def test_migration_203_204():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "processing.conf", """
[dumptls]
enabled = on
""")
Files.create(cwd("conf"), "qemu.conf", """
[qemu]
machines = ubuntu32, ubuntu64
[ubuntu32]
arch = x86
[ubuntu64]
arch = x64
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.3", "2.0.4")
assert cfg["processing"]["extracted"]["enabled"] is True
# Except for qemu.
machineries = (
"avd", "esx", "kvm", "physical", "virtualbox",
"vmware", "vsphere", "xenserver",
)
for machinery in machineries:
Files.create(
cwd("conf"), "%s.conf" % machinery, "[%s]\nmachines =" % machinery
)
assert cfg["qemu"]["ubuntu32"]["enable_kvm"] is False
assert cfg["qemu"]["ubuntu32"]["snapshot"] is None
def test_create_tuple(self):
dirpath = tempfile.mkdtemp()
Folders.create(dirpath, "foo")
Files.create((dirpath, "foo"), "a.txt", "bar")
filepath = os.path.join(dirpath, "foo", "a.txt")
assert open(filepath, "rb").read() == "bar"
def test_migration_201_202():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(
cwd("conf"), "virtualbox.conf", """
[virtualbox]
machines = cuckoo1, cuckoo2
[cuckoo1]
platform = windows
[cuckoo2]
platform = windows
""")
# Except for virtualbox.
machineries = (
"avd",
"esx",
"kvm",
"physical",
"qemu",
"vmware",
"vsphere",
"xenserver",
)
for machinery in machineries:
Files.create(cwd("conf"), "%s.conf" % machinery,
"[%s]\nmachines =" % machinery)
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.1", "2.0.2")
assert cfg["virtualbox"]["cuckoo1"]["osprofile"] is None
assert cfg["virtualbox"]["cuckoo2"]["osprofile"] is None
def test_migration_203_204():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "processing.conf", """
[dumptls]
enabled = on
""")
Files.create(
cwd("conf"), "qemu.conf", """
[qemu]
machines = ubuntu32, ubuntu64
[ubuntu32]
arch = x86
[ubuntu64]
arch = x64
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.3", "2.0.4")
assert cfg["processing"]["extracted"]["enabled"] is True
# Except for qemu.
machineries = (
"avd",
"esx",
"kvm",
"physical",
"virtualbox",
"vmware",
"vsphere",
"xenserver",
)
for machinery in machineries:
Files.create(cwd("conf"), "%s.conf" % machinery,
"[%s]\nmachines =" % machinery)
assert cfg["qemu"]["ubuntu32"]["enable_kvm"] is False
assert cfg["qemu"]["ubuntu32"]["snapshot"] is None
def test_migration_201_202():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "virtualbox.conf", """
[virtualbox]
machines = cuckoo1, cuckoo2
[cuckoo1]
platform = windows
[cuckoo2]
platform = windows
""")
# Except for virtualbox.
machineries = (
"avd", "esx", "kvm", "physical", "qemu",
"vmware", "vsphere", "xenserver",
)
for machinery in machineries:
Files.create(
cwd("conf"), "%s.conf" % machinery,
"[%s]\nmachines =" % machinery
)
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.1", "2.0.2")
assert cfg["virtualbox"]["cuckoo1"]["osprofile"] is None
assert cfg["virtualbox"]["cuckoo2"]["osprofile"] is None
def test_create_tuple(self):
dirpath = tempfile.mkdtemp()
Folders.create(dirpath, "foo")
Files.create((dirpath, "foo"), "a.txt", "bar")
filepath = os.path.join(dirpath, "foo", "a.txt")
assert open(filepath, "rb").read() == "bar"
def test_multiple_folders(self):
"""Tests multiple folders creation."""
Folders.create(self.tmp_dir, ["foo", "bar"])
assert os.path.exists(os.path.join(self.tmp_dir, "foo"))
assert os.path.exists(os.path.join(self.tmp_dir, "bar"))
os.rmdir(os.path.join(self.tmp_dir, "foo"))
os.rmdir(os.path.join(self.tmp_dir, "bar"))
def test_multiple_folders(self):
"""Tests multiple folders creation."""
Folders.create(self.tmp_dir, ["foo", "bar"])
assert os.path.exists(os.path.join(self.tmp_dir, "foo"))
assert os.path.exists(os.path.join(self.tmp_dir, "bar"))
os.rmdir(os.path.join(self.tmp_dir, "foo"))
os.rmdir(os.path.join(self.tmp_dir, "bar"))
def test_am_init_duplicate_analysis():
am = am_init()
Folders.create(cwd(analysis=1234))
assert am.init() is False
# Manually disable per-task logging initiated by init().
task_log_stop(1234)
def test_am_init_duplicate_analysis():
am = am_init()
Folders.create(cwd(analysis=1234))
assert am.init() is False
# Manually disable per-task logging initiated by init().
task_log_stop(1234)
def create_folders(self):
folders = "shots", "files", "logs", "buffer", "extracted"
try:
Folders.create(self.storagepath, folders)
except CuckooOperationalError as e:
log.error("Issue creating analyses folders: %s", e)
return False
def create_folders(self):
folders = "shots", "files", "logs", "buffer", "extracted"
try:
Folders.create(self.storagepath, folders)
except CuckooOperationalError as e:
log.error("Issue creating analyses folders: %s", e)
return False
def test_confdir():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", "[cuckoo]\ndelete_original = yes")
Files.create(cwd("conf"), "virtualbox.conf",
"[virtualbox]\npath = /usr/bin/VBoxManage")
cfg = Config.from_confdir(cwd("conf"))
assert cfg["cuckoo"]["cuckoo"]["delete_original"] is True
assert cfg["virtualbox"]["virtualbox"]["path"] == "/usr/bin/VBoxManage"
def test_temp_conf(self):
dirpath = tempfile.mkdtemp()
set_cwd(dirpath)
Folders.create(dirpath, "conf")
with open(os.path.join(dirpath, "conf", "cuckoo.conf"), "wb") as f:
f.write("[cuckoo]\ntmppath = %s" % dirpath)
filepath = Files.temp_put("foo")
assert filepath.startswith(os.path.join(dirpath, "cuckoo-tmp"))
def test_migration_203_204():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "processing.conf", """
[dumptls]
enabled = on
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.3", "2.0.4")
assert cfg["processing"]["extracted"]["enabled"] is True
def test_migration_100_110():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "1.0.0", "1.1.0")
assert cfg["cuckoo"]["cuckoo"]["tmppath"] == "/tmp"
def test_migration_204_205():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "auxiliary.conf", """
[mitm]
script = mitm.py
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.4", "2.0.5")
assert cfg["auxiliary"]["mitm"]["script"] == "stuff/mitm.py"
def setup(self):
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
write_cuckoo_conf()
with mock.patch("cuckoo.common.abstracts.Database") as p:
p.return_value = mock.MagicMock()
self.m = QEMU()
self.m.set_options(Config("qemu"))
def test_migration_203_204():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "processing.conf", """
[dumptls]
enabled = on
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.3", "2.0.4")
assert cfg["processing"]["extracted"]["enabled"] is True
def test_migration_200_201():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "memory.conf", """
[mask]
pid_generic =
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.0", "2.0.1")
assert cfg["memory"]["mask"]["pid_generic"] == []
def test_migration_100_110():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "1.0.0", "1.1.0")
assert cfg["cuckoo"]["cuckoo"]["tmppath"] == "/tmp"
def test_temp_conf(self):
dirpath = tempfile.mkdtemp()
set_cwd(dirpath)
Folders.create(dirpath, "conf")
with open(os.path.join(dirpath, "conf", "cuckoo.conf"), "wb") as f:
f.write("[cuckoo]\ntmppath = %s" % dirpath)
filepath = Files.temp_put("foo")
assert filepath.startswith(dirpath)
def test_migration_200_201():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "memory.conf", """
[mask]
pid_generic =
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.0", "2.0.1")
assert cfg["memory"]["mask"]["pid_generic"] == []
def cuckoo_cwd():
"""Create a temporary Cuckoo working directory"""
path = tempfile.mkdtemp()
print('Temporary path:', path)
set_cwd(path)
cuckoo_create()
anal_path = cwd(analysis=1)
Folders.create(anal_path, RESULT_DIRECTORIES)
yield path
shutil.rmtree(path)
def setup(self):
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
self.vbox_path = cwd("conf", "virtualbox.conf")
open(self.vbox_path, "wb").write(VIRTUALBOX_CONFIG_EXAMPLE)
self.virtualbox = Config(file_name="virtualbox", cfg=self.vbox_path)
filepath = cwd("conf", "cuckoo.conf")
open(filepath, "wb").write(CUCKOO_CONFIG_EXAMPLE)
self.cuckoo = Config(file_name="cuckoo", cfg=filepath)
def test_create_temp_conf(self):
"""Test creation of temporary directory with configuration."""
