def process(self, module):
"""Run a single reporting module.
@param module: reporting module.
@param results: results results from analysis.
"""
# Initialize current reporting module.
try:
current = module()
except:
log.exception(
"Failed to load the reporting module: %s", module,
extra={"task_id": self.task["id"]}
)
return
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = config2("reporting", module_name)
except CuckooConfigurationError:
log.debug(
"Reporting module %s not found in configuration file",
module_name
)
return
# If the reporting module is disabled in the config, skip it.
if not options.enabled:
return
# Give it the path to the analysis results folder.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the the relevant reporting.conf section.
current.set_options(options)
try:
current.run(self.results)
log.debug("Executed reporting module \"%s\"", current.__class__.__name__)
except CuckooDependencyError as e:
log.warning(
"The reporting module \"%s\" has missing dependencies: %s",
current.__class__.__name__, e
)
except CuckooReportError as e:
log.warning(
"The reporting module \"%s\" returned the following "
"error: %s", current.__class__.__name__, e
)
except:
log.exception(
"Failed to run the reporting module: %s",
current.__class__.__name__,
extra={"task_id": self.task["id"]}
)
def process(self, module):
"""Run a single reporting module.
@param module: reporting module.
@param results: results results from analysis.
"""
# Initialize current reporting module.
try:
current = module()
except:
log.exception(
"Failed to load the reporting module: %s", module,
extra={"task_id": self.task["id"]}
)
return
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = config2("reporting", module_name)
except CuckooConfigurationError:
log.debug(
"Reporting module %s not found in configuration file",
module_name
)
return
# If the reporting module is disabled in the config, skip it.
if not options.enabled:
return
# Give it the path to the analysis results folder.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the the relevant reporting.conf section.
current.set_options(options)
try:
current.run(self.results)
log.debug("Executed reporting module \"%s\"", current.__class__.__name__)
except CuckooDependencyError as e:
log.warning(
"The reporting module \"%s\" has missing dependencies: %s",
current.__class__.__name__, e
)
except CuckooReportError as e:
log.warning(
"The reporting module \"%s\" returned the following "
"error: %s", current.__class__.__name__, e
)
except:
log.exception(
"Failed to run the reporting module: %s",
current.__class__.__name__,
extra={"task_id": self.task["id"]}
)
def test_config2_default():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
assert config2("processing", "suricata") == {
"enabled": False, "eve_log": "eve.json", "files_dir": "files",
"socket": None, "suricata": "/usr/bin/suricata",
"conf": "/etc/suricata/suricata.yaml", "files_log": "files-json.log",
}
def test_config2_default():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
assert config2("processing", "suricata") == {
"enabled": False, "eve_log": "eve.json", "files_dir": "files",
"socket": None, "suricata": "/usr/bin/suricata",
"conf": "/etc/suricata/suricata.yaml", "files_log": "files-json.log",
}
def populate_machine_info(self):
if not self.task.get("guest"):
return
# TODO Actually fill out all of the fields as done for this analysis.
try:
self.machine["name"] = self.task["guest"]["name"]
self.machine.update(
config2(self.task["guest"]["manager"].lower(),
self.task["guest"]["name"]))
except CuckooConfigurationError:
pass
def populate_machine_info(self):
if not self.task.get("guest"):
return
# TODO Actually fill out all of the fields as done for this analysis.
try:
self.machine["name"] = self.task["guest"]["name"]
self.machine.update(config2(
self.task["guest"]["manager"].lower(),
self.task["guest"]["name"]
))
except CuckooConfigurationError:
pass
def test_config2_custom():
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"processing": {
"virustotal": {
"key": "thisisthekey",
},
},
})
assert config2("processing", "virustotal") == {
"enabled": False,
"key": "thisisthekey",
"timeout": 60,
"scan": False,
}
def test_config2_custom():
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"processing": {
"virustotal": {
"key": "thisisthekey",
},
},
})
assert config2("processing", "virustotal") == {
"enabled": False,
"key": "thisisthekey",
"timeout": 60,
"scan": False,
}
def start(self):
for module in cuckoo.auxiliary.plugins:
try:
current = module()
except:
log.exception(
"Failed to load the auxiliary module: %s",
module, extra={"task_id": self.task["id"]}
)
return
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = config2("auxiliary", module_name)
except CuckooConfigurationError:
log.debug(
"Auxiliary module %s not found in configuration file",
module_name
)
continue
if not options.enabled:
continue
current.set_task(self.task)
current.set_machine(self.machine)
current.set_guest_manager(self.guest_manager)
current.set_options(options)
try:
current.start()
except NotImplementedError:
pass
except CuckooDisableModule:
continue
except:
log.exception(
"Unable to start auxiliary module %s",
module_name, extra={"task_id": self.task["id"]}
)
else:
log.debug("Started auxiliary module: %s",
current.__class__.__name__)
self.enabled.append(current)
def start(self):
for module in cuckoo.auxiliary.plugins:
try:
current = module()
except:
log.exception(
"Failed to load the auxiliary module: %s",
module, extra={"task_id": self.task["id"]}
)
return
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = config2("auxiliary", module_name)
except CuckooConfigurationError:
log.debug(
"Auxiliary module %s not found in configuration file",
module_name
)
continue
if not options.enabled:
continue
current.set_task(self.task)
current.set_machine(self.machine)
current.set_guest_manager(self.guest_manager)
current.set_options(options)
try:
current.start()
except NotImplementedError:
pass
except CuckooDisableModule:
continue
except:
log.exception(
"Unable to start auxiliary module %s",
module_name, extra={"task_id": self.task["id"]}
)
else:
log.debug("Started auxiliary module: %s",
current.__class__.__name__)
self.enabled.append(current)
def misp_export(task_id, report=None):
"""
Uploads the report to the MISP instance using the reporting module.
