Do not allow workers to produced extracted payloads identical to the scanned payload. #162
Description
I have had a few instances where I scanned a payload with a worker plugin, and the worker plugin produced an extracted payload that was identical to the payload being scanned by the worker. I had a decorator create a file tree from the results (based on payload_id and extracted_from and it ended up creating a circular reference.
I feel like it would be a worthwhile update to stoQ to prevent this from happening, a simple check during the deduplication logic to prevent adding self to the extracted_from list would be great. A warning could be logged.
One practical example:
https://www.virustotal.com/gui/file/b180cf82624994d05f7bcdf221372d5149e6382e52036d5b1487a3e5f3f12144/details
It is a corrupt PE that has a section (.bss) that is equal to the PE itself.
If a worker plugin carved out the PE as an extracted payload, the stoQ deduplication logic would prevent the file from being analyzed over and over, but a decorator that tries to create a file tree based on the payload_id and extracted_from fields would create a circular reference.