def test_clean_dropdb(p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
cuckoo_clean()
p.return_value.connect.assert_called_once()
p.return_value.drop.assert_called_once_with()
def test_rooter_client(p, q, r):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
s = p.socket.return_value
s.recv.return_value = json.dumps({
"exception": None,
"output": "thisisoutput",
})
assert rooter(
"command", "arg1", "arg2", arg3="foo", arg4="bar"
) == "thisisoutput"
s.bind.assert_called_once()
s.connect.assert_called_once_with("/tmp/cuckoo-rooter")
s.send.assert_called_once_with(json.dumps({
"command": "command",
"args": (
"arg1",
"arg2",
),
"kwargs": {
"arg3": "foo",
"arg4": "bar",
}
}))
q.acquire.assert_called_once()
q.release.assert_called_once()
def test_machine_info_empty(self):
set_cwd(tempfile.mkdtemp())
rp = RunProcessing({
"id": 1,
})
rp.populate_machine_info()
assert rp.machine == {}
def test_clean_keepdirs(p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
with open(cwd("log", "cuckoo.log"), "wb") as f:
f.write("this is a log file")
os.mkdir(cwd(analysis=1))
with open(cwd("analysis.log", analysis=1), "wb") as f:
f.write("this is also a log file")
with open(cwd("storage", "binaries", "a"*40), "wb") as f:
f.write("this is a binary file")
assert os.path.isdir(cwd("log"))
assert os.path.exists(cwd("log", "cuckoo.log"))
assert os.path.exists(cwd("storage", "analyses"))
assert os.path.exists(cwd("storage", "analyses", "1"))
assert os.path.exists(cwd("storage", "analyses", "1", "analysis.log"))
assert os.path.exists(cwd("storage", "baseline"))
assert os.path.exists(cwd("storage", "binaries"))
assert os.path.exists(cwd("storage", "binaries", "a"*40))
cuckoo_clean()
assert os.path.isdir(cwd("log"))
assert not os.path.exists(cwd("log", "cuckoo.log"))
assert os.path.exists(cwd("storage", "analyses"))
assert not os.path.exists(cwd("storage", "analyses", "1"))
assert not os.path.exists(cwd("storage", "analyses", "1", "analysis.log"))
assert os.path.exists(cwd("storage", "baseline"))
assert os.path.exists(cwd("storage", "binaries"))
assert not os.path.exists(cwd("storage", "binaries", "a"*40))
def test_bson_limit(self):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
ba = BehaviorAnalysis()
ba.set_path(cwd(analysis=1))
ba.set_task({
"id": 1,
})
mkdir(cwd(analysis=1))
mkdir(cwd("logs", analysis=1))
# 256mb should be fine, right?
with open(cwd("logs", "1.txt", analysis=1), "wb") as f:
f.write("A"*256*1024*1024)
with open(cwd("logs", "2.txt", analysis=1), "wb") as f:
f.write("A"*1024*1024)
assert ba.run() == {}
assert sorted(list(ba._enum_logs())) == [
cwd("logs", "2.txt", analysis=1),
]
def test_empty_mempath(self, p):
set_cwd(tempfile.mkdtemp())
m = Memory()
m.memory_path = Files.temp_put("")
assert m.run() is None
p.error.assert_called_once()
assert "dump empty" in p.error.call_args_list[0][0][0]
def test_plugin_enabled(self, p):
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"memory": {
"pslist": {
"enabled": True,
},
"psxview": {
"enabled": False,
},
},
})
p.return_value = 12345
m = VolatilityManager(None, "WinXPSP2x86")
assert m.vol.addr_space == 12345
assert m.enabled("pslist", []) is True
assert m.enabled("psxview", []) is False
assert m.enabled("sockscan", ["winxp"]) is True
assert m.enabled("netscan", ["vista", "win7"]) is False
m = VolatilityManager(None, "Win7SP1x64")
assert m.enabled("pslist", []) is True
assert m.enabled("psxview", []) is False
assert m.enabled("sockscan", ["winxp"]) is False
assert m.enabled("netscan", ["vista", "win7"]) is True
m = VolatilityManager(None, "Win10x64")
assert m.enabled("pslist", []) is True
assert m.enabled("psxview", []) is False
assert m.enabled("sockscan", ["winxp"]) is False
assert m.enabled("netscan", ["vista", "win7"]) is False
def test_pdf_metadata(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf-sample.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf-sample.pdf"
obj = s.run()["pdf"]
assert len(obj) == 2
assert obj[1] == {
"author": "cdaily",
"creation": "D:20000629102108+11'00'",
"creator": "Microsoft Word 8.0",
"javascript": [],
"modification": "2013-10-28T15:24:13-04:00",
"producer": "Acrobat Distiller 4.0 for Windows",
"subject": "",
"title": "This is a test PDF file",
"urls": [],
"version": 1,
}
def test_invalid_mempath(self, p):
set_cwd(tempfile.mkdtemp())
m = Memory()
m.memory_path = "notafile"
assert m.run() is None
p.error.assert_called_once()
assert "dump not found" in p.error.call_args_list[0][0][0]
def test_init_routing_vpns(p):
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"routing": {
"vpn": {
"enabled": True,
"vpns": [
"1", "2",
],
},
"1": {
"name": "1",
"interface": "tun1",
"rt_table": "main",
},
"2": {
"name": "2",
"interface": "tun2",
"rt_table": "main",
},
},
})
init_routing()
assert p.call_count == 12
p.assert_any_call("nic_available", "tun1")
p.assert_any_call("rt_available", "main")
p.assert_any_call("nic_available", "tun2")
p.assert_any_call("disable_nat", "tun1")
p.assert_any_call("disable_nat", "tun2")
p.assert_any_call("enable_nat", "tun1")
p.assert_any_call("enable_nat", "tun2")
p.assert_any_call("flush_rttable", "main")
p.assert_any_call("init_rttable", "main", "tun1")
p.assert_any_call("init_rttable", "main", "tun2")
def test_init_routing_internet_exc(p):
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"routing": {
"routing": {
"internet": "eth0",
},
},
})
def nic_notavail(cmd, arg):
return False
def rt_notavail(cmd, arg):
if cmd == "rt_available":
return False
return True
p.side_effect = nic_notavail
with pytest.raises(CuckooStartupError) as e:
init_routing()
p.assert_called_once()
e.match("configured as dirty line is not")
p.side_effect = rt_notavail
with pytest.raises(CuckooStartupError) as e:
init_routing()
e.match("routing table that has been")
def test_api_fetch_once(self, p, client):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
Database().connect()
