mwdb-core
mwdb-core copied to clipboard
CERT-Polska
Deprecated API elements
Hi everyone!
Our mwdb.cert.pl service is running mwdb-core (Malwarecage) for over 3 years keeping the API backwards compatible. Although the whole project changed a lot, that compatibility layer is constantly growing :chart_with_upwards_trend:
Most of that obsolete stuff comes from a very early version of the service, so if you're pretty new on the board - don't be afraid because we don't plan to turn everything upside down :smile: :at_least_not_yet:
I've created this issue to keep an eye on all of the deprecated things that will be removed in the future. Some of our internal systems are still depending on these, so even as project owners we need to be concerned about them as well.
If you are using mwdblib, all of things below are solvable just by upgrading the version to the latest. If the provided alternatives are not suitable for your needs or you have any questions, feel free to comment or create an related issue.
Elements deprecated before 2.0.0
Legacy API tokens
Back in time, we have created the API keys manually so they are in pretty old, unmanagable format.
If you are using one of these keys that were created especially for you, go to API keys section in https://mwdb.cert.pl/profile. After generating a key (Create a new key) - new token can be accessed by clicking Show API token button (token is usually a long string that starts with ey...). That key can be used for authentication in mwdblib.MWDB instance via api_key parameter:
api_key = "ey..."
mwdb = MWDB(api_key=api_key)
We strongly encourage you to use the keys created via API keys section instead of the old, legacy ones.
page argument is no longer supported by Recent objects endpoints
GET /api/file?page=1 used LIMIT ... OFFSET ... queries which were really slow when used for pagination. Now, the only supported and documented argument is older_than=<last fetched hash>
Users of mwdb.cert.pl service should upgrade mwdblib version at least to the 2.6.0 version (https://github.com/CERT-Polska/mwdblib/releases/tag/2.6.0). Of course we highly recommend an upgrade to the latest version (breaking changes are listed here: https://github.com/CERT-Polska/mwdblib/releases/tag/3.0.0)
Documentation of mwdblib can be found here: https://mwdblib.readthedocs.io/en/latest/
Undocumented static.*: search field (alias for config.*:)
In first Malwarecage (now: mwdb-core) version only static configurations were supported, so search field was also named static:. Along with providing support for parsed dynamic configurations, search field was renamed to config: and static: has been left as an alias due to backwards compatibility.
Because static suggests that only static configurations will be included in search results, it is deprecated and will be no longer supported. If you want to search only for static configurations, use config.type:static
Use GET /api/object?query= instead of POST /api/search
The Search endpoint is hard-limited to 10000 records, because it fetches all the results at once. It is really slow and left just for compatiblity reasons. The same functionality can be achieved via /api/object?query= that works just like the other Recent * endpoints.
Use POST /api/file for uploading objects instead of deprecated POST/PUT /api/file/<parent>
Uploading things to MWDB was a total mess before we reworked that API. Parent was passed via path. Upload options were passed via multipart/form-data, even if we're able to pass everything using application/json. If there are no parent, there was artificial root string passed instead.
That's why you should use the new endpoints instead, where everything is nice and clean.
For files:
For configs and blobs:
