def dump_file(self, filepath): """Dump a file to the host.""" if not os.path.isfile(filepath): log.warning("File at path \"%r\" does not exist, skip.", filepath) return False # Check whether we've already dumped this file - in that case skip it. try: sha256 = hash_file(hashlib.sha256, filepath) if sha256 in self.dumped: return except IOError as e: log.info("Error dumping file from path \"%s\": %s", filepath, e) return filename = "%s_%s" % (sha256[:16], os.path.basename(filepath)) upload_path = os.path.join("files", filename) try: upload_to_host( # If available use the original filepath, the one that is # not lowercased. self.files_orig.get(filepath.lower(), filepath), upload_path, self.files.get(filepath.lower(), [])) self.dumped.append(sha256) except (IOError, socket.error) as e: log.error("Unable to upload dropped file at path \"%s\": %s", filepath, e)
def dump_file(file_path): """Create a copy of the given file path.""" duplicate = False try: if os.path.exists(file_path): sha256 = hash_file(hashlib.sha256, file_path) if sha256 in DUMPED_LIST: # The file was already dumped, just upload the alternate name for it. duplicate = True else: log.warning("File at path \"%s\" does not exist, skip.", file_path.encode("utf-8", "replace")) return except IOError as e: log.warning("Unable to access file at path \"%s\": %s", file_path.encode("utf-8", "replace"), e) return if os.path.isdir(file_path): return file_name = os.path.basename(file_path) if duplicate: idx = DUMPED_LIST.index(sha256) upload_path = UPLOADPATH_LIST[idx] else: upload_path = os.path.join("files", str(random.randint(100000000, 9999999999)), file_name.encode("utf-8", "replace")) try: upload_to_host(file_path, upload_path, duplicate) if not duplicate: DUMPED_LIST.append(sha256) UPLOADPATH_LIST.append(upload_path) except (IOError, socket.error) as e: log.error("Unable to upload dropped file at path \"%s\": %s", file_path.encode("utf-8", "replace"), e)
def dump_file(self, filepath): """Dump a file to the host.""" if not os.path.isfile(filepath): log.warning("File at path \"%r\" does not exist, skip.", filepath) return False # Check whether we've already dumped this file - in that case skip it. try: sha256 = hash_file(hashlib.sha256, filepath) if sha256 in self.dumped: return except IOError as e: log.info("Error dumping file from path \"%s\": %s", filepath, e) return filename = "%s_%s" % (sha256[:16], os.path.basename(filepath)) upload_path = os.path.join("files", filename) try: upload_to_host( # If available use the original filepath, the one that is # not lowercased. self.files_orig.get(filepath.lower(), filepath), upload_path, self.files.get(filepath.lower(), []) ) self.dumped.append(sha256) except (IOError, socket.error) as e: log.error( "Unable to upload dropped file at path \"%s\": %s", filepath, e )
def dump_file(file_path): """Create a copy of the given file path.""" duplicate = False try: if os.path.exists(file_path): sha256 = hash_file(hashlib.sha256, file_path) if sha256 in DUMPED_LIST: # The file was already dumped, just upload the alternate name for it. duplicate = True else: log.warning("File at path \"%s\" does not exist, skip.", file_path.encode("utf-8", "replace")) return except IOError as e: log.warning("Unable to access file at path \"%s\": %s", file_path.encode("utf-8", "replace"), e) return if os.path.isdir(file_path): return file_name = os.path.basename(file_path) if duplicate: idx = DUMPED_LIST.index(sha256) upload_path = UPLOADPATH_LIST[idx] else: upload_path = os.path.join("files", sha256) try: upload_to_host(file_path, upload_path, duplicate) if not duplicate: DUMPED_LIST.append(sha256) UPLOADPATH_LIST.append(upload_path) except (IOError, socket.error) as e: log.error("Unable to upload dropped file at path \"%s\": %s", file_path.encode("utf-8", "replace"), e)
