Merge pull request #888 from TheHive-Project/feature/proxy_tor

Add proxies support to torproject analyzer
TheHive-Project · Feb 3, 2021 · f3bca68 · f3bca68
2 parents 592e933 + 38917ce
commit f3bca68
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 32 deletions.
diff --git a/analyzers/TorProject/tor_project.py b/analyzers/TorProject/tor_project.py
@@ -19,35 +19,45 @@ class TorProjectClient:
                            Ignored if `cache_duration` is 0.
     :param cache_root: Path where to store the cached file
                        downloaded from torproject.org
+    :param proxies: Proxies to be using during requests session
     :type ttl: int
     :type cache_duration: int
     :type cache_root: str
     """
-    def __init__(self, ttl=86400, cache_duration=3600,
-                 cache_root='/tmp/cortex/tor_project'):
+
+    def __init__(
+        self,
+        ttl=86400,
+        cache_duration=3600,
+        cache_root="/tmp/cortex/tor_project",
+        proxies=None,
+    ):
         self.session = requests.Session()
+        if proxies:
+            self.session.proxies.update(proxies)
         self.delta = None
         self.cache = None
         if ttl > 0:
             self.delta = timedelta(seconds=ttl)
         if cache_duration > 0:
             self.cache = Cache(cache_root)
             self.cache_duration = cache_duration
-        self.url = 'https://check.torproject.org/exit-addresses'
+        self.url = "https://check.torproject.org/exit-addresses"
 
-    __cache_key = __name__ + ':raw_data'
+    __cache_key = __name__ + ":raw_data"
 
     def _get_raw_data(self):
         try:
-            return self.cache['raw_data']
-        except(AttributeError, TypeError):
+            return self.cache["raw_data"]
+        except (AttributeError, TypeError):
             return self.session.get(self.url).text
         except KeyError:
             self.cache.set(
-                'raw_data',
+                "raw_data",
                 self.session.get(self.url).text,
-                expire=self.cache_duration)
-            return self.cache['raw_data']
+                expire=self.cache_duration,
+            )
+            return self.cache["raw_data"]
 
     def search_tor_node(self, ip):
         """Lookup an IP address to check if it is a known tor exit node.
@@ -65,14 +75,13 @@ def search_tor_node(self, ip):
         tmp = {}
         present = datetime.utcnow().replace(tzinfo=pytz.utc)
         for line in self._get_raw_data().splitlines():
-            params = line.split(' ')
-            if params[0] == 'ExitNode':
-                tmp['node'] = params[1]
-            elif params[0] == 'ExitAddress':
-                tmp['last_status'] = params[2] + 'T' + params[3] + '+0000'
-                last_status = parse(tmp['last_status'])
-                if (self.delta is None or
-                   (present - last_status) < self.delta):
+            params = line.split(" ")
+            if params[0] == "ExitNode":
+                tmp["node"] = params[1]
+            elif params[0] == "ExitAddress":
+                tmp["last_status"] = params[2] + "T" + params[3] + "+0000"
+                last_status = parse(tmp["last_status"])
+                if self.delta is None or (present - last_status) < self.delta:
                     data[params[1]] = tmp
                 tmp = {}
             else:

diff --git a/analyzers/TorProject/tor_project_analyzer.py b/analyzers/TorProject/tor_project_analyzer.py
@@ -5,37 +5,39 @@
 
 class TorProjectAnalyzer(Analyzer):
     """Cortex analyzer to query TorProject for exit nodes IP addresses"""
+
     def __init__(self):
         Analyzer.__init__(self)
-        self.ttl = self.get_param('config.ttl', 86400)
-        self.cache_duration = self.get_param('config.cache.duration', 3600)
-        self.cache_root = self.get_param(
-            'config.cache.root', '/tmp/cortex/tor_project'
-        )
-
+        self.ttl = self.get_param("config.ttl", 86400)
+        self.cache_duration = self.get_param("config.cache.duration", 3600)
+        self.cache_root = self.get_param("config.cache.root", "/tmp/cortex/tor_project")
+        self.proxies = {
+            "https": self.get_param("config.proxy_https"),
+            "http": self.get_param("config.proxy_http"),
+        }
         self.client = tor_project.TorProjectClient(
             ttl=self.ttl,
             cache_duration=self.cache_duration,
-            cache_root=self.cache_root
+            cache_root=self.cache_root,
+            proxies=self.proxies,
         )
 
     def summary(self, raw):
         taxonomies = []
-        level = 'info'
+        level = "info"
         value = False
-        if ("node" in raw):
-            level = 'suspicious'
+        if "node" in raw:
+            level = "suspicious"
             value = True
-        taxonomies.append(
-            self.build_taxonomy(level, 'TorProject', 'Node', value))
+        taxonomies.append(self.build_taxonomy(level, "TorProject", "Node", value))
         return {"taxonomies": taxonomies}
 
     def run(self):
-        if self.data_type != 'ip':
-            return self.error('Not an IP address')
+        if self.data_type != "ip":
+            return self.error("Not an IP address")
         report = self.client.search_tor_node(self.get_data())
         self.report(report)
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     TorProjectAnalyzer().run()