Permalink
Browse files

Merge branch 'testing', bumped release to 0.4.1

  • Loading branch information...
2 parents 2d4b140 + 852c5b1 commit c0a9fefd40d9c1b135c3bb85932e0fd54d9ca675 @jekil jekil committed Aug 9, 2012
Showing with 1,184 additions and 228 deletions.
  1. +20 −8 agent/agent.py
  2. +4 −4 analyzer/windows/analyzer.py
  3. BIN analyzer/windows/dll/cuckoomon.dll
  4. +5 −6 cuckoo.py
  5. +18 −0 data/html/sections/file.html
  6. +12 −0 docs/CHANGELOG
  7. +2 −2 docs/book/src/conf.py
  8. +1 −1 docs/book/src/customization/reporting.rst
  9. +14 −0 docs/book/src/development/code_style.rst
  10. +28 −0 docs/book/src/finalremarks/index.rst
  11. +2 −2 docs/book/src/installation/host/requirements.rst
  12. +2 −1 docs/book/src/introduction/index.rst
  13. +1 −0 docs/book/src/usage/index.rst
  14. +58 −0 docs/book/src/usage/utilities.rst
  15. +36 −17 lib/cuckoo/common/abstracts.py
  16. +7 −1 lib/cuckoo/common/config.py
  17. +1 −1 lib/cuckoo/common/constants.py
  18. +19 −13 lib/cuckoo/common/utils.py
  19. +13 −10 lib/cuckoo/core/database.py
  20. +24 −22 lib/cuckoo/core/guest.py
  21. +87 −34 lib/cuckoo/core/processor.py
  22. +31 −16 lib/cuckoo/core/reporter.py
  23. +19 −16 lib/cuckoo/core/scheduler.py
  24. +5 −1 lib/cuckoo/core/sniffer.py
  25. +6 −3 lib/cuckoo/core/startup.py
  26. +40 −40 lib/maec/maec11.py
  27. +4 −4 modules/machinemanagers/virtualbox.py
  28. +44 −12 modules/processing/behavior.py
  29. +1 −1 modules/processing/virustotal.py
  30. +1 −1 modules/reporting/hpfclient.py
  31. +1 −1 modules/reporting/jsondump.py
  32. +1 −1 modules/reporting/maec11.py
  33. +1 −1 modules/reporting/metadata.py
  34. +2 −2 modules/reporting/mongodb.py
  35. +1 −1 modules/reporting/pickled.py
  36. +2 −2 modules/reporting/reporthtml.py
  37. +2 −1 modules/signatures/creates_exe.py
  38. +163 −0 tests/abstracts_tests.py
  39. +12 −0 tests/colors_tests.py
  40. +55 −0 tests/config_tests.py
  41. +105 −0 tests/database_tests.py
  42. +76 −0 tests/processor_tests.py
  43. +52 −0 tests/reporter_tests.py
  44. +58 −0 tests/scheduler_tests.py
  45. +17 −0 tests/sniffer_tests.py
  46. +128 −0 tests/utils_tests.py
  47. +1 −1 utils/submit.py
  48. +1 −1 utils/testreport.py
  49. +1 −1 utils/testsignatures.py
View
@@ -34,22 +34,29 @@ def __init__(self):
def _get_root(self, root="", container="cuckoo", create=True):
"""Get Cuckoo path.
- @param root: root folder.
- @param container: folder which will contain Cuckoo.
+ @param root: force root folder, don't detect it.
+ @param container: folder which will contain Cuckoo, not used root parameter is used.
@param create: create folder.
"""
if not root:
if self.system == "windows":
root = os.path.join(os.environ["SYSTEMDRIVE"] + os.sep, container)
elif self.system == "linux" or self.system == "darwin":
root = os.path.join(os.environ["HOME"], container)
+ else:
+ self.error = "Unable to detect OS system"
+ return False
if create and not os.path.exists(root):
try:
os.makedirs(root)
except OSError as e:
self.error = e
return False
+ else:
+ if not os.path.exists(root):
+ self.error = "Directory not found: %s" % root
+ return False
return root
@@ -58,7 +65,7 @@ def get_status(self):
@return: status.
"""
return CURRENT_STATUS
-
+
def get_error(self):
"""Get error message.
@return: error message.
@@ -112,8 +119,8 @@ def add_malware(self, data, name, iszip=False):
return True
def add_config(self, options):
- """Add configuration.
- @param options: configuration options.
+ """Creates analysis.cond file from current analysis options.
+ @param options: current configuration options, dict format.
@return: operation status.