:param task_id: task id
:param report: additional report dict
"""
report_path = cwd("reports", "report.json", analysis=task_id)
task_path = cwd("", "task.json", analysis=task_id)
j = open(report_path)
results = json.load(j)
t = open(task_path)
task = json.load(t)
m = MISP()
options = config2("reporting", 'misp')
m.set_task(task)
m.set_options(options)
m.run(results)
def test_config2_vpns():
set_cwd(tempfile.mkdtemp())
cuckoo_create(
cfg={
"routing": {
"vpn": {
"vpns": [
"a",
"b",
],
},
"a": {
"name": "name_a",
"description": "desc_a",
},
"b": {
"name": "name_b",
"description": "desc_b",
},
},
})
assert config2("routing", "vpn") == {
"enabled": False,
"vpns": [
"a",
"b",
],
}
assert config2("routing", "a") == {
"__section__": None,
"name": "name_a",
"description": "desc_a",
"interface": None,
"rt_table": None,
}
with pytest.raises(CuckooConfigurationError) as e:
config2("routing", "c")
e.match("No such configuration section exists")
assert config2("routing", "a").name == "name_a"
assert config2("routing", "a").interface is None
def test_config2_vpns():
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"routing": {
"vpn": {
"vpns": [
"a", "b",
],
},
"a": {
"name": "name_a",
"description": "desc_a",
},
"b": {
"name": "name_b",
"description": "desc_b",
},
},
})
assert config2("routing", "vpn") == {
"enabled": False,
"vpns": [
"a", "b",
],
}
assert config2("routing", "a") == {
"__section__": None,
"name": "name_a",
"description": "desc_a",
"interface": None,
"rt_table": None,
}
with pytest.raises(CuckooConfigurationError) as e:
config2("routing", "c")
e.match("No such configuration section exists")
assert config2("routing", "a").name == "name_a"
assert config2("routing", "a").interface is None
def process(self, module, results):
"""Run a processing module.
@param module: processing module to run.
@param results: results dict.
@return: results generated by module.
"""
# Initialize the specified processing module.
try:
current = module()
except:
log.exception("Failed to load the processing module: %s",
module,
extra={"task_id": self.task["id"]})
return None, None
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = config2("processing", module_name)
except CuckooConfigurationError:
log.debug("Processing module %s not found in configuration file",
module_name)
return None, None
# If the processing module is disabled in the config, skip it.
if not options.enabled:
return None, None
# Give it the path to the baseline directory.
current.set_baseline(self.baseline_path)
# Give it the path to the analysis results.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the configuration information on the machine.
current.set_machine(self.machine)
# Give it the options from the relevant processing.conf section.
current.set_options(options)
# Give it the results that we have obtained so far.
current.set_results(results)
try:
# Run the processing module and retrieve the generated data to be
# appended to the general results container.
data = current.run()
log.debug("Executed processing module \"%s\" for task #%d",
current.__class__.__name__, self.task["id"])
# If succeeded, return they module's key name and the data.
return current.key, data
except CuckooDependencyError as e:
log.warning(
"The processing module \"%s\" has missing dependencies: %s",
current.__class__.__name__, e)
except CuckooProcessingError as e:
log.warning(
"The processing module \"%s\" returned the following "
"error: %s", current.__class__.__name__, e)
except:
log.exception(
"Failed to run the processing module \"%s\" for task #%d:",
current.__class__.__name__,
self.task["id"],
extra={"task_id": self.task["id"]})
return None, None
def init_routing():
"""Initialize and check whether the routing information is correct."""
interfaces = set()
# Check if all configured VPNs exist and are up and enable NAT on
# each VPN interface.
if config("routing:vpn:enabled"):
for name in config("routing:vpn:vpns"):
entry = config2("routing", name)
if not rooter("nic_available", entry.interface):
raise CuckooStartupError(
"The network interface that has been configured for "
"VPN %s is not available." % entry.name)
if not rooter("rt_available", entry.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for "
"VPN %s is not available." % entry.name)
interfaces.add((entry.rt_table, entry.interface))
standard_routes = "none", "drop", "internet", "inetsim", "tor"
# Check whether the default VPN exists if specified.
if config("routing:routing:route") not in standard_routes:
if config("routing:routing:route") not in config("routing:vpn:vpns"):
raise CuckooStartupError(
"The default routing target (%s) has not been configured in "
"routing.conf, is it supposed to be a VPN?" %
config("routing:routing:route"))
if not config("routing:vpn:enabled"):
raise CuckooStartupError(
"The default route configured is a VPN, but VPNs have "
"not been enabled in routing.conf.")