dirpath = tempfile.mkdtemp()
set_cwd(dirpath)
Folders.create(dirpath, "conf")
with open(os.path.join(dirpath, "conf", "cuckoo.conf"), "wb") as f:
f.write("[cuckoo]\ntmppath = %s" % dirpath)
dirpath2 = Folders.create_temp()
assert dirpath2.startswith(os.path.join(dirpath, "cuckoo-tmp"))
def test_create_temp_conf(self):
"""Test creation of temporary directory with configuration."""
dirpath = tempfile.mkdtemp()
set_cwd(dirpath)
Folders.create(dirpath, "conf")
with open(os.path.join(dirpath, "conf", "cuckoo.conf"), "wb") as f:
f.write("[cuckoo]\ntmppath = %s" % dirpath)
dirpath2 = Folders.create_temp()
assert dirpath2.startswith(dirpath)
def setup(self):
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
write_cuckoo_conf()
with mock.patch("cuckoo.common.abstracts.Database") as p:
p.return_value = mock.MagicMock()
self.m = VirtualBox()
self.m.db.clean_machines.assert_called_once()
self.m.set_options(Config("virtualbox"))
def setup(self):
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
self.vbox_path = cwd("conf", "virtualbox.conf")
open(self.vbox_path, "wb").write(VIRTUALBOX_CONFIG_EXAMPLE)
self.virtualbox = Config(file_name="virtualbox", cfg=self.vbox_path)
filepath = cwd("conf", "cuckoo.conf")
open(filepath, "wb").write(CUCKOO_CONFIG_EXAMPLE)
self.cuckoo = Config(file_name="cuckoo", cfg=filepath)
def setup(self):
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
write_cuckoo_conf()
with mock.patch("cuckoo.common.abstracts.Database") as p:
p.return_value = mock.MagicMock()
self.m = QEMU()
self.m.db.clean_machines.assert_called_once()
self.m.set_options(Config("qemu"))
def test_invalid_section():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", "[invalid_section]\nfoo = bar")
with pytest.raises(CuckooConfigurationError) as e:
Config("cuckoo", strict=True)
e.match("Config section.*not found")
Files.create(cwd("conf"), "cuckoo.conf", "[cuckoo]\ninvalid = entry")
with pytest.raises(CuckooConfigurationError) as e:
config("cuckoo:invalid:entry", strict=True)
e.match("No such configuration value exists")
def test_invalid_machinery():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
write_cuckoo_conf({
"cuckoo": {
"cuckoo": {
"machinery": "foobar",
},
},
})
with pytest.raises(CuckooStartupError) as e:
check_configs()
e.match("unknown machinery")
def test_invalid_section():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", "[invalid_section]\nfoo = bar")
with pytest.raises(CuckooConfigurationError) as e:
Config("cuckoo", strict=True)
e.match("Config section.*not found")
Files.create(cwd("conf"), "cuckoo.conf", "[cuckoo]\ninvalid = entry")
with pytest.raises(CuckooConfigurationError) as e:
config("cuckoo:invalid:entry", strict=True)
e.match("No such configuration value exists")
def test_invalid_machinery():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
write_cuckoo_conf({
"cuckoo": {
"cuckoo": {
"machinery": "foobar",
},
},
})
with pytest.raises(CuckooStartupError) as e:
check_configs()
e.match("unknown machinery")
def set_path(self, analysis_path):
"""Set analysis folder path.
@param analysis_path: analysis folder path.
"""
self.analysis_path = analysis_path
self.file_path = os.path.realpath(self._get_analysis_path("binary"))
self.reports_path = self._get_analysis_path("reports")
self.shots_path = self._get_analysis_path("shots")
self.pcap_path = self._get_analysis_path("dump.pcap")
try:
Folders.create(self.reports_path)
except CuckooOperationalError as e:
raise CuckooReportError(e)
def set_path(self, analysis_path):
"""Set analysis folder path.
@param analysis_path: analysis folder path.
