def test_clean_dropdb(p): set_cwd(tempfile.mkdtemp()) cuckoo_create() cuckoo_clean() p.return_value.connect.assert_called_once() p.return_value.drop.assert_called_once_with()
def test_rooter_client(p, q, r): set_cwd(tempfile.mkdtemp()) cuckoo_create() s = p.socket.return_value s.recv.return_value = json.dumps({ "exception": None, "output": "thisisoutput", }) assert rooter( "command", "arg1", "arg2", arg3="foo", arg4="bar" ) == "thisisoutput" s.bind.assert_called_once() s.connect.assert_called_once_with("/tmp/cuckoo-rooter") s.send.assert_called_once_with(json.dumps({ "command": "command", "args": ( "arg1", "arg2", ), "kwargs": { "arg3": "foo", "arg4": "bar", } })) q.acquire.assert_called_once() q.release.assert_called_once()
def test_machine_info_empty(self): set_cwd(tempfile.mkdtemp()) rp = RunProcessing({ "id": 1, }) rp.populate_machine_info() assert rp.machine == {}
def test_clean_keepdirs(p): set_cwd(tempfile.mkdtemp()) cuckoo_create() with open(cwd("log", "cuckoo.log"), "wb") as f: f.write("this is a log file") os.mkdir(cwd(analysis=1)) with open(cwd("analysis.log", analysis=1), "wb") as f: f.write("this is also a log file") with open(cwd("storage", "binaries", "a"*40), "wb") as f: f.write("this is a binary file") assert os.path.isdir(cwd("log")) assert os.path.exists(cwd("log", "cuckoo.log")) assert os.path.exists(cwd("storage", "analyses")) assert os.path.exists(cwd("storage", "analyses", "1")) assert os.path.exists(cwd("storage", "analyses", "1", "analysis.log")) assert os.path.exists(cwd("storage", "baseline")) assert os.path.exists(cwd("storage", "binaries")) assert os.path.exists(cwd("storage", "binaries", "a"*40)) cuckoo_clean() assert os.path.isdir(cwd("log")) assert not os.path.exists(cwd("log", "cuckoo.log")) assert os.path.exists(cwd("storage", "analyses")) assert not os.path.exists(cwd("storage", "analyses", "1")) assert not os.path.exists(cwd("storage", "analyses", "1", "analysis.log")) assert os.path.exists(cwd("storage", "baseline")) assert os.path.exists(cwd("storage", "binaries")) assert not os.path.exists(cwd("storage", "binaries", "a"*40))
def test_bson_limit(self): set_cwd(tempfile.mkdtemp()) cuckoo_create() ba = BehaviorAnalysis() ba.set_path(cwd(analysis=1)) ba.set_task({ "id": 1, }) mkdir(cwd(analysis=1)) mkdir(cwd("logs", analysis=1)) # 256mb should be fine, right? with open(cwd("logs", "1.txt", analysis=1), "wb") as f: f.write("A"*256*1024*1024) with open(cwd("logs", "2.txt", analysis=1), "wb") as f: f.write("A"*1024*1024) assert ba.run() == {} assert sorted(list(ba._enum_logs())) == [ cwd("logs", "2.txt", analysis=1), ]
def test_empty_mempath(self, p): set_cwd(tempfile.mkdtemp()) m = Memory() m.memory_path = Files.temp_put("") assert m.run() is None p.error.assert_called_once() assert "dump empty" in p.error.call_args_list[0][0][0]
def test_plugin_enabled(self, p): set_cwd(tempfile.mkdtemp()) cuckoo_create(cfg={ "memory": { "pslist": { "enabled": True, }, "psxview": { "enabled": False, }, }, }) p.return_value = 12345 m = VolatilityManager(None, "WinXPSP2x86") assert m.vol.addr_space == 12345 assert m.enabled("pslist", []) is True assert m.enabled("psxview", []) is False assert m.enabled("sockscan", ["winxp"]) is True assert m.enabled("netscan", ["vista", "win7"]) is False m = VolatilityManager(None, "Win7SP1x64") assert m.enabled("pslist", []) is True assert m.enabled("psxview", []) is False assert m.enabled("sockscan", ["winxp"]) is False assert m.enabled("netscan", ["vista", "win7"]) is True m = VolatilityManager(None, "Win10x64") assert m.enabled("pslist", []) is True assert m.enabled("psxview", []) is False assert m.enabled("sockscan", ["winxp"]) is False assert m.enabled("netscan", ["vista", "win7"]) is False
def test_pdf_metadata(self): set_cwd(tempfile.mkdtemp()) s = Static() s.set_task({ "category": "file", "package": "pdf", "target": "pdf-sample.pdf", }) s.set_options({ "pdf_timeout": 30, }) s.file_path = "tests/files/pdf-sample.pdf" obj = s.run()["pdf"] assert len(obj) == 2 assert obj[1] == { "author": "cdaily", "creation": "D:20000629102108+11'00'", "creator": "Microsoft Word 8.0", "javascript": [], "modification": "2013-10-28T15:24:13-04:00", "producer": "Acrobat Distiller 4.0 for Windows", "subject": "", "title": "This is a test PDF file", "urls": [], "version": 1, }
def test_invalid_mempath(self, p): set_cwd(tempfile.mkdtemp()) m = Memory() m.memory_path = "notafile" assert m.run() is None p.error.assert_called_once() assert "dump not found" in p.error.call_args_list[0][0][0]
def test_init_routing_vpns(p): set_cwd(tempfile.mkdtemp()) cuckoo_create(cfg={ "routing": { "vpn": { "enabled": True, "vpns": [ "1", "2", ], }, "1": { "name": "1", "interface": "tun1", "rt_table": "main", }, "2": { "name": "2", "interface": "tun2", "rt_table": "main", }, }, }) init_routing() assert p.call_count == 12 p.assert_any_call("nic_available", "tun1") p.assert_any_call("rt_available", "main") p.assert_any_call("nic_available", "tun2") p.assert_any_call("disable_nat", "tun1") p.assert_any_call("disable_nat", "tun2") p.assert_any_call("enable_nat", "tun1") p.assert_any_call("enable_nat", "tun2") p.assert_any_call("flush_rttable", "main") p.assert_any_call("init_rttable", "main", "tun1") p.assert_any_call("init_rttable", "main", "tun2")
def test_init_routing_internet_exc(p): set_cwd(tempfile.mkdtemp()) cuckoo_create(cfg={ "routing": { "routing": { "internet": "eth0", }, }, }) def nic_notavail(cmd, arg): return False def rt_notavail(cmd, arg): if cmd == "rt_available": return False return True p.side_effect = nic_notavail with pytest.raises(CuckooStartupError) as e: init_routing() p.assert_called_once() e.match("configured as dirty line is not") p.side_effect = rt_notavail with pytest.raises(CuckooStartupError) as e: init_routing() e.match("routing table that has been")
