scan_file_sandbox_simple
Analyze files for potential malware using default sandbox settings. Submit files for automated security analysis to detect threats without advanced configuration.
Instructions
Submit a file for simple sandbox analysis using default settings.
This is a simplified version of scan_file_sandbox with default configurations. Use scan_file_sandbox for advanced configuration options.
Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable)
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| entrypoint | No | ||
| file_path | Yes | ||
| is_public | No | ||
| password | No |
Implementation Reference
- src/threatzone_mcp/server.py:343-369 (handler)The handler and registration for the 'scan_file_sandbox_simple' MCP tool. This function wraps the more detailed 'scan_file_sandbox' tool, invoking it with simplified parameters and automatic configuration for basic sandbox file analysis.@app.tool async def scan_file_sandbox_simple( file_path: str, is_public: bool = False, entrypoint: Optional[str] = None, password: Optional[str] = None ) -> Dict[str, Any]: """ Submit a file for simple sandbox analysis using default settings. This is a simplified version of scan_file_sandbox with default configurations. Use scan_file_sandbox for advanced configuration options. Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) """ return await scan_file_sandbox( file_path=file_path, is_public=is_public, entrypoint=entrypoint, password=password, auto_config=True # Use automatic configuration for simplicity )
- src/threatzone_mcp/server.py:254-340 (helper)Helper function 'scan_file_sandbox' that implements the core logic for submitting files to the ThreatZone sandbox API. Called by 'scan_file_sandbox_simple' with default parameters.@app.tool async def scan_file_sandbox( file_path: str, is_public: bool = False, entrypoint: Optional[str] = None, password: Optional[str] = None, environment: str = "w10_x64", timeout: int = 180, work_path: str = "desktop", mouse_simulation: bool = True, https_inspection: bool = False, internet_connection: bool = False, raw_logs: bool = False, snapshot: bool = False, sleep_evasion: bool = False, smart_tracing: bool = False, dump_collector: bool = False, open_in_browser: bool = False, extension_check: bool = True, modules: Optional[List[str]] = None, auto_config: bool = False ) -> Dict[str, Any]: """ Submit a file for advanced sandbox analysis with detailed configuration. Args: file_path: Path to the file to analyze is_public: Whether the scan results should be public (default: False) entrypoint: File to execute within archive (if applicable) password: Password for archive files (if applicable) environment: Analysis environment - w7_x64, w10_x64, w11_x64, macos, android, linux (default: w10_x64) timeout: Analysis timeout in seconds - 60, 120, 180, 240, 300 (default: 180) work_path: Working directory - desktop, root, %AppData%, windows, temp (default: desktop) mouse_simulation: Enable mouse simulation (default: True) https_inspection: Enable HTTPS inspection (default: False) internet_connection: Enable internet connection (default: False) raw_logs: Include raw logs (default: False) snapshot: Take VM snapshots (default: False) sleep_evasion: Enable sleep evasion techniques (default: False) smart_tracing: Enable smart tracing (default: False) dump_collector: Enable dump collection (default: False) open_in_browser: Open files in browser (default: False) extension_check: Perform extension check (default: True) modules: Analysis modules to use, e.g., ["csi", "cdr"] (default: None) auto_config: Use automatic configuration (default: False) """ if not Path(file_path).exists(): raise ThreatZoneError(f"File not found: {file_path}") # Build the analyze configuration analyze_config = [ {"metafieldId": "environment", "value": environment}, {"metafieldId": "private", "value": not is_public}, {"metafieldId": "timeout", "value": timeout}, {"metafieldId": "work_path", "value": work_path}, {"metafieldId": "mouse_simulation", "value": mouse_simulation}, {"metafieldId": "https_inspection", "value": https_inspection}, {"metafieldId": "internet_connection", "value": internet_connection}, {"metafieldId": "raw_logs", "value": raw_logs}, {"metafieldId": "snapshot", "value": snapshot}, {"metafieldId": "sleep_evasion", "value": sleep_evasion}, {"metafieldId": "smart_tracing", "value": smart_tracing}, {"metafieldId": "dump_collector", "value": dump_collector}, {"metafieldId": "open_in_browser", "value": open_in_browser} ] # Prepare form data data = { "analyzeConfig": json.dumps(analyze_config), "extensionCheck": str(extension_check).lower() } if entrypoint: data["entrypoint"] = entrypoint if password: data["password"] = password if modules: data["modules"] = ",".join(modules) # Build URL with auto parameter url = f"/public-api/scan/sandbox?auto={str(auto_config).lower()}" files = {"file": open(file_path, "rb")} try: return await get_client().post(url, data=data, files=files) finally: files["file"].close()