Comments (8)
Ok this seems to me like a better way to approach the solution. We could create an API that deletes the file strait from the filestore, no questions asked, without removing up the file record. Which means that the file will be gone but the analysis will remain. This way you can orchestrate your own logic around this using the other APIs to know when to perfom that cleanup. This could even be done via webhooks using the post-processing actions.
This method does not enforce some complicated logic to be built into AL and let you do what you need. We will ensure that the UI handles missing files correctly and the processing does not hang forever when trying to process a missing file which I'm sure is already that way.
Also we can lock the API with RBAC so you can control who would get access to it.
from assemblyline.
These are the PRs related to this change:
- CybercentreCanada/assemblyline-base#1425
- CybercentreCanada/assemblyline-ui#768
- CybercentreCanada/assemblyline-ui-frontend#869
from assemblyline.
What would you do will all extracted sub-files? Delete them as well?
from assemblyline.
We have both use cases, but the parent file being deleted would be a good first step towards this. Maybe a configurable option to determine if the extracted files are stored?
from assemblyline.
This feature request is becoming more prevalent and is increasingly being brought up by various individuals, do you think its something that could be implemented? No worries if not, would need to figure out how to retain results outside of AL.
from assemblyline.
There is no particular issue to delete files but keep only the analysis result in principle. The only problem is to determine if you can delete the files or not.
Imagine two user submitting the same file, one asking the system to delete it and the other asking the system to keep it. What would you do then? I don't think a user decision to delete the files after analysis should force remove the file for other if they didnt ask the same thing. Which then mean the for each file you are trying to delete, you have to scan through the system for every submission that may reference this file in any way and check if the file was meant for deletion or not. And while you are computing this decision, another user may request the same scan but now the file can disapear while his scan is not completed.
from assemblyline.
So use cases for this are arising from automations, one solution could be that this is not something users could control at all, but rather admins will have the ability to call an API to carry out this job. The idea here is to allow us to clean up files that carry risk, but keep the analysis results. If a file is being processed and an API call to clear our the file is made, one of two things can happen. 1/ either queue the deletion of the file upon finishing results, or 2/ return an invalid request back to the API caller and we can handle this use case by retrying at a later time. I think generally, this feature is meant for Admins and not users. Happy to discuss further.
from assemblyline.
That would work perfectly. Thank you!
from assemblyline.
Related Issues (20)
- Paging Notification Queue Messages
- Health/stats endpoint
- Migrate frontend types/models to central directory
- Getting badlisted tags HOT 4
- Extractor throws "Invalid field for model: is_supplementary" after upgrade to AL stable91 HOT 4
- Malware Archive not showing archived files + related issues & feedback HOT 6
- Feature Request: (Badlist) Show which badlist source was matched against in the heuristics. HOT 3
- Feature Request: (Badlist) Allow setting expiration time on Badlist IOCs HOT 7
- Feature Request: (Badlist) Allow setting a heuristic score per update source HOT 3
- bug in assemblyline charts with release 4.5.stable HOT 2
- Service Manifest Typo - DeobfuScripter & Swiffer HOT 1
- Deobfuscripter missed obvious IoC HOT 3
- Malware Archive: supplementary files are always included
- Finding related submissions doesn't work for supplementary files HOT 1
- add support for ghcr.io registry HOT 17
- Feature Request: Enhanced API Key Management, Auditing, and Expiry System
- EPUB identified as java/jar HOT 4
- EBook document preview HOT 1
- Configuration for Privileged vs Non-Privileged services HOT 3
- Feature Request: Regional Storage of Malware Samples Due to Legislative Changes HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from assemblyline.