def test_api_fetch_once(self, p, client): set_cwd(tempfile.mkdtemp()) cuckoo_create() Database().connect() p.return_value = { "version": "2.0.5", "blogposts": [{ "title": "title", "important": False, "oneline": "this is oneliner", "url": "https://cuckoosandbox.org/blog/blogpost", "date": "today or tomorrow", }], } # Clear the 'updates' variable. from cuckoo.web.controllers.cuckoo.api import updates updates.clear() r = client.get("/cuckoo/api/status") assert r.status_code == 200 r = client.get("/cuckoo/api/status") assert r.status_code == 200 r = json.loads(r.content)["data"] assert r["latest_version"] == "2.0.5" assert r["blogposts"] == [mock.ANY] p.assert_called_once()
def test_init_rooter_exceptions(p): set_cwd(tempfile.mkdtemp()) cuckoo_create(cfg={ "routing": { "routing": { "internet": "eth0", }, }, }) p.error = Exception e = Exception() e.strerror = "No such file or directory" p.socket.return_value.connect.side_effect = e with pytest.raises(CuckooStartupError) as e: init_rooter() e.match("different Unix socket path") e = Exception() e.strerror = "Connection refused" p.socket.return_value.connect.side_effect = e with pytest.raises(CuckooStartupError) as e: init_rooter() e.match("rooter is not actually running") e = Exception() e.strerror = "Permission denied" p.socket.return_value.connect.side_effect = e with pytest.raises(CuckooStartupError) as e: init_rooter() e.match("due to incorrect permissions")
def setup(self): set_cwd(tempfile.mkdtemp()) self.path = tempfile.mkstemp()[1] open(self.path, "wb").write(CONF_EXAMPLE) self.c = Config(cfg=self.path)
def test_invalid_configuration(self): # Explicitly want a clean CWD here. set_cwd(tempfile.mkdtemp()) cuckoo_create() cf = CuckooFeedback() with pytest.raises(CuckooFeedbackError) as e: cf.send_feedback(CuckooFeedbackObject( name=None, email="*****@*****.**", company="foo" )) e.match("Could not validate") with pytest.raises(CuckooFeedbackError) as e: cf.send_feedback(CuckooFeedbackObject( name="foo", email=None, company="foo" )) e.match("Could not validate") with pytest.raises(CuckooFeedbackError) as e: cf.send_feedback(CuckooFeedbackObject( name="foo", email="a@b,com", company="foo" )) e.match("Could not validate") with pytest.raises(CuckooFeedbackError) as e: cf.send_feedback(CuckooFeedbackObject( name="foo", email="*****@*****.**", company=None )) e.match("Could not validate")
def test_migration_203_204(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "processing.conf", """ [dumptls] enabled = on """) Files.create(cwd("conf"), "qemu.conf", """ [qemu] machines = ubuntu32, ubuntu64 [ubuntu32] arch = x86 [ubuntu64] arch = x64 """) cfg = Config.from_confdir(cwd("conf"), loose=True) cfg = migrate(cfg, "2.0.3", "2.0.4") assert cfg["processing"]["extracted"]["enabled"] is True # Except for qemu. machineries = ( "avd", "esx", "kvm", "physical", "virtualbox", "vmware", "vsphere", "xenserver", ) for machinery in machineries: Files.create( cwd("conf"), "%s.conf" % machinery, "[%s]\nmachines =" % machinery ) assert cfg["qemu"]["ubuntu32"]["enable_kvm"] is False assert cfg["qemu"]["ubuntu32"]["snapshot"] is None
def test_no_superfluous_conf(p): """Tests that upon CWD creation no superfluous configuration values are writted out (which may happen after a configuration migration).""" set_cwd(tempfile.mkdtemp()) cuckoo_create() Config.from_confdir(cwd("conf")) p.error.assert_not_called()
def test_yara_no_description(): set_cwd(tempfile.mkdtemp()) cuckoo_create() open(cwd("yara", "binaries", "empty.yara"), "wb").write(""" rule EmptyRule { condition: 1 } rule DescrRule { meta: description = "this is description" condition: 1 } """) init_yara() a, b = File(Files.temp_put("hello")).get_yara() assert a["name"] == "EmptyRule" assert a["meta"] == { "description": "(no description)", } assert b["name"] == "DescrRule" assert b["meta"] == { "description": "this is description", }
def test_migration_201_202(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "virtualbox.conf", """ [virtualbox] machines = cuckoo1, cuckoo2 [cuckoo1] platform = windows [cuckoo2] platform = windows """) # Except for virtualbox. machineries = ( "avd", "esx", "kvm", "physical", "qemu", "vmware", "vsphere", "xenserver", ) for machinery in machineries: Files.create( cwd("conf"), "%s.conf" % machinery, "[%s]\nmachines =" % machinery ) cfg = Config.from_confdir(cwd("conf"), loose=True) cfg = migrate(cfg, "2.0.1", "2.0.2") assert cfg["virtualbox"]["cuckoo1"]["osprofile"] is None assert cfg["virtualbox"]["cuckoo2"]["osprofile"] is None
def test_cwd(): set_cwd("/tmp/foo") assert cwd() == "/tmp/foo" assert cwd("a") == os.path.join("/tmp/foo", "a") assert cwd("a", "b") == os.path.join("/tmp/foo", "a", "b") set_cwd("/home/user/.cuckoo", "~/.cuckoo") assert cwd(raw=True) == "~/.cuckoo" assert cwd(root=True) == "/home/user/.cuckoo" assert cwd("dump.pcap", analysis=1234) == os.path.join( "/home/user/.cuckoo", "storage", "analyses", "1234", "dump.pcap" ) assert os.path.exists(cwd("guids.txt", private=True)) with pytest.raises(RuntimeError): cwd("foo", private=False) with pytest.raises(RuntimeError): cwd("foo", raw=False) with pytest.raises(RuntimeError): cwd("foo", root=False) with pytest.raises(RuntimeError): cwd("foo", analysis=None)
def test_yara_offsets(): set_cwd(tempfile.mkdtemp()) cuckoo_create() init_yara() buf = ( # The SSEXY payload as per vmdetect.yar "66 0F 70 ?? ?? 66 0F DB ?? ?? ?? ?? " "?? 66 0F DB ?? ?? ?? ?? ?? 66 0F EF " # A VirtualBox MAC address. "30 38 2d 30 30 2d 32 37" ) filepath = Files.temp_put( "A"*64 + buf.replace("??", "00").replace(" ", "").decode("hex") ) assert File(filepath).get_yara() == [{ "meta": { "description": "Possibly employs anti-virtualization techniques", "author": "nex" }, "name": "vmdetect", "offsets": { "ssexy": [ (64, 1), ], "virtualbox_mac_1a": [ (88, 0), ], }, "strings": [ "MDgtMDAtMjc=", "Zg9wAABmD9sAAAAAAGYP2wAAAAAAZg/v", ], }]
def test_do_not_get_exception(self): set_cwd(tempfile.mkdtemp()) cuckoo_create() responses.add(responses.GET, "http://1.2.3.4:8000/", status=501) gm = GuestManager("cuckoo1", "1.2.3.4", "windows", 1, None) assert gm.get("/", do_raise=False).status_code == 501
def test_log_error_action(): set_cwd(tempfile.mkdtemp()) cuckoo_create() db.connect() reset_logging() init_console_logging(logging.DEBUG) task_id = db.add_path(__file__) assert db.view_errors(task_id) == [] logging.getLogger(__name__).error("message1", extra={ "error_action": "erroraction", "task_id": task_id, }) logging.getLogger(__name__).error("message2", extra={ "task_id": task_id, }) errors = db.view_errors(task_id) assert len(errors) == 2 assert errors[0].message == "message1" assert errors[0].action == "erroraction" assert errors[1].message == "message2" assert errors[1].action is None
