def test_store_file_wrong_path(self, caplog):
mock_task_wrong_path = mock_task()
mock_task_wrong_path.target += "foobar"
analysis_man = AnalysisManager(task=mock_task_wrong_path,
error_queue=queue.Queue())
analysis_man.store_file(sha256="e3be3b") is False
assert "analysis aborted" in caplog.text
def test_init_storage_already_exists(self, clean_init_storage, caplog):
analysis_man = AnalysisManager(task=mock_task(),
error_queue=queue.Queue())
os.makedirs(os.getcwd() + "/storage/analyses/1234")
analysis_man.init_storage()
assert "already exists at path" in caplog.text
def test_store_file_symlink_err(self, symlink, caplog):
with open("binary", "wb") as f:
f.write(b"\x00")
analysis_man = AnalysisManager(task=mock_task(),
error_queue=queue.Queue())
analysis_man.store_file(sha256="e3be3b")
assert "Unable to create symlink/copy" in caplog.text
def test_acquire_machine(self, setup_machinery, setup_machine_lock):
class mock_machinery(object):
def availables(self):
return True
def acquire(self, machine_id, platform, tags):
class mock_acquire:
name = "mock_mach"
label = "mock_label"
platform = "mock_platform"
return mock_acquire()
class mock_machine:
machine = "mock"
class mock_plat:
platform = "plat"
class mock_tags:
tags = "tags"
setup_machinery(mock_machinery())
mock_task_machine = mock_task()
mock_task_machine.machine = mock_machine()
mock_task_machine.platform = mock_plat()
mock_task_machine.tags = mock_tags()
analysis_man = AnalysisManager(task=mock_task_machine,
error_queue=queue.Queue())
analysis_man.acquire_machine()
assert analysis_man.machine.name == "mock_mach"
def test_check_file_err(self, mocker):
class mock_sample:
sha256 = "f3b"
analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue())
mocker.patch("lib.cuckoo.core.database.Database.view_sample", return_value=mock_sample())
assert analysis_man.check_file("e3b") is False
def test_init_storage_other_error(self, clean_init_storage, mocker, caplog):
mocker.patch(
"lib.cuckoo.core.scheduler.create_folder",
side_effect=CuckooOperationalError("foo"),
)
analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue())
# with pytest.raises(CuckooOperationalError) as exc_info:
assert analysis_man.init_storage() is False
assert "Unable to create analysis folder" in caplog.text
def test_category_checks_modified_file(self, clean_init_storage, mocker):
class mock_sample:
sha256 = "123"
analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue())
assert analysis_man.init_storage() is True
mocker.patch("lib.cuckoo.core.scheduler.Database.view_sample", return_value=mock_sample())
assert analysis_man.category_checks() is False
def test_store_file_delete_original(self):
file = tempfile.mkstemp()[1]
self.anal["file_path"] = file
self.a = AnalysisManager(self.anal)
self.a.init_storage()
self.a.cfg.cuckoo.delete_original = True
self.a.store_file()
bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries",
"d41d8cd98f00b204e9800998ecf8427e")
assert not os.path.exists(file)
os.remove(bin_path)
def test_store_file(self):
file = tempfile.mkstemp()[1]
self.anal["file_path"] = file
self.a = AnalysisManager(self.anal)
self.a.init_storage()
self.a.store_file()
bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries",
"d41d8cd98f00b204e9800998ecf8427e")
assert_equals(bin_path, self.a.analysis.stored_file_path)
assert os.path.exists(bin_path)
os.remove(file)
os.remove(bin_path)
def test_build_options(self):
class mock_machine:
resultserver_ip = "1.2.3.4"
resultserver_port = "1337"
mock_task_build_opts = mock_task()
mock_task_build_opts.package = "foo"
mock_task_build_opts.options = "foo=bar"
mock_task_build_opts.enforce_timeout = 1
mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01", "%m-%d-%Y %H:%M:%S")
mock_task_build_opts.timeout = 10
