def test_load_signatures():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
shutil.rmtree(cwd("signatures"))
shutil.copytree("tests/files/enumplugins", cwd("signatures"))
sys.modules.pop("signatures", None)
load_signatures()
# Ensure that the Signatures are loaded in the global list.
names = []
for sig in cuckoo.signatures:
names.append(sig.__module__)
assert "signatures.sig1" in names
assert "signatures.sig2" in names
assert "signatures.sig3" in names
# Ensure that the Signatures are loaded in the RunSignatures object.
RunSignatures.init_once()
rs, names = RunSignatures({}), []
for sig in rs.signatures:
names.append(sig.__class__.__name__)
assert "Sig1" in names
assert "Sig2" in names
assert "Sig3" in names
def process(ctx, instance, report, maxcount):
"""Process raw task data into reports."""
init_console_logging(level=ctx.parent.level)
if instance:
init_logfile("process-%s.json" % instance)
Database().connect()
# Load additional Signatures.
load_signatures()
# Initialize all modules & Yara rules.
init_modules()
init_yara(False)
try:
# Regenerate one or more reports.
if report:
process_task_range(report)
elif not instance:
print ctx.get_help(), "\n"
sys.exit("In automated mode an instance name is required!")
else:
log.info(
"Initialized instance=%s, ready to process some tasks",
instance
)
process_tasks(instance, maxcount)
except KeyboardInterrupt:
print(red("Aborting (re-)processing of your analyses.."))
def process(ctx, instance, report, maxcount):
"""Process raw task data into reports."""
init_console_logging(level=ctx.parent.level)
if instance:
init_logfile("process-%s.json" % instance)
Database().connect()
# Load additional Signatures.
load_signatures()
# Initialize all modules & Yara rules.
init_modules()
init_yara(False)
try:
# Regenerate one or more reports.
if report:
process_task_range(report)
elif not instance:
print ctx.get_help(), "\n"
sys.exit("In automated mode an instance name is required!")
else:
log.info(
"Initialized instance=%s, ready to process some tasks",
instance
)
process_tasks(instance, maxcount)
except KeyboardInterrupt:
print(red("Aborting (re-)processing of your analyses.."))
def test_load_signatures():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
shutil.rmtree(cwd("signatures"))
shutil.copytree("tests/files/enumplugins", cwd("signatures"))
sys.modules.pop("signatures", None)
load_signatures()
# Ensure that the Signatures are loaded in the global list.
names = []
for sig in cuckoo.signatures:
names.append(sig.__module__)
assert "signatures.sig1" in names
assert "signatures.sig2" in names
assert "signatures.sig3" in names
# Ensure that the Signatures are loaded in the RunSignatures object.
RunSignatures.init_once()
rs, names = RunSignatures({}), []
for sig in rs.signatures:
names.append(sig.__class__.__name__)
assert "Sig1" in names
assert "Sig2" in names
assert "Sig3" in names
def reload_signatures():
sys.modules.pop("signatures", None)
sys.modules.pop("signatures.android", None)
sys.modules.pop("signatures.cross", None)
sys.modules.pop("signatures.darwin", None)
sys.modules.pop("signatures.extractor", None)
sys.modules.pop("signatures.linux", None)
sys.modules.pop("signatures.network", None)
sys.modules.pop("signatures.windows", None)
load_signatures()
def reload_signatures():
sys.modules.pop("signatures", None)
sys.modules.pop("signatures.android", None)
sys.modules.pop("signatures.cross", None)
sys.modules.pop("signatures.darwin", None)
sys.modules.pop("signatures.extractor", None)
sys.modules.pop("signatures.linux", None)
sys.modules.pop("signatures.network", None)
sys.modules.pop("signatures.windows", None)
load_signatures()
def process(ctx, instance, report, maxcount):
"""Process raw task data into reports."""