"""
self.analysis_path = analysis_path
self.file_path = os.path.realpath(self._get_analysis_path("binary"))
self.reports_path = self._get_analysis_path("reports")
self.shots_path = self._get_analysis_path("shots")
self.pcap_path = self._get_analysis_path("dump.pcap")
try:
Folders.create(self.reports_path)
except CuckooOperationalError as e:
raise CuckooReportError(e)
def test_confdir():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(
cwd("conf"), "cuckoo.conf",
"[cuckoo]\ndelete_original = yes"
)
Files.create(
cwd("conf"), "virtualbox.conf",
"[virtualbox]\npath = /usr/bin/VBoxManage"
)
cfg = Config.from_confdir(cwd("conf"))
assert cfg["cuckoo"]["cuckoo"]["delete_original"] is True
assert cfg["virtualbox"]["virtualbox"]["path"] == "/usr/bin/VBoxManage"
def test_sanitize():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(
cwd("conf"), "cuckoo.conf", "[database]\n"
"timeout = 42\n"
"connection = postgresql://user:pass@localhost/cuckoo")
cfg = Config.from_confdir(cwd("conf"))
assert cfg["cuckoo"]["database"]["timeout"] == 42
assert cfg["cuckoo"]["database"][
"connection"] == "postgresql://*****:*****@localhost/cuckoo"
cfg = Config.from_confdir(cwd("conf"), sanitize=True)
assert cfg["cuckoo"]["database"]["timeout"] == 42
assert cfg["cuckoo"]["database"]["connection"] == "*" * 8
def test_migration_041_042():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", "[cuckoo]\ndelete_original = yes")
Files.create(cwd("conf"), "virtualbox.conf",
"[virtualbox]\npath = /usr/bin/VBoxManage")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "0.4.1", "0.4.2")
assert cfg["cuckoo"]["cuckoo"]["analysis_size_limit"] == 104857600
assert cfg["virtualbox"]["virtualbox"]["timeout"] == 300
assert cfg["vmware"]["vmware"]["mode"] == "gui"
assert cfg["vmware"]["vmware"]["path"] == "/usr/bin/vmrun"
assert cfg["vmware"]["vmware"]["machines"] == ["cuckoo1"]
assert cfg["vmware"]["cuckoo1"]["label"] == "../vmware-xp3.vmx,Snapshot1"
assert cfg["vmware"]["cuckoo1"]["platform"] == "windows"
assert cfg["vmware"]["cuckoo1"]["ip"] == "192.168.54.111"
def test_sanitize():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(
cwd("conf"), "cuckoo.conf",
"[database]\n"
"timeout = 42\n"
"connection = postgresql://user:pass@localhost/cuckoo"
)
cfg = Config.from_confdir(cwd("conf"))
assert cfg["cuckoo"]["database"]["timeout"] == 42
assert cfg["cuckoo"]["database"]["connection"] == "postgresql://*****:*****@localhost/cuckoo"
cfg = Config.from_confdir(cwd("conf"), sanitize=True)
assert cfg["cuckoo"]["database"]["timeout"] == 42
assert cfg["cuckoo"]["database"]["connection"] == "*"*8
def create_dirs(self, id=None):
"""Create the folders for this analysis. Returns True if
all folders were created. False if not"""
if not id:
id = self.id
for task_dir in self.dirs:
create_dir = cwd(task_dir, analysis=id)
try:
if not os.path.exists(create_dir):
Folders.create(create_dir)
except CuckooOperationalError as e:
log.error(
"Unable to create folder '%s' for task #%s Error: %s",
create_dir, id, e)
return False
return True
def test_migration_050_060():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", "[cuckoo]")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "0.5.0", "0.6.0")
assert cfg["cuckoo"]["resultserver"] == {
"ip": "192.168.56.1",
"port": 2042,
"store_csvs": False,
"upload_max_size": 10485760,
}
assert cfg["processing"] == {
"analysisinfo": {
"enabled": True,
},
"behavior": {
"enabled": True,
},
"debug": {
"enabled": True,
},
"dropped": {
"enabled": True,
},
"network": {
"enabled": True,
},
"static": {
"enabled": True,
},
"strings": {
"enabled": True,
},
"targetinfo": {
"enabled": True,
},
"virustotal": {
"enabled":
True,
"key":
"a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088",
},
}
def test_migration_050_060():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", "[cuckoo]")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "0.5.0", "0.6.0")
assert cfg["cuckoo"]["resultserver"] == {
"ip": "192.168.56.1",
"port": 2042,
"store_csvs": False,
"upload_max_size": 10485760,
}
assert cfg["processing"] == {
"analysisinfo": {
"enabled": True,
},
"behavior": {
"enabled": True,
},
"debug": {
"enabled": True,
},
"dropped": {
"enabled": True,
},
"network": {
"enabled": True,
},
"static": {
"enabled": True,
},
"strings": {
"enabled": True,
},
"targetinfo": {
"enabled": True,
},
"virustotal": {
"enabled": True,
"key": "a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088",
},
}
def test_migration_042_050():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(
cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = yes
analysis_timeout = 122
critical_timeout = 601
analysis_size_limit = 123456
use_sniffer = no
""")
Files.create(
cwd("conf"), "virtualbox.conf", """
[virtualbox]
path = /usr/bin/VBoxManage
timeout = 1337
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "0.4.2", "0.5.0")
assert "analysis_timeout" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["cuckoo"]["version_check"] is True
assert cfg["cuckoo"]["cuckoo"]["memory_dump"] is False
assert "analysis_size_limit" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["processing"]["analysis_size_limit"] == "123456"
assert cfg["cuckoo"]["processing"]["resolve_dns"] is True
assert cfg["cuckoo"]["database"]["connection"] is None
assert cfg["cuckoo"]["database"]["timeout"] is None
assert cfg["cuckoo"]["timeouts"]["default"] == 122
assert cfg["cuckoo"]["timeouts"]["critical"] == 601
assert cfg["cuckoo"]["timeouts"]["vm_state"] == 1337
assert "use_sniffer" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["sniffer"]["enabled"] == "no"
assert cfg["cuckoo"]["sniffer"]["tcpdump"] == "/usr/sbin/tcpdump"
assert cfg["cuckoo"]["sniffer"]["interface"] == "vboxnet0"
assert cfg["cuckoo"]["sniffer"]["bpf"] is None
assert cfg["cuckoo"]["graylog"]["enabled"] is False
assert cfg["cuckoo"]["graylog"]["host"] == "localhost"
assert cfg["cuckoo"]["graylog"]["port"] == 12201
assert cfg["cuckoo"]["graylog"]["level"] == "error"
assert "timeout" not in cfg["virtualbox"]["virtualbox"]
def test_migration_041_042():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(
cwd("conf"), "cuckoo.conf",
"[cuckoo]\ndelete_original = yes"
)
Files.create(
cwd("conf"), "virtualbox.conf",
"[virtualbox]\npath = /usr/bin/VBoxManage"
)
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "0.4.1", "0.4.2")
assert cfg["cuckoo"]["cuckoo"]["analysis_size_limit"] == 104857600
assert cfg["virtualbox"]["virtualbox"]["timeout"] == 300
assert cfg["vmware"]["vmware"]["mode"] == "gui"
assert cfg["vmware"]["vmware"]["path"] == "/usr/bin/vmrun"
assert cfg["vmware"]["vmware"]["machines"] == ["cuckoo1"]
assert cfg["vmware"]["cuckoo1"]["label"] == "../vmware-xp3.vmx,Snapshot1"
assert cfg["vmware"]["cuckoo1"]["platform"] == "windows"
assert cfg["vmware"]["cuckoo1"]["ip"] == "192.168.54.111"
def test_migration_042_050():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = yes
analysis_timeout = 122
critical_timeout = 601
analysis_size_limit = 123456
use_sniffer = no
""")
Files.create(cwd("conf"), "virtualbox.conf", """
[virtualbox]
path = /usr/bin/VBoxManage
timeout = 1337
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "0.4.2", "0.5.0")
assert "analysis_timeout" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["cuckoo"]["version_check"] is True
assert cfg["cuckoo"]["cuckoo"]["memory_dump"] is False
assert "analysis_size_limit" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["processing"]["analysis_size_limit"] == "123456"
