Exemplo n.º 1
0
class TestProcessor:
    def setUp(self):
        self.tmp = tempfile.mkdtemp()
        self.p = Processor(self.tmp)

    def test_run_processing(self):
        res = self.p._run_processing(ProcessingMock)
        assert "foo" in res
        assert "bar" in res["foo"]

    def test_run_signature_alter_results(self):
        """@note: regression test."""
        res = {"foo": "bar"}
        self.p._run_signature(SignatureMock, res)
        assert_equals(res["foo"], "bar")

    def test_signature_disabled(self):
        res = {"foo": "bar"}
        assert_equals(None, self.p._run_signature(SignatureDisabledMock, res))

    def test_signature_wrong_version(self):
        res = {"foo": "bar"}
        assert_equals(None, self.p._run_signature(SignatureWrongVersionMock, res))

    def tearDown(self):
        os.rmdir(self.tmp)
Exemplo n.º 2
0
class TestProcessor:
    def setUp(self):
        self.tmp = tempfile.mkdtemp()
        self.p = Processor(self.tmp)

    def test_run_processing(self):
        res = self.p._run_processing(ProcessingMock)
        assert "foo" in res
        assert "bar" in res["foo"]

    def test_run_signature_alter_results(self):
        """@note: regression test."""
        res = {"foo": "bar"}
        self.p._run_signature(SignatureMock, res)
        assert_equals(res["foo"], "bar")

    def test_signature_disabled(self):
        res = {"foo": "bar"}
        assert_equals(None, self.p._run_signature(SignatureDisabledMock, res))

    def test_signature_wrong_version(self):
        res = {"foo": "bar"}
        assert_equals(None, self.p._run_signature(SignatureWrongVersionMock, res))

    def tearDown(self):
        os.rmdir(self.tmp)
Exemplo n.º 3
0
def main():
    parser = argparse.ArgumentParser()
    parser.add_argument("id", type=str, help="ID of the analysis to process")
    parser.add_argument("-r",
                        "--report",
                        help="Re-generate report",
                        action="store_true",
                        required=False)
    parser.add_argument("-f",
                        "--failed",
                        help="Mark the analysis as failed",
                        action="store_true",
                        required=False)
    args = parser.parse_args()

    init_modules()

    if args.failed:
        results = {"success": False}
    else:
        results = Processor(args.id).run()
        results["success"] = True

    if args.report:
        Reporter(args.id).run(results)
Exemplo n.º 4
0
    def process_results(self):
        """Process the analysis results and generate the enabled reports."""
        try:
            logs_path = os.path.join(self.storage, "logs")
            for csv in os.listdir(logs_path):
                if not csv.endswith(".raw"):
                    continue
                csv = os.path.join(logs_path, csv)
                if os.stat(
                        csv).st_size > self.cfg.processing.analysis_size_limit:
                    log.error(
                        "Analysis file %s is too big to be processed, "
                        "analysis aborted. Process it manually with the "
                        "provided utilities", csv)
                    return False
        except OSError as e:
            log.warning("Error accessing analysis logs (task=%d): %s",
                        self.task.id, e)

        results = Processor(self.task.id).run()
        Reporter(self.task.id).run(results)

        # If the target is a file and the user enabled the option,
        # delete the original copy.
        if self.task.category == "file" and self.cfg.cuckoo.delete_original:
            try:
                os.remove(self.task.target)
            except OSError as e:
                log.error(
                    "Unable to delete original file at path \"%s\": "
                    "%s", self.task.target, e)

        log.info("Task #%d: reports generation completed (path=%s)",
                 self.task.id, self.storage)

        return True
Exemplo n.º 5
0
    def launch_analysis(self):
        """Start analysis.
        @raise CuckooAnalysisError: if unable to start analysis.
        """
        log.info("Starting analysis of file \"%s\" (task=%s)" %
                 (self.task.file_path, self.task.id))

        if not os.path.exists(self.task.file_path):
            raise CuckooAnalysisError(
                "The file to analyze does not exist at path \"%s\", analysis aborted"
                % self.task.file_path)

        self.init_storage()
        self.store_file()
        options = self.build_options()

        while True:
            machine_lock.acquire()
            vm = mmanager.acquire(machine_id=self.task.machine,
                                  platform=self.task.platform)
            machine_lock.release()
            if not vm:
                log.debug("Task #%s: no machine available" % self.task.id)
                time.sleep(1)
            else:
                log.info("Task #%s: acquired machine %s (label=%s)" %
                         (self.task.id, vm.id, vm.label))
                break

        # Initialize sniffer
        if self.cfg.cuckoo.use_sniffer:
            sniffer = Sniffer(self.cfg.cuckoo.tcpdump)
            sniffer.start(interface=self.cfg.cuckoo.interface,
                          host=vm.ip,
                          file_path=os.path.join(self.analysis.results_folder,
                                                 "dump.pcap"))
        else:
            sniffer = False

        try:
            # Start machine
            mmanager.start(vm.label)
            # Initialize guest manager
            guest = GuestManager(vm.id, vm.ip, vm.platform)
            # Launch analysis
            guest.start_analysis(options)
            # Wait for analysis to complete
            success = guest.wait_for_completion()
            # Stop sniffer
            if sniffer:
                sniffer.stop()

            if not success:
                raise CuckooAnalysisError(
                    "Task #%s: analysis failed, review previous errors" %
                    self.task.id)
            # Save results
            guest.save_results(self.analysis.results_folder)
        except (CuckooMachineError, CuckooGuestError) as e:
            raise CuckooAnalysisError(e)
        finally:
            # Stop machine
            mmanager.stop(vm.label)
            # Release the machine from lock
            mmanager.release(vm.label)

        # Launch reports generation
        Reporter(self.analysis.results_folder).run(
            Processor(self.analysis.results_folder).run())

        log.info("Task #%s: reports generation completed (path=%s)" %
                 (self.task.id, self.analysis.results_folder))
Exemplo n.º 6
0
 def setUp(self):
     self.tmp = tempfile.mkdtemp()
     self.p = Processor(self.tmp)
Exemplo n.º 7
0
#!/usr/bin/env python
# Copyright (C) 2010-2012 Cuckoo Sandbox Developers.
# This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org
# See the file 'docs/LICENSE' for copying permission.

import os
import sys
import logging

logging.basicConfig(level=logging.DEBUG)

sys.path.append(os.path.join(os.path.abspath(os.path.dirname(__file__)), ".."))

from lib.cuckoo.core.processor import Processor

results = Processor(sys.argv[1]).run()

if "signatures" in results:
    for signature in results["signatures"]:
        print("%s matched:" % signature["name"])
        print("\tDescription: %s" % signature["description"])
        print("\tSeverity: %d" % signature["severity"])
Exemplo n.º 8
0
 def setUp(self):
     self.tmp = tempfile.mkdtemp()
     self.p = Processor(self.tmp)