init_console_logging(level=ctx.parent.level)
if instance:
pidfile = Pidfile(instance)
if pidfile.exists():
log.error(red(
"Cuckoo process instance '%s' already exists. PID: %s\n"
), instance, pidfile.pid)
sys.exit(1)
pidfile.create()
init_logfile("process-%s.json" % instance)
Database().connect()
# Load additional Signatures.
load_signatures()
try:
# Initialize all modules & Yara rules.
init_modules()
init_yara()
except CuckooCriticalError as e:
message = red("{0}: {1}".format(e.__class__.__name__, e))
if len(log.handlers):
log.critical(message)
else:
sys.stderr.write("{0}\n".format(message))
sys.exit(1)
try:
# Regenerate one or more reports.
if report:
process_task_range(report)
elif not instance:
print ctx.get_help(), "\n"
sys.exit("In automated mode an instance name is required!")
else:
log.info(
"Initialized instance=%s, ready to process some tasks",
instance
)
process_tasks(instance, maxcount)
except KeyboardInterrupt:
print(red("Aborting (re-)processing of your analyses.."))
if instance:
Pidfile(instance).remove()
def process(ctx, instance, report, maxcount):
"""Process raw task data into reports."""
init_console_logging(level=ctx.parent.level)
if instance:
pidfile = Pidfile(instance)
if pidfile.exists():
log.error(red(
"Cuckoo process instance '%s' already exists. PID: %s\n"
), instance, pidfile.pid)
sys.exit(1)
pidfile.create()
init_logfile("process-%s.json" % instance)
Database().connect()
# Load additional Signatures.
load_signatures()
try:
# Initialize all modules & Yara rules.
init_modules()
init_yara()
except CuckooCriticalError as e:
message = red("{0}: {1}".format(e.__class__.__name__, e))
if len(log.handlers):
log.critical(message)
else:
sys.stderr.write("{0}\n".format(message))
sys.exit(1)
try:
# Regenerate one or more reports.
if report:
process_task_range(report)
elif not instance:
print ctx.get_help(), "\n"
sys.exit("In automated mode an instance name is required!")
else:
log.info(
"Initialized instance=%s, ready to process some tasks",
instance
)
process_tasks(instance, maxcount)
except KeyboardInterrupt:
print(red("Aborting (re-)processing of your analyses.."))
if instance:
Pidfile(instance).remove()
def cuckoo_init(level, ctx, cfg=None):
"""Initialize Cuckoo configuration.
@param quiet: enable quiet mode.
"""
logo()
# It would appear this is the first time Cuckoo is being run (on this
# Cuckoo Working Directory anyway).
if not os.path.isdir(cwd()) or not os.listdir(cwd()):
cuckoo_create(ctx.user, cfg)
sys.exit(0)
# Determine if this is a proper CWD.
if not os.path.exists(cwd(".cwd")):
sys.exit(
"No proper Cuckoo Working Directory was identified, did you pass "
"along the correct directory?"
)
init_console_logging(level)
check_configs()
check_version()
ctx.log and init_logging(level)
# Determine if any CWD updates are required and if so, do them.
current = open(cwd(".cwd"), "rb").read().strip()
latest = open(cwd(".cwd", private=True), "rb").read().strip()
if current != latest:
migrate_cwd()
open(cwd(".cwd"), "wb").write(latest)
Database().connect()
# Load additional Signatures.
load_signatures()
init_modules()
init_tasks()
init_yara(True)
init_binaries()
init_rooter()
init_routing()
def cuckoo_init(level, ctx, cfg=None):
"""Initialize Cuckoo configuration.
@param quiet: enable quiet mode.
"""
logo()
# It would appear this is the first time Cuckoo is being run (on this
# Cuckoo Working Directory anyway).
if not os.path.isdir(cwd()) or not os.listdir(cwd()):
cuckoo_create(ctx.user, cfg)
sys.exit(0)
# Determine if this is a proper CWD.
if not os.path.exists(cwd(".cwd")):
sys.exit(
"No proper Cuckoo Working Directory was identified, did you pass "
"along the correct directory?"