# Check whether the dirty line exists if it has been defined.
if config("routing:routing:internet") != "none":
if not rooter("nic_available", config("routing:routing:internet")):
raise CuckooStartupError(
"The network interface that has been configured as dirty "
"line is not available.")
if not rooter("rt_available", config("routing:routing:rt_table")):
raise CuckooStartupError(
"The routing table that has been configured for dirty "
"line interface is not available.")
interfaces.add((config("routing:routing:rt_table"),
config("routing:routing:internet")))
for rt_table, interface in interfaces:
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", interface)
rooter("enable_nat", interface)
# Populate routing table with entries from main routing table.
if config("routing:routing:auto_rt"):
rooter("flush_rttable", rt_table)
rooter("init_rttable", rt_table, interface)
def test_config2_liststar():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
assert config2("qemu", "vm1").interface == "qemubr"
def init_routing():
"""Initialize and check whether the routing information is correct."""
interfaces = set()
# Check if all configured VPNs exist and are up and enable NAT on
# each VPN interface.
if config("routing:vpn:enabled"):
for name in config("routing:vpn:vpns"):
entry = config2("routing", name)
if not rooter("nic_available", entry.interface):
raise CuckooStartupError(
"The network interface that has been configured for "
"VPN %s is not available." % entry.name
)
if not rooter("rt_available", entry.rt_table):
raise CuckooStartupError(
"The routing table that has been configured for "
"VPN %s is not available." % entry.name
)
interfaces.add((entry.rt_table, entry.interface))
standard_routes = "none", "drop", "internet", "inetsim", "tor"
# Check whether the default VPN exists if specified.
if config("routing:routing:route") not in standard_routes:
if config("routing:routing:route") not in config("routing:vpn:vpns"):
raise CuckooStartupError(
"The default routing target (%s) has not been configured in "
"routing.conf, is it supposed to be a VPN?" %
config("routing:routing:route")
)
if not config("routing:vpn:enabled"):
raise CuckooStartupError(
"The default route configured is a VPN, but VPNs have "
"not been enabled in routing.conf."
)
# Check whether the dirty line exists if it has been defined.
if config("routing:routing:internet") != "none":
if not rooter("nic_available", config("routing:routing:internet")):
raise CuckooStartupError(
"The network interface that has been configured as dirty "
"line is not available."
)
if not rooter("rt_available", config("routing:routing:rt_table")):
raise CuckooStartupError(
"The routing table that has been configured for dirty "
"line interface is not available."
)
interfaces.add((
config("routing:routing:rt_table"),
config("routing:routing:internet")
))
for rt_table, interface in interfaces:
# Disable & enable NAT on this network interface. Disable it just
# in case we still had the same rule from a previous run.
rooter("disable_nat", interface)
rooter("enable_nat", interface)
# Populate routing table with entries from main routing table.
if config("routing:routing:auto_rt"):
rooter("flush_rttable", rt_table)
rooter("init_rttable", rt_table, interface)
def test_config2_liststar():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
assert config2("qemu", "vm1").interface == "qemubr"
def process(self, module, results):
"""Run a processing module.
@param module: processing module to run.
@param results: results dict.
@return: results generated by module.
"""
# Initialize the specified processing module.
try:
current = module()
except:
log.exception(
"Failed to load the processing module: %s",
module, extra={"task_id": self.task["id"]}
)
return None, None
# Extract the module name.
module_name = inspect.getmodule(current).__name__
if "." in module_name:
module_name = module_name.rsplit(".", 1)[1]
try:
options = config2("processing", module_name)
except CuckooConfigurationError:
log.debug(
"Processing module %s not found in configuration file",
module_name
)
return None, None
# If the processing module is disabled in the config, skip it.
if not options.enabled:
return None, None
# Give it the path to the baseline directory.
current.set_baseline(self.baseline_path)
# Give it the path to the analysis results.
current.set_path(self.analysis_path)
# Give it the analysis task object.
current.set_task(self.task)
# Give it the configuration information on the machine.
current.set_machine(self.machine)
# Give it the options from the relevant processing.conf section.
current.set_options(options)
# Give it the results that we have obtained so far.
current.set_results(results)
try:
# Run the processing module and retrieve the generated data to be
# appended to the general results container.
data = current.run()
log.debug("Executed processing module \"%s\" on analysis at "
"\"%s\"", current.__class__.__name__, self.analysis_path)
# If succeeded, return they module's key name and the data.
return current.key, data
except CuckooDependencyError as e:
log.warning(
"The processing module \"%s\" has missing dependencies: %s",
current.__class__.__name__, e
)
except CuckooProcessingError as e:
log.warning(
"The processing module \"%s\" returned the following "
"error: %s",
current.__class__.__name__, e
)
except:
log.exception(
"Failed to run the processing module \"%s\" for task #%d:",
current.__class__.__name__, self.task["id"],
extra={"task_id": self.task["id"]}
)
return None, None