assert cfg["cuckoo"]["processing"]["resolve_dns"] is True
assert cfg["cuckoo"]["database"]["connection"] is None
assert cfg["cuckoo"]["database"]["timeout"] is None
assert cfg["cuckoo"]["timeouts"]["default"] == 122
assert cfg["cuckoo"]["timeouts"]["critical"] == 601
assert cfg["cuckoo"]["timeouts"]["vm_state"] == 1337
assert "use_sniffer" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["sniffer"]["enabled"] == "no"
assert cfg["cuckoo"]["sniffer"]["tcpdump"] == "/usr/sbin/tcpdump"
assert cfg["cuckoo"]["sniffer"]["interface"] == "vboxnet0"
assert cfg["cuckoo"]["sniffer"]["bpf"] is None
assert cfg["cuckoo"]["graylog"]["enabled"] is False
assert cfg["cuckoo"]["graylog"]["host"] == "localhost"
assert cfg["cuckoo"]["graylog"]["port"] == 12201
assert cfg["cuckoo"]["graylog"]["level"] == "error"
assert "timeout" not in cfg["virtualbox"]["virtualbox"]
def task(task_id, options, conf, results, filename="a.txt"):
Folders.create(cwd(), ["conf", "storage"])
Folders.create(cwd("storage"), ["analyses", "binaries"])
Folders.create(cwd("storage", "analyses"), "%s" % task_id)
Folders.create(cwd("storage", "analyses", "%s" % task_id), ["reports"])
write_cuckoo_conf({
"reporting": conf,
})
task = {
"id": task_id,
"options": options,
"target": filename,
}
RunReporting(task, results).run()
def task(task_id, options, conf, results, filename="a.txt"):
Folders.create(cwd(), ["conf", "storage"])
Folders.create(cwd("storage"), ["analyses", "binaries"])
Folders.create(cwd("storage", "analyses"), "%s" % task_id)
Folders.create(cwd("storage", "analyses", "%s" % task_id), [
"reports"
])
write_cuckoo_conf({
"reporting": conf,
})
task = {
"id": task_id,
"options": options,
"target": filename,
}
RunReporting(task, results).run()
def test_extract():
o = io.BytesIO()
t = tarfile.open(fileobj=o, mode="w:gz")
a = tempfile.mktemp()
open(a, "wb").write("a")
t.add(a, "community-master/modules/signatures/a.txt")
b = tempfile.mktemp()
open(b, "wb").write("b")
t.add(b, "community-master/data/monitor/b.txt")
y = tempfile.mktemp()
open(y, "wb").write("y")
t.add(y, "community-master/data/yara/binaries/y.yar")
c = tempfile.mktemp()
open(c, "wb").write("c")
t.add(c, "community-master/agent/c.txt")
d = tempfile.mkdtemp()
Folders.create(d, "dir1")
Folders.create(d, "dir2")
Folders.create((d, "dir2"), "dir3")
Files.create((d, "dir1"), "d.txt", "d")
Files.create((d, "dir2", "dir3"), "e.txt", "e")
t.add(d, "community-master/analyzer")
t.close()
responses.add(responses.GET, URL % "master", body=o.getvalue())
set_cwd(tempfile.mkdtemp())
fetch_community()
assert open(cwd("signatures", "a.txt"), "rb").read() == "a"
assert open(cwd("monitor", "b.txt"), "rb").read() == "b"
assert open(cwd("yara", "binaries", "y.yar"), "rb").read() == "y"
assert open(cwd("agent", "c.txt"), "rb").read() == "c"
assert open(cwd("analyzer", "dir1", "d.txt"), "rb").read() == "d"
assert open(cwd("analyzer", "dir2", "dir3", "e.txt"), "rb").read() == "e"
def init(self):
"""Initialize the analysis."""
self.storage = cwd(analysis=self.task.id)
# If the analysis storage folder already exists, we need to abort the
# analysis or previous results will be overwritten and lost.
if os.path.exists(self.storage):
log.error(
"Analysis results folder already exists at path \"%s\", "
"analysis aborted", self.storage)
return False
# If we're not able to create the analysis storage folder, we have to
# abort the analysis.
# Also create all directories that the ResultServer can use for file
# uploads.
try:
Folders.create(self.storage, RESULT_DIRECTORIES)
except CuckooOperationalError:
log.error("Unable to create analysis folder %s", self.storage)
return False
self.store_task_info()
if self.task.category == "file" or self.task.category == "archive":
# Check if we have permissions to access the file.
# And fail this analysis if we don't have access to the file.
if not os.access(self.task.target, os.R_OK):
log.error(
"Unable to access target file, please check if we have "
"permissions to access the file: \"%s\"", self.task.target)
return False
# Check whether the file has been changed for some unknown reason.
# And fail this analysis if it has been modified.
# TODO Absorb the file upon submission.
sample = self.db.view_sample(self.task.sample_id)
sha256 = File(self.task.target).get_sha256()
if sha256 != sample.sha256:
log.error(
"Target file has been modified after submission: \"%s\"",
self.task.target)
return False
# Store a copy of the original file if does not exist already.
# TODO This should be done at submission time.
self.binary = cwd("storage", "binaries", sha256)
if not os.path.exists(self.binary):
try:
shutil.copy(self.task.target, self.binary)
except (IOError, shutil.Error):
log.error(
"Unable to store file from \"%s\" to \"%s\", "
"analysis aborted", self.task.target, self.binary)
return False
# Each analysis directory contains a symlink/copy of the binary.
try:
self.storage_binary = os.path.join(self.storage, "binary")
if hasattr(os, "symlink"):
os.symlink(self.binary, self.storage_binary)
else:
shutil.copy(self.binary, self.storage_binary)
except (AttributeError, OSError) as e:
log.error(
"Unable to create symlink/copy from \"%s\" to "
"\"%s\": %s", self.binary, self.storage, e)
return False
# Initiates per-task logging.
task_log_start(self.task.id)
return True
def init(self):
"""Initialize the analysis."""
self.storage = cwd(analysis=self.task.id)
# If the analysis storage folder already exists, we need to abort the
# analysis or previous results will be overwritten and lost.
if os.path.exists(self.storage):
log.error("Analysis results folder already exists at path \"%s\", "
"analysis aborted", self.storage)
return False
# If we're not able to create the analysis storage folder, we have to
# abort the analysis.
try:
Folders.create(self.storage)
except CuckooOperationalError:
log.error("Unable to create analysis folder %s", self.storage)
return False
self.store_task_info()
if self.task.category == "file" or self.task.category == "archive":
# Check if we have permissions to access the file.
# And fail this analysis if we don't have access to the file.
if not os.access(self.task.target, os.R_OK):
log.error(
"Unable to access target file, please check if we have "
"permissions to access the file: \"%s\"",
self.task.target
)
return False
# Check whether the file has been changed for some unknown reason.
# And fail this analysis if it has been modified.
# TODO Absorb the file upon submission.
sample = self.db.view_sample(self.task.sample_id)
sha256 = File(self.task.target).get_sha256()
if sha256 != sample.sha256:
log.error(
"Target file has been modified after submission: \"%s\"",
self.task.target
)
return False
# Store a copy of the original file if does not exist already.
# TODO This should be done at submission time.
self.binary = cwd("storage", "binaries", sha256)
if not os.path.exists(self.binary):
try:
shutil.copy(self.task.target, self.binary)
except (IOError, shutil.Error):
log.error(
"Unable to store file from \"%s\" to \"%s\", "
"analysis aborted", self.task.target, self.binary
)
return False
# Each analysis directory contains a symlink/copy of the binary.
try:
self.storage_binary = os.path.join(self.storage, "binary")
if hasattr(os, "symlink"):
os.symlink(self.binary, self.storage_binary)
else:
shutil.copy(self.binary, self.storage_binary)
except (AttributeError, OSError) as e:
log.error("Unable to create symlink/copy from \"%s\" to "
"\"%s\": %s", self.binary, self.storage, e)