def test_import_confirm(self, p): set_cwd(tempfile.mkdtemp()) p.return_value = True dirpath = init_legacy_analyses() os.makedirs(os.path.join(dirpath, "lib", "cuckoo", "common")) open(os.path.join( dirpath, "lib", "cuckoo", "common", "constants.py" ), "wb").write(constants_11_py) shutil.copytree( "tests/files/conf/110_plain", os.path.join(dirpath, "conf") ) filepath = os.path.join(dirpath, "conf", "cuckoo.conf") buf = open(filepath, "rb").read() open(filepath, "wb").write(buf.replace( "connection =", "connection = %s" % self.URI )) try: main.main( ("--cwd", cwd(), "import", dirpath), standalone_mode=False ) except CuckooOperationalError as e: assert "SQL database dump as the command" in e.message assert not is_linux() return db = Database() db.connect() assert db.engine.name == self.ENGINE assert open(cwd("logs", "a.txt", analysis=1), "rb").read() == "a" assert config("cuckoo:database:connection") == self.URI assert db.count_tasks() == 2
def test_import_noconfirm(self, p): set_cwd(tempfile.mkdtemp()) p.side_effect = True, False dirpath = init_legacy_analyses() os.makedirs(os.path.join(dirpath, "lib", "cuckoo", "common")) open(os.path.join( dirpath, "lib", "cuckoo", "common", "constants.py" ), "wb").write(constants_11_py) shutil.copytree( "tests/files/conf/110_plain", os.path.join(dirpath, "conf") ) filepath = os.path.join(dirpath, "conf", "cuckoo.conf") buf = open(filepath, "rb").read() open(filepath, "wb").write(buf.replace( "connection =", "connection = %s" % self.URI )) main.main( ("--cwd", cwd(), "import", dirpath), standalone_mode=False ) db = Database() db.connect() assert db.engine.name == self.ENGINE assert open(cwd("logs", "a.txt", analysis=1), "rb").read() == "a" assert config("cuckoo:database:connection") == self.URI assert db.count_tasks() == 2
def test_copy_folder(self): """Tests recursive folder copy""" dirpath = tempfile.mkdtemp() set_cwd(dirpath) Folders.copy("tests/files/sample_analysis_storage", dirpath) assert os.path.isfile("%s/reports/report.json" % dirpath)
def am_init(options={}, cfg={}): set_cwd(tempfile.mkdtemp()) cuckoo_create(cfg=cfg) class task(object): def __init__(self): self.id = 1234 self.category = "file" self.target = __file__ self.options = options def to_dict(self): return Dictionary(self.__dict__) def to_json(self): return json.dumps(self.to_dict()) class sample(object): sha256 = sha256_ class machine(object): ip = "1.2.3.4" interface = "vboxnet0" with mock.patch("cuckoo.core.scheduler.Database") as p: p.return_value.view_task.return_value = task() am = AnalysisManager(1234, None) am.machine = machine p.return_value.view_sample.return_value = sample() return am
def test_process_json_logging(): set_cwd(tempfile.mkdtemp()) cuckoo_create() init_yara() init_logfile("process-p0.json") def process_tasks(instance, maxcount): logger("foo bar", action="hello.world", status="success") with mock.patch("cuckoo.main.Database"): with mock.patch("cuckoo.main.process_tasks") as p1: with mock.patch("time.time") as p2: p1.side_effect = process_tasks p2.return_value = 1484232003 main.main( ("--cwd", cwd(), "process", "p0"), standalone_mode=False ) assert json.load(open(cwd("log", "process-p0.json"), "rb")) == { "asctime": mock.ANY, "action": "hello.world", "level": "info", "message": "foo bar", "status": "success", "task_id": None, "time": 1484232003, }
def test_default_cwd(self, p): set_cwd(tempfile.mkdtemp()) cuckoo_create() with chdir(cwd()): decide_cwd(".") cuckoo_init(logging.INFO, self.ctx) p.assert_called_once_with("cuckoo community")
def test_pidfile_exists_true(): set_cwd(tempfile.mkdtemp()) cuckoo_create() p = Pidfile("test4") p.create() assert p.exists() and p.pid == os.getpid()
def test_up_to_date(self, p): set_cwd(tempfile.mkdtemp()) cuckoo_create() migrate_cwd() p.assert_not_called()
def test_api_status200(self, client): set_cwd(tempfile.mkdtemp()) cuckoo_create() Database().connect() r = client.get("/cuckoo/api/status") assert r.status_code == 200
def setup(self): set_cwd(tempfile.mkdtemp()) cuckoo_create() init_yara()
def setup_class(self): set_cwd(tempfile.mkdtemp()) self.d = Database() self.d.connect(dsn=self.URI)
def test_hardcoded_cwd_with_quote(self, p): set_cwd(tempfile.mkdtemp("foo ' bar")) cuckoo_create() decide_cwd(cwd()) cuckoo_init(logging.INFO, self.ctx) p.assert_called_once_with('cuckoo --cwd "%s" community' % cwd())
def test_hardcoded_cwd(self, p): set_cwd(tempfile.mkdtemp()) cuckoo_create() decide_cwd(cwd()) cuckoo_init(logging.INFO, self.ctx) p.assert_called_once_with("cuckoo --cwd %s community" % cwd())
def test_current_community(self): set_cwd(tempfile.mktemp()) shutil.copytree(os.path.expanduser("~/.cuckoo"), cwd()) open(cwd(".cwd"), "wb").write("somethingelse") migrate_cwd()
def test_sniffer(): set_cwd(tempfile.mkdtemp()) s = Sniffer() s.set_task(task) s.set_machine(machine) s.set_options({ "tcpdump": __file__, "bpf": None, }) with mock.patch("subprocess.Popen") as p: p.return_value = BasePopen() assert s.start() is True user = getuser() if user: user = "******" % user # Test regular setup. command = ( "%s -U -q -s 0 -n -i interface %s-w %s " "host 1.2.3.4 and " "not ( dst host 1.2.3.4 and dst port 8000 ) and " "not ( src host 1.2.3.4 and src port 8000 ) and " "not ( dst host 1.1.1.1 and dst port 1234 ) and " "not ( src host 1.1.1.1 and src port 1234 )" % (__file__, user or "", cwd("storage", "analyses", "42", "dump.pcap"))) if is_windows(): p.assert_called_once_with(command.