def run(self): """Run all processing modules and all signatures. @return: processing results. """ # This is the results container. It's what will be used by all the # reporting modules to make it consumable by humans and machines. # It will contain all the results generated by every processing # module available. Its structure can be observed throgh the JSON # dump in the the analysis' reports folder. # We friendly call this "fat dict". results = {} # Order modules using the user-defined sequence number. # If none is specified for the modules, they are selected in # alphabetical order. modules_list = list_plugins(group="processing") # If no modules are loaded, return an empty dictionary. if not modules_list: log.debug("No processing modules loaded") return results modules_list.sort(key=lambda module: module.order) # Run every loaded processing module. for module in modules_list: result = self._run_processing(module) # If it provided some results, append it to the big results # container. if result: results.update(result) # This will contain all the matched signatures. sigs = [] # Run every loaded signature. for signature in list_plugins(group="signatures"): match = self._run_signature(signature, results) # If the signature is matched, add it to the list. if match: sigs.append(match) # Sort the matched signatures by their severity level. sigs.sort(key=lambda key: key["severity"]) # Append the signatures to the fat dict. results["signatures"] = sigs # Return the fat dict. return results
def initialize(self): """Initialize the machine manager.""" global mmanager mmanager_name = self.cfg.cuckoo.machine_manager log.info("Using \"%s\" machine manager", mmanager_name) # Get registered class name. Only one machine manager is imported, # therefore there should be only one class in the list. plugin = list_plugins("machinemanagers")[0] # Initialize the machine manager. mmanager = plugin() # Find its configuration file. conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % mmanager_name) if not os.path.exists(conf): raise CuckooCriticalError("The configuration file for machine " "manager \"{0}\" does not exist at path: " "{1}".format(mmanager_name, conf)) # Provide a dictionary with the configuration options to the # machine manager instance. mmanager.set_options(Config(conf)) # Initialize the machine manager. mmanager.initialize(mmanager_name) # At this point all the available machines should have been identified # and added to the list. If none were found, Cuckoo needs to abort the # execution. if mmanager.machines().count() == 0: raise CuckooCriticalError("No machines available") else: log.info("Loaded %s machine/s", mmanager.machines().count())
def init_modules(): """Initializes plugins.""" log.debug("Importing modules...") # Import all processing modules. import_package(modules.processing) # Import all signatures. import_package(modules.signatures) # Import only enabled reporting modules. report_cfg = Config(cfg=os.path.join(CUCKOO_ROOT, "conf", "reporting.conf")) prefix = modules.reporting.__name__ + "." for loader, name, ispkg in pkgutil.iter_modules(modules.reporting.__path__): if ispkg: continue try: options = report_cfg.get(name) except AttributeError: log.debug("Reporting module %s not found in " "configuration file" % module_name) if not options.enabled: continue import_plugin("%s.%s" % (modules.reporting.__name__, name)) # Import machine manager. import_plugin("modules.machinemanagers.%s" % Config().cuckoo.machine_manager) for category, mods in list_plugins().items(): log.debug("Imported \"%s\" modules:" % category) for mod in mods: if mod == mods[-1]: log.debug("\t `-- %s" % mod.__name__) else: log.debug("\t |-- %s" % mod.__name__)
def run(self, results): """Generates all reports. @param results: analysis results. @raise CuckooReportError: if a report module fails. """ # In every reporting module you can specify a numeric value that # represents at which position that module should be executed among # all the available ones. It can be used in the case where a # module requires another one to be already executed beforehand. modules_list = list_plugins(group="reporting") # Return if no reporting modules are loaded. if not modules_list: log.debug("No reporting modules loaded") return modules_list.sort(key=lambda module: module.order) # Run every loaded reporting module. for module in modules_list: self._run_report(module, results)
def initialize(self): """Initialize the machine manager.""" global mmanager mmanager_name = self.cfg.cuckoo.machine_manager log.info("Using \"%s\" machine manager", mmanager_name) # Get registered class name. Only one machine manager is imported, # therefore there should be only one class in the list. plugin = list_plugins("machinemanagers")[0] # Initialize the machine manager. mmanager = plugin() # Find its configuration file. conf = os.path.join(CUCKOO_ROOT, "conf", "%s.conf" % mmanager_name) if not os.path.exists(conf): raise CuckooCriticalError( "The configuration file for machine " "manager \"{0}\" does not exist at path: " "{1}".format(mmanager_name, conf)) # Provide a dictionary with the configuration options to the # machine manager instance. mmanager.set_options(Config(conf)) # Initialize the machine manager. mmanager.initialize(mmanager_name) # At this point all the available machines should have been identified # and added to the list. If none were found, Cuckoo needs to abort the # execution. if mmanager.machines().count() == 0: raise CuckooCriticalError("No machines available") else: log.info("Loaded %s machine/s", mmanager.machines().count())