return False
# Initiates per-task logging.
task_log_start(self.task.id)
return True
def test_cuckoo_conf(self):
Folders.create(cwd(), "conf")
write_cuckoo_conf()
def test_migration_20c2_200():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "auxiliary.conf", """
[mitm]
script = data/mitm.py
[sniffer]
tcpdump = foobar
""")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
tmppath = /tmp
freespace = 64
[routing]
route = foo
internet = bar
rt_table = main
auto_rt = no
[resultserver]
upload_max_size = 10485760
[processing]
analysis_size_limit = 104857600
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
whitelist-dns = yes
allowed-dns = 8.8.8.8
[procmemory]
enabled = yes
extract_img = yes
[virustotal]
enabled = yes
key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088
""")
Files.create(cwd("conf"), "qemu.conf", """
[qemu]
machines = vm1, vm2
[vm1]
label = vm1
kernel_path = kernelpath
[vm2]
label = vm2
kernel_path = anotherpath
""")
Files.create(cwd("conf"), "reporting.conf", """
[elasticsearch]
enabled = no
hosts = 127.0.0.1, 127.0.0.2
[mattermost]
show-virustotal = no
show-signatures = yes
show-urls = no
hash-filename = yes
[moloch]
enabled = no
[mongodb]
enables = yes
[notification]
enabled = no
[jsondump]
indent = 8
encoding = utf8
[reporthtml]
enabled = yes
""")
Files.create(cwd("conf"), "vpn.conf", """
[vpn]
enabled = yes
vpns = vpn0,vpn1
[vpn0]
name = vpn0
description = foobar
interface = tun42
rt_table = tun42
[vpn1]
name = vpn1
description = internet
interface = wow
rt_table = internet
""")
Files.create(cwd("conf"), "vsphere.conf", """
[vsphere]
interface = eth0
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "vpn" in cfg
assert "whitelist-dns" in cfg["processing"]["network"]
assert "allowed-dns" in cfg["processing"]["network"]
cfg = migrate(cfg, "2.0-rc2", "2.0.0")
assert cfg["auxiliary"]["mitm"]["script"] == "mitm.py"
assert cfg["cuckoo"]["cuckoo"]["freespace"] == 1024
assert cfg["cuckoo"]["cuckoo"]["tmppath"] is None
assert cfg["cuckoo"]["feedback"]["enabled"] is False
assert cfg["cuckoo"]["feedback"]["name"] is None
assert cfg["cuckoo"]["feedback"]["company"] is None
assert cfg["cuckoo"]["feedback"]["email"] is None
assert cfg["cuckoo"]["processing"]["analysis_size_limit"] == 128*1024*1024
assert cfg["cuckoo"]["resultserver"]["upload_max_size"] == 128*1024*1024
assert "whitelist-dns" not in cfg["processing"]["network"]
assert "allowed-dns" not in cfg["processing"]["network"]
assert cfg["processing"]["network"]["whitelist_dns"] is True
assert cfg["processing"]["procmemory"]["extract_dll"] is False
assert cfg["processing"]["network"]["allowed_dns"] == "8.8.8.8"
assert cfg["processing"]["virustotal"]["enabled"] is False
assert cfg["reporting"]["elasticsearch"]["hosts"] == [
"127.0.0.1", "127.0.0.2"
]
assert cfg["qemu"]["vm1"]["kernel"] == "kernelpath"
assert cfg["qemu"]["vm2"]["kernel"] == "anotherpath"
assert cfg["reporting"]["jsondump"]["indent"] == 8
assert "encoding" not in cfg["reporting"]["jsondump"]
assert cfg["reporting"]["notification"]["url"] is None
assert cfg["reporting"]["mattermost"]["show_virustotal"] is False
assert cfg["reporting"]["mattermost"]["show_signatures"] is True
assert cfg["reporting"]["mattermost"]["show_urls"] is False
assert cfg["reporting"]["mattermost"]["hash_filename"] is True
assert cfg["reporting"]["mattermost"]["hash_url"] is False
assert cfg["reporting"]["moloch"]["insecure"] is False
assert cfg["reporting"]["mongodb"]["username"] is None
assert cfg["reporting"]["mongodb"]["password"] is None
assert cfg["reporting"]["singlefile"]["enabled"] is True
assert cfg["reporting"]["singlefile"]["html"] is True
assert cfg["reporting"]["singlefile"]["pdf"] is False
assert "reporthtml" not in cfg["reporting"]
assert cfg["routing"]["routing"]["route"] == "foo"
assert cfg["routing"]["routing"]["internet"] == "bar"
assert cfg["routing"]["routing"]["rt_table"] == "main"
assert cfg["routing"]["routing"]["auto_rt"] is False
assert cfg["routing"]["routing"]["drop"] is False
assert cfg["routing"]["inetsim"]["enabled"] is False
assert cfg["routing"]["inetsim"]["server"] == "192.168.56.1"
assert cfg["routing"]["tor"]["enabled"] is False
assert cfg["routing"]["tor"]["dnsport"] == 5353
assert cfg["routing"]["tor"]["proxyport"] == 9040
assert cfg["routing"]["vpn"]["enabled"] is True
assert cfg["routing"]["vpn"]["vpns"] == ["vpn0", "vpn1"]
assert cfg["routing"]["vpn0"]["name"] == "vpn0"
assert cfg["routing"]["vpn0"]["description"] == "foobar"
assert cfg["routing"]["vpn0"]["interface"] == "tun42"
assert cfg["routing"]["vpn0"]["rt_table"] == "tun42"
assert cfg["routing"]["vpn1"]["name"] == "vpn1"
assert cfg["routing"]["vpn1"]["description"] == "internet"
assert cfg["routing"]["vpn1"]["interface"] == "wow"
assert cfg["routing"]["vpn1"]["rt_table"] == "internet"
assert cfg["vsphere"]["vsphere"]["unverified_ssl"] is False
assert "vpn" not in cfg
def test_migration_20c1_20c2():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "auxiliary.conf", """
[sniffer]
interface = foobar
""")
Files.create(cwd("conf"), "cuckoo.conf", """
[routing]
internet = none
[resultserver]
port = 2042
[timeouts]
critical = 600
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
enabled = yes
[procmemory]
idapro = no
[static]
enabled = yes
""")
Files.create(cwd("conf"), "reporting.conf", """
[jsondump]
enabled = yes
""")
Files.create(cwd("conf"), "vpn.conf", """
[vpn]
enabled = yes
vpns = vpn0
[vpn0]
interface = hehe
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0-rc1", "2.0-rc2")
assert cfg["auxiliary"]["reboot"]["enabled"] is True
assert cfg["cuckoo"]["routing"]["rt_table"] == "main"
assert cfg["cuckoo"]["routing"]["auto_rt"] is True
assert cfg["cuckoo"]["resultserver"]["force_port"] is False
assert cfg["cuckoo"]["timeouts"]["critical"] == 60
assert cfg["processing"]["misp"]["enabled"] is False
assert cfg["processing"]["misp"]["url"] is None
assert cfg["processing"]["misp"]["apikey"] is None
assert cfg["processing"]["misp"]["maxioc"] == 100
assert cfg["processing"]["network"]["whitelist-dns"] is False
assert cfg["processing"]["network"]["allowed-dns"] is None