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE) else: p.assert_called_once_with(command.split(), stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True) assert s.stop() is None # Test a bpf rule. s.options["bpf"] = "not arp" with mock.patch("subprocess.Popen") as p: p.return_value = BasePopen() assert s.start() is True if is_windows(): p.assert_called_once_with(command.split() + ["and", "(", "not arp", ")"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) else: p.assert_called_once_with(command.split() + ["and", "(", "not arp", ")"], close_fds=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) assert s.stop() is None # Test an invalid executable path. with mock.patch("os.path.exists") as p: p.return_value = False assert s.start() is False # Test permission denied on tcpdump. with mock.patch("subprocess.Popen") as p: p.return_value = PopenPermissionDenied() assert s.start() is True with pytest.raises(CuckooOperationalError) as e: assert s.stop() e.match("the network traffic during the") e.match("denied-for-tcpdump") # Test stdout output from tcpdump. with mock.patch("subprocess.Popen") as p: p.return_value = PopenStdout() assert s.start() is True with pytest.raises(CuckooOperationalError) as e: assert s.stop() e.match("did not expect standard output") # Test unknown stderr output from tcpdump. with mock.patch("subprocess.Popen") as p: p.return_value = PopenStderr() assert s.start() is True with pytest.raises(CuckooOperationalError) as e: assert s.stop() e.match("following standard error output") # Test OSError and/or ValueError exceptions. with mock.patch("subprocess.Popen") as p: p.side_effect = OSError("this is awkward") assert s.start() is False with mock.patch("subprocess.Popen") as p: p.side_effect = ValueError("this is awkward") assert s.start() is False
def test_migration_20c1_20c2(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "auxiliary.conf", """ [sniffer] interface = foobar """) Files.create(cwd("conf"), "cuckoo.conf", """ [routing] internet = none [resultserver] port = 2042 [timeouts] critical = 600 """) Files.create(cwd("conf"), "processing.conf", """ [network] enabled = yes [procmemory] idapro = no [static] enabled = yes """) Files.create(cwd("conf"), "reporting.conf", """ [jsondump] enabled = yes """) Files.create(cwd("conf"), "vpn.conf", """ [vpn] enabled = yes vpns = vpn0 [vpn0] interface = hehe """) cfg = Config.from_confdir(cwd("conf"), loose=True) cfg = migrate(cfg, "2.0-rc1", "2.0-rc2") assert cfg["auxiliary"]["reboot"]["enabled"] is True assert cfg["cuckoo"]["routing"]["rt_table"] == "main" assert cfg["cuckoo"]["routing"]["auto_rt"] is True assert cfg["cuckoo"]["resultserver"]["force_port"] is False assert cfg["cuckoo"]["timeouts"]["critical"] == 60 assert cfg["processing"]["misp"]["enabled"] is False assert cfg["processing"]["misp"]["url"] is None assert cfg["processing"]["misp"]["apikey"] is None assert cfg["processing"]["misp"]["maxioc"] == 100 assert cfg["processing"]["network"]["whitelist-dns"] is False assert cfg["processing"]["network"]["allowed-dns"] is None assert cfg["processing"]["procmemory"]["extract_img"] is True assert cfg["processing"]["procmemory"]["dump_delete"] is False assert cfg["processing"]["static"]["pdf_timeout"] == 60 assert cfg["processing"]["irma"]["enabled"] is False assert cfg["processing"]["irma"]["timeout"] == 60 assert cfg["processing"]["irma"]["scan"] is False assert cfg["processing"]["irma"]["force"] is False assert cfg["reporting"]["elasticsearch"]["enabled"] is False assert cfg["reporting"]["elasticsearch"]["hosts"] == "127.0.0.1" assert cfg["reporting"]["elasticsearch"]["calls"] is False assert cfg["reporting"]["notification"]["enabled"] is False assert cfg["reporting"]["notification"]["url"] is None assert cfg["reporting"]["notification"]["identifier"] is None assert cfg["reporting"]["mattermost"]["enabled"] is False assert cfg["reporting"]["mattermost"]["username"] == "cuckoo" assert cfg["vpn"]["vpn"]["enabled"] == "yes" assert cfg["vpn"]["vpn0"]["rt_table"] == "hehe"
def setup(self): # File() will invoke cwd(), so any CWD is required. set_cwd(tempfile.mkdtemp()) self.path = tempfile.mkstemp()[1] self.file = File(self.path)
def test_migration_110_120(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "cuckoo.conf", """ [cuckoo] delete_original = on memory_dump = off [processing] analysis_size_limit = 1234 """) Files.create(cwd("conf"), "memory.conf", """ [malfind] enabled = yes filter = on """) Files.create(cwd("conf"), "processing.conf", """ [network] enabled = yes [virustotal] enabled = yes """) Files.create(cwd("conf"), "reporting.conf", """ [jsondump] enabled = yes [mongodb] enabled = yes host = localhost port = 27017 [hpfclient] enabled = yes foo = bar """) Files.create(cwd("conf"), "vmware.conf", """ [vmware] machines = hello [hello] label = label snapshot = snapshot """) cfg = Config.from_confdir(cwd("conf"), loose=True) assert "hpfclient" in cfg["reporting"] cfg = migrate(cfg, "1.1.0", "1.2.0") assert cfg["cuckoo"]["cuckoo"]["terminate_processes"] is False assert cfg["cuckoo"]["cuckoo"]["max_machines_count"] == 0 assert cfg["cuckoo"]["processing"]["sort_pcap"] is True assert cfg["memory"]["yarascan"]["enabled"] is True assert cfg["memory"]["yarascan"]["filter"] is True assert cfg["memory"]["ssdt"]["enabled"] is True assert cfg["memory"]["ssdt"]["filter"] is True assert cfg["memory"]["gdt"]["enabled"] is True assert cfg["memory"]["gdt"]["filter"] is True assert cfg["physical"]["physical"]["machines"] == ["physical1"] assert cfg["physical"]["physical"]["user"] == "username" assert cfg["physical"]["physical"]["password"] == "password" assert cfg["physical"]["physical1"]["label"] == "physical1" assert cfg["physical"]["physical1"]["platform"] == "windows" assert cfg["physical"]["physical1"]["ip"] == "192.168.56.101" assert cfg["processing"]["procmemory"]["enabled"] is True assert cfg["processing"]["virustotal"]["timeout"] == 60 assert cfg["reporting"]["jsondump"]["indent"] == 4 assert cfg["reporting"]["jsondump"]["encoding"] == "latin-1" assert cfg["reporting"]["mongodb"]["db"] == "cuckoo" assert cfg["reporting"]["mongodb"]["store_memdump"] is True assert "hpfclient" not in cfg["reporting"] assert cfg["vmware"]["hello"]["vmx_path"] == "label" assert cfg["xenserver"]["xenserver"]["user"] == "root" assert cfg["xenserver"]["xenserver"]["password"] == "changeme" assert cfg["xenserver"]["xenserver"]["url"] == "https://xenserver" assert cfg["xenserver"]["xenserver"]["machines"] == ["cuckoo1"] assert cfg["xenserver"]["cuckoo1"]["uuid"] == "00000000-0000-0000-0000-000000000000" assert cfg["xenserver"]["cuckoo1"]["platform"] == "windows" assert cfg["xenserver"]["cuckoo1"]["ip"] == "192.168.54.111" assert cfg["xenserver"]["xenserver"]["user"] == "root"