)
# Determine if any CWD updates are required.
current = open(cwd(".cwd"), "rb").read()
latest = open(cwd(".cwd", private=True), "rb").read()
if current != latest:
pass
check_configs()
check_version()
if ctx.log:
init_logging(level)
else:
init_console_logging(level)
Database().connect()
# Load additional Signatures.
load_signatures()
init_modules()
init_tasks()
init_yara(True)
init_binaries()
init_rooter()
init_routing()
def test_init_modules(p, q, r):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
load_signatures()
logs = []
def log(fmt, *args):
logs.append(fmt % args if args else fmt)
p.debug.side_effect = log
r.index_time_pattern = "yearly"
init_modules()
logs = "\n".join(logs)
assert "KVM" in logs
assert "Xen" in logs
assert "CreatesExe" in logs
assert "SystemMetrics" in logs
def test_init_modules(p, q, r):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
load_signatures()
logs = []
def log(fmt, *args):
logs.append(fmt % args if args else fmt)
p.debug.side_effect = log
r.index_time_pattern = "yearly"
init_modules()
logs = "\n".join(logs)
assert "KVM" in logs
assert "Xen" in logs
assert "CreatesExe" in logs
assert "SystemMetrics" in logs
def cuckoo_init(level, ctx, cfg=None):
"""Initialize Cuckoo configuration.
@param quiet: enable quiet mode.
"""
logo()
# It would appear this is the first time Cuckoo is being run (on this
# Cuckoo Working Directory anyway).
if not os.path.isdir(cwd()) or not os.listdir(cwd()):
cuckoo_create(ctx.user, cfg)
sys.exit(0)
# Determine if this is a proper CWD.
if not os.path.exists(cwd(".cwd")):
sys.exit(
"No proper Cuckoo Working Directory was identified, did you pass "
"along the correct directory?"
)
init_console_logging(level)
check_configs()
check_version()
ctx.log and init_logging(level)
# Determine if any CWD updates are required and if so, do them.
current = open(cwd(".cwd"), "rb").read().strip()
latest = open(cwd(".cwd", private=True), "rb").read().strip()
if current != latest:
migrate_cwd()
open(cwd(".cwd"), "wb").write(latest)
Database().connect()
# Load additional Signatures.
load_signatures()
init_modules()
init_tasks()
init_yara()
init_binaries()
init_rooter()
init_routing()
signatures = 0
for sig in cuckoo.signatures:
if not sig.enabled:
continue
signatures += 1
if not signatures:
log.warning(
"It appears that you haven't loaded any Cuckoo Signatures. "
"Signatures are highly recommended and improve & enrich the "
"information extracted during an analysis. They also make up "
"for the analysis score that you see in the Web Interface - so, "
"pretty important!"
)
log.warning(
"You'll be able to fetch all the latest Cuckoo Signaturs, Yara "
"rules, and more goodies by running the following command:"
)
raw = cwd(raw=True)
if raw == "." or raw == "~/.cuckoo":
command = "cuckoo community"
elif " " in raw or "'" in raw:
command = 'cuckoo --cwd "%s" community' % raw
else:
command = "cuckoo --cwd %s community" % raw
log.info("$ %s", green(command))
# Copyright (C) 2018 Cuckoo Foundation.
# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
# See the file 'docs/LICENSE' for copying permission.
import os
import cuckoo
from cuckoo.misc import load_signatures, decide_cwd
def signature(name):
for signature in cuckoo.signatures:
if signature.name == name or signature.__class__.__name__ == name:
return signature
# For reasons.
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "tests.settings")
# Initialize a fake CWD and actually load all Cuckoo Signature, once.
# TODO Create a temporary CWD with a symbolic link to our $CWD/signatures/.
decide_cwd(os.path.join(os.path.dirname(__file__), "..", "modules"))
load_signatures()
def cuckoo_init(level, ctx, cfg=None):
"""Initialize Cuckoo configuration.