p.return_value = {
"version": "2.0.5",
"blogposts": [{
"title": "title",
"important": False,
"oneline": "this is oneliner",
"url": "https://cuckoosandbox.org/blog/blogpost",
"date": "today or tomorrow",
}],
}
# Clear the 'updates' variable.
from cuckoo.web.controllers.cuckoo.api import updates
updates.clear()
r = client.get("/cuckoo/api/status")
assert r.status_code == 200
r = client.get("/cuckoo/api/status")
assert r.status_code == 200
r = json.loads(r.content)["data"]
assert r["latest_version"] == "2.0.5"
assert r["blogposts"] == [mock.ANY]
p.assert_called_once()
def test_init_rooter_exceptions(p):
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"routing": {
"routing": {
"internet": "eth0",
},
},
})
p.error = Exception
e = Exception()
e.strerror = "No such file or directory"
p.socket.return_value.connect.side_effect = e
with pytest.raises(CuckooStartupError) as e:
init_rooter()
e.match("different Unix socket path")
e = Exception()
e.strerror = "Connection refused"
p.socket.return_value.connect.side_effect = e
with pytest.raises(CuckooStartupError) as e:
init_rooter()
e.match("rooter is not actually running")
e = Exception()
e.strerror = "Permission denied"
p.socket.return_value.connect.side_effect = e
with pytest.raises(CuckooStartupError) as e:
init_rooter()
e.match("due to incorrect permissions")
def setup(self):
set_cwd(tempfile.mkdtemp())
self.path = tempfile.mkstemp()[1]
open(self.path, "wb").write(CONF_EXAMPLE)
self.c = Config(cfg=self.path)
def test_invalid_configuration(self):
# Explicitly want a clean CWD here.
set_cwd(tempfile.mkdtemp())
cuckoo_create()
cf = CuckooFeedback()
with pytest.raises(CuckooFeedbackError) as e:
cf.send_feedback(CuckooFeedbackObject(
name=None, email="*****@*****.**", company="foo"
))
e.match("Could not validate")
with pytest.raises(CuckooFeedbackError) as e:
cf.send_feedback(CuckooFeedbackObject(
name="foo", email=None, company="foo"
))
e.match("Could not validate")
with pytest.raises(CuckooFeedbackError) as e:
cf.send_feedback(CuckooFeedbackObject(
name="foo", email="a@b,com", company="foo"
))
e.match("Could not validate")
with pytest.raises(CuckooFeedbackError) as e:
cf.send_feedback(CuckooFeedbackObject(
name="foo", email="*****@*****.**", company=None
))
e.match("Could not validate")
def test_migration_203_204():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "processing.conf", """
[dumptls]
enabled = on
""")
Files.create(cwd("conf"), "qemu.conf", """
[qemu]
machines = ubuntu32, ubuntu64
[ubuntu32]
arch = x86
[ubuntu64]
arch = x64
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.3", "2.0.4")
assert cfg["processing"]["extracted"]["enabled"] is True
# Except for qemu.
machineries = (
"avd", "esx", "kvm", "physical", "virtualbox",
"vmware", "vsphere", "xenserver",
)
for machinery in machineries:
Files.create(
cwd("conf"), "%s.conf" % machinery, "[%s]\nmachines =" % machinery
)
assert cfg["qemu"]["ubuntu32"]["enable_kvm"] is False
assert cfg["qemu"]["ubuntu32"]["snapshot"] is None
def test_no_superfluous_conf(p):
"""Tests that upon CWD creation no superfluous configuration values are
writted out (which may happen after a configuration migration)."""
set_cwd(tempfile.mkdtemp())
cuckoo_create()
Config.from_confdir(cwd("conf"))
p.error.assert_not_called()
def test_yara_no_description():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
open(cwd("yara", "binaries", "empty.yara"), "wb").write("""
rule EmptyRule {
condition:
1
}
rule DescrRule {
meta:
description = "this is description"
condition:
1
}
""")
init_yara()
a, b = File(Files.temp_put("hello")).get_yara()
assert a["name"] == "EmptyRule"
assert a["meta"] == {
"description": "(no description)",
}
assert b["name"] == "DescrRule"
assert b["meta"] == {
"description": "this is description",
}
def test_migration_201_202():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "virtualbox.conf", """
[virtualbox]
machines = cuckoo1, cuckoo2
[cuckoo1]
platform = windows
[cuckoo2]
platform = windows
""")
# Except for virtualbox.
machineries = (
"avd", "esx", "kvm", "physical", "qemu",
"vmware", "vsphere", "xenserver",
)
for machinery in machineries:
Files.create(
cwd("conf"), "%s.conf" % machinery,
"[%s]\nmachines =" % machinery
)
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0.1", "2.0.2")
assert cfg["virtualbox"]["cuckoo1"]["osprofile"] is None
assert cfg["virtualbox"]["cuckoo2"]["osprofile"] is None
def test_cwd():
set_cwd("/tmp/foo")
assert cwd() == "/tmp/foo"
assert cwd("a") == os.path.join("/tmp/foo", "a")
assert cwd("a", "b") == os.path.join("/tmp/foo", "a", "b")
set_cwd("/home/user/.cuckoo", "~/.cuckoo")
assert cwd(raw=True) == "~/.cuckoo"
assert cwd(root=True) == "/home/user/.cuckoo"
assert cwd("dump.pcap", analysis=1234) == os.path.join(
"/home/user/.cuckoo", "storage", "analyses", "1234", "dump.pcap"
)
assert os.path.exists(cwd("guids.txt", private=True))
with pytest.raises(RuntimeError):
cwd("foo", private=False)
with pytest.raises(RuntimeError):
cwd("foo", raw=False)
with pytest.raises(RuntimeError):
cwd("foo", root=False)
with pytest.raises(RuntimeError):
cwd("foo", analysis=None)
def test_yara_offsets():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
init_yara()
buf = (
# The SSEXY payload as per vmdetect.yar
"66 0F 70 ?? ?? 66 0F DB ?? ?? ?? ?? "
"?? 66 0F DB ?? ?? ?? ?? ?? 66 0F EF "
