[ANY.RUN] Migrate to the ANY.RUN SDK, update actions, add new actions

[semayellow]

🎫 Ticket

🧩 Type of Change

• Feature
• Bug fix
• Other

🧠 Background & Motivation

• Updated existing actions and added new actions to comply with the current version of the ANY.RUN REST API
• Migrated to the ANY.RUN SDK to reduce boilerplate code and speed up development/delivery of new features

✨ What Changed

Removed actions

• get_history
• run_analysis
• get_report

Added new actions

ANY.RUN Sandbox:

• get_analysis_history
• get_analysis_report
• get_analysis_verdict
• get_ioc
• download_pcap
• windows_url_analysis
• windows_file_analysis
• linux_url_analysis
• linux_file_analysis
• android_url_analysis
• android_file_analysis

ANY.RUN TI Lookup:

• get_intelligence
• get_reputation

Updated connecton

To support API key processing for both services

Updated unit-test and documentation

🧪 Testing

(venv) ########### any_run % python3.11 -m unittest discover -s unit_test -p 'test_*.py' -v
test_android_file_analysis (test_android_file_analysis.TestAndroidFileAnalysis.test_android_file_analysis) ... ok
test_android_url_analysis (test_android_url_analysis.TestAndroidUrlAnalysis.test_android_url_analysis) ... ok
test_download_pcap (test_download_pcap.TestDownloadPcap.test_download_pcap) ... ok
test_get_analysis_history (test_get_analysis_history.TestGetAnalysisHistory.test_get_analysis_history) ... ok
test_get_analysis_report_html (test_get_analysis_report.TestGetAnalysisReport.test_get_analysis_report_html) ... ok
test_get_analysis_report_json (test_get_analysis_report.TestGetAnalysisReport.test_get_analysis_report_json) ... ok
test_get_analysis_verdict (test_get_analysis_verdict.TestGetAnalysisVerdict.test_get_analysis_verdict) ... ok
test_get_intelligence (test_get_intelligence.TestGetIntelligence.test_get_intelligence) ... ok
test_get_ioc (test_get_ioc.TestGetIoc.test_get_ioc) ... ok
test_get_reputation_hash (test_get_reputation.TestGetReputation.test_get_reputation_hash) ... ok
test_get_reputation_url (test_get_reputation.TestGetReputation.test_get_reputation_url) ... ok
test_linux_file_analysis (test_linux_file_analysis.TestLinuxFileAnalysis.test_linux_file_analysis) ... ok
test_linux_url_analysis (test_linux_url_analysis.TestLinuxUrlAnalysis.test_linux_url_analysis) ... ok
test_windows_file_analysis (test_windows_file_analysis.TestWindowsFileAnalysis.test_windows_file_analysis) ... ok
test_windows_url_analysis (test_windows_url_analysis.TestWindowsUrlAnalysis.test_windows_url_analysis) ... ok

----------------------------------------------------------------------
Ran 15 tests in 0.025s

OK

[snyk-io]

⛔ Snyk checks have failed. 2 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (2)
⛔	Open Source Security	0	2	0	0	2 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[igorski-r7]

The code generally looks good 🎉

I've left a couple of plugin-specific comments. Also, please update your target branch from master to any_run-3.0.0-release.

[igorski-r7]

In that case, I am not sure if unpacking the entire params dictionary directly into the SDK method is a good idea. If there are any further changes to the naming of the fields in the Any.Run SDK, we will need to update the plugin schema structure.

I suggest binding the inputs to variables first, and then passing them one by one to the 'run_url_analysis' method.

# START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION
file_content = params.pop(Input.FILE_CONTENT, "")
filename = params.pop(Input.FILENAME, "")
...
# END INPUT BINDING - DO NOT REMOVE

[igorski-r7]

Suggested change

	analysis_uuid = params.get(Input.ANALYSIS_UUID)
	analysis_uuid = params.get(Input.ANALYSIS_UUID, "")

[igorski-r7]

I would say same as previous comment related to unpacking dictionary directly to SDK method.

I suggest binding the inputs to variables first, and then passing them one by one to the run_url_analysis method.

# START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION
...
# END INPUT BINDING - DO NOT REMOVE

[igorski-r7]

Suggested change

	report_format = params.get(Input.FORMAT)
	analysis_uuid = params.get(Input.ANALYSIS_UUID)
	report_format = params.get(Input.FORMAT, "")
	analysis_uuid = params.get(Input.ANALYSIS_UUID, "")

[igorski-r7]

Suggested change

	analysis_uuid = params.get(Input.ANALYSIS_UUID)
	analysis_uuid = params.get(Input.ANALYSIS_UUID, "")

[igorski-r7]

Same

[igorski-r7]

Same

[igorski-r7]

Suggested change

	description: URL (Size range 2-256) or Hash (SHA256, SAH1, MD5) or Domain or IP
	description: URL (Size range 2-256) or Hash (SHA256, SHA1, MD5) or Domain or IP

[igorski-r7]

This is fine and it would work, but I think it could be even more readable with using quote from urllib3 and json. It could be something like:

import json
from urllib.parse import quote

...
payload = {"query": query, "dateRange": 180}
lookup_url = f"https://intelligence.any.run/analysis/lookup#{quote(json.dumps(payload))}"

[igorski-r7]

Please include error handling with PluginException in action tests.