"""
root = self._get_root()
@@ -131,8 +138,12 @@ def add_config(self, options):
config.set("analysis", key, value)
config_path = os.path.join(root, "analysis.conf")
- with open(config_path, "wb") as config_file:
- config.write(config_file)
+ try:
+ with open(config_path, "wb") as config_file:
+ config.write(config_file)
+ except OSError as e:
+ self.error = e
+ return False
return True
@@ -170,7 +181,8 @@ def execute(self):
return False
try:
- proc = subprocess.Popen([sys.executable, self.analyzer_path], cwd=os.path.dirname(self.analyzer_path))
+ proc = subprocess.Popen([sys.executable, self.analyzer_path],
+ cwd=os.path.dirname(self.analyzer_path))
self.analyzer_pid = proc.pid
except OSError as e:
self.error = e
@@ -215,7 +215,7 @@ def get_options(self):
try:
key, value = field.strip().split("=")
except ValueError as e:
- log.warning("Failed parsing option (%s): %s" % (field, e.message))
+ log.warning("Failed parsing option (%s): %s" % (field, e))
continue
options[key.strip()] = value.strip()
@@ -262,7 +262,7 @@ def run(self):
try:
package_class = Package.__subclasses__()[0]
except IndexError as e:
- raise CuckooError("Unable to select package class (package=%s): %s" % (package_name, e.message))
+ raise CuckooError("Unable to select package class (package=%s): %s" % (package_name, e))
pack = package_class(self.get_options())
@@ -322,11 +322,11 @@ def run(self):
except KeyboardInterrupt:
error = "Keyboard Interrupt"
except CuckooError as e:
- error = e.message
+ error = e
if len(log.handlers) > 0:
log.critical(error)
else:
- sys.stderr.write("%s\n" % e.message)
+ sys.stderr.write("%s\n" % e)
finally:
server = xmlrpclib.Server("http://127.0.0.1:8000")
if error:
Binary file not shown.
View
@@ -54,10 +54,9 @@ def main():
try:
main()
except CuckooCriticalError as e:
- if hasattr(e, "message"):
- message = "%s: %s" % (e.__class__.__name__, e.message)
- if len(log.handlers) > 0:
- log.critical(message)
- else:
- sys.stderr.write("%s\n" % message)
+ message = "%s: %s" % (e.__class__.__name__, e)
+ if len(log.handlers) > 0:
+ log.critical(message)
+ else:
+ sys.stderr.write("%s\n" % message)
sys.exit(1)
@@ -58,6 +58,24 @@
</tr>
%endif
<tr>
+ <td><strong>Yara Signatures</strong>:</td>
+ <td>
+ %if yara is not UNDEFINED:
+ %if yara:
+ <ul style="margin-bottom:0">
+ %for rule in yara:
+ <li>${rule["name"]} (${rule["meta"]["description"]})</li>
+ %endfor
+ </ul>
+ %else:
+ None matched
+ %endif
+ %else:
+ Yara signatures disabled
+ %endif
+ </td>
+ </tr>
+ <tr>
<td><strong>Antivirus Results</strong>:</td>
<td>
%if virustotal is not UNDEFINED:
View
@@ -1,5 +1,17 @@
CHANGELOG
+Cuckoo Sandbox 0.4.1 (2012-08-09)
+=================================
+
+* Added Yara signatures to HTML report
+* Replaced pyssdeep with pydeep
+* Added support for signatures' version requirements
+* Added unit tests
+* Fixed delete_original race condition
+* Fixed reconstruction of registry keys
+* Fixed logging in cuckoomon
+* Improved exception handling
+
Cuckoo Sandbox 0.4 (2012-07-24)
===============================
View
@@ -47,9 +47,9 @@
# built documents.
#
# The short X.Y version.
-version = '0.4'
+version = '0.4.1'
# The full version, including alpha/beta/rc tags.
-release = '0.4'
+release = '0.4.1'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
@@ -47,7 +47,7 @@ Following is an example of a working JSON reporting module:
report.write(json.dumps(results, sort_keys=False, indent=4))
report.close()
except (TypeError, IOError) as e:
- raise CuckooReportError("Failed to generate JSON report: %s" % e.message)
+ raise CuckooReportError("Failed to generate JSON report: %s" % e)
This code is very simple, it basically just receives the global container produced by the
processing modules, converts it into JSON and writes it to a file.
@@ -161,10 +161,24 @@ When catching an exception and accessing its handle, use ``as e``::
except Exception, something:
bar()
+It's a good practice use "e" instead of "e.message", as in the example above.
+
Documentation
=============
All code must be documented in docstring format, see `PEP 257 -- Docstring
Conventions <http://www.python.org/dev/peps/pep-0257/>`_.
Additional comments may be added in logical blocks will be results hard to
understand.
+
+Automated testing
+=================
+
+We belive in automated testing to provide high quality code and avoid dumb
+bugs.
+When possible, all code must be committed with proper unit tests. Particular
+attention must be placed when fixing bugs: it's good practice to write unit
+tests to reproduce the bug.
+All unit tests and fixtures are placed in the tests folder in the cuckoo
+root.
+We adopt `Nose <http://nose.readthedocs.org/en/latest/>`_ as unit testing framework.