# A VirtualBox MAC address.
"30 38 2d 30 30 2d 32 37"
)
filepath = Files.temp_put(
"A"*64 + buf.replace("??", "00").replace(" ", "").decode("hex")
)
assert File(filepath).get_yara() == [{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"ssexy": [
(64, 1),
],
"virtualbox_mac_1a": [
(88, 0),
],
},
"strings": [
"MDgtMDAtMjc=",
"Zg9wAABmD9sAAAAAAGYP2wAAAAAAZg/v",
],
}]
def test_do_not_get_exception(self):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
responses.add(responses.GET, "http://1.2.3.4:8000/", status=501)
gm = GuestManager("cuckoo1", "1.2.3.4", "windows", 1, None)
assert gm.get("/", do_raise=False).status_code == 501
def test_log_error_action():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
db.connect()
reset_logging()
init_console_logging(logging.DEBUG)
task_id = db.add_path(__file__)
assert db.view_errors(task_id) == []
logging.getLogger(__name__).error("message1", extra={
"error_action": "erroraction",
"task_id": task_id,
})
logging.getLogger(__name__).error("message2", extra={
"task_id": task_id,
})
errors = db.view_errors(task_id)
assert len(errors) == 2
assert errors[0].message == "message1"
assert errors[0].action == "erroraction"
assert errors[1].message == "message2"
assert errors[1].action is None
def test_import_confirm(self, p):
set_cwd(tempfile.mkdtemp())
p.return_value = True
dirpath = init_legacy_analyses()
os.makedirs(os.path.join(dirpath, "lib", "cuckoo", "common"))
open(os.path.join(
dirpath, "lib", "cuckoo", "common", "constants.py"
), "wb").write(constants_11_py)
shutil.copytree(
"tests/files/conf/110_plain", os.path.join(dirpath, "conf")
)
filepath = os.path.join(dirpath, "conf", "cuckoo.conf")
buf = open(filepath, "rb").read()
open(filepath, "wb").write(buf.replace(
"connection =", "connection = %s" % self.URI
))
try:
main.main(
("--cwd", cwd(), "import", dirpath), standalone_mode=False
)
except CuckooOperationalError as e:
assert "SQL database dump as the command" in e.message
assert not is_linux()
return
db = Database()
db.connect()
assert db.engine.name == self.ENGINE
assert open(cwd("logs", "a.txt", analysis=1), "rb").read() == "a"
assert config("cuckoo:database:connection") == self.URI
assert db.count_tasks() == 2
def test_import_noconfirm(self, p):
set_cwd(tempfile.mkdtemp())
p.side_effect = True, False
dirpath = init_legacy_analyses()
os.makedirs(os.path.join(dirpath, "lib", "cuckoo", "common"))
open(os.path.join(
dirpath, "lib", "cuckoo", "common", "constants.py"
), "wb").write(constants_11_py)
shutil.copytree(
"tests/files/conf/110_plain", os.path.join(dirpath, "conf")
)
filepath = os.path.join(dirpath, "conf", "cuckoo.conf")
buf = open(filepath, "rb").read()
open(filepath, "wb").write(buf.replace(
"connection =", "connection = %s" % self.URI
))
main.main(
("--cwd", cwd(), "import", dirpath), standalone_mode=False
)
db = Database()
db.connect()
assert db.engine.name == self.ENGINE
assert open(cwd("logs", "a.txt", analysis=1), "rb").read() == "a"
assert config("cuckoo:database:connection") == self.URI
assert db.count_tasks() == 2
def test_copy_folder(self):
"""Tests recursive folder copy"""
dirpath = tempfile.mkdtemp()
set_cwd(dirpath)
Folders.copy("tests/files/sample_analysis_storage", dirpath)
assert os.path.isfile("%s/reports/report.json" % dirpath)
def am_init(options={}, cfg={}):
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg=cfg)
class task(object):
def __init__(self):
self.id = 1234
self.category = "file"
self.target = __file__
self.options = options
def to_dict(self):
return Dictionary(self.__dict__)
def to_json(self):
return json.dumps(self.to_dict())
class sample(object):
sha256 = sha256_
class machine(object):
ip = "1.2.3.4"
interface = "vboxnet0"
with mock.patch("cuckoo.core.scheduler.Database") as p:
p.return_value.view_task.return_value = task()
am = AnalysisManager(1234, None)
am.machine = machine
p.return_value.view_sample.return_value = sample()
return am
def test_process_json_logging():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
init_yara()
init_logfile("process-p0.json")
def process_tasks(instance, maxcount):
logger("foo bar", action="hello.world", status="success")
with mock.patch("cuckoo.main.Database"):
with mock.patch("cuckoo.main.process_tasks") as p1:
with mock.patch("time.time") as p2:
p1.side_effect = process_tasks
p2.return_value = 1484232003
main.main(
("--cwd", cwd(), "process", "p0"), standalone_mode=False
)
assert json.load(open(cwd("log", "process-p0.json"), "rb")) == {
"asctime": mock.ANY,
"action": "hello.world",
"level": "info",
"message": "foo bar",
"status": "success",
"task_id": None,
"time": 1484232003,
}
def test_default_cwd(self, p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
with chdir(cwd()):
decide_cwd(".")
cuckoo_init(logging.INFO, self.ctx)
p.assert_called_once_with("cuckoo community")
def test_pidfile_exists_true():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
p = Pidfile("test4")
p.create()
assert p.exists() and p.pid == os.getpid()
def test_up_to_date(self, p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
migrate_cwd()
p.assert_not_called()
def test_api_status200(self, client):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
Database().connect()
r = client.get("/cuckoo/api/status")
assert r.status_code == 200
def setup(self):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
init_yara()
def setup_class(self):
set_cwd(tempfile.mkdtemp())
self.d = Database()
self.d.connect(dsn=self.URI)
def test_hardcoded_cwd_with_quote(self, p):
set_cwd(tempfile.mkdtemp("foo ' bar"))
cuckoo_create()
decide_cwd(cwd())
cuckoo_init(logging.INFO, self.ctx)
p.assert_called_once_with('cuckoo --cwd "%s" community' % cwd())
def test_hardcoded_cwd(self, p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
decide_cwd(cwd())
cuckoo_init(logging.INFO, self.ctx)
p.assert_called_once_with("cuckoo --cwd %s community" % cwd())
def test_current_community(self):
set_cwd(tempfile.mktemp())
shutil.copytree(os.path.expanduser("~/.cuckoo"), cwd())
open(cwd(".cwd"), "wb").write("somethingelse")
migrate_cwd()
def test_sniffer():
set_cwd(tempfile.mkdtemp())
s = Sniffer()
s.set_task(task)
s.set_machine(machine)
s.set_options({
"tcpdump": __file__,
"bpf": None,
})
with mock.patch("subprocess.Popen") as p:
p.return_value = BasePopen()
assert s.start() is True
user = getuser()
if user:
user = "******" % user
# Test regular setup.
command = (
"%s -U -q -s 0 -n -i interface %s-w %s "
"host 1.2.3.4 and "
"not ( dst host 1.2.3.4 and dst port 8000 ) and "
"not ( src host 1.2.3.4 and src port 8000 ) and "
"not ( dst host 1.1.1.1 and dst port 1234 ) and "
"not ( src host 1.1.1.1 and src port 1234 )" %
(__file__, user or "", cwd("storage", "analyses", "42", "dump.pcap")))
if is_windows():
p.assert_called_once_with(command.split(),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
else:
p.assert_called_once_with(command.split(),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True)
assert s.stop() is None
# Test a bpf rule.
s.options["bpf"] = "not arp"
with mock.patch("subprocess.Popen") as p:
p.return_value = BasePopen()
assert s.start() is True
if is_windows():
p.assert_called_once_with(command.split() +
["and", "(", "not arp", ")"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
else:
p.assert_called_once_with(command.split() +
["and", "(", "not arp", ")"],
close_fds=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
assert s.stop() is None
# Test an invalid executable path.
with mock.patch("os.path.exists") as p:
p.return_value = False
assert s.start() is False
# Test permission denied on tcpdump.
with mock.patch("subprocess.Popen") as p:
p.return_value = PopenPermissionDenied()
assert s.start() is True
with pytest.raises(CuckooOperationalError) as e:
assert s.stop()
e.match("the network traffic during the")
e.match("denied-for-tcpdump")
# Test stdout output from tcpdump.
with mock.patch("subprocess.Popen") as p:
p.return_value = PopenStdout()
assert s.start() is True
with pytest.raises(CuckooOperationalError) as e:
assert s.stop()
e.match("did not expect standard output")
# Test unknown stderr output from tcpdump.
with mock.patch("subprocess.Popen") as p:
p.return_value = PopenStderr()
assert s.start() is True
with pytest.raises(CuckooOperationalError) as e:
assert s.stop()
e.match("following standard error output")
