Comments (5)
jessek
commented on July 27, 2024
We could add a field, object_type, which indicated the type of object being retrieved. The values would be: THREAT_DESCRIPTOR, THREAT_INDICATOR, MALWARE_FAMILY, and MALWARE_ANALYSIS. My thinking would be not to enable this field by default, you have to ask for it specifically. Thoughts?
from threatexchange.
mgoffin
commented on July 27, 2024
I'm on the fence about having to request the type all the time. Can we think of any scenarios where we might want to include it by default? Connections come to mind if people can't/don't want to derive that from the connection type?
What URL parameter would we use to say that we want to include this field?
For pytx it would be useful to have it all the time so we can throw an exception if someone attempts to populate a class with the wrong object contents. We could technically always add the required URL parameter to every request but that would get a bit hackish when trying to protect the developer from doing the wrong thing :)
from threatexchange.
jessek
commented on July 27, 2024
We can easily include the object_type field by default, but then it will always be included by default. In other words, when requesting to view 856783741064689, yes, it would be good to include the object_type field so that you know the object is a malware analysis, e.g.
{
"object_type": "MALWARE_ANALYSIS",
"added_on": "2015-06-09T00:23:27+0000",
"md5": "9037a098b8b835cde8c3e2005fce6d3c",
"sha1": "6ff25da8a9de99956d385747c6318e28ab693519",
"sha256": "89b4d488fa02d85dcb19c43b6e6953fc4eb60fb27613609be56d6bb780243e1f",
"status": "UNKNOWN",
}
But because of how the Graph API works, a default field will always be included. In other words, if you search for /malware_analyses?since=yesterday, you'll get 25 blobs, each of which contain the (now redundant) object_type field.
I don't know if that's a concern, but it's something I thought about.
You can always request specific fields using the 'fields' parameter, e.g
/856783741064689?fields=sha256,password
or
/malware_analyses?since=today&fields=sha256,password
[Note: That's a real ID, but I've changed the hashes]
from threatexchange.
ivanlei
commented on July 27, 2024
Adding object_type, whether I have special request it or I always get it, would be nice.
from threatexchange.
jessek
commented on July 27, 2024
I've been working on this and our team feels strongly that the Right Way(tm) to get the object's type is to specify 'metadata=1' in the request.
I'm sorry, but this is a won't fix.
from threatexchange.
Related Issues (20)
- [hma] submitting content gets stuck between "hashed" and "matched" HOT 2
- /matches/for-hash/ gives AttributeError: 'IndexMatchUntyped' object has no attribute 'distance' HOT 1
- [pytx] No match results if creating a local_file with only 1 hash in it HOT 1
- [hma] Size of hashkey has exceeded the maximum size limit of 2048 bytes HOT 3
- [hma] ValueError in indexer
- [vpdq] Add support for Windows in vpdq pypy package HOT 5
- [OMM] Set up basic Continuous Integration git workflows for OMM HOT 2
- [omm] Figure out design for background tasks HOT 5
- [hma] Test production deployment - Nice-to-haves and Need-to-haves HOT 5
- [omm][onboarding] Initial setup issues HOT 2
- psycopg2.errors.UndefinedTable: relation "signal_type_override" does not exist HOT 8
- [vpdq] pypi publish failing HOT 2
- [omm][hma] Move Open Media Match into the Hasher Matcher Actioner Directory HOT 1
- Refactor UI to allow for multiple pages
- Flask background task scheduler doesn't run if werkzeug is not the WSGI server
- [hma][py-tx] Unclean CI status for HMA and pytx HOT 4
- [vpdq] Explore other packaging and build options
- [hma] Add optional distance parameter in match API
- [pytx] Add support for StopNCII PhotoDNA
- [hma] Bad redirects on dev page HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from threatexchange.