analysis_man = AnalysisManager(task=mock_task_build_opts, error_queue=queue.Queue())
analysis_man.machine = mock_machine()
opts = analysis_man.build_options()
opts["target"] = opts["target"].rsplit("/", 1)[-1]
assert opts == {
"category": "file",
"exports": "",
"target": "test_scheduler.py",
"package": "foo",
"terminate_processes": False,
"ip": "1.2.3.4",
"clock": datetime(2099, 1, 1, 9, 1, 1),
"port": "1337",
"file_type": "Python script, ASCII text executable",
"options": "foo=bar",
"enforce_timeout": 1,
"evtx": False,
"timeout": 10,
"file_name": "test_scheduler.py",
"browser": True,
"curtain": False,
"procmon": False,
"digisig": True,
"disguise": True,
"sysmon": False,
"filepickup": False,
"filecollector": True,
"permissions": False,
"screenshots_linux": False,
"screenshots_windows": True,
"tlsdump": True,
"usage": False,
"human_linux": False,
"human_windows": True,
"stap": False,
"id": 1234,
"do_upload_max_size": 0,
"upload_max_size": 100000000,
"during_script": False,
"pre_script": False,
}
def test_category_checks_no_store_file(self, clean_init_storage, grab_sample, mocker):
class mock_sample:
sha256 = "5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b"
sample_location = grab_sample(sample_hash="5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b")
mock_task_cat = mock_task()
mock_task_cat.target = sample_location
analysis_man = AnalysisManager(task=mock_task_cat, error_queue=queue.Queue())
assert analysis_man.init_storage() is True
mocker.patch("lib.cuckoo.core.scheduler.Database.view_sample", return_value=mock_sample())
mocker.patch("lib.cuckoo.core.scheduler.AnalysisManager.store_file", return_value=False)
assert analysis_man.category_checks() is False
class TestAnalysisManager:
def setUp(self):
create_structure()
self.anal = Dictionary()
self.anal["id"] = "test-cuckoo-remove-me"
self.a = AnalysisManager(self.anal)
def test_init_storage(self):
self.a.init_storage()
assert os.path.exists(self.a.analysis.results_folder)
@raises(CuckooAnalysisError)
def test_init_storage_error(self):
self.a.analysis.results_folder = os.path.join(os.path.join(CUCKOO_ROOT, "storage", "analyses"), self.anal.id)
os.mkdir(self.a.analysis.results_folder)
self.a.init_storage()
def test_store_file(self):
file = tempfile.mkstemp()[1]
self.anal["file_path"] = file
self.a = AnalysisManager(self.anal)
self.a.init_storage()
self.a.store_file()
bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e")
assert_equals(bin_path, self.a.analysis.stored_file_path)
assert os.path.exists(bin_path)
os.remove(file)
os.remove(bin_path)
def tearDown(self):
shutil.rmtree(self.a.analysis.results_folder)
def test_build_options_pe(self, grab_sample):
class mock_machine:
resultserver_ip = "1.2.3.4"
resultserver_port = "1337"
sample_location = grab_sample(sample_hash="5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b")
mock_task_build_opts = mock_task()
mock_task_build_opts.package = "file"
mock_task_build_opts.enforce_timeout = 1
mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01", "%m-%d-%Y %H:%M:%S")
mock_task_build_opts.timeout = 10
mock_task_build_opts.target = sample_location
analysis_man = AnalysisManager(task=mock_task_build_opts, error_queue=queue.Queue())
analysis_man.machine = mock_machine()
opts = analysis_man.build_options()
opts["target"] = opts["target"].rsplit("/", 1)[-1]
assert opts == {
"category": "file",
"exports": "",
"target": "5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b",
"package": "file",
"terminate_processes": False,
"ip": "1.2.3.4",
"clock": datetime(2099, 1, 1, 9, 1, 1),
"port": "1337",
"file_type": "PE32 executable (console) Intel 80386, for MS Windows",
"options": "foo=bar",
"enforce_timeout": 1,
"evtx": False,
"timeout": 10,
