detailed_report_v2(self, file_path=None, file_source=N
             :type archive_password: str
             :param rl_cloud_sandbox_platform: Cloud Sandbox platform (windows7, windows10 or macos_11)
             :type rl_cloud_sandbox_platform: str
+            :param include_networkthreatintelligence: include network threat intelligence in the detailed report
+            :type include_networkthreatintelligence: bool
             :return: response
             :rtype: requests.Response
         """
@@ -676,7 +688,8 @@ def upload_sample_and_get_detailed_report_v2(self, file_path=None, file_source=N
             sample_hashes=sha1,
             retry=retry,
             fields=fields,
-            skip_reanalysis=skip_reanalysis
+            skip_reanalysis=skip_reanalysis,
+            include_networkthreatintelligence=include_networkthreatintelligence
         )
 
         return response
diff --git a/ReversingLabs/SDK/helper.py b/ReversingLabs/SDK/helper.py
@@ -7,7 +7,11 @@
 
 import codecs
 import binascii
+from functools import wraps
 from http import HTTPStatus
+import inspect
+from warnings import warn
+
 from ReversingLabs.SDK import __version__
 
 
@@ -170,3 +174,31 @@ def validate_hashes(hash_input, allowed_hash_types):
                 "Only hash strings of the following types are allowed as input values: {allowed}".format(
                     allowed=allowed_hash_types
                 ))
+
+
+def deprecated_args(dpr_args: list):
+    def decorator(func):
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            arg_names = list(inspect.getfullargspec(func).args)
+            arg_names.extend(dpr_args)
+            args_kv = dict(zip(arg_names, args))
+            new_args = list(args)
+            for k in dpr_args:
+                if k not in kwargs and k in args_kv:
+                    if k == "sample_sha1":
+                        warn(f"DEPRECATION WARNING - Parameter sample_sha1 is deprecated. "
+                             f"Start using sample_hash instead.", Warning)
+
+                    else:
+                        warn(f"DEPRECATION WARNING - Parameter {k} is deprecated. "
+                             f"Start using it through optional_parameters.", Warning)
+                    arg_idx = arg_names.index(k)
+                    del new_args[arg_idx]
+                    del arg_names[arg_idx]
+                    kwargs[k] = args_kv[k]
+            return func(*new_args, **kwargs)
+
+        return wrapper
+
+    return decorator
diff --git a/ReversingLabs/SDK/ticloud.py b/ReversingLabs/SDK/ticloud.py
diff --git a/tests/test_ticloud.py b/tests/test_ticloud.py