def test_migration_20c2_200(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "auxiliary.conf", """ [mitm] script = data/mitm.py [sniffer] tcpdump = foobar """) Files.create(cwd("conf"), "cuckoo.conf", """ [cuckoo] tmppath = /tmp freespace = 64 [routing] route = foo internet = bar rt_table = main auto_rt = no [resultserver] upload_max_size = 10485760 [processing] analysis_size_limit = 104857600 """) Files.create(cwd("conf"), "processing.conf", """ [network] whitelist-dns = yes allowed-dns = 8.8.8.8 [procmemory] enabled = yes extract_img = yes [virustotal] enabled = yes key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088 """) Files.create(cwd("conf"), "qemu.conf", """ [qemu] machines = vm1, vm2 [vm1] label = vm1 kernel_path = kernelpath [vm2] label = vm2 kernel_path = anotherpath """) Files.create(cwd("conf"), "reporting.conf", """ [elasticsearch] enabled = no hosts = 127.0.0.1, 127.0.0.2 [mattermost] show-virustotal = no show-signatures = yes show-urls = no hash-filename = yes [moloch] enabled = no [mongodb] enables = yes [notification] enabled = no [jsondump] indent = 8 encoding = utf8 [reporthtml] enabled = yes """) Files.create(cwd("conf"), "vpn.conf", """ [vpn] enabled = yes vpns = vpn0,vpn1 [vpn0] name = vpn0 description = foobar interface = tun42 rt_table = tun42 [vpn1] name = vpn1 description = internet interface = wow rt_table = internet """) Files.create(cwd("conf"), "vsphere.conf", """ [vsphere] interface = eth0 """) cfg = Config.from_confdir(cwd("conf"), loose=True) assert "vpn" in cfg assert "whitelist-dns" in cfg["processing"]["network"] assert "allowed-dns" in cfg["processing"]["network"] cfg = migrate(cfg, "2.0-rc2", "2.0.0") assert cfg["auxiliary"]["mitm"]["script"] == "mitm.py" assert cfg["cuckoo"]["cuckoo"]["freespace"] == 1024 assert cfg["cuckoo"]["cuckoo"]["tmppath"] is None assert cfg["cuckoo"]["feedback"]["enabled"] is False assert cfg["cuckoo"]["feedback"]["name"] is None assert cfg["cuckoo"]["feedback"]["company"] is None assert cfg["cuckoo"]["feedback"]["email"] is None assert cfg["cuckoo"]["processing"]["analysis_size_limit"] == 128*1024*1024 assert cfg["cuckoo"]["resultserver"]["upload_max_size"] == 128*1024*1024 assert "whitelist-dns" not in cfg["processing"]["network"] assert "allowed-dns" not in cfg["processing"]["network"] assert cfg["processing"]["network"]["whitelist_dns"] is True assert cfg["processing"]["procmemory"]["extract_dll"] is False assert cfg["processing"]["network"]["allowed_dns"] == "8.8.8.8" assert cfg["processing"]["virustotal"]["enabled"] is False assert cfg["reporting"]["elasticsearch"]["hosts"] == [ "127.0.0.1", "127.0.0.2" ] assert cfg["qemu"]["vm1"]["kernel"] == "kernelpath" assert cfg["qemu"]["vm2"]["kernel"] == "anotherpath" assert cfg["reporting"]["jsondump"]["indent"] == 8 assert "encoding" not in cfg["reporting"]["jsondump"] assert cfg["reporting"]["notification"]["url"] is None assert cfg["reporting"]["mattermost"]["show_virustotal"] is False assert cfg["reporting"]["mattermost"]["show_signatures"] is True assert cfg["reporting"]["mattermost"]["show_urls"] is False assert cfg["reporting"]["mattermost"]["hash_filename"] is True assert cfg["reporting"]["mattermost"]["hash_url"] is False assert cfg["reporting"]["moloch"]["insecure"] is False assert cfg["reporting"]["mongodb"]["username"] is None assert cfg["reporting"]["mongodb"]["password"] is None assert cfg["reporting"]["singlefile"]["enabled"] is True assert cfg["reporting"]["singlefile"]["html"] is True assert cfg["reporting"]["singlefile"]["pdf"] is False assert "reporthtml" not in cfg["reporting"] assert cfg["routing"]["routing"]["route"] == "foo" assert cfg["routing"]["routing"]["internet"] == "bar" assert cfg["routing"]["routing"]["rt_table"] == "main" assert cfg["routing"]["routing"]["auto_rt"] is False assert cfg["routing"]["routing"]["drop"] is False assert cfg["routing"]["inetsim"]["enabled"] is False assert cfg["routing"]["inetsim"]["server"] == "192.168.56.1" assert cfg["routing"]["tor"]["enabled"] is False assert cfg["routing"]["tor"]["dnsport"] == 5353 assert cfg["routing"]["tor"]["proxyport"] == 9040 assert cfg["routing"]["vpn"]["enabled"] is True assert cfg["routing"]["vpn"]["vpns"] == ["vpn0", "vpn1"] assert cfg["routing"]["vpn0"]["name"] == "vpn0" assert cfg["routing"]["vpn0"]["description"] == "foobar" assert cfg["routing"]["vpn0"]["interface"] == "tun42" assert cfg["routing"]["vpn0"]["rt_table"] == "tun42" assert cfg["routing"]["vpn1"]["name"] == "vpn1" assert cfg["routing"]["vpn1"]["description"] == "internet" assert cfg["routing"]["vpn1"]["interface"] == "wow" assert cfg["routing"]["vpn1"]["rt_table"] == "internet" assert cfg["vsphere"]["vsphere"]["unverified_ssl"] is False assert "vpn" not in cfg
def test_config2_liststar(): set_cwd(tempfile.mkdtemp()) cuckoo_create() assert config2("qemu", "vm1").interface == "qemubr"
def test_migration_120_20c1(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "auxiliary.conf", """ [sniffer] interface = foobar """) Files.create(cwd("conf"), "cuckoo.conf", """ [cuckoo] delete_original = on memory_dump = off [processing] analysis_size_limit = 1234 [resultserver] store_csvs = yes [timeouts] vm_state = 300 """) Files.create(cwd("conf"), "esx.conf", """ [esx] machines = analysis1 """) Files.create(cwd("conf"), "kvm.conf", """ [kvm] machines = analysis1 """) Files.create(cwd("conf"), "memory.conf", """ [malfind] enabled = yes filter = on """) Files.create(cwd("conf"), "physical.conf", """ [physical] user = username """) Files.create(cwd("conf"), "processing.conf", """ [network] enabled = yes [virustotal] enabled = yes [procmemory] enabled = no """) Files.create(cwd("conf"), "reporting.conf", """ [reporthtml] enabled = yes [mmdef] enabled = no [maec41] enabled = no [mongodb] enabled = no host = 127.0.0.1 port = 27017 db = cuckoo store_memdump = no [jsondump] enabled = yes """) Files.create(cwd("conf"), "virtualbox.conf", """ [virtualbox] mode = gui """) Files.create(cwd("conf"), "vmware.conf", """ [vmware] machines = hello [hello] label = label snapshot = snapshot """) Files.create(cwd("conf"), "xenserver.conf", """ [xenserver] machines = cuckoo1 """) cfg = Config.from_confdir(cwd("conf"), loose=True) assert "store_csvs" in cfg["cuckoo"]["resultserver"] assert "mmdef" in cfg["reporting"] assert "maec41" in cfg["reporting"] cfg = migrate(cfg, "1.2.0", "2.0-rc1") assert "interface" not in cfg["auxiliary"]["sniffer"] assert cfg["auxiliary"]["mitm"]["enabled"] is False assert cfg["auxiliary"]["mitm"]["mitmdump"] == "/usr/local/bin/mitmdump" assert cfg["auxiliary"]["mitm"]["port_base"] == 50000 assert cfg["auxiliary"]["mitm"]["script"] == "data/mitm.py" assert cfg["auxiliary"]["mitm"]["certificate"] == "bin/cert.p12" assert cfg["auxiliary"]["services"]["enabled"] is False assert cfg["auxiliary"]["services"]["services"] == "honeyd" assert cfg["auxiliary"]["services"]["timeout"] == 0 assert cfg["avd"]["avd"]["mode"] == "headless" assert cfg["avd"]["avd"]["emulator_path"] == "/home/cuckoo/android-sdk-linux/tools/emulator" assert cfg["avd"]["avd"]["adb_path"] == "/home/cuckoo/android-sdk-linux/platform-tools/adb" assert cfg["avd"]["avd"]["avd_path"] == "/home/cuckoo/.android/avd" assert cfg["avd"]["avd"]["reference_machine"] == "cuckoo-bird" assert cfg["avd"]["avd"]["machines"] == ["cuckoo1"] assert cfg["avd"]["cuckoo1"]["label"] == "cuckoo1" assert cfg["avd"]["cuckoo1"]["platform"] == "android" assert cfg["avd"]["cuckoo1"]["ip"] == "127.0.0.1" assert cfg["avd"]["cuckoo1"]["emulator_port"] == 5554 assert cfg["avd"]["cuckoo1"]["resultserver_ip"] == "10.0.2.2" assert cfg["avd"]["cuckoo1"]["resultserver_port"] == 2042 assert cfg["cuckoo"]["cuckoo"]["max_vmstartup_count"] == 10 assert cfg["cuckoo"]["cuckoo"]["rooter"] == "/tmp/cuckoo-rooter" assert cfg["cuckoo"]["routing"]["route"] == "none" assert cfg["cuckoo"]["routing"]["internet"] == "none" assert "store_csvs" not in cfg["cuckoo"]["resultserver"] assert cfg["cuckoo"]["timeouts"]["vm_state"] == 60 assert cfg["esx"]["esx"]["interface"] == "eth0" assert cfg["kvm"]["kvm"]["interface"] == "virbr0" assert cfg["memory"]["sockscan"]["enabled"] is True assert cfg["memory"]["sockscan"]["filter"] is False assert cfg["memory"]["netscan"]["enabled"] is True assert cfg["memory"]["netscan"]["filter"] is False assert cfg["physical"]["physical"]["interface"] == "eth0" assert cfg["physical"]["fog"]["hostname"] == "none" assert cfg["physical"]["fog"]["username"] == "fog" assert cfg["physical"]["fog"]["password"] == "password" assert cfg["processing"]["apkinfo"]["enabled"] is False assert cfg["processing"]["apkinfo"]["decompilation_threshold"] == 5000000 assert cfg["processing"]["baseline"]["enabled"] is False assert cfg["processing"]["buffer"]["enabled"] is True assert cfg["processing"]["droidmon"]["enabled"] is False assert cfg["processing"]["dumptls"]["enabled"] is True assert cfg["processing"]["googleplay"]["enabled"] is False assert cfg["processing"]["googleplay"]["android_id"] is None assert cfg["processing"]["googleplay"]["google_login"] is None assert cfg["processing"]["googleplay"]["google_password"] is None assert cfg["processing"]["procmemory"]["idapro"] is False assert cfg["processing"]["screenshots"]["enabled"] is False assert cfg["processing"]["screenshots"]["tesseract"] == "/usr/bin/tesseract" assert cfg["processing"]["snort"]["enabled"] is False assert cfg["processing"]["snort"]["snort"] == "/usr/local/bin/snort" assert cfg["processing"]["snort"]["conf"] == "/etc/snort/snort.conf" assert cfg["processing"]["suricata"]["enabled"] is False assert cfg["processing"]["suricata"]["suricata"] == "/usr/bin/suricata" assert cfg["processing"]["suricata"]["conf"] == "/etc/suricata/suricata.yaml" assert cfg["processing"]["suricata"]["eve_log"] == "eve.json" assert cfg["processing"]["suricata"]["files_log"] == "files-json.log" assert cfg["processing"]["suricata"]["files_dir"] == "files" assert cfg["processing"]["suricata"]["socket"] is None assert cfg["processing"]["virustotal"]["scan"] is False assert cfg["qemu"]["qemu"]["path"] == "/usr/bin/qemu-system-x86_64" assert cfg["qemu"]["qemu"]["machines"] == ["vm1", "vm2"] assert cfg["qemu"]["qemu"]["interface"] == "qemubr" assert cfg["qemu"]["vm1"]["label"] == "vm1" assert cfg["qemu"]["vm1"]["image"] == "/home/rep/vms/qvm_wheezy64_1.qcow2" assert cfg["qemu"]["vm1"]["platform"] == "linux" assert cfg["qemu"]["vm1"]["ip"] == "192.168.55.2" assert cfg["qemu"]["vm1"]["interface"] == "qemubr" assert cfg["qemu"]["vm1"]["resultserver_ip"] == "192.168.55.1" assert cfg["qemu"]["vm1"]["tags"] == "debian_wheezy,64_bit" assert cfg["qemu"]["vm2"]["label"] == "vm2" assert cfg["qemu"]["vm2"]["image"] == "/home/rep/vms/qvm_wheezy64_1.qcow2" assert cfg["qemu"]["vm2"]["arch"] == "mipsel" assert cfg["qemu"]["vm2"]["kernel_path"] == "{imagepath}/vmlinux-3.16.0-4-4kc-malta-mipsel" assert cfg["qemu"]["vm2"]["platform"] == "linux" assert cfg["qemu"]["vm2"]["ip"] == "192.168.55.3" assert cfg["qemu"]["vm2"]["interface"] == "qemubr" assert cfg["qemu"]["vm2"]["tags"] == "debian_wheezy,mipsel" assert "mmdef" not in cfg["reporting"] assert "maec41" not in cfg["reporting"] assert cfg["reporting"]["reporthtml"]["enabled"] is False assert cfg["reporting"]["mongodb"]["store_memdump"] is False assert cfg["reporting"]["mongodb"]["paginate"] == 100 assert cfg["reporting"]["moloch"]["enabled"] is False assert cfg["virtualbox"]["virtualbox"]["mode"] == "headless" assert cfg["virtualbox"]["virtualbox"]["interface"] == "foobar" assert cfg["virtualbox"]["honeyd"]["label"] == "honeyd" assert cfg["virtualbox"]["honeyd"]["platform"] == "linux" assert cfg["virtualbox"]["honeyd"]["ip"] == "192.168.56.102" assert cfg["virtualbox"]["honeyd"]["tags"] == "service, honeyd" assert cfg["virtualbox"]["honeyd"]["options"] == "nictrace noagent" assert cfg["vmware"]["vmware"]["interface"] == "virbr0" assert cfg["vpn"]["vpn"]["enabled"] is False assert cfg["vpn"]["vpn"]["vpns"] == "vpn0" assert cfg["vpn"]["vpn0"]["name"] == "vpn0" assert cfg["vpn"]["vpn0"]["description"] == "Spain, Europe" assert cfg["vpn"]["vpn0"]["interface"] == "tun0" assert cfg["vsphere"]["vsphere"]["host"] == "10.0.0.1" assert cfg["vsphere"]["vsphere"]["port"] == 443 assert cfg["vsphere"]["vsphere"]["user"] == "username_goes_here" assert cfg["vsphere"]["vsphere"]["pwd"] == "password_goes_here" assert cfg["vsphere"]["vsphere"]["interface"] == "eth0" assert cfg["vsphere"]["analysis1"]["label"] == "cuckoo1" assert cfg["vsphere"]["analysis1"]["platform"] == "windows" assert cfg["vsphere"]["analysis1"]["snapshot"] == "cuckoo_ready_running" assert cfg["vsphere"]["analysis1"]["ip"] == "192.168.1.1" assert cfg["xenserver"]["xenserver"]["interface"] == "virbr0"