"file_name": "5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b",
"browser": True,
"curtain": False,
"procmon": False,
"digisig": True,
"disguise": True,
"sysmon": False,
"filepickup": False,
"permissions": False,
"screenshots": True,
"tlsdump": True,
"usage": False,
"human": True,
"id": 1234,
"do_upload_max_size": 0,
"upload_max_size": 100000000,
}
def test_acquire_machine_machine_not_avail(self, setup_machinery,
setup_machine_lock, mocker):
class mock_machinery(object):
def availables(self):
return True
def acquire(self, machine_id, platform, tags):
return None
class mock_machine:
machine = "mock"
class mock_plat:
platform = "plat"
class mock_tags:
tags = "tags"
setup_machinery(mock_machinery())
mock_task_machine = mock_task()
mock_task_machine.machine = mock_machine()
mock_task_machine.platform = mock_plat()
mock_task_machine.tags = mock_tags()
analysis_man = AnalysisManager(task=mock_task_machine,
error_queue=queue.Queue())
try:
spy = mocker.spy(scheduler.machine_lock, "release")
func_timeout(5, analysis_man.acquire_machine)
except FunctionTimedOut:
assert spy.call_count >= 4
except Exception as e:
print((str(e)))
def test_acquire_machine(self, setup_machinery, setup_machine_lock):
class mock_machinery:
def availables(self, machine_id, platform, tags, arch):
return True
def acquire(self, machine_id, platform, tags, arch):
class mock_acquire:
name = "mock_mach"
label = "mock_label"
platform = "mock_platform"
arch = "x64"
return mock_acquire()
class mock_machine:
machine = "mock"
class mock_plat:
platform = "plat"
class mock_tags:
class mock_tag:
def __init__(self, name):
self.name = name
tags = [mock_tag("tag1"), mock_tag("tag2")]
def __iter__(self):
for tag in self.tags:
yield tag
class mock_arch:
arch = "x64"
setup_machinery(mock_machinery())
mock_task_machine = mock_task()
mock_task_machine.machine = mock_machine()
mock_task_machine.platform = mock_plat()
mock_task_machine.tags = mock_tags()
mock_task_machine.arch = mock_arch()
analysis_man = AnalysisManager(task=mock_task_machine, error_queue=queue.Queue())
analysis_man.acquire_machine()
assert analysis_man.machine.name == "mock_mach"
def test_store_file_delete_original(self):
file = tempfile.mkstemp()[1]
self.anal["file_path"] = file
self.a = AnalysisManager(self.anal)
self.a.init_storage()
self.a.cfg.cuckoo.delete_original = True
self.a.store_file()
bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e")
assert not os.path.exists(file)
os.remove(bin_path)
def test_store_file(self):
file = tempfile.mkstemp()[1]
self.anal["file_path"] = file
self.a = AnalysisManager(self.anal)
self.a.init_storage()
self.a.store_file()
bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e")
assert_equals(bin_path, self.a.analysis.stored_file_path)
assert os.path.exists(bin_path)
os.remove(file)
os.remove(bin_path)
def test_build_options_false_pe(self, mocker, caplog):
class mock_machine(object):
resultserver_ip = "1.2.3.4"
resultserver_port = "1337"
mock_task_build_opts = mock_task()
mock_task_build_opts.package = "foo"
mock_task_build_opts.enforce_timeout = 1
mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01", "%m-%d-%Y %H:%M:%S")
mock_task_build_opts.timeout = 10
analysis_man = AnalysisManager(task=mock_task_build_opts, error_queue=queue.Queue())
analysis_man.machine = mock_machine()
mocker.patch(
"lib.cuckoo.core.scheduler.File.get_type", return_value="PE32 executable (console) Intel 80386, for MS Windows"
)
opts = analysis_man.build_options()
opts["target"] = opts["target"].rsplit("/", 1)[-1]
assert "PE type not recognised" in caplog.text
def test_build_options(self):
class mock_machine(object):
resultserver_ip = "1.2.3.4"
resultserver_port = "1337"
mock_task_build_opts = mock_task()
mock_task_build_opts.package = "foo"
mock_task_build_opts.options = "foo=bar"