# Test OSError and/or ValueError exceptions.
with mock.patch("subprocess.Popen") as p:
p.side_effect = OSError("this is awkward")
assert s.start() is False
with mock.patch("subprocess.Popen") as p:
p.side_effect = ValueError("this is awkward")
assert s.start() is False
def test_migration_20c1_20c2():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "auxiliary.conf", """
[sniffer]
interface = foobar
""")
Files.create(cwd("conf"), "cuckoo.conf", """
[routing]
internet = none
[resultserver]
port = 2042
[timeouts]
critical = 600
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
enabled = yes
[procmemory]
idapro = no
[static]
enabled = yes
""")
Files.create(cwd("conf"), "reporting.conf", """
[jsondump]
enabled = yes
""")
Files.create(cwd("conf"), "vpn.conf", """
[vpn]
enabled = yes
vpns = vpn0
[vpn0]
interface = hehe
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
cfg = migrate(cfg, "2.0-rc1", "2.0-rc2")
assert cfg["auxiliary"]["reboot"]["enabled"] is True
assert cfg["cuckoo"]["routing"]["rt_table"] == "main"
assert cfg["cuckoo"]["routing"]["auto_rt"] is True
assert cfg["cuckoo"]["resultserver"]["force_port"] is False
assert cfg["cuckoo"]["timeouts"]["critical"] == 60
assert cfg["processing"]["misp"]["enabled"] is False
assert cfg["processing"]["misp"]["url"] is None
assert cfg["processing"]["misp"]["apikey"] is None
assert cfg["processing"]["misp"]["maxioc"] == 100
assert cfg["processing"]["network"]["whitelist-dns"] is False
assert cfg["processing"]["network"]["allowed-dns"] is None
assert cfg["processing"]["procmemory"]["extract_img"] is True
assert cfg["processing"]["procmemory"]["dump_delete"] is False
assert cfg["processing"]["static"]["pdf_timeout"] == 60
assert cfg["processing"]["irma"]["enabled"] is False
assert cfg["processing"]["irma"]["timeout"] == 60
assert cfg["processing"]["irma"]["scan"] is False
assert cfg["processing"]["irma"]["force"] is False
assert cfg["reporting"]["elasticsearch"]["enabled"] is False
assert cfg["reporting"]["elasticsearch"]["hosts"] == "127.0.0.1"
assert cfg["reporting"]["elasticsearch"]["calls"] is False
assert cfg["reporting"]["notification"]["enabled"] is False
assert cfg["reporting"]["notification"]["url"] is None
assert cfg["reporting"]["notification"]["identifier"] is None
assert cfg["reporting"]["mattermost"]["enabled"] is False
assert cfg["reporting"]["mattermost"]["username"] == "cuckoo"
assert cfg["vpn"]["vpn"]["enabled"] == "yes"
assert cfg["vpn"]["vpn0"]["rt_table"] == "hehe"
def setup(self):
# File() will invoke cwd(), so any CWD is required.
set_cwd(tempfile.mkdtemp())
self.path = tempfile.mkstemp()[1]
self.file = File(self.path)
def test_migration_110_120():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
memory_dump = off
[processing]
analysis_size_limit = 1234
""")
Files.create(cwd("conf"), "memory.conf", """
[malfind]
enabled = yes
filter = on
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
enabled = yes
[virustotal]
enabled = yes
""")
Files.create(cwd("conf"), "reporting.conf", """
[jsondump]
enabled = yes
[mongodb]
enabled = yes
host = localhost
port = 27017
[hpfclient]
enabled = yes
foo = bar
""")
Files.create(cwd("conf"), "vmware.conf", """
[vmware]
machines = hello
[hello]
label = label
snapshot = snapshot
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "hpfclient" in cfg["reporting"]
cfg = migrate(cfg, "1.1.0", "1.2.0")
assert cfg["cuckoo"]["cuckoo"]["terminate_processes"] is False
assert cfg["cuckoo"]["cuckoo"]["max_machines_count"] == 0
assert cfg["cuckoo"]["processing"]["sort_pcap"] is True
assert cfg["memory"]["yarascan"]["enabled"] is True
assert cfg["memory"]["yarascan"]["filter"] is True
assert cfg["memory"]["ssdt"]["enabled"] is True
assert cfg["memory"]["ssdt"]["filter"] is True
assert cfg["memory"]["gdt"]["enabled"] is True
assert cfg["memory"]["gdt"]["filter"] is True
assert cfg["physical"]["physical"]["machines"] == ["physical1"]
assert cfg["physical"]["physical"]["user"] == "username"
assert cfg["physical"]["physical"]["password"] == "password"
assert cfg["physical"]["physical1"]["label"] == "physical1"
assert cfg["physical"]["physical1"]["platform"] == "windows"
assert cfg["physical"]["physical1"]["ip"] == "192.168.56.101"
assert cfg["processing"]["procmemory"]["enabled"] is True
assert cfg["processing"]["virustotal"]["timeout"] == 60
assert cfg["reporting"]["jsondump"]["indent"] == 4
assert cfg["reporting"]["jsondump"]["encoding"] == "latin-1"
assert cfg["reporting"]["mongodb"]["db"] == "cuckoo"
assert cfg["reporting"]["mongodb"]["store_memdump"] is True
assert "hpfclient" not in cfg["reporting"]
assert cfg["vmware"]["hello"]["vmx_path"] == "label"
assert cfg["xenserver"]["xenserver"]["user"] == "root"
assert cfg["xenserver"]["xenserver"]["password"] == "changeme"
assert cfg["xenserver"]["xenserver"]["url"] == "https://xenserver"
assert cfg["xenserver"]["xenserver"]["machines"] == ["cuckoo1"]
assert cfg["xenserver"]["cuckoo1"]["uuid"] == "00000000-0000-0000-0000-000000000000"
assert cfg["xenserver"]["cuckoo1"]["platform"] == "windows"
assert cfg["xenserver"]["cuckoo1"]["ip"] == "192.168.54.111"
assert cfg["xenserver"]["xenserver"]["user"] == "root"
def test_migration_20c2_200():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "auxiliary.conf", """
[mitm]
script = data/mitm.py
[sniffer]
tcpdump = foobar
""")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
tmppath = /tmp
freespace = 64
[routing]
route = foo
internet = bar
rt_table = main
auto_rt = no
[resultserver]
upload_max_size = 10485760
[processing]
analysis_size_limit = 104857600
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
whitelist-dns = yes
allowed-dns = 8.8.8.8
[procmemory]
enabled = yes
extract_img = yes
[virustotal]
enabled = yes
key = a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088
""")
Files.create(cwd("conf"), "qemu.conf", """
[qemu]
machines = vm1, vm2
[vm1]
label = vm1
kernel_path = kernelpath
