Spamhaus ipv6 and asn support

[pranjalg1331]

(Please add to the PR name the issue/s that this PR would close if merged by using a Github keyword. Example: <feature name>. Closes #999. If your PR is made by a single commit, please add that clause in the commit too. This is all required to automate the closure of related issues.)

Description

closes #2408
Please include a summary of the change and link to the related issue.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue).
• [ x] New feature (non-breaking change which adds functionality).
• Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

• [ x] I have read and understood the rules about how to Contribute to this project
• [ x] The pull request is for the branch develop
• A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
  • I strictly followed the documentation "How to create a Plugin"
  • Usage file was updated. A link to the PR to the docs repo has been added as a comment here.
  • Advanced-Usage was updated (in case the plugin provides additional optional configuration). A link to the PR to the docs repo has been added as a comment here.
  • I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. ("How to share a plugin with the community")
  • If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip and you added the default tests for that mimetype in test_classes.py.
  • If you created a new analyzer and it is free (does not require any API key), please add it in the FREE_TO_USE_ANALYZERS playbook by following this guide.
  • Check if it could make sense to add that analyzer/connector to other freely available playbooks.
  • I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
  • If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information. This is required for Health Checks.
  • [ x] If the plugin requires mocked testing, _monkeypatch() was used in its class to apply the necessary decorators.
  • [x ] I have added that raw JSON sample to the MockUpResponse of the _monkeypatch() method. This serves us to provide a valid sample for testing.
• I have inserted the copyright banner at the start of the file: # This file is a part of IntelOwl https://github.com/intelowlproject/IntelOwl # See the file 'LICENSE' for copying permission.
• If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
• [ x] Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
• I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
• If the GUI has been modified:
  • I have a provided a screenshot of the result in the PR.
  • I have created new frontend tests for the new component or updated existing ones.
• After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Important Rules

• If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
• Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review by using GitHub's reviewing system detailed here.

[pranjalg1331]

[pranjalg1331]

@mlodic, I have added the support for ASN and IPv6. Please review.

[fgibertoni]

@pranjalg1331 please use the appropriate GitHub system to ask for a review and avoid directly tagging if not strictly necessary.
Also, the PR is not ready as there are still some errors in the CI that should be addressed.

[pranjalg1331]

I am unsure whether I am authorized to request reviews from the maintainer using Github ?

[pranjalg1331]

Invalid observable: [email protected]
The test failure is because an invalid parameter is being passed for analysis. Spamhaus does not support the analysis of URLs. Could you please suggest how can I rectify this error?

[mlodic]

About reviews: Github introduced a new "moderation settings" that would prevent non-organization members to ask for reviews. I have just removed that limit. Please confirm that now you can.

About URL support: like we did in many other analyzers, just extract the domain from the URL and analyze it

[mlodic]

You should also be able to tag the PR as draft instead of writing it in the name of the PR

[mlodic]

use a url parameter which is the base to reuse the code + to use it for health checks

https://www.spamhaus.org/drop

[pranjalg1331]

Updated.

[mlodic]

you can use this to check the observable type and then, do the related checks

from api_app.choices import Classification

[pranjalg1331]

Updated.

[mlodic]

I would like to accelerate this and finish this as soon as possible so @cristinaascari can finish her refactor here https://github.com/intelowlproject/IntelOwl/pull/2767/files. Please @pranjalg1331, once you have some time, prioritize this. Thanks

[pranjalg1331]

About reviews: I can re-ask for your review in this pr, but still cannot ask any other maintainer for a review.

[pranjalg1331]

About URL support: like we did in many other analyzers, just extract the domain from the URL and analyze it

Spamhaus does not work with domains either. Since it's now in the generic category too, [email protected] is being provided as a sample observable. Since it's not a valid ASN value, the test case is failing.

an5 = Analyzable.objects.create( name="[email protected]", classification=Classification.GENERIC, )

[mlodic]

Spamhaus does not work with domains either. Since it's now in the generic category too, [email protected] is being provided as a sample observable. Since it's not a valid ASN value, the test case is failing.

Ok so you can change those tests and make custom ones for this use case

[pranjalg1331]

I have added a new value for Spamhaus test.

[fgibertoni]

Please update your migration number and its dependencies to reflect latest changes in `develop branch

[pranjalg1331]

Updated

[fgibertoni]

Suggested change

	obj.save()
	obj.full_clean()
	obj.save()

[fgibertoni]

Suggested change

	else:
	elif data_type == "asn":

Then you can add an else clause that throws an error if the data_type is not supported, logging what was passed.

[fgibertoni]

Also log the observable for tracing pls

[fgibertoni]

Why a print ?

[fgibertoni]

Also here

[fgibertoni]

This log is still missing. This should be as on line 41-42

[fgibertoni]

Suggested change

	else:
	elif data_type == "asn":

and same logging as in location()

[pranjalg1331]

I have made the requested changes.

[fgibertoni]

Also log the value of the wrong data_type pls

[fgibertoni]

After these small changes it's good to go by my side! Thank you

[fgibertoni]

Thank you!

[pranjalg1331]

Can we merge this pr?