All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Add
getjson()function to allow plugins to use valid json strings are configuration options (@ytreister, #144)
- Fix stoq command line to properly parsed
--plugin-optsand--request-sourcearguments that contain=or:characters - Ensure
always_dispatchinstoq.cfgleveragesgetlist()whenStoq()is is instantiated. (#149) - Multiple fixes and updates to Dockerfile
- Support for asyncio within the framework and plugins
- Better type checking support
self.logmay be leveraged from within all plugin classes- Add new
Error()class for standardizing errors from stoQ and pluginsError()will track plugin name, error message, and payload_id (optional) - Add configuration properties from
[Core]and[Documentation]to each plugin object when loaded PayloadMetanow has ashould_scanboolean. Allows payloads to be logged and archived, but not scanned by worker plugin.Payloadis now updated as results are completed. Results from completed scans will be available to other plugins instantlyRequest()class is passed to all dispatchers, workers, and archiver plugins. TheRequestobject contains all payloads, request metadata, results, and errors from all other completed plugins. This will allow for all neccessary plugins to have a full understanding of the current state of the completeRequest.WorkerPlugins now have a configuration option ofrequired_workers. This allows for chained worker dependencies. Ifrequired_workersis defined, the parent plugin will not be run until all required plugins are completed successfully. The parent plugin may then use results from other completed plugins for their respective scanning tasks.- Duplicate extracted payloads are no longer simply skipped, they are appended to
Payload.results[].extracted_byandPayload.results[].extracted_from - Add
StoqConfigParsertostoq.helpersto extend options forStoqand plugin configurations. - Parallelization is performed across all of the plugins that can run in a given round, instead of parallelizing across all of the plugins to perform on a given payload (#147)
- Ensure
plugin_nameis set to the name of the plugin class in caseNameis not defined in the plugin's configuration.
PayloadResultsis now an object ofPayload.results, rather than an independent object- Most objects have been removed from
Payloadand are now availabe inPayload.results, namelyextracted_by,extracted_from,payload_id,size,payload_meta Payload.plugins_runmoved toPayloadResults.plugins_runand is now aDict[str, List[str]]rather thanDict[str, List[List[str]]]PayloadResults.workersis now aDict[str, Dict]rather thanList[Dict[str, Dict]]PayloadMetais now an object ofPayloadResults.payload_metaPayloadResults.extracted_byis now aList[str]rather thanstrPayloadResults.extracted_fromis now aList[str]rather thanstr- Dispatchers run on each payload every round, instead of once per payload. This allows the dispatcher to take advantage of the request state model. (#147)
- Worker plugins can specify additional plugins to run on the payload they scan, effectively giving them dispatch capability. With YARA, for example, this allows us to directly scan with YARA and dispatch to other plugins by running YARA once. Otherwise, we would run YARA as a dispatcher, and then immediately run YARA again as a worker plugin. (#147)
- Archivers run at the very end along with connectors and decorators because we no longer scan a payload to completion at once. (#147)
- The default value for max_recursion has increased because the average number of worker rounds taken to complete a scan is expected to increase. (#147)
- DeepDispatcher plugin class has been removed
Payload.plugins_runhas been removed in favor of `PayloadResults.plugins_runPayload.worker_resultshas been removed in favor ofPayloadResults.workersRequestMetais no longer passed to plugins, in favor of theRequestobjectplugins_optshas been removed from plugin__init__function. All plugin configuration options are only available inself.config
- Fix plugin requirements path when installing from Github
- Fix issue where deep dispatchers defined from the CLI were not passed to
Stoq() - Update URL for plugins to include v2 branch when using
--github
- Provide console output if stoQ configuration file does not exist (Thanks for feedback @jakubgs!)
- Add command line option
--config-fileto define stoQ configuration file - Add command line option
--log-levelto allow for setting of the log level - Documentation for simplied method of defining plugin options within
__init__
- Raise StoqPluginException if installing a plugin that is already installed
- Display
plugin_pathwhen plugin is successfully installed - Raise StoqPluginNotFound when attempting to load non-existent or invalid plugin
Stoq.reconstruct_all_subresponses()method to allow for reconstructingStoqResponseobjects iteratively (@maydewd)
- Force payload content to be of type
bytes
- Allow
--plugin-dirfrom command line to force one or more plugin directories - Provide better logging when a plugin is installed from github as a non-root user outside of a venv
- Gracefully handle exceptions in
ConnectorPlugins
- Improve handling of plugin configuration options. Plugin options can now also be in stoq.cfg. (Thanks for feedback @chemberger!)
- Set default precendence for plugin configuration options to be 1)
plugin_optswhen instantiatingStoq, 2)stoq.cfg, 3) Plugin config file (Thanks for feedback @chemberger!) - Make formatted exceptions more legible in results
- Fix erroneous error from being displayed when installing or listing plugins
- Fix plugin install if requirements.txt does not exist
- Documentation update for installation (@chemberger)
- Allow
--max-recursionfrom command line andmax_recursionwhen instantiatingStoq(). - Allow
max_dispatch_passeswhen instantiatingStoq(). - Allow
--request-sourceand--request-extrafrom command line.
- Fix requirements URL when installing plugins from stoQ plugin repository
- Minor bug fixes
- Initial v2 release.