[vm2]
label = vm2
kernel_path = anotherpath
""")
Files.create(cwd("conf"), "reporting.conf", """
[elasticsearch]
enabled = no
hosts = 127.0.0.1, 127.0.0.2
[mattermost]
show-virustotal = no
show-signatures = yes
show-urls = no
hash-filename = yes
[moloch]
enabled = no
[mongodb]
enables = yes
[notification]
enabled = no
[jsondump]
indent = 8
encoding = utf8
[reporthtml]
enabled = yes
""")
Files.create(cwd("conf"), "vpn.conf", """
[vpn]
enabled = yes
vpns = vpn0,vpn1
[vpn0]
name = vpn0
description = foobar
interface = tun42
rt_table = tun42
[vpn1]
name = vpn1
description = internet
interface = wow
rt_table = internet
""")
Files.create(cwd("conf"), "vsphere.conf", """
[vsphere]
interface = eth0
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "vpn" in cfg
assert "whitelist-dns" in cfg["processing"]["network"]
assert "allowed-dns" in cfg["processing"]["network"]
cfg = migrate(cfg, "2.0-rc2", "2.0.0")
assert cfg["auxiliary"]["mitm"]["script"] == "mitm.py"
assert cfg["cuckoo"]["cuckoo"]["freespace"] == 1024
assert cfg["cuckoo"]["cuckoo"]["tmppath"] is None
assert cfg["cuckoo"]["feedback"]["enabled"] is False
assert cfg["cuckoo"]["feedback"]["name"] is None
assert cfg["cuckoo"]["feedback"]["company"] is None
assert cfg["cuckoo"]["feedback"]["email"] is None
assert cfg["cuckoo"]["processing"]["analysis_size_limit"] == 128*1024*1024
assert cfg["cuckoo"]["resultserver"]["upload_max_size"] == 128*1024*1024
assert "whitelist-dns" not in cfg["processing"]["network"]
assert "allowed-dns" not in cfg["processing"]["network"]
assert cfg["processing"]["network"]["whitelist_dns"] is True
assert cfg["processing"]["procmemory"]["extract_dll"] is False
assert cfg["processing"]["network"]["allowed_dns"] == "8.8.8.8"
assert cfg["processing"]["virustotal"]["enabled"] is False
assert cfg["reporting"]["elasticsearch"]["hosts"] == [
"127.0.0.1", "127.0.0.2"
]
assert cfg["qemu"]["vm1"]["kernel"] == "kernelpath"
assert cfg["qemu"]["vm2"]["kernel"] == "anotherpath"
assert cfg["reporting"]["jsondump"]["indent"] == 8
assert "encoding" not in cfg["reporting"]["jsondump"]
assert cfg["reporting"]["notification"]["url"] is None
assert cfg["reporting"]["mattermost"]["show_virustotal"] is False
assert cfg["reporting"]["mattermost"]["show_signatures"] is True
assert cfg["reporting"]["mattermost"]["show_urls"] is False
assert cfg["reporting"]["mattermost"]["hash_filename"] is True
assert cfg["reporting"]["mattermost"]["hash_url"] is False
assert cfg["reporting"]["moloch"]["insecure"] is False
assert cfg["reporting"]["mongodb"]["username"] is None
assert cfg["reporting"]["mongodb"]["password"] is None
assert cfg["reporting"]["singlefile"]["enabled"] is True
assert cfg["reporting"]["singlefile"]["html"] is True
assert cfg["reporting"]["singlefile"]["pdf"] is False
assert "reporthtml" not in cfg["reporting"]
assert cfg["routing"]["routing"]["route"] == "foo"
assert cfg["routing"]["routing"]["internet"] == "bar"
assert cfg["routing"]["routing"]["rt_table"] == "main"
assert cfg["routing"]["routing"]["auto_rt"] is False
assert cfg["routing"]["routing"]["drop"] is False
assert cfg["routing"]["inetsim"]["enabled"] is False
assert cfg["routing"]["inetsim"]["server"] == "192.168.56.1"
assert cfg["routing"]["tor"]["enabled"] is False
assert cfg["routing"]["tor"]["dnsport"] == 5353
assert cfg["routing"]["tor"]["proxyport"] == 9040
assert cfg["routing"]["vpn"]["enabled"] is True
assert cfg["routing"]["vpn"]["vpns"] == ["vpn0", "vpn1"]
assert cfg["routing"]["vpn0"]["name"] == "vpn0"
assert cfg["routing"]["vpn0"]["description"] == "foobar"
assert cfg["routing"]["vpn0"]["interface"] == "tun42"
assert cfg["routing"]["vpn0"]["rt_table"] == "tun42"
assert cfg["routing"]["vpn1"]["name"] == "vpn1"
assert cfg["routing"]["vpn1"]["description"] == "internet"
assert cfg["routing"]["vpn1"]["interface"] == "wow"
assert cfg["routing"]["vpn1"]["rt_table"] == "internet"
assert cfg["vsphere"]["vsphere"]["unverified_ssl"] is False
assert "vpn" not in cfg
def test_config2_liststar():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
assert config2("qemu", "vm1").interface == "qemubr"
def test_migration_120_20c1():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "auxiliary.conf", """
[sniffer]
interface = foobar
""")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
memory_dump = off
[processing]
analysis_size_limit = 1234
[resultserver]
store_csvs = yes
[timeouts]
vm_state = 300
""")
Files.create(cwd("conf"), "esx.conf", """
[esx]
machines = analysis1
""")
Files.create(cwd("conf"), "kvm.conf", """
[kvm]
machines = analysis1
""")
Files.create(cwd("conf"), "memory.conf", """
[malfind]
enabled = yes
filter = on
""")
Files.create(cwd("conf"), "physical.conf", """
[physical]
user = username
""")
Files.create(cwd("conf"), "processing.conf", """
[network]
enabled = yes
[virustotal]
enabled = yes
[procmemory]
enabled = no
""")
Files.create(cwd("conf"), "reporting.conf", """
[reporthtml]
enabled = yes
[mmdef]
enabled = no
[maec41]
enabled = no
[mongodb]
enabled = no
host = 127.0.0.1
port = 27017
db = cuckoo
store_memdump = no
[jsondump]
enabled = yes
""")
Files.create(cwd("conf"), "virtualbox.conf", """
[virtualbox]
mode = gui
""")
Files.create(cwd("conf"), "vmware.conf", """
[vmware]
machines = hello
[hello]
label = label
snapshot = snapshot
""")
Files.create(cwd("conf"), "xenserver.conf", """
[xenserver]
machines = cuckoo1
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "store_csvs" in cfg["cuckoo"]["resultserver"]
assert "mmdef" in cfg["reporting"]
assert "maec41" in cfg["reporting"]
cfg = migrate(cfg, "1.2.0", "2.0-rc1")
assert "interface" not in cfg["auxiliary"]["sniffer"]
assert cfg["auxiliary"]["mitm"]["enabled"] is False
assert cfg["auxiliary"]["mitm"]["mitmdump"] == "/usr/local/bin/mitmdump"
assert cfg["auxiliary"]["mitm"]["port_base"] == 50000
assert cfg["auxiliary"]["mitm"]["script"] == "data/mitm.py"
