def test_tcpdump_path_(self):
assert_equals(Sniffer("foo").tcpdump, "foo")
def test_interface_not_found(self):
assert_equals(False, Sniffer("foo").start("ethfoo"))
def launch_analysis(self):
"""Start analysis.
@raise CuckooAnalysisError: if unable to start analysis.
"""
log.info("Starting analysis of file \"%s\" (task=%s)" %
(self.task.file_path, self.task.id))
if not os.path.exists(self.task.file_path):
raise CuckooAnalysisError(
"The file to analyze does not exist at path \"%s\", analysis aborted"
% self.task.file_path)
self.init_storage()
self.store_file()
options = self.build_options()
while True:
machine_lock.acquire()
vm = mmanager.acquire(machine_id=self.task.machine,
platform=self.task.platform)
machine_lock.release()
if not vm:
log.debug("Task #%s: no machine available" % self.task.id)
time.sleep(1)
else:
log.info("Task #%s: acquired machine %s (label=%s)" %
(self.task.id, vm.id, vm.label))
break
# Initialize sniffer
if self.cfg.cuckoo.use_sniffer:
sniffer = Sniffer(self.cfg.cuckoo.tcpdump)
sniffer.start(interface=self.cfg.cuckoo.interface,
host=vm.ip,
file_path=os.path.join(self.analysis.results_folder,
"dump.pcap"))
else:
sniffer = False
try:
# Start machine
mmanager.start(vm.label)
# Initialize guest manager
guest = GuestManager(vm.id, vm.ip, vm.platform)
# Launch analysis
guest.start_analysis(options)
# Wait for analysis to complete
success = guest.wait_for_completion()
# Stop sniffer
if sniffer:
sniffer.stop()
if not success:
raise CuckooAnalysisError(
"Task #%s: analysis failed, review previous errors" %
self.task.id)
# Save results
guest.save_results(self.analysis.results_folder)
except (CuckooMachineError, CuckooGuestError) as e:
raise CuckooAnalysisError(e)
finally:
# Stop machine
mmanager.stop(vm.label)
# Release the machine from lock
mmanager.release(vm.label)
# Launch reports generation
Reporter(self.analysis.results_folder).run(
Processor(self.analysis.results_folder).run())
log.info("Task #%s: reports generation completed (path=%s)" %
(self.task.id, self.analysis.results_folder))
def test_tcpdump_not_found(self):
assert_equals(False, Sniffer("foo").start())
def launch_analysis(self):
"""Start analysis."""
sniffer = None
succeeded = False
log.info("Starting analysis of %s \"%s\" (task=%d)",
self.task.category.upper(), self.task.target, self.task.id)
# Initialize the the analysis folders.
if not self.init_storage():
return False
if self.task.category == "file":
# Store a copy of the original file.
if not self.store_file():
return False
# Generate the analysis configuration file.
options = self.build_options()
# Acquire analysis machine.
machine = self.acquire_machine()
# At this point we can tell the Resultserver about it
try:
Resultserver().add_task(self.task, machine)
except Exception as e:
mmanager.release(machine.label)
self.errors.put(e)
# If enabled in the configuration, start the tcpdump instance.
if self.cfg.sniffer.enabled:
sniffer = Sniffer(self.cfg.sniffer.tcpdump)
sniffer.start(interface=self.cfg.sniffer.interface,
host=machine.ip,
file_path=os.path.join(self.storage, "dump.pcap"))
try:
# Mark the selected analysis machine in the database as started.
guest_log = Database().guest_start(self.task.id, machine.name,
machine.label,
mmanager.__class__.__name__)
# Start the machine.
mmanager.start(machine.label)
except CuckooMachineError as e:
log.error(str(e), extra={"task_id": self.task.id})
# Stop the sniffer.
if sniffer:
sniffer.stop()
return False
else:
try:
# Initialize the guest manager.
guest = GuestManager(machine.name, machine.ip,
machine.platform)
# Start the analysis.
guest.start_analysis(options)
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
# Stop the sniffer.
if sniffer:
sniffer.stop()
return False
else:
# Wait for analysis completion.
try:
guest.wait_for_completion()
succeeded = True
except CuckooGuestError as e:
log.error(str(e), extra={"task_id": self.task.id})
succeeded = False
finally:
# Stop the sniffer.
if sniffer:
sniffer.stop()
# Take a memory dump of the machine before shutting it off.
if self.cfg.cuckoo.memory_dump or self.task.memory:
try:
mmanager.dump_memory(
machine.label, os.path.join(self.storage,
"memory.dmp"))
except NotImplementedError:
log.error("The memory dump functionality is not available "
"for current machine manager")
except CuckooMachineError as e:
log.error(e)
try:
# Stop the analysis machine.
mmanager.stop(machine.label)
except CuckooMachineError as e:
log.warning("Unable to stop machine %s: %s", machine.label, e)
# Market the machine in the database as stopped.
Database().guest_stop(guest_log)
try:
# Release the analysis machine.
mmanager.release(machine.label)
except CuckooMachineError as e:
log.error(
"Unable to release machine %s, reason %s. "
"You might need to restore it manually", machine.label, e)
# after all this, we can make the Resultserver forget about it
Resultserver().del_task(self.task, machine)
return succeeded