@param quiet: enable quiet mode.
"""
logo()
# It would appear this is the first time Cuckoo is being run (on this
# Cuckoo Working Directory anyway).
if not os.path.isdir(cwd()) or not os.listdir(cwd()):
cuckoo_create(ctx.user, cfg)
sys.exit(0)
# Determine if this is a proper CWD.
if not os.path.exists(cwd(".cwd")):
sys.exit(
"No proper Cuckoo Working Directory was identified, did you pass "
"along the correct directory? For new installations please use a "
"non-existant directory to build up the CWD! You can craft a CWD "
"manually, but keep in mind that the CWD layout may change along "
"with Cuckoo releases (and don't forget to fill out '$CWD/.cwd')!"
)
init_console_logging(level)
check_configs()
check_version()
ctx.log and init_logging(level)
# Determine if any CWD updates are required and if so, do them.
current = open(cwd(".cwd"), "rb").read().strip()
latest = open(cwd(".cwd", private=True), "rb").read().strip()
if current != latest:
migrate_cwd()
open(cwd(".cwd"), "wb").write(latest)
Database().connect()
# Load additional Signatures.
load_signatures()
init_modules()
init_tasks()
init_yara()
init_binaries()
init_rooter()
init_routing()
signatures = 0
for sig in cuckoo.signatures:
if not sig.enabled:
continue
signatures += 1
if not signatures:
log.warning(
"It appears that you haven't loaded any Cuckoo Signatures. "
"Signatures are highly recommended and improve & enrich the "
"information extracted during an analysis. They also make up "
"for the analysis score that you see in the Web Interface - so, "
"pretty important!"
)
log.warning(
"You'll be able to fetch all the latest Cuckoo Signaturs, Yara "
"rules, and more goodies by running the following command:"
)
raw = cwd(raw=True)
if raw == "." or raw == "~/.cuckoo":
command = "cuckoo community"
elif " " in raw or "'" in raw:
command = 'cuckoo --cwd "%s" community' % raw
else:
command = "cuckoo --cwd %s community" % raw
log.info("$ %s", green(command))
# Copyright (C) 2018 Cuckoo Foundation.
# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
# See the file 'docs/LICENSE' for copying permission.
import os
import cuckoo
from cuckoo.misc import load_signatures, decide_cwd
def signature(name):
for signature in cuckoo.signatures:
if signature.name == name or signature.__class__.__name__ == name:
return signature
# For reasons.
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "tests.settings")
# Initialize a fake CWD and actually load all Cuckoo Signature, once.
# TODO Create a temporary CWD with a symbolic link to our $CWD/signatures/.
decide_cwd(os.path.join(os.path.dirname(__file__), "..", "modules"))
load_signatures()
def cuckoo_init(level, ctx, cfg=None):
"""Initialize Cuckoo configuration.
@param quiet: enable quiet mode.
"""
logo()
# It would appear this is the first time Cuckoo is being run (on this
# Cuckoo Working Directory anyway).
if not os.path.isdir(cwd()) or not os.listdir(cwd()):
cuckoo_create(ctx.user, cfg)
sys.exit(0)
# Determine if this is a proper CWD.
if not os.path.exists(cwd(".cwd")):
sys.exit(
"No proper Cuckoo Working Directory was identified, did you pass "
"along the correct directory? For new installations please use a "
"non-existant directory to build up the CWD! You can craft a CWD "
"manually, but keep in mind that the CWD layout may change along "
"with Cuckoo releases (and don't forget to fill out '$CWD/.cwd')!")