assert cfg["processing"]["procmemory"]["extract_img"] is True
assert cfg["processing"]["procmemory"]["dump_delete"] is False
assert cfg["processing"]["static"]["pdf_timeout"] == 60
assert cfg["processing"]["irma"]["enabled"] is False
assert cfg["processing"]["irma"]["timeout"] == 60
assert cfg["processing"]["irma"]["scan"] is False
assert cfg["processing"]["irma"]["force"] is False
assert cfg["reporting"]["elasticsearch"]["enabled"] is False
assert cfg["reporting"]["elasticsearch"]["hosts"] == "127.0.0.1"
assert cfg["reporting"]["elasticsearch"]["calls"] is False
assert cfg["reporting"]["notification"]["enabled"] is False
assert cfg["reporting"]["notification"]["url"] is None
assert cfg["reporting"]["notification"]["identifier"] is None
assert cfg["reporting"]["mattermost"]["enabled"] is False
assert cfg["reporting"]["mattermost"]["username"] == "cuckoo"
assert cfg["vpn"]["vpn"]["enabled"] == "yes"
assert cfg["vpn"]["vpn0"]["rt_table"] == "hehe"
def test_migration_120_20c1():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "auxiliary.conf", """
[sniffer]
interface = foobar
""")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
memory_dump = off
[processing]
analysis_size_limit = 1234
[resultserver]
store_csvs = yes
[timeouts]
vm_state = 300
""")
Files.create(cwd("conf"), "esx.conf", """
[esx]
machines = analysis1
""")
Files.create(cwd("conf"), "kvm.conf", """
[kvm]
machines = analysis1
""")
Files.create(cwd("conf"), "memory.conf", """
[malfind]
enabled = yes
filter = on
""")
Files.create(cwd("conf"), "physical.conf", """
[physical]
user = username
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
enabled = yes
[virustotal]
enabled = yes
[procmemory]
enabled = no
""")
Files.create(cwd("conf"), "reporting.conf", """
[reporthtml]
enabled = yes
[mmdef]
enabled = no
[maec41]
enabled = no
[mongodb]
enabled = no
host = 127.0.0.1
port = 27017
db = cuckoo
store_memdump = no
[jsondump]
enabled = yes
""")
Files.create(cwd("conf"), "virtualbox.conf", """
[virtualbox]
mode = gui
""")
Files.create(cwd("conf"), "vmware.conf", """
[vmware]
machines = hello
[hello]
label = label
snapshot = snapshot
""")
Files.create(cwd("conf"), "xenserver.conf", """
[xenserver]
machines = cuckoo1
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "store_csvs" in cfg["cuckoo"]["resultserver"]
assert "mmdef" in cfg["reporting"]
assert "maec41" in cfg["reporting"]
cfg = migrate(cfg, "1.2.0", "2.0-rc1")
assert "interface" not in cfg["auxiliary"]["sniffer"]
assert cfg["auxiliary"]["mitm"]["enabled"] is False
assert cfg["auxiliary"]["mitm"]["mitmdump"] == "/usr/local/bin/mitmdump"
assert cfg["auxiliary"]["mitm"]["port_base"] == 50000
assert cfg["auxiliary"]["mitm"]["script"] == "data/mitm.py"
assert cfg["auxiliary"]["mitm"]["certificate"] == "bin/cert.p12"
assert cfg["auxiliary"]["services"]["enabled"] is False
assert cfg["auxiliary"]["services"]["services"] == "honeyd"
assert cfg["auxiliary"]["services"]["timeout"] == 0
assert cfg["avd"]["avd"]["mode"] == "headless"
assert cfg["avd"]["avd"]["emulator_path"] == "/home/cuckoo/android-sdk-linux/tools/emulator"
assert cfg["avd"]["avd"]["adb_path"] == "/home/cuckoo/android-sdk-linux/platform-tools/adb"
assert cfg["avd"]["avd"]["avd_path"] == "/home/cuckoo/.android/avd"
assert cfg["avd"]["avd"]["reference_machine"] == "cuckoo-bird"
assert cfg["avd"]["avd"]["machines"] == ["cuckoo1"]
assert cfg["avd"]["cuckoo1"]["label"] == "cuckoo1"
assert cfg["avd"]["cuckoo1"]["platform"] == "android"
assert cfg["avd"]["cuckoo1"]["ip"] == "127.0.0.1"
assert cfg["avd"]["cuckoo1"]["emulator_port"] == 5554
assert cfg["avd"]["cuckoo1"]["resultserver_ip"] == "10.0.2.2"
assert cfg["avd"]["cuckoo1"]["resultserver_port"] == 2042
assert cfg["cuckoo"]["cuckoo"]["max_vmstartup_count"] == 10
assert cfg["cuckoo"]["cuckoo"]["rooter"] == "/tmp/cuckoo-rooter"
assert cfg["cuckoo"]["routing"]["route"] == "none"
assert cfg["cuckoo"]["routing"]["internet"] == "none"
assert "store_csvs" not in cfg["cuckoo"]["resultserver"]
assert cfg["cuckoo"]["timeouts"]["vm_state"] == 60
assert cfg["esx"]["esx"]["interface"] == "eth0"
assert cfg["kvm"]["kvm"]["interface"] == "virbr0"
assert cfg["memory"]["sockscan"]["enabled"] is True
assert cfg["memory"]["sockscan"]["filter"] is False
assert cfg["memory"]["netscan"]["enabled"] is True
assert cfg["memory"]["netscan"]["filter"] is False
assert cfg["physical"]["physical"]["interface"] == "eth0"
assert cfg["physical"]["fog"]["hostname"] == "none"
assert cfg["physical"]["fog"]["username"] == "fog"
assert cfg["physical"]["fog"]["password"] == "password"
assert cfg["processing"]["apkinfo"]["enabled"] is False
assert cfg["processing"]["apkinfo"]["decompilation_threshold"] == 5000000
assert cfg["processing"]["baseline"]["enabled"] is False
assert cfg["processing"]["buffer"]["enabled"] is True
assert cfg["processing"]["droidmon"]["enabled"] is False
assert cfg["processing"]["dumptls"]["enabled"] is True
assert cfg["processing"]["googleplay"]["enabled"] is False
assert cfg["processing"]["googleplay"]["android_id"] is None
assert cfg["processing"]["googleplay"]["google_login"] is None
assert cfg["processing"]["googleplay"]["google_password"] is None
assert cfg["processing"]["procmemory"]["idapro"] is False
assert cfg["processing"]["screenshots"]["enabled"] is False
assert cfg["processing"]["screenshots"]["tesseract"] == "/usr/bin/tesseract"
assert cfg["processing"]["snort"]["enabled"] is False
assert cfg["processing"]["snort"]["snort"] == "/usr/local/bin/snort"
assert cfg["processing"]["snort"]["conf"] == "/etc/snort/snort.conf"
assert cfg["processing"]["suricata"]["enabled"] is False
assert cfg["processing"]["suricata"]["suricata"] == "/usr/bin/suricata"
assert cfg["processing"]["suricata"]["conf"] == "/etc/suricata/suricata.yaml"
assert cfg["processing"]["suricata"]["eve_log"] == "eve.json"
assert cfg["processing"]["suricata"]["files_log"] == "files-json.log"
assert cfg["processing"]["suricata"]["files_dir"] == "files"
assert cfg["processing"]["suricata"]["socket"] is None
assert cfg["processing"]["virustotal"]["scan"] is False