mock_task_build_opts.enforce_timeout = 1
mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01",
"%m-%d-%Y %H:%M:%S")
mock_task_build_opts.timeout = 10
analysis_man = AnalysisManager(task=mock_task_build_opts,
error_queue=queue.Queue())
analysis_man.machine = mock_machine()
opts = analysis_man.build_options()
opts["target"] = opts["target"].split("/")[-1]
assert opts == {
"category": "file",
"exports": "",
"target": "test_scheduler.py",
"package": "foo",
"terminate_processes": False,
"ip": "1.2.3.4",
"clock": datetime(2099, 1, 1, 9, 1, 1),
"port": "1337",
"file_type": "Python script, ASCII text executable",
"options": "foo=bar",
"enforce_timeout": 1,
"timeout": 10,
"file_name": "test_scheduler.py",
"curtain": False,
"procmon": False,
"sysmon": False,
"id": 1234,
"do_upload_max_size": 0,
"upload_max_size": 100000000,
}
def test_init(self):
analysis_man = AnalysisManager(task=mock_task(),
error_queue=queue.Queue())
assert analysis_man.cfg.cuckoo == {
"freespace": 50000,
"delete_original": False,
"tmppath": "/tmp",
"terminate_processes": False,
"memory_dump": False,
"delete_bin_copy": False,
"max_machines_count": 10,
"reschedule": False,
"rooter": "/tmp/cuckoo-rooter",
"machinery": "kvm",
"delete_archive": True,
"max_vmstartup_count": 5,
"daydelta": 0,
"max_analysis_count": 0,
}
assert analysis_man.task.id == 1234
def setUp(self):
create_structure()
self.anal = Dictionary()
self.anal["id"] = "test-cuckoo-remove-me"
self.a = AnalysisManager(self.anal)
def setUp(self):
create_structure()
self.anal = Dictionary()
self.anal["id"] = "test-cuckoo-remove-me"
self.a = AnalysisManager(self.anal)
def test_store_file_symlink(self, symlink):
analysis_man = AnalysisManager(task=mock_task(),
error_queue=queue.Queue())
assert analysis_man.store_file(sha256="e3be3b") is True
def test_store_file_no_dir(self, caplog):
analysis_man = AnalysisManager(task=mock_task(),
error_queue=queue.Queue())
assert analysis_man.store_file(sha256="e3be3b") is False
assert "Unable to store file" in caplog.text
def test_store_file(self, create_store_file_dir):
analysis_man = AnalysisManager(task=mock_task(),
error_queue=queue.Queue())
assert analysis_man.store_file(sha256="e3") is True
class TestAnalysisManager:
def setUp(self):
create_structure()
self.anal = Dictionary()
self.anal["id"] = "test-cuckoo-remove-me"
self.a = AnalysisManager(self.anal)
def test_init_storage(self):
self.a.init_storage()
assert os.path.exists(self.a.analysis.results_folder)
@raises(CuckooAnalysisError)
def test_init_storage_error(self):
self.a.analysis.results_folder = os.path.join(
os.path.join(CUCKOO_ROOT, "storage", "analyses"), self.anal.id)
os.mkdir(self.a.analysis.results_folder)
self.a.init_storage()
def test_store_file(self):
file = tempfile.mkstemp()[1]
self.anal["file_path"] = file
self.a = AnalysisManager(self.anal)
self.a.init_storage()
self.a.store_file()
bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries",
"d41d8cd98f00b204e9800998ecf8427e")
assert_equals(bin_path, self.a.analysis.stored_file_path)
assert os.path.exists(bin_path)
os.remove(file)
os.remove(bin_path)
def test_store_file_delete_original(self):
file = tempfile.mkstemp()[1]
self.anal["file_path"] = file
self.a = AnalysisManager(self.anal)
self.a.init_storage()
self.a.cfg.cuckoo.delete_original = True
self.a.store_file()
bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries",
"d41d8cd98f00b204e9800998ecf8427e")
assert not os.path.exists(file)
os.remove(bin_path)
def tearDown(self):
shutil.rmtree(self.a.analysis.results_folder)
def test_init_storage(self, clean_init_storage):
analysis_man = AnalysisManager(task=mock_task(),
error_queue=queue.Queue())
analysis_man.init_storage()
assert analysis_man.storage.rsplit("/", 1)[-1] == "1234"