assert cfg["auxiliary"]["mitm"]["certificate"] == "bin/cert.p12"
assert cfg["auxiliary"]["services"]["enabled"] is False
assert cfg["auxiliary"]["services"]["services"] == "honeyd"
assert cfg["auxiliary"]["services"]["timeout"] == 0
assert cfg["avd"]["avd"]["mode"] == "headless"
assert cfg["avd"]["avd"]["emulator_path"] == "/home/cuckoo/android-sdk-linux/tools/emulator"
assert cfg["avd"]["avd"]["adb_path"] == "/home/cuckoo/android-sdk-linux/platform-tools/adb"
assert cfg["avd"]["avd"]["avd_path"] == "/home/cuckoo/.android/avd"
assert cfg["avd"]["avd"]["reference_machine"] == "cuckoo-bird"
assert cfg["avd"]["avd"]["machines"] == ["cuckoo1"]
assert cfg["avd"]["cuckoo1"]["label"] == "cuckoo1"
assert cfg["avd"]["cuckoo1"]["platform"] == "android"
assert cfg["avd"]["cuckoo1"]["ip"] == "127.0.0.1"
assert cfg["avd"]["cuckoo1"]["emulator_port"] == 5554
assert cfg["avd"]["cuckoo1"]["resultserver_ip"] == "10.0.2.2"
assert cfg["avd"]["cuckoo1"]["resultserver_port"] == 2042
assert cfg["cuckoo"]["cuckoo"]["max_vmstartup_count"] == 10
assert cfg["cuckoo"]["cuckoo"]["rooter"] == "/tmp/cuckoo-rooter"
assert cfg["cuckoo"]["routing"]["route"] == "none"
assert cfg["cuckoo"]["routing"]["internet"] == "none"
assert "store_csvs" not in cfg["cuckoo"]["resultserver"]
assert cfg["cuckoo"]["timeouts"]["vm_state"] == 60
assert cfg["esx"]["esx"]["interface"] == "eth0"
assert cfg["kvm"]["kvm"]["interface"] == "virbr0"
assert cfg["memory"]["sockscan"]["enabled"] is True
assert cfg["memory"]["sockscan"]["filter"] is False
assert cfg["memory"]["netscan"]["enabled"] is True
assert cfg["memory"]["netscan"]["filter"] is False
assert cfg["physical"]["physical"]["interface"] == "eth0"
assert cfg["physical"]["fog"]["hostname"] == "none"
assert cfg["physical"]["fog"]["username"] == "fog"
assert cfg["physical"]["fog"]["password"] == "password"
assert cfg["processing"]["apkinfo"]["enabled"] is False
assert cfg["processing"]["apkinfo"]["decompilation_threshold"] == 5000000
assert cfg["processing"]["baseline"]["enabled"] is False
assert cfg["processing"]["buffer"]["enabled"] is True
assert cfg["processing"]["droidmon"]["enabled"] is False
assert cfg["processing"]["dumptls"]["enabled"] is True
assert cfg["processing"]["googleplay"]["enabled"] is False
assert cfg["processing"]["googleplay"]["android_id"] is None
assert cfg["processing"]["googleplay"]["google_login"] is None
assert cfg["processing"]["googleplay"]["google_password"] is None
assert cfg["processing"]["procmemory"]["idapro"] is False
assert cfg["processing"]["screenshots"]["enabled"] is False
assert cfg["processing"]["screenshots"]["tesseract"] == "/usr/bin/tesseract"
assert cfg["processing"]["snort"]["enabled"] is False
assert cfg["processing"]["snort"]["snort"] == "/usr/local/bin/snort"
assert cfg["processing"]["snort"]["conf"] == "/etc/snort/snort.conf"
assert cfg["processing"]["suricata"]["enabled"] is False
assert cfg["processing"]["suricata"]["suricata"] == "/usr/bin/suricata"
assert cfg["processing"]["suricata"]["conf"] == "/etc/suricata/suricata.yaml"
assert cfg["processing"]["suricata"]["eve_log"] == "eve.json"
assert cfg["processing"]["suricata"]["files_log"] == "files-json.log"
assert cfg["processing"]["suricata"]["files_dir"] == "files"
assert cfg["processing"]["suricata"]["socket"] is None
assert cfg["processing"]["virustotal"]["scan"] is False
assert cfg["qemu"]["qemu"]["path"] == "/usr/bin/qemu-system-x86_64"
assert cfg["qemu"]["qemu"]["machines"] == ["vm1", "vm2"]
assert cfg["qemu"]["qemu"]["interface"] == "qemubr"
assert cfg["qemu"]["vm1"]["label"] == "vm1"
assert cfg["qemu"]["vm1"]["image"] == "/home/rep/vms/qvm_wheezy64_1.qcow2"
assert cfg["qemu"]["vm1"]["platform"] == "linux"
assert cfg["qemu"]["vm1"]["ip"] == "192.168.55.2"
assert cfg["qemu"]["vm1"]["interface"] == "qemubr"
assert cfg["qemu"]["vm1"]["resultserver_ip"] == "192.168.55.1"
assert cfg["qemu"]["vm1"]["tags"] == "debian_wheezy,64_bit"
assert cfg["qemu"]["vm2"]["label"] == "vm2"
assert cfg["qemu"]["vm2"]["image"] == "/home/rep/vms/qvm_wheezy64_1.qcow2"
assert cfg["qemu"]["vm2"]["arch"] == "mipsel"
assert cfg["qemu"]["vm2"]["kernel_path"] == "{imagepath}/vmlinux-3.16.0-4-4kc-malta-mipsel"
assert cfg["qemu"]["vm2"]["platform"] == "linux"
assert cfg["qemu"]["vm2"]["ip"] == "192.168.55.3"
assert cfg["qemu"]["vm2"]["interface"] == "qemubr"
assert cfg["qemu"]["vm2"]["tags"] == "debian_wheezy,mipsel"
assert "mmdef" not in cfg["reporting"]
assert "maec41" not in cfg["reporting"]
assert cfg["reporting"]["reporthtml"]["enabled"] is False
assert cfg["reporting"]["mongodb"]["store_memdump"] is False
assert cfg["reporting"]["mongodb"]["paginate"] == 100
assert cfg["reporting"]["moloch"]["enabled"] is False
assert cfg["virtualbox"]["virtualbox"]["mode"] == "headless"
assert cfg["virtualbox"]["virtualbox"]["interface"] == "foobar"
assert cfg["virtualbox"]["honeyd"]["label"] == "honeyd"
assert cfg["virtualbox"]["honeyd"]["platform"] == "linux"
assert cfg["virtualbox"]["honeyd"]["ip"] == "192.168.56.102"
assert cfg["virtualbox"]["honeyd"]["tags"] == "service, honeyd"
assert cfg["virtualbox"]["honeyd"]["options"] == "nictrace noagent"
assert cfg["vmware"]["vmware"]["interface"] == "virbr0"
assert cfg["vpn"]["vpn"]["enabled"] is False
assert cfg["vpn"]["vpn"]["vpns"] == "vpn0"
assert cfg["vpn"]["vpn0"]["name"] == "vpn0"
assert cfg["vpn"]["vpn0"]["description"] == "Spain, Europe"
assert cfg["vpn"]["vpn0"]["interface"] == "tun0"
assert cfg["vsphere"]["vsphere"]["host"] == "10.0.0.1"
assert cfg["vsphere"]["vsphere"]["port"] == 443
assert cfg["vsphere"]["vsphere"]["user"] == "username_goes_here"
assert cfg["vsphere"]["vsphere"]["pwd"] == "password_goes_here"
assert cfg["vsphere"]["vsphere"]["interface"] == "eth0"
assert cfg["vsphere"]["analysis1"]["label"] == "cuckoo1"
assert cfg["vsphere"]["analysis1"]["platform"] == "windows"
assert cfg["vsphere"]["analysis1"]["snapshot"] == "cuckoo_ready_running"
assert cfg["vsphere"]["analysis1"]["ip"] == "192.168.1.1"