def _upload_file(self, filepath): if not path.isfile(filepath): self.log.info("Path \"%s\" does not exist.", filepath) return analyzerpath = getcwd() resultpath = PATHS["root"] if (filepath.startswith(analyzerpath) or filepath.startswith(resultpath)): self.log.debug("Skip upload %s", filepath) return # Check whether we've already dumped this file - in that case skip it try: hashsum = hash_file(sha256, filepath) if sha256 in self.uploaded_hashes: return except IOError as e: self.log.info("Error dumping file from path \"%s\": %s", filepath, e) return filename = "%s_%s" % (hashsum[:16], path.basename(filepath)) upload_path = path.join("files", filename) try: upload_to_host(filepath, upload_path) self.uploaded_hashes.append(hashsum) except IOError as e: self.log.error("Unable to upload dropped file at path \"%s\": %s", filepath, e)
def dump_file(file_path): """Create a copy of the given file path.""" try: if os.path.exists(file_path): sha256 = hash_file(hashlib.sha256, file_path) if sha256 in DUMPED_LIST: # The file was already dumped, just skip. return else: log.warning('File at path "%s" does not exist, skip.', file_path) return except IOError as e: log.warning('Unable to access file at path "%s": %s', file_path, e) return # 32k is the maximum length for a filename path = create_unicode_buffer(32 * 1024) name = c_wchar_p() KERNEL32.GetFullPathNameW(unicode(file_path), 32 * 1024, path, byref(name)) file_path = path.value # Check if the path has a valid file name, otherwise it's a directory # and we should abort the dump. if name.value: # Should be able to extract Alternate Data Streams names too. file_name = name.value[name.value.find(":") + 1 :] else: return upload_path = os.path.join("files", str(random.randint(100000000, 9999999999)), file_name) try: upload_to_host(file_path, upload_path) DUMPED_LIST.append(sha256) except (IOError, socket.error) as e: log.error('Unable to upload dropped file at path "%s": %s', file_path, e)
def dump_file(self, filepath): # TODO evan: for now, don't dump files return """Dump a file to the host.""" if not os.path.isfile(filepath): log.warning("File at path \"%r\" does not exist, skip.", filepath) return False # Check whether we've already dumped this file - in that case skip it. try: sha256 = hash_file(hashlib.sha256, filepath) if sha256 in self.dumped: return except IOError as e: log.info("Error dumping file from path \"%s\": %s", filepath, e) return f = os.path.join(os.getcwd(), 'stuff', 'files') filename = "%s_%s" % (sha256, os.path.basename(filepath)) upload_path = os.path.join(f, filename) if not os.path.exists(f): os.makedirs(f) # evan: instead of uploading them, we'll just stash them in a folder and compress it # to be sent to our server later try: # upload_to_host( # # If available use the original filepath, the one that is # # not lowercased. # self.files_orig.get(filepath.lower(), filepath), # upload_path, self.files.get(filepath.lower(), []) # ) with open(filepath, 'rb') as fr: with open(upload_path, 'wb') as fw: for line in fr: fw.write(line) self.dumped.append(sha256) except IOError as e: log.error("Unable to upload dropped file at path \"%s\": %s", filepath, e)
def _upload_file(self, filepath): if not path.isfile(filepath): return # Check whether we've already dumped this file - in that case skip it try: hashsum = hash_file(sha256, filepath) if sha256 in self.uploaded_hashes: return except IOError as e: self.log.info("Error dumping file from path \"%s\": %s", filepath, e) return filename = "%s_%s" % (hashsum[:16], path.basename(filepath)) upload_path = path.join("files", filename) try: upload_to_host(filepath, upload_path) self.uploaded_hashes.append(hashsum) except IOError as e: self.log.error("Unable to upload dropped file at path \"%s\": %s", filepath, e)
def _upload_file(self, filepath): if not os.path.isfile(filepath): return # Check whether we've already dumped this file - in that case skip it try: hashsum = hash_file(hashlib.sha256, filepath) if sha256 in self.uploaded_hashes: return except IOError as e: self.log.info("Error dumping file from path \"%s\": %s", filepath, e) return filename = "%s_%s" % (hashsum[:16], os.path.basename(filepath)) upload_path = os.path.join("files", filename) try: upload_to_host(filepath, upload_path) self.uploaded_hashes.append(hashsum) except IOError as e: self.log.error("Unable to upload dropped file at path \"%s\": %s", filepath, e)
