From 7fcb699ab2170053f7b4358a4b123c8a5436baa4 Mon Sep 17 00:00:00 2001
From: Nils Kuhnert <Nils.Kuhnert@cert-bund.de>
Date: Tue, 22 Jan 2019 09:06:27 +0100
Subject: [PATCH] Fixes #313: improved otxquery filehandling

---
 analyzers/OTXQuery/otxquery.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/analyzers/OTXQuery/otxquery.py b/analyzers/OTXQuery/otxquery.py
index 338a4014d..9b7161f98 100755
--- a/analyzers/OTXQuery/otxquery.py
+++ b/analyzers/OTXQuery/otxquery.py
@@ -4,6 +4,7 @@
 import requests
 import urllib
 import hashlib
+import io
 from cortexutils.analyzer import Analyzer
 
 
@@ -169,7 +170,14 @@ def run(self):
             hashes = self.get_param('attachment.hashes', None)
             if hashes is None:
                 filepath = self.get_param('file', None, 'File is missing')
-                hash = hashlib.sha256(open(filepath, 'r').read()).hexdigest();
+                sha256 = hashlib.sha256()
+                with io.open(filepath, 'rb') as fh:
+                    while True:
+                        data = fh.read(4096)
+                        if not data:
+                            break
+                        sha256.update(data)
+                hash = sha256.hexdigest()
             else:
                 # find SHA256 hash
                 hash = next(h for h in hashes if len(h) == 64)