assert cfg["xenserver"]["xenserver"]["interface"] == "virbr0"
def test_venv_new_unicode(self):
set_cwd(tempfile.mkdtemp(u"a\u202eb"))
write_supervisor_conf(None)
def test_migration_060_100():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
delete_original = on
machine_manager = hello
[sniffer]
enabled = no
tcpdump = /wow/path
interface = vboxnet0
[graylog]
enabled = no
host = localhost
port = 12201
level = info
""")
Files.create(cwd("conf"), "processing.conf", """
[dropped]
enabled = yes
""")
Files.create(cwd("conf"), "reporting.conf", """
[pickled]
enabled = off
[metadata]
enabled = off
[maec11]
enabled = off
[mongodb]
enabled = on
""")
Files.create(cwd("conf"), "vmware.conf", """
[vmware]
machines = hello
[hello]
label = label,snapshot
""")
cfg = Config.from_confdir(cwd("conf"), loose=True)
assert "machine_manager" in cfg["cuckoo"]["cuckoo"]
assert "sniffer" in cfg["cuckoo"]
assert "graylog" in cfg["cuckoo"]
assert "pickled" in cfg["reporting"]
assert "metadata" in cfg["reporting"]
assert "maec11" in cfg["reporting"]
cfg = migrate(cfg, "0.6.0", "1.0.0")
assert cfg["auxiliary"]["sniffer"]["enabled"] is False
assert cfg["auxiliary"]["sniffer"]["tcpdump"] == "/wow/path"
assert cfg["auxiliary"]["sniffer"]["interface"] == "vboxnet0"
assert cfg["cuckoo"]["cuckoo"]["delete_bin_copy"] is False
assert "machine_manager" not in cfg["cuckoo"]["cuckoo"]
assert cfg["cuckoo"]["cuckoo"]["machinery"] == "hello"
assert cfg["cuckoo"]["cuckoo"]["reschedule"] is False
assert cfg["cuckoo"]["cuckoo"]["process_results"] is True
assert cfg["cuckoo"]["cuckoo"]["max_analysis_count"] == 0
assert cfg["cuckoo"]["cuckoo"]["freespace"] == 64
assert "sniffer" not in cfg["cuckoo"]
assert "graylog" not in cfg["cuckoo"]
assert cfg["esx"]["esx"]["dsn"] == "esx://127.0.0.1/?no_verify=1"
assert cfg["esx"]["esx"]["username"] == "username_goes_here"
assert cfg["esx"]["esx"]["password"] == "password_goes_here"
assert cfg["esx"]["esx"]["machines"] == ["analysis1"]
assert cfg["esx"]["analysis1"]["label"] == "cuckoo1"
assert cfg["esx"]["analysis1"]["platform"] == "windows"
assert cfg["esx"]["analysis1"]["snapshot"] == "clean_snapshot"
assert cfg["esx"]["analysis1"]["ip"] == "192.168.122.105"
assert cfg["memory"]["basic"]["guest_profile"] == "WinXPSP2x86"
assert cfg["memory"]["basic"]["delete_memdump"] is False
assert cfg["memory"]["malfind"]["enabled"] is True
assert cfg["memory"]["malfind"]["filter"] is True
assert cfg["memory"]["apihooks"]["enabled"] is False
assert cfg["memory"]["apihooks"]["filter"] is True
assert cfg["memory"]["pslist"]["enabled"] is True
assert cfg["memory"]["pslist"]["filter"] is False
assert cfg["memory"]["psxview"]["enabled"] is True
assert cfg["memory"]["psxview"]["filter"] is False
assert cfg["memory"]["callbacks"]["enabled"] is True
assert cfg["memory"]["callbacks"]["filter"] is False
assert cfg["memory"]["idt"]["enabled"] is True
assert cfg["memory"]["idt"]["filter"] is False
assert cfg["memory"]["timers"]["enabled"] is True
assert cfg["memory"]["timers"]["filter"] is False
assert cfg["memory"]["messagehooks"]["enabled"] is False
assert cfg["memory"]["messagehooks"]["filter"] is False
assert cfg["memory"]["getsids"]["enabled"] is True
assert cfg["memory"]["getsids"]["filter"] is False
assert cfg["memory"]["privs"]["enabled"] is True
assert cfg["memory"]["privs"]["filter"] is False
assert cfg["memory"]["dlllist"]["enabled"] is True
assert cfg["memory"]["dlllist"]["filter"] is True
assert cfg["memory"]["handles"]["enabled"] is True
assert cfg["memory"]["handles"]["filter"] is True
assert cfg["memory"]["ldrmodules"]["enabled"] is True
assert cfg["memory"]["ldrmodules"]["filter"] is True
assert cfg["memory"]["mutantscan"]["enabled"] is True
assert cfg["memory"]["mutantscan"]["filter"] is True
assert cfg["memory"]["devicetree"]["enabled"] is True
assert cfg["memory"]["devicetree"]["filter"] is True
assert cfg["memory"]["svcscan"]["enabled"] is True
assert cfg["memory"]["svcscan"]["filter"] is True
assert cfg["memory"]["modscan"]["enabled"] is True
assert cfg["memory"]["modscan"]["filter"] is True
assert cfg["memory"]["mask"]["enabled"] is False
assert cfg["memory"]["mask"]["pid_generic"] is None
assert cfg["processing"]["memory"]["enabled"] is False
assert "pickled" not in cfg["reporting"]
assert "metadata" not in cfg["reporting"]
assert "maec11" not in cfg["reporting"]
assert cfg["reporting"]["mmdef"]["enabled"] is False
assert cfg["reporting"]["maec41"]["enabled"] is False
assert cfg["reporting"]["maec41"]["mode"] == "overview"
assert cfg["reporting"]["maec41"]["processtree"] is True
assert cfg["reporting"]["maec41"]["output_handles"] is False
assert cfg["reporting"]["maec41"]["static"] is True
assert cfg["reporting"]["maec41"]["strings"] is True
assert cfg["reporting"]["maec41"]["virustotal"] is True
assert cfg["reporting"]["mongodb"]["host"] == "127.0.0.1"
assert cfg["reporting"]["mongodb"]["port"] == 27017
assert cfg["vmware"]["vmware"]["machines"] == ["hello"]
assert cfg["vmware"]["hello"]["label"] == "label"
assert cfg["vmware"]["hello"]["snapshot"] == "snapshot"
def setup(self):
set_cwd(tempfile.mkdtemp())
mkdir(cwd("conf"))
self.h = mock.patch("cuckoo.core.init.jinja2")
self.p = self.h.start()
self.render().return_value = ""
def test_write_configuration(self):
set_cwd(tempfile.mkdtemp())
cfg = Config.from_confdir(self.DIRPATH, loose=True)
cfg = migrate(cfg, self.VERSION)
cuckoo_create(cfg=cfg)
def test_resolve_dns(self, p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
p.return_value = "1.2.3.4"
assert Pcap(None, {})._dns_gethostbyname("google.com") != ""
def setup(self):
set_cwd(tempfile.mkdtemp())
def test_init_logging():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
init_logging(logging.DEBUG)
def test_init(p):
set_cwd(tempfile.mkdtemp())
with pytest.raises(SystemExit):
main.main(("--cwd", cwd(), "--nolog", "init"), standalone_mode=False)
p.assert_not_called()