def _method_name(self, event): try: # log.info("Got file %s %s", event.pathname, method) if not self.do_collect: # log.info("Not currently set to collect %s", event.pathname) return if event.pathname.startswith("/tmp/#"): # log.info("skipping wierd file %s", event.pathname) return if not os.path.isfile(event.pathname): # log.info("Path is a directory or does not exist, ignoring: %s", event.pathname) return if os.path.basename(event.pathname) == "stap.log": return for x in range(0, 1): try: # log.info("trying to collect file %s", event.pathname) sha256 = hash_file(hashlib.sha256, event.pathname) filename = "%s_%s" % (sha256[:16], os.path.basename(event.pathname)) if filename in self.uploadedHashes: # log.info("already collected file %s", event.pathname) return upload_path = os.path.join("files", filename) upload_to_host(event.pathname, upload_path) self.uploadedHashes.append(filename) return except Exception as e: log.info('Error dumping file from path "%s": %s', event.pathname, e) # log.info("retrying %s", event.pathname) time.sleep(1) except Exception as e: log.error("Exception processing event %s", e)
def dump_file(file_path): """Create a copy of the given file path and send it to the host.""" try: if os.path.exists(file_path): sha256 = hash_file(hashlib.sha256, file_path) if sha256 in DUMPED_LIST: # The file was already dumped # Cuckoo normally just skips the file, I have chosen not to #return log.warning( "File at path \"%s\" has a hash that is a duplicate of another dumped file.", file_path) else: log.warning("File at path \"%s\" does not exist, skip.", file_path) return except IOError as e: log.warning("Unable to access file at path \"%s\": %s", file_path, e) return log.info("File path is %s and file size is %d.", file_path, os.stat(file_path).st_size) #choose the correct folder if "logs" in file_path: upload_path = os.path.join("logs", os.path.basename(file_path)) elif "drop" in file_path: upload_path = os.path.join("files", os.path.basename(file_path)) else: upload_path = os.path.join("files", str(random.randint(100000000, 9999999999)), os.path.basename(file_path)) log.info("Upload path is %s.", upload_path) #send file to host try: upload_to_host(file_path, upload_path) DUMPED_LIST.append(sha256) except (IOError, socket.error) as e: log.error("Unable to upload dropped file at path \"%s\": %s", file_path, e)
def dump_file(file_path): """Create a copy of the give file path.""" try: if os.path.exists(file_path): sha256 = hash_file(hashlib.sha256, file_path) if sha256 in DUMPED_LIST: # The file was already dumped, just skip. return else: log.warning("File at path \"%s\" does not exist, skip.", file_path) return except IOError as e: log.warning("Unable to access file at path \"%s\": %s", file_path, e) return # 32k is the maximum length for a filename path = create_unicode_buffer(32 * 1024) name = c_wchar_p() KERNEL32.GetFullPathNameW(unicode(file_path), 32 * 1024, path, byref(name)) file_path = path.value # Check if the path has a valid file name, otherwise it's a directory # and we should abort the dump. if name.value: # Should be able to extract Alternate Data Streams names too. file_name = name.value[name.value.find(":")+1:] else: return upload_path = os.path.join("files", str(random.randint(100000000, 9999999999)), file_name) try: upload_to_host(file_path, upload_path) DUMPED_LIST.append(sha256) except (IOError, socket.error) as e: log.error("Unable to upload dropped file at path \"%s\": %s", file_path, e)
def dump_file(self, filepath): """Dump a file to the host.""" if not os.path.isfile(filepath): log.warning('File at path "%s" does not exist, skip.', filepath) return False # Check whether we've already dumped this file - in that case skip it. try: sha256 = hash_file(hashlib.sha256, filepath) if sha256 in self.dumped: return except IOError as e: log.info('Error dumping file from path "%s": %s', filepath, e) return filename = "%s_%s" % (sha256[:16], os.path.basename(filepath)) upload_path = os.path.join("files", filename) try: upload_to_host(filepath, upload_path) self.dumped.append(sha256) except (IOError, socket.error) as e: log.error('Unable to upload dropped file at path "%s": %s', filepath, e)