init_console_logging(level)
# Only one Cuckoo process should exist per CWD. Run this check before any
# files are possibly modified. Note that we mkdir $CWD/pidfiles/ here as
# its CWD migration rules only kick in after the pidfile check.
mkdir(cwd("pidfiles"))
pidfile = Pidfile("cuckoo")
if pidfile.exists():
log.error(red("Cuckoo is already running. PID: %s"), pidfile.pid)
sys.exit(1)
pidfile.create()
check_configs()
check_version()
ctx.log and init_logging(level)
# Determine if any CWD updates are required and if so, do them.
current = open(cwd(".cwd"), "rb").read().strip()
latest = open(cwd(".cwd", private=True), "rb").read().strip()
if current != latest:
migrate_cwd()
open(cwd(".cwd"), "wb").write(latest)
# Ensure the user is able to create and read temporary files.
if not ensure_tmpdir():
sys.exit(1)
Database().connect()
# Load additional Signatures.
load_signatures()
init_modules()
init_tasks()
init_yara()
init_binaries()
init_rooter()
init_routing()
signatures = 0
for sig in cuckoo.signatures:
if not sig.enabled:
continue
signatures += 1
if not signatures:
log.warning(
"It appears that you haven't loaded any Cuckoo Signatures. "
"Signatures are highly recommended and improve & enrich the "
"information extracted during an analysis. They also make up "
"for the analysis score that you see in the Web Interface - so, "
"pretty important!")
log.warning(
"You'll be able to fetch all the latest Cuckoo Signaturs, Yara "
"rules, and more goodies by running the following command:")
log.info("$ %s", green(format_command("community")))
def cuckoo_init(level, ctx, cfg=None):
"""Initialize Cuckoo configuration.
@param quiet: enable quiet mode.
"""
logo()
# It would appear this is the first time Cuckoo is being run (on this
# Cuckoo Working Directory anyway).
if not os.path.isdir(cwd()) or not os.listdir(cwd()):
cuckoo_create(ctx.user, cfg)
sys.exit(0)
# Determine if this is a proper CWD.
if not os.path.exists(cwd(".cwd")):
sys.exit(
"No proper Cuckoo Working Directory was identified, did you pass "
"along the correct directory? For new installations please use a "
"non-existant directory to build up the CWD! You can craft a CWD "
"manually, but keep in mind that the CWD layout may change along "
"with Cuckoo releases (and don't forget to fill out '$CWD/.cwd')!"
)
init_console_logging(level)
# Only one Cuckoo process should exist per CWD. Run this check before any
# files are possibly modified. Note that we mkdir $CWD/pidfiles/ here as
# its CWD migration rules only kick in after the pidfile check.
mkdir(cwd("pidfiles"))
pidfile = Pidfile("cuckoo")
if pidfile.exists():
log.error(red("Cuckoo is already running. PID: %s"), pidfile.pid)
sys.exit(1)
pidfile.create()
check_configs()
check_version()
ctx.log and init_logging(level)
# Determine if any CWD updates are required and if so, do them.
current = open(cwd(".cwd"), "rb").read().strip()
latest = open(cwd(".cwd", private=True), "rb").read().strip()
if current != latest:
migrate_cwd()
open(cwd(".cwd"), "wb").write(latest)
Database().connect()
# Load additional Signatures.
load_signatures()
init_modules()
init_tasks()
init_yara()
init_binaries()
init_rooter()
init_routing()
signatures = 0
for sig in cuckoo.signatures:
if not sig.enabled:
continue
signatures += 1
if not signatures:
log.warning(
"It appears that you haven't loaded any Cuckoo Signatures. "
"Signatures are highly recommended and improve & enrich the "
"information extracted during an analysis. They also make up "
"for the analysis score that you see in the Web Interface - so, "
"pretty important!"
)
log.warning(
"You'll be able to fetch all the latest Cuckoo Signaturs, Yara "
"rules, and more goodies by running the following command:"
)
raw = cwd(raw=True)
if raw == "." or raw == "~/.cuckoo":
command = "cuckoo community"
elif " " in raw or "'" in raw:
command = 'cuckoo --cwd "%s" community' % raw
else:
command = "cuckoo --cwd %s community" % raw
log.info("$ %s", green(command))