assert cfg["qemu"]["qemu"]["path"] == "/usr/bin/qemu-system-x86_64"
assert cfg["qemu"]["qemu"]["machines"] == ["vm1", "vm2"]
assert cfg["qemu"]["qemu"]["interface"] == "qemubr"
assert cfg["qemu"]["vm1"]["label"] == "vm1"
assert cfg["qemu"]["vm1"]["image"] == "/home/rep/vms/qvm_wheezy64_1.qcow2"
assert cfg["qemu"]["vm1"]["platform"] == "linux"
assert cfg["qemu"]["vm1"]["ip"] == "192.168.55.2"
assert cfg["qemu"]["vm1"]["interface"] == "qemubr"
assert cfg["qemu"]["vm1"]["resultserver_ip"] == "192.168.55.1"
assert cfg["qemu"]["vm1"]["tags"] == "debian_wheezy,64_bit"
assert cfg["qemu"]["vm2"]["label"] == "vm2"
assert cfg["qemu"]["vm2"]["image"] == "/home/rep/vms/qvm_wheezy64_1.qcow2"
assert cfg["qemu"]["vm2"]["arch"] == "mipsel"
assert cfg["qemu"]["vm2"]["kernel_path"] == "{imagepath}/vmlinux-3.16.0-4-4kc-malta-mipsel"
assert cfg["qemu"]["vm2"]["platform"] == "linux"
assert cfg["qemu"]["vm2"]["ip"] == "192.168.55.3"
assert cfg["qemu"]["vm2"]["interface"] == "qemubr"
assert cfg["qemu"]["vm2"]["tags"] == "debian_wheezy,mipsel"
assert "mmdef" not in cfg["reporting"]
assert "maec41" not in cfg["reporting"]
assert cfg["reporting"]["reporthtml"]["enabled"] is False
assert cfg["reporting"]["mongodb"]["store_memdump"] is False
assert cfg["reporting"]["mongodb"]["paginate"] == 100
assert cfg["reporting"]["moloch"]["enabled"] is False
assert cfg["virtualbox"]["virtualbox"]["mode"] == "headless"
assert cfg["virtualbox"]["virtualbox"]["interface"] == "foobar"
assert cfg["virtualbox"]["honeyd"]["label"] == "honeyd"
assert cfg["virtualbox"]["honeyd"]["platform"] == "linux"
assert cfg["virtualbox"]["honeyd"]["ip"] == "192.168.56.102"
assert cfg["virtualbox"]["honeyd"]["tags"] == "service, honeyd"
assert cfg["virtualbox"]["honeyd"]["options"] == "nictrace noagent"
assert cfg["vmware"]["vmware"]["interface"] == "virbr0"
assert cfg["vpn"]["vpn"]["enabled"] is False
assert cfg["vpn"]["vpn"]["vpns"] == "vpn0"
assert cfg["vpn"]["vpn0"]["name"] == "vpn0"
assert cfg["vpn"]["vpn0"]["description"] == "Spain, Europe"
assert cfg["vpn"]["vpn0"]["interface"] == "tun0"
assert cfg["vsphere"]["vsphere"]["host"] == "10.0.0.1"
assert cfg["vsphere"]["vsphere"]["port"] == 443
assert cfg["vsphere"]["vsphere"]["user"] == "username_goes_here"
assert cfg["vsphere"]["vsphere"]["pwd"] == "password_goes_here"
assert cfg["vsphere"]["vsphere"]["interface"] == "eth0"
assert cfg["vsphere"]["analysis1"]["label"] == "cuckoo1"
assert cfg["vsphere"]["analysis1"]["platform"] == "windows"
assert cfg["vsphere"]["analysis1"]["snapshot"] == "cuckoo_ready_running"
assert cfg["vsphere"]["analysis1"]["ip"] == "192.168.1.1"
assert cfg["xenserver"]["xenserver"]["interface"] == "virbr0"
def test_migration_110_120():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
memory_dump = off
[processing]
analysis_size_limit = 1234
""")
Files.create(cwd("conf"), "memory.conf", """
[malfind]
enabled = yes
filter = on
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
enabled = yes
[virustotal]
enabled = yes
""")
Files.create(cwd("conf"), "reporting.conf", """
[jsondump]
enabled = yes
[mongodb]
enabled = yes
host = localhost
port = 27017
[hpfclient]
enabled = yes
foo = bar
""")
Files.create(cwd("conf"), "vmware.conf", """
[vmware]
machines = hello
[hello]
label = label
snapshot = snapshot
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "hpfclient" in cfg["reporting"]
cfg = migrate(cfg, "1.1.0", "1.2.0")
assert cfg["cuckoo"]["cuckoo"]["terminate_processes"] is False
assert cfg["cuckoo"]["cuckoo"]["max_machines_count"] == 0
assert cfg["cuckoo"]["processing"]["sort_pcap"] is True
assert cfg["memory"]["yarascan"]["enabled"] is True
assert cfg["memory"]["yarascan"]["filter"] is True
assert cfg["memory"]["ssdt"]["enabled"] is True
assert cfg["memory"]["ssdt"]["filter"] is True
assert cfg["memory"]["gdt"]["enabled"] is True
assert cfg["memory"]["gdt"]["filter"] is True
assert cfg["physical"]["physical"]["machines"] == ["physical1"]
assert cfg["physical"]["physical"]["user"] == "username"
assert cfg["physical"]["physical"]["password"] == "password"
assert cfg["physical"]["physical1"]["label"] == "physical1"
assert cfg["physical"]["physical1"]["platform"] == "windows"
assert cfg["physical"]["physical1"]["ip"] == "192.168.56.101"
assert cfg["processing"]["procmemory"]["enabled"] is True
assert cfg["processing"]["virustotal"]["timeout"] == 60
assert cfg["reporting"]["jsondump"]["indent"] == 4
assert cfg["reporting"]["jsondump"]["encoding"] == "latin-1"
assert cfg["reporting"]["mongodb"]["db"] == "cuckoo"
assert cfg["reporting"]["mongodb"]["store_memdump"] is True
assert "hpfclient" not in cfg["reporting"]
assert cfg["vmware"]["hello"]["vmx_path"] == "label"
assert cfg["xenserver"]["xenserver"]["user"] == "root"
assert cfg["xenserver"]["xenserver"]["password"] == "changeme"
assert cfg["xenserver"]["xenserver"]["url"] == "https://xenserver"
assert cfg["xenserver"]["xenserver"]["machines"] == ["cuckoo1"]
assert cfg["xenserver"]["cuckoo1"]["uuid"] == "00000000-0000-0000-0000-000000000000"
assert cfg["xenserver"]["cuckoo1"]["platform"] == "windows"
assert cfg["xenserver"]["cuckoo1"]["ip"] == "192.168.54.111"
assert cfg["xenserver"]["xenserver"]["user"] == "root"
def test_migration_060_100():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
machine_manager = hello
[sniffer]
enabled = no
tcpdump = /wow/path
interface = vboxnet0
[graylog]
enabled = no
host = localhost
port = 12201
level = info
""")
Files.create(cwd("conf"), "processing.conf", """
[dropped]
enabled = yes
""")
Files.create(cwd("conf"), "reporting.conf", """
[pickled]
enabled = off
[metadata]
enabled = off
[maec11]
enabled = off
[mongodb]
enabled = on
""")
Files.create(cwd("conf"), "vmware.conf", """
[vmware]
machines = hello
[hello]
label = label,snapshot
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "machine_manager" in cfg["cuckoo"]["cuckoo"]
assert "sniffer" in cfg["cuckoo"]
assert "graylog" in cfg["cuckoo"]
assert "pickled" in cfg["reporting"]
assert "metadata" in cfg["reporting"]
assert "maec11" in cfg["reporting"]
cfg = migrate(cfg, "0.6.0", "1.0.0")
assert cfg["auxiliary"]["sniffer"]["enabled"] is False
