[Analyzer] Bbot #2773
[Analyzer] Bbot #2773
Conversation
|
Hi @g4ze @fgibertoni, This is the initial draft for the BBOT analyzer. The thing was I was getting a permissions error initially when I didn’t create a specific directory for BBOT because it creates some temporary files and outputs JSON. After creating a specific directory for BBOT, it gave me the below error while running: BBOT is trying to install some additional packages/dependencies and during this process it checks for sudo command. Can you suggest something? Or am I going in the wrong direction? |
|
I think the problem is that the main IntelOwl container doesn't have |
can we install sudo in the main intelowl container? |
|
If it requires sudo, should we consider making this a docker analyzer? |
|
Yes we can do that! @fgibertoni please confirm that should i make this a docker based analyzer?
Some of the required dependencies are missing and need to be installed. However, as mentioned earlier, adding more dependencies makes management more challenging. |
|
Docker analyzer sound good considering new packages to install and disk-related operations. |
|
Update - I am trying different different methods on how can we handle this because its creating many files which some of them are not even needed. Its creating a .bbot/logs folder in the roor directory of IntelOwl and I am unable to change its directory. I need some time to explore this more. will update soon on this. |
you can explicitly give it perms for that specific dir and nothing else. Also if youre using docker, then how is it using intelowl's root dir? |
I am first trying to implement it without making it a docker analyser. If that doesn't work I will make it a docker analyzer. I am looking if we can somehow prevent it for using sudo |
|
Hi! Sorry for the delays. I have tried everything and the only solution is to make it a Docker Based Analyzer. I am really sorry for a bit delay I got busy with university exams. I am now working on making it a Docker Analyzer. Will close this very soon. |
|
I have switched from Flask to Quart because Flask was unable to handle the async task and was terminating the same again and again. Currently I am facing an error with daemonic process are not allowed to have children. I am looking to solve this issue. |
|
Hi @fgibertoni @mlodic, I've tried numerous workarounds to resolve the "daemonic processes are not allowed to have children" error when running BBOT as a Docker-based analyzer in IntelOwl. Here’s a summary of my findings: I applied early monkey‑patches via site‑customize and directly in the application (patching both I even switched from Flask to Quart to better support asynchronous endpoints (using Hypercorn), yet the problem remained. The root issue appears to be that BBOT’s internal modules—when run in our Docker container—spawn child processes while their parent is marked as daemon. Python explicitly prohibits this. In BBOT’s code (for example, in The only workaround that seems viable is to run the BBOT scan in a separate OS process using the In short, based on extensive testing and the various approaches I've tried, it appears that using the BBOT library as-is in a Docker container is unworkable. Would you consider either an alternative workaround using subprocess isolation or a re‑evaluation of the multiprocess design in BBOT? |
|
I really appreciate your analysis, great work! From IntelOwl's perspective I think that integration requires too much ad-hoc work that would then make maintenance of the project more difficult. So at the moment I think we should skip integrating this analyzer if the situation doesn't change. |
|
Thanks for your response! I’ll raise this issue on the BBOT repository and see if we get a positive response or any potential fixes from their side. If there’s a workable solution, I’ll continue working on the integration. In the meantime, would it be possible to add BBOT as a Docker-based analyzer using Let me know what you think, and thanks again for your time and guidance! |
|
I really understand your effort but atm I think we should wait for a response from the other side to avoid integrating ad-hoc code for this analyzer only. |
|
Sure! 😊 |
|
I opened an issue in BBOT repository and got some clarifications and have now worked on the same. We need to work with FastAPI and uvicorn for BBOT to work. Hypercorn will not work because it by default sets the process to daemon. I have switched to FastAPI now (took some time because earlier I didn't work on the same so needed to explore more). Currently I am looking to fix the error where BBOT successfully completes the scan but IntelOwl returns a failed error. |
|
@fgibertoni please review |
integrations/bbot/Dockerfile
Outdated
| ENV BBOT_HOME=${PROJECT_PATH} | ||
|
|
||
| # Create a non-root user | ||
| RUN useradd -ms /bin/bash ${USER} |
There was a problem hiding this comment.
You created the user but never actually added USER. That's correct ? Does the container need root to run ?
There was a problem hiding this comment.
BBOT needs sudo for some dependencies.
There was a problem hiding this comment.
Can these permission be confined like in phishing analyzer's Dockerfile by giving the user only permission to run certain commands with sudo ?
If not no problem. We can just remove the addition of a new user
There was a problem hiding this comment.
Yes I experimented the same we can move ahead by removing the addition of new user.
|
While you address these changes I'm creating the repository on Docker Hub for the new integration. |
integrations/bbot/Dockerfile
Outdated
| ENV BBOT_HOME=${PROJECT_PATH} | ||
|
|
||
| # Create a non-root user | ||
| RUN useradd -ms /bin/bash ${USER} |
There was a problem hiding this comment.
Can these permission be confined like in phishing analyzer's Dockerfile by giving the user only permission to run certain commands with sudo ?
If not no problem. We can just remove the addition of a new user
Co-authored-by: Federico Gibertoni <152909479+fgibertoni@users.noreply.github.com>
Closes [Analyzer] Bbot #2720
Description
app.pywith Uvicorn for BBOT scans, Docker setup, and module and presets selection (defaults presets toweb-basic)._docker_runto run BBOT synchronously, returning results in the initial response to avoid polling overhead.Type of change
Please delete options that are not relevant.
Checklist
developdumpplugincommand and added it in the project as a data migration. ("How to share a plugin with the community")test_files.zipand you added the default tests for that mimetype in test_classes.py.FREE_TO_USE_ANALYZERSplaybook by following this guide.urlthat contains this information. This is required for Health Checks._monkeypatch()was used in its class to apply the necessary decorators.MockUpResponseof the_monkeypatch()method. This serves us to provide a valid sample for testing.# This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl # See the file 'LICENSE' for copying permission.Black,Flake,Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.testsfolder). All the tests (new and old ones) gave 0 errors.DeepSource,Django Doctorsor other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.Important Rules