From 334feb14f23f4b209ab74a55d528c377917d7532 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Wed, 12 Sep 2018 11:12:01 +0200
Subject: [PATCH] #128 Search analyzer using its name where MISP query a job

---
 app/org/thp/cortex/services/MispSrv.scala | 8 ++++++--
 docker.sbt                                | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/org/thp/cortex/services/MispSrv.scala b/app/org/thp/cortex/services/MispSrv.scala
index 31b2fc003..3883c10d6 100644
--- a/app/org/thp/cortex/services/MispSrv.scala
+++ b/app/org/thp/cortex/services/MispSrv.scala
@@ -17,6 +17,7 @@ import org.apache.commons.codec.binary.Base64
 import org.thp.cortex.models._
 import org.thp.cortex.services.AuditActor.Register
 
+import org.elastic4play.NotFoundError
 import org.elastic4play.services._
 
 @Singleton
@@ -58,12 +59,15 @@ class MispSrv @Inject() (
   }
 
   def query(module: String, mispType: String, data: String)(implicit authContext: AuthContext): Future[JsObject] = {
+    import org.elastic4play.services.QueryDSL._
+
     val artifact: Either[String, Attachment] = toArtifact(mispType, data)
     val duration = 20.minutes // TODO configurable
 
     for {
-      analyzer ← workerSrv.get(module)
-      job ← jobSrv.create(analyzer, mispType2dataType(mispType), artifact, 0, 0, "", JsObject.empty, None, force = false)
+      analyzer ← workerSrv.findAnalyzersForUser(authContext.userId, "name" ~= module, Some("0-1"), Nil)._1.runWith(Sink.headOption)
+      job ← analyzer.map(jobSrv.create(_, mispType2dataType(mispType), artifact, 0, 0, "", JsObject.empty, None, force = false))
+        .getOrElse(Future.failed(NotFoundError(s"Module $module not found")))
       _ ← auditActor.ask(Register(job.id, duration))(Timeout(duration))
       updatedJob ← jobSrv.getForUser(authContext.userId, job.id)
       mispOutput ← toMispOutput(authContext.userId, updatedJob)
diff --git a/docker.sbt b/docker.sbt
index 7cbcd4f5c..ba4224de3 100644
--- a/docker.sbt
+++ b/docker.sbt
@@ -28,7 +28,7 @@ dockerCommands ~= { dc =>
       ExecCmd("RUN", "bash", "-c",
         "apt-get update && " +
           "apt-get install -y --no-install-recommends python-pip python2.7-dev python3-pip python3-dev ssdeep libfuzzy-dev libfuzzy2 libimage-exiftool-perl libmagic1 build-essential git libssl-dev && " +
-          "pip install -U pip setuptools && " +
+          "pip2 install -U pip setuptools && " +
           "pip3 install -U pip setuptools && " +
           "cd /opt && " +
           "git clone https://github.com/TheHive-Project/Cortex-Analyzers.git && " +