def test_on_extract():
set_cwd(tempfile.mkdtemp())
cuckoo_create()
init_modules()
Database().connect()
mkdir(cwd(analysis=2))
cmd = Scripting().parse_command("cmd.exe /c ping 1.2.3.4")
ex = ExtractManager.for_task(2)
ex.push_script({
"pid": 1,
"first_seen": 2,
}, cmd)
results = RunProcessing(task=Dictionary({
"id": 2,
"category": "file",
"target": __file__,
})).run()
assert results["extracted"] == [{
"category":
"script",
"pid":
1,
"first_seen":
2,
"program":
"cmd",
"raw":
cwd("extracted", "0.bat", analysis=2),
"yara": [],
"info": {},
}]
class sig1(object):
name = "sig1"
@property
def matched(self):
return False
@matched.setter
def matched(self, value):
pass
def init(self):
pass
def on_signature(self):
pass
def on_complete(self):
pass
def on_yara(self):
pass
on_extract = mock.MagicMock()
rs = RunSignatures(results)
rs.signatures = sig1(),
rs.run()
sig1.on_extract.assert_called_once()
em = sig1.on_extract.call_args_list[0][0][0]
assert em.category == "script"
def setup_class(cls):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
cls.pcap = Pcap("tests/files/pcap/mixed-traffic.pcap", {}).run()
def test_machines():
set_cwd(tempfile.mkdtemp())
Folders.create(cwd(), "conf")
Files.create(cwd("conf"), "cuckoo.conf", """
[cuckoo]
machinery = virtualbox
[database]
connection =
timeout =
[resultserver]
ip = 9.8.7.6
port = 9876
""")
Files.create(cwd("conf"), "virtualbox.conf", """
[virtualbox]
machines = a, b, c
[a]
label = a
snapshot = derpa
platform = windows
ip = 1.2.3.4
[b]
label = b
snapshot = derpb
platform = windows
ip = 5.6.7.8
resultserver_ip = 7.5.3.1
[c]
label = c
snapshot = derpc
platform = windows
ip = 1.3.5.7
resultserver_port = 4242
""")
class mock(object):
port = 9001
Singleton._instances[ResultServer] = mock()
db = Database()
db.connect()
m = Machinery()
m.set_options(Config("virtualbox"))
m._initialize("virtualbox")
machines = db.list_machines()
assert len(machines) == 3
assert machines[0].label == "a"
assert machines[0].snapshot == "derpa"
assert machines[0].ip == "1.2.3.4"
assert machines[0].resultserver_ip == "9.8.7.6"
assert machines[0].resultserver_port == 9001
assert machines[1].label == "b"
assert machines[1].snapshot == "derpb"
assert machines[1].ip == "5.6.7.8"
assert machines[1].resultserver_ip == "7.5.3.1"
assert machines[1].resultserver_port == 9001
assert machines[2].label == "c"
assert machines[2].snapshot == "derpc"
assert machines[2].ip == "1.3.5.7"
assert machines[2].resultserver_ip == "9.8.7.6"
assert machines[2].resultserver_port == 4242
Singleton._instances.pop(ResultServer)
# See the file 'docs/LICENSE' for copying permission.
from __future__ import with_statement
from alembic import context
from sqlalchemy import create_engine, pool
from logging.config import fileConfig
# Interpret the config file for Python logging.
# This line sets up loggers basically.
fileConfig(context.config.config_file_name)
from cuckoo.core.database import Base, Database
from cuckoo.misc import set_cwd
set_cwd(context.get_x_argument(as_dictionary=True)["cwd"])
Database().connect(schema_check=False, create=False)
# Get database connection string from cuckoo configuration.
url = Database().engine.url.__to_string__(hide_password=False)
target_metadata = Base.metadata
def run_migrations_offline():
"""Run migrations in 'offline' mode.
This configures the context with just a URL
and not an Engine, though an Engine is acceptable
here as well. By skipping the Engine creation
we don't even need a DBAPI to be available.
Calls to context.execute() here emit the given string to the
script output.
def test_init_routing_default(p):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
init_routing()
p.assert_not_called()
def test_on_yara():
set_cwd(os.path.realpath(tempfile.mkdtemp()))
cuckoo_create()
init_modules()
shutil.copy(cwd("yara", "binaries", "vmdetect.yar"),
cwd("yara", "memory", "vmdetect.yar"))
init_yara()
mkdir(cwd(analysis=1))
open(cwd("binary", analysis=1), "wb").write("\x0f\x3f\x07\x0b")
mkdir(cwd("files", analysis=1))
open(cwd("files", "1.txt", analysis=1), "wb").write("\x56\x4d\x58\x68")
mkdir(cwd("memory", analysis=1))
open(cwd("memory", "1-0.dmp", analysis=1), "wb").write(
struct.pack("QIIII", 0x400000, 0x1000, 0, 0, 0) + "\x45\xc7\x00\x01")
Database().connect()
ExtractManager._instances = {}
results = RunProcessing(task=Dictionary({
"id": 1,
"category": "file",
"target": __file__,
})).run()
assert results["target"]["file"]["yara"][0]["offsets"] == {
"virtualpc": [(0, 0)],
}
assert results["procmemory"][0]["regions"] == [{
"addr": "0x00400000",
"end": "0x00401000",
"offset": 24,
"protect": None,
"size": 4096,
"state": 0,
"type": 0,
}]
assert results["procmemory"][0]["yara"][0]["offsets"] == {
"vmcheckdll": [(24, 0)],
}
assert results["dropped"][0]["yara"][0]["offsets"] == {
"vmware": [(0, 0)],
"vmware1": [(0, 0)],
}
class sig1(object):
name = "sig1"
@property
def matched(self):
return False
@matched.setter
def matched(self, value):
pass
def init(self):
pass
def on_signature(self, sig):
pass
def on_complete(self):
pass
def on_extract(self, match):
pass
on_yara = mock.MagicMock()
rs = RunSignatures(results)
rs.signatures = sig1(),
rs.run()
assert sig1.on_yara.call_count == 3
sig1.on_yara.assert_any_call("sample", cwd("binary", analysis=1), mock.ANY)
sig1.on_yara.assert_any_call("dropped", cwd("files", "1.txt", analysis=1),
mock.ANY)
sig1.on_yara.assert_any_call("procmem", cwd("memory",
"1-0.dmp",
analysis=1), mock.ANY)
ym = sig1.on_yara.call_args_list[0][0][2]
assert ym.offsets == {
"virtualpc": [(0, 0)],
}
assert ym.string("virtualpc", 0) == "\x0f\x3f\x07\x0b"
def test_success(self):
set_cwd(tempfile.mkdtemp())
cuckoo_create()
open(cwd("monitor", "latest"), "wb").write("A" * 40)
os.mkdir(cwd("monitor", "A" * 40))
init_binaries()
def test_unicode(self):
set_cwd(tempfile.mkdtemp(u"\u202e"))
cuckoo_create()
init_yara()
assert len(list(File.yara_rules["binaries"])) == 5