def test_venv_new_unicode(self): set_cwd(tempfile.mkdtemp(u"a\u202eb")) write_supervisor_conf(None)
def test_migration_060_100(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "cuckoo.conf", """ [cuckoo] delete_original = on machine_manager = hello [sniffer] enabled = no tcpdump = /wow/path interface = vboxnet0 [graylog] enabled = no host = localhost port = 12201 level = info """) Files.create(cwd("conf"), "processing.conf", """ [dropped] enabled = yes """) Files.create(cwd("conf"), "reporting.conf", """ [pickled] enabled = off [metadata] enabled = off [maec11] enabled = off [mongodb] enabled = on """) Files.create(cwd("conf"), "vmware.conf", """ [vmware] machines = hello [hello] label = label,snapshot """) cfg = Config.from_confdir(cwd("conf"), loose=True) assert "machine_manager" in cfg["cuckoo"]["cuckoo"] assert "sniffer" in cfg["cuckoo"] assert "graylog" in cfg["cuckoo"] assert "pickled" in cfg["reporting"] assert "metadata" in cfg["reporting"] assert "maec11" in cfg["reporting"] cfg = migrate(cfg, "0.6.0", "1.0.0") assert cfg["auxiliary"]["sniffer"]["enabled"] is False assert cfg["auxiliary"]["sniffer"]["tcpdump"] == "/wow/path" assert cfg["auxiliary"]["sniffer"]["interface"] == "vboxnet0" assert cfg["cuckoo"]["cuckoo"]["delete_bin_copy"] is False assert "machine_manager" not in cfg["cuckoo"]["cuckoo"] assert cfg["cuckoo"]["cuckoo"]["machinery"] == "hello" assert cfg["cuckoo"]["cuckoo"]["reschedule"] is False assert cfg["cuckoo"]["cuckoo"]["process_results"] is True assert cfg["cuckoo"]["cuckoo"]["max_analysis_count"] == 0 assert cfg["cuckoo"]["cuckoo"]["freespace"] == 64 assert "sniffer" not in cfg["cuckoo"] assert "graylog" not in cfg["cuckoo"] assert cfg["esx"]["esx"]["dsn"] == "esx://127.0.0.1/?no_verify=1" assert cfg["esx"]["esx"]["username"] == "username_goes_here" assert cfg["esx"]["esx"]["password"] == "password_goes_here" assert cfg["esx"]["esx"]["machines"] == ["analysis1"] assert cfg["esx"]["analysis1"]["label"] == "cuckoo1" assert cfg["esx"]["analysis1"]["platform"] == "windows" assert cfg["esx"]["analysis1"]["snapshot"] == "clean_snapshot" assert cfg["esx"]["analysis1"]["ip"] == "192.168.122.105" assert cfg["memory"]["basic"]["guest_profile"] == "WinXPSP2x86" assert cfg["memory"]["basic"]["delete_memdump"] is False assert cfg["memory"]["malfind"]["enabled"] is True assert cfg["memory"]["malfind"]["filter"] is True assert cfg["memory"]["apihooks"]["enabled"] is False assert cfg["memory"]["apihooks"]["filter"] is True assert cfg["memory"]["pslist"]["enabled"] is True assert cfg["memory"]["pslist"]["filter"] is False assert cfg["memory"]["psxview"]["enabled"] is True assert cfg["memory"]["psxview"]["filter"] is False assert cfg["memory"]["callbacks"]["enabled"] is True assert cfg["memory"]["callbacks"]["filter"] is False assert cfg["memory"]["idt"]["enabled"] is True assert cfg["memory"]["idt"]["filter"] is False assert cfg["memory"]["timers"]["enabled"] is True assert cfg["memory"]["timers"]["filter"] is False assert cfg["memory"]["messagehooks"]["enabled"] is False assert cfg["memory"]["messagehooks"]["filter"] is False assert cfg["memory"]["getsids"]["enabled"] is True assert cfg["memory"]["getsids"]["filter"] is False assert cfg["memory"]["privs"]["enabled"] is True assert cfg["memory"]["privs"]["filter"] is False assert cfg["memory"]["dlllist"]["enabled"] is True assert cfg["memory"]["dlllist"]["filter"] is True assert cfg["memory"]["handles"]["enabled"] is True assert cfg["memory"]["handles"]["filter"] is True assert cfg["memory"]["ldrmodules"]["enabled"] is True assert cfg["memory"]["ldrmodules"]["filter"] is True assert cfg["memory"]["mutantscan"]["enabled"] is True assert cfg["memory"]["mutantscan"]["filter"] is True assert cfg["memory"]["devicetree"]["enabled"] is True assert cfg["memory"]["devicetree"]["filter"] is True assert cfg["memory"]["svcscan"]["enabled"] is True assert cfg["memory"]["svcscan"]["filter"] is True assert cfg["memory"]["modscan"]["enabled"] is True assert cfg["memory"]["modscan"]["filter"] is True assert cfg["memory"]["mask"]["enabled"] is False assert cfg["memory"]["mask"]["pid_generic"] is None assert cfg["processing"]["memory"]["enabled"] is False assert "pickled" not in cfg["reporting"] assert "metadata" not in cfg["reporting"] assert "maec11" not in cfg["reporting"] assert cfg["reporting"]["mmdef"]["enabled"] is False assert cfg["reporting"]["maec41"]["enabled"] is False assert cfg["reporting"]["maec41"]["mode"] == "overview" assert cfg["reporting"]["maec41"]["processtree"] is True assert cfg["reporting"]["maec41"]["output_handles"] is False assert cfg["reporting"]["maec41"]["static"] is True assert cfg["reporting"]["maec41"]["strings"] is True assert cfg["reporting"]["maec41"]["virustotal"] is True assert cfg["reporting"]["mongodb"]["host"] == "127.0.0.1" assert cfg["reporting"]["mongodb"]["port"] == 27017 assert cfg["vmware"]["vmware"]["machines"] == ["hello"] assert cfg["vmware"]["hello"]["label"] == "label" assert cfg["vmware"]["hello"]["snapshot"] == "snapshot"
def setup(self): set_cwd(tempfile.mkdtemp()) mkdir(cwd("conf")) self.h = mock.patch("cuckoo.core.init.jinja2") self.p = self.h.start() self.render().return_value = ""
def test_write_configuration(self): set_cwd(tempfile.mkdtemp()) cfg = Config.from_confdir(self.DIRPATH, loose=True) cfg = migrate(cfg, self.VERSION) cuckoo_create(cfg=cfg)
def test_resolve_dns(self, p): set_cwd(tempfile.mkdtemp()) cuckoo_create() p.return_value = "1.2.3.4" assert Pcap(None, {})._dns_gethostbyname("google.com") != ""
def setup(self): set_cwd(tempfile.mkdtemp())