assert cfg["auxiliary"]["sniffer"]["tcpdump"] == "/wow/path"
assert cfg["auxiliary"]["sniffer"]["interface"] == "vboxnet0"
assert cfg["cuckoo"]["cuckoo"]["delete_bin_copy"] is False
assert "machine_manager" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["cuckoo"]["machinery"] == "hello"
assert cfg["cuckoo"]["cuckoo"]["reschedule"] is False
assert cfg["cuckoo"]["cuckoo"]["process_results"] is True
assert cfg["cuckoo"]["cuckoo"]["max_analysis_count"] == 0
assert cfg["cuckoo"]["cuckoo"]["freespace"] == 64
assert "sniffer" not in cfg["cuckoo"]
assert "graylog" not in cfg["cuckoo"]
assert cfg["esx"]["esx"]["dsn"] == "esx://127.0.0.1/?no_verify=1"
assert cfg["esx"]["esx"]["username"] == "username_goes_here"
assert cfg["esx"]["esx"]["password"] == "password_goes_here"
assert cfg["esx"]["esx"]["machines"] == ["analysis1"]
assert cfg["esx"]["analysis1"]["label"] == "cuckoo1"
assert cfg["esx"]["analysis1"]["platform"] == "windows"
assert cfg["esx"]["analysis1"]["snapshot"] == "clean_snapshot"
assert cfg["esx"]["analysis1"]["ip"] == "192.168.122.105"
assert cfg["memory"]["basic"]["guest_profile"] == "WinXPSP2x86"
assert cfg["memory"]["basic"]["delete_memdump"] is False
assert cfg["memory"]["malfind"]["enabled"] is True
assert cfg["memory"]["malfind"]["filter"] is True
assert cfg["memory"]["apihooks"]["enabled"] is False
assert cfg["memory"]["apihooks"]["filter"] is True
assert cfg["memory"]["pslist"]["enabled"] is True
assert cfg["memory"]["pslist"]["filter"] is False
assert cfg["memory"]["psxview"]["enabled"] is True
assert cfg["memory"]["psxview"]["filter"] is False
assert cfg["memory"]["callbacks"]["enabled"] is True
assert cfg["memory"]["callbacks"]["filter"] is False
assert cfg["memory"]["idt"]["enabled"] is True
assert cfg["memory"]["idt"]["filter"] is False
assert cfg["memory"]["timers"]["enabled"] is True
assert cfg["memory"]["timers"]["filter"] is False
assert cfg["memory"]["messagehooks"]["enabled"] is False
assert cfg["memory"]["messagehooks"]["filter"] is False
assert cfg["memory"]["getsids"]["enabled"] is True
assert cfg["memory"]["getsids"]["filter"] is False
assert cfg["memory"]["privs"]["enabled"] is True
assert cfg["memory"]["privs"]["filter"] is False
assert cfg["memory"]["dlllist"]["enabled"] is True
assert cfg["memory"]["dlllist"]["filter"] is True
assert cfg["memory"]["handles"]["enabled"] is True
assert cfg["memory"]["handles"]["filter"] is True
assert cfg["memory"]["ldrmodules"]["enabled"] is True
assert cfg["memory"]["ldrmodules"]["filter"] is True
assert cfg["memory"]["mutantscan"]["enabled"] is True
assert cfg["memory"]["mutantscan"]["filter"] is True
assert cfg["memory"]["devicetree"]["enabled"] is True
assert cfg["memory"]["devicetree"]["filter"] is True
assert cfg["memory"]["svcscan"]["enabled"] is True
assert cfg["memory"]["svcscan"]["filter"] is True
assert cfg["memory"]["modscan"]["enabled"] is True
assert cfg["memory"]["modscan"]["filter"] is True
assert cfg["memory"]["mask"]["enabled"] is False
assert cfg["memory"]["mask"]["pid_generic"] is None
assert cfg["processing"]["memory"]["enabled"] is False
assert "pickled" not in cfg["reporting"]
assert "metadata" not in cfg["reporting"]
assert "maec11" not in cfg["reporting"]
assert cfg["reporting"]["mmdef"]["enabled"] is False
assert cfg["reporting"]["maec41"]["enabled"] is False
assert cfg["reporting"]["maec41"]["mode"] == "overview"
assert cfg["reporting"]["maec41"]["processtree"] is True
assert cfg["reporting"]["maec41"]["output_handles"] is False
assert cfg["reporting"]["maec41"]["static"] is True
assert cfg["reporting"]["maec41"]["strings"] is True
assert cfg["reporting"]["maec41"]["virustotal"] is True
assert cfg["reporting"]["mongodb"]["host"] == "127.0.0.1"
assert cfg["reporting"]["mongodb"]["port"] == 27017
assert cfg["vmware"]["vmware"]["machines"] == ["hello"]
assert cfg["vmware"]["hello"]["label"] == "label"
assert cfg["vmware"]["hello"]["snapshot"] == "snapshot"
def test_delete_folder2(self):
"""Tests folder deletion #2."""
Folders.create(self.tmp_dir, "foo")
assert os.path.exists(os.path.join(self.tmp_dir, "foo"))
Folders.delete(self.tmp_dir, "foo")
assert not os.path.exists(os.path.join(self.tmp_dir, "foo"))
def __iter__(self):
# Read until newline for file path, e.g.,
# shots/0001.jpg or files/9498687557/libcurl-4.dll.bin
dump_path = self.handler.read_newline(strip=True).replace("\\", "/")
if self.version >= 2:
filepath = self.handler.read_newline(strip=True)
pids = map(int, self.handler.read_newline(strip=True).split())
else:
filepath, pids = None, []
log.debug("File upload request for %s", dump_path)
dir_part, filename = os.path.split(dump_path)
if "./" in dump_path or not dir_part or dump_path.startswith("/"):
raise CuckooOperationalError(
"FileUpload failure, banned path: %s" % dump_path)
for restricted in self.RESTRICTED_DIRECTORIES:
if restricted in dir_part:
raise CuckooOperationalError(
"FileUpload failure, banned path.")
try:
Folders.create(self.storagepath, dir_part)
except CuckooOperationalError:
log.error("Unable to create folder %s", dir_part)
return
file_path = os.path.join(self.storagepath, dump_path)
if not file_path.startswith(self.storagepath):
raise CuckooOperationalError(
"FileUpload failure, path sanitization failed.")
if os.path.exists(file_path):
log.warning("Analyzer tried to overwrite an existing file, "
"closing connection.")
return
self.fd = open(file_path, "wb")
chunk = self.handler.read_any()
while chunk:
self.fd.write(chunk)
if self.fd.tell() >= self.upload_max_size:
log.warning(
"Uploaded file length larger than upload_max_size, "
"stopping upload.")
self.fd.write("... (truncated)")
break
try:
chunk = self.handler.read_any()
except:
break
self.lock.acquire()
with open(self.filelog, "a+b") as f:
f.write("%s\n" % json.dumps({
"path": dump_path,
"filepath": filepath,
"pids": pids,
}))
self.lock.release()
log.debug("Uploaded file length: %s", self.fd.tell())
return
yield
def test_create_invld_linux(self):
"""Test creation of a folder we can't access."""
with pytest.raises(CuckooOperationalError):
Folders.create("/invalid/directory")
