def read_next_message(self):
# Read until newline for file path, e.g.,
# shots/0001.jpg or files/9498687557/libcurl-4.dll.bin
buf = self.handler.read_newline().strip().replace("\\", "/")
guest_path = ""
if self.is_binary:
guest_path = sanitize_pathname(self.handler.read_newline().strip()[:32768])
dir_part, filename = os.path.split(buf)
filename = sanitize_pathname(filename)
buf = os.path.join(dir_part, filename)
log.debug("File upload request for {0}".format(buf))
if "./" in buf or not dir_part or buf.startswith("/"):
raise CuckooOperationalError("FileUpload failure, banned path.")
for restricted in self.RESTRICTED_DIRECTORIES:
if restricted in dir_part:
raise CuckooOperationalError("FileUpload failure, banned path.")
try:
create_folder(self.storagepath, dir_part)
except CuckooOperationalError:
log.error("Unable to create folder %s" % dir_part)
return False
file_path = os.path.join(self.storagepath, buf)
if not file_path.startswith(self.storagepath):
raise CuckooOperationalError("FileUpload failure, path sanitization failed.")
if guest_path != "":
guest_paths = []
if os.path.exists(file_path + "_info.txt"):
guest_paths = [line.strip() for line in open(file_path + "_info.txt")]
if guest_path not in guest_paths:
infofd = open(file_path + "_info.txt", "a")
infofd.write(guest_path + "\n")
infofd.close()
if not self.duplicate:
if os.path.exists(file_path):
log.warning("Analyzer tried to overwrite an existing file, closing connection.")
return False
self.fd = open(file_path, "wb")
chunk = self.handler.read_any()
while chunk:
self.fd.write(chunk)
if self.fd.tell() >= self.upload_max_size:
log.warning("Uploaded file length larger than upload_max_size, stopping upload.")
self.fd.write("... (truncated)")
break
try:
chunk = self.handler.read_any()
except:
break
log.debug("Uploaded file length: {0}".format(self.fd.tell()))
def test_sanitize_pathname_not(self):
assert utils.sanitize_pathname("\nabc") == "\\x0aabc"
def read_next_message(self):
# Read until newline for file path, e.g.,
# shots/0001.jpg or files/9498687557/libcurl-4.dll.bin
buf = self.handler.read_newline().strip().replace("\\", "/")
guest_path = ""
if self.is_binary:
guest_path = sanitize_pathname(self.handler.read_newline().strip()[:32768])
dir_part, filename = os.path.split(buf)
filename = sanitize_pathname(filename)
buf = os.path.join(dir_part, filename)
log.debug("File upload request for {0}".format(buf))
if "./" in buf or not dir_part or buf.startswith("/"):
raise CuckooOperationalError("FileUpload failure, banned path.")
for restricted in self.RESTRICTED_DIRECTORIES:
if restricted in dir_part:
raise CuckooOperationalError("FileUpload failure, banned path.")
try:
create_folder(self.storagepath, dir_part)
except CuckooOperationalError:
log.error("Unable to create folder %s" % dir_part)
return False
file_path = os.path.join(self.storagepath, buf)
if not file_path.startswith(self.storagepath):
raise CuckooOperationalError("FileUpload failure, path sanitization failed.")
if guest_path != "":
guest_paths = []
if os.path.exists(file_path + "_info.txt"):
guest_paths = [line.strip() for line in open(file_path + "_info.txt")]
if guest_path not in guest_paths:
infofd = open(file_path + "_info.txt", "a")
infofd.write(guest_path + "\n")
infofd.close()
if not self.duplicate:
if os.path.exists(file_path):
log.warning("Analyzer tried to overwrite an existing file, closing connection.")
return False
self.fd = open(file_path, "wb")
chunk = self.handler.read_any()
while chunk:
self.fd.write(chunk)
if self.fd.tell() >= self.upload_max_size:
log.warning("Uploaded file length ({0}) larger than upload_max_size ({1}), stopping upload.".format(self.fd.tell(), self.upload_max_size))
self.fd.write("... (truncated)")
break
try:
chunk = self.handler.read_any()
except:
break
log.debug("Uploaded file length: {0}".format(self.fd.tell()))
def test_sanitize_pathname(self):
assert utils.sanitize_pathname("abc") == "abc"