@@ -27,6 +27,34 @@ official `#cuckoobox`_ channel.
.. _`official mailing list`: https://public.honeynet.org/mailman/listinfo/cuckoo
.. _`#cuckoobox`: irc://irc.freenode.net/cuckoobox
+Mailing list how to
+-------------------
+
+Cuckoo's `official mailing list`_ require registration, so you have to register
+your email address before sending mails. Please make sure you registered with
+the email address you're trying to post with.
+
+Please respect netiquette when posting, in detail:
+
+ * Before posting read the mailing list archives, read the Cuckoo blog, read
+ the documentation and Google about your issue. Stop posting questions that have
+ already been answered over and over everywhere.
+ * Posting emails saying just like "Doesn't work, help me" are completely
+ useless. If something is not working report the error, paste the logs, paste the
+ config file, paste the information on the virtual machine, paste the
+ results of the troubleshooting, give context. We are not wizards and we
+ don't have the crystal ball.
+ * Use a proper title. Stuff like "Doesn't work", "Help me", "Error" is not a
+ proper title.
+ * Tend to use `pastebin.com`_, `pastie.org`_ and similar services to paste
+ logs and configs: make the email more readable.
+ * Tend to upload your attachment to file upload services, we have a very
+ low attachment size limit.
+ * Tend to not write HTML emails.
+
+.. _`pastebin.com`: http://pastebin.com/
+.. _`pastie.org`:http://pastie.org/
+
Donations
=========
@@ -25,9 +25,9 @@ We suggest you to install all of them so that you can take advantage of the
project at its full potential.
* `Magic`_ (Highly Recommended): for identifying files' formats (otherwise use "file" command line utility)
- * `Pyssdeep`_ (Recommended): for calculating ssdeep fuzzy hash of files.
* `Dpkt`_ (Highly Recommended): for extracting relevant information from PCAP files.
* `Mako`_ (Highly Recommended): for rendering the HTML reports and the web interface.
+ * `Pydeep`_ (Optional): for calculating ssdeep fuzzy hash of files.
* `Pymongo`_ (Optional): for storing the results in a MongoDB database.
* `Yara`_ and Yara Python (Optional): for matching Yara signatures.
* `Libvirt`_ (Optional): for using the KVM module.
@@ -45,7 +45,7 @@ For the rest refer to their websites.
.. _Magic: http://www.darwinsys.com/file/
.. _Dpkt: http://code.google.com/p/dpkt/
.. _Mako: http://www.makotemplates.org
-.. _Pyssdeep: http://code.google.com/p/pyssdeep/
+.. _Pydeep: https://github.com/kbandla/pydeep
.. _Pymongo: http://pypi.python.org/pypi/pymongo/
.. _Yara: http://code.google.com/p/yara-project/
.. _Libvirt: http://www.libvirt.org
@@ -4,7 +4,8 @@ Introduction
============
This is an introductory chapter to Cuckoo Sandbox.
-It explains some basic malware analysis concepts, what's Cuckoo an how it can fit in malware analysis.
+It explains some basic malware analysis concepts, what's Cuckoo an how it can fit
+in malware analysis.
.. toctree::
@@ -11,3 +11,4 @@ This chapter explains how to use Cuckoo.
submit
packages
results
+ utilities
@@ -0,0 +1,58 @@
+=========
+Utilities
+=========
+
+Cuckoo comes with a set of pre-built utilities to automatize several common
+tasks.
+You can find them in "utils" folder.
+
+Cleanup utility
+===============
+
+If you want to delete all history, analysis, data and begin again from the first
+task you need clean.sh utility.
+
+.. note::
+
+ Running clean.sh will delete:
+ * Analyses
+ * Binaries
+ * Cuckoo task's database
+ * Cuckoo logs
+
+To clean your setup, run:
+
+ $ cd utils
+ $ sh clean.sh
+
+Submission Utility
+==================
+
+Submits sample to analysis. This tool is already described in :doc:`submit`.
+
+Web Utility
+===========
+
+Cuckoo's web interface. This tool is already described in :doc:`submit`.
+
+Test Report Utility
+===================
+
+Run the reporting engine (run all reports) on an already available analysis
+folder. So you don't need to run an analysis again to generate reports.
+This is used mainly in debugging and developing Cuckoo.
+For example if you want run again the report engine for analysis number 1:
+
+ $ cd utils
+ $ python testreport.py ../storage/analyses/1/
+
+Test Signature Utility
+======================
+
+Run the signature engine (checks all signatures) on an already available
+analysis folder. So you don't need to run an analysis again.
+This is used mainly in debugging and developing Cuckoo.
+For example if you want run again the singature engine for analysis number 1:
+
+ $ cd utils
+ $ python testsignatures.py ../storage/analyses/1/
Oops, something went wrong.

0 comments on commit c0a9fef

Please sign in to comment.