def test_init_logging(): set_cwd(tempfile.mkdtemp()) cuckoo_create() init_logging(logging.DEBUG)
def test_init(p): set_cwd(tempfile.mkdtemp()) with pytest.raises(SystemExit): main.main(("--cwd", cwd(), "--nolog", "init"), standalone_mode=False) p.assert_not_called()
def test_on_extract(): set_cwd(tempfile.mkdtemp()) cuckoo_create() init_modules() Database().connect() mkdir(cwd(analysis=2)) cmd = Scripting().parse_command("cmd.exe /c ping 1.2.3.4") ex = ExtractManager.for_task(2) ex.push_script({ "pid": 1, "first_seen": 2, }, cmd) results = RunProcessing(task=Dictionary({ "id": 2, "category": "file", "target": __file__, })).run() assert results["extracted"] == [{ "category": "script", "pid": 1, "first_seen": 2, "program": "cmd", "raw": cwd("extracted", "0.bat", analysis=2), "yara": [], "info": {}, }] class sig1(object): name = "sig1" @property def matched(self): return False @matched.setter def matched(self, value): pass def init(self): pass def on_signature(self): pass def on_complete(self): pass def on_yara(self): pass on_extract = mock.MagicMock() rs = RunSignatures(results) rs.signatures = sig1(), rs.run() sig1.on_extract.assert_called_once() em = sig1.on_extract.call_args_list[0][0][0] assert em.category == "script"
def setup_class(cls): set_cwd(tempfile.mkdtemp()) cuckoo_create() cls.pcap = Pcap("tests/files/pcap/mixed-traffic.pcap", {}).run()
def test_machines(): set_cwd(tempfile.mkdtemp()) Folders.create(cwd(), "conf") Files.create(cwd("conf"), "cuckoo.conf", """ [cuckoo] machinery = virtualbox [database] connection = timeout = [resultserver] ip = 9.8.7.6 port = 9876 """) Files.create(cwd("conf"), "virtualbox.conf", """ [virtualbox] machines = a, b, c [a] label = a snapshot = derpa platform = windows ip = 1.2.3.4 [b] label = b snapshot = derpb platform = windows ip = 5.6.7.8 resultserver_ip = 7.5.3.1 [c] label = c snapshot = derpc platform = windows ip = 1.3.5.7 resultserver_port = 4242 """) class mock(object): port = 9001 Singleton._instances[ResultServer] = mock() db = Database() db.connect() m = Machinery() m.set_options(Config("virtualbox")) m._initialize("virtualbox") machines = db.list_machines() assert len(machines) == 3 assert machines[0].label == "a" assert machines[0].snapshot == "derpa" assert machines[0].ip == "1.2.3.4" assert machines[0].resultserver_ip == "9.8.7.6" assert machines[0].resultserver_port == 9001 assert machines[1].label == "b" assert machines[1].snapshot == "derpb" assert machines[1].ip == "5.6.7.8" assert machines[1].resultserver_ip == "7.5.3.1" assert machines[1].resultserver_port == 9001 assert machines[2].label == "c" assert machines[2].snapshot == "derpc" assert machines[2].ip == "1.3.5.7" assert machines[2].resultserver_ip == "9.8.7.6" assert machines[2].resultserver_port == 4242 Singleton._instances.pop(ResultServer)
# See the file 'docs/LICENSE' for copying permission. from __future__ import with_statement from alembic import context from sqlalchemy import create_engine, pool from logging.config import fileConfig # Interpret the config file for Python logging. # This line sets up loggers basically. fileConfig(context.config.config_file_name) from cuckoo.core.database import Base, Database from cuckoo.misc import set_cwd set_cwd(context.get_x_argument(as_dictionary=True)["cwd"]) Database().connect(schema_check=False, create=False) # Get database connection string from cuckoo configuration. url = Database().engine.url.__to_string__(hide_password=False) target_metadata = Base.metadata def run_migrations_offline(): """Run migrations in 'offline' mode. This configures the context with just a URL and not an Engine, though an Engine is acceptable here as well. By skipping the Engine creation we don't even need a DBAPI to be available. Calls to context.execute() here emit the given string to the script output.
def test_init_routing_default(p): set_cwd(tempfile.mkdtemp()) cuckoo_create() init_routing() p.assert_not_called()
def test_on_yara(): set_cwd(os.path.realpath(tempfile.mkdtemp())) cuckoo_create() init_modules() shutil.copy(cwd("yara", "binaries", "vmdetect.yar"), cwd("yara", "memory", "vmdetect.yar")) init_yara() mkdir(cwd(analysis=1)) open(cwd("binary", analysis=1), "wb").write("\x0f\x3f\x07\x0b") mkdir(cwd("files", analysis=1)) open(cwd("files", "1.txt", analysis=1), "wb").write("\x56\x4d\x58\x68") mkdir(cwd("memory", analysis=1)) open(cwd("memory", "1-0.dmp", analysis=1), "wb").write( struct.pack("QIIII", 0x400000, 0x1000, 0, 0, 0) + "\x45\xc7\x00\x01") Database().connect() ExtractManager._instances = {} results = RunProcessing(task=Dictionary({ "id": 1, "category": "file", "target": __file__, })).run() assert results["target"]["file"]["yara"][0]["offsets"] == { "virtualpc": [(0, 0)], } assert results["procmemory"][0]["regions"] == [{ "addr": "0x00400000", "end": "0x00401000", "offset": 24, "protect": None, "size": 4096, "state": 0, "type": 0, }] assert results["procmemory"][0]["yara"][0]["offsets"] == { "vmcheckdll": [(24, 0)], } assert results["dropped"][0]["yara"][0]["offsets"] == { "vmware": [(0, 0)], "vmware1": [(0, 0)], } class sig1(object): name = "sig1" @property def matched(self): return False @matched.setter def matched(self, value): pass def init(self): pass def on_signature(self, sig): pass def on_complete(self): pass def on_extract(self, match): pass on_yara = mock.MagicMock() rs = RunSignatures(results) rs.signatures = sig1(), rs.run() assert sig1.on_yara.call_count == 3 sig1.on_yara.assert_any_call("sample", cwd("binary", analysis=1), mock.ANY) sig1.on_yara.assert_any_call("dropped", cwd("files", "1.txt", analysis=1), mock.ANY) sig1.on_yara.assert_any_call("procmem", cwd("memory", "1-0.dmp", analysis=1), mock.ANY) ym = sig1.on_yara.call_args_list[0][0][2] assert ym.offsets == { "virtualpc": [(0, 0)], } assert ym.string("virtualpc", 0) == "\x0f\x3f\x07\x0b"
def test_success(self): set_cwd(tempfile.mkdtemp()) cuckoo_create() open(cwd("monitor", "latest"), "wb").write("A" * 40) os.mkdir(cwd("monitor", "A" * 40)) init_binaries()
def test_unicode(self): set_cwd(tempfile.mkdtemp(u"\u202e")) cuckoo_create() init_yara() assert len(list(File.yara_rules["binaries"])) == 5