file.name Field Missing From Root File Using Oneshot

[ryanohoro]

Describe the bug

When using oneshot, the filename of the provided file is not emitted in the returned Strelka event as part of the file object.

The proto for the various Go binaries and the main.go for oneshot show that the filename is being sent as part of the request. Strelka work() should be using this metadata to supply the name attribute of the File() object.

	req := structs.ScanFileRequest{
		Request: request,
		Attributes: &strelka.Attributes{
			Filename: *scanFile,
		},
		Chunk:  32768,
		Delay:  time.Second * 0,
		Delete: false,
	}

Steps to reproduce

 ./strelka-oneshot -l - -f src/python/strelka/tests/fixtures/test.html | jq
{
  "file": {
    "depth": 0,
    "flavors": {
      "mime": [
        "text/html"
      ],
      "yara": [
        "html_file"
      ]
    },
    "scanners": [
      "ScanEntropy",
      "ScanFooter",
      "ScanHash",
      "ScanHeader",
      "ScanHtml",
      "ScanYara"
    ],
    "size": 5875,
    "tree": {
      "node": "0d729ee4-9b2e-4a98-a2fa-84c1b2320961",
      "root": "0d729ee4-9b2e-4a98-a2fa-84c1b2320961"
    }
  },

Expected behavior

 ./strelka-oneshot -l - -f src/python/strelka/tests/fixtures/test.html | jq
{
  "file": {
    "depth": 0,
    "flavors": {
      "mime": [
        "text/html"
      ],
      "yara": [
        "html_file"
      ]
    },
    "scanners": [
      "ScanEntropy",
      "ScanFooter",
      "ScanHash",
      "ScanHeader",
      "ScanHtml",
      "ScanYara"
    ],
    name: "src/python/strelka/tests/fixtures/test.html",
    "size": 5875,
    "tree": {
      "node": "0d729ee4-9b2e-4a98-a2fa-84c1b2320961",
      "root": "0d729ee4-9b2e-4a98-a2fa-84c1b2320961"
    }
  },

Screenshots

Release

• Release: 0.22.12.08

Additional context

Each Go client sends requests to Redis. When Requests reach Redis, frontend takes the requests and adds them as tasks inside Redis for the backend to handle.

frontend should be modifying the tasks to include a json encoded attributes object with all of the request metadata, and work() should be attempting to deserialize the json metadata.

main.go

+	requestInfo, err := json.Marshal(em["request"])
+	if err != nil {
+		return err
+	}

	if err := s.coordinator.cli.ZAdd(
		stream.Context(),
		"tasks",
		&redis.Z{
			Score:  float64(deadline.Unix()),
-			Member: id,
+			Member: requestInfo,
		},
	).Err(); err != nil {
		return err

strelka.py

            # Get request metadata and Redis context deadline UNIX timestamp
            (task_item, expire_at) = task[0]
            try:
                task_info = json.loads(task_item)
            except json.JSONDecodeError:
                root_id = task_item.decode()
                # Create new file object for task, use the request root_id as the pointer
                file = File(pointer=root_id)
            else:
                root_id = task_info["id"]
                try:
                    file = File(pointer=root_id, name=task_info["attributes"]["filename"])
                except KeyError as ex:
                    logging.debug(f"No filename attached (error: {ex}) to request: {task_item}")
                    file = File(pointer=root_id)