本文整理汇总了Python中lib.cuckoo.core.database.Database.view_task方法的典型用法代码示例。如果您正苦于以下问题:Python Database.view_task方法的具体用法?Python Database.view_task怎么用?Python Database.view_task使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类lib.cuckoo.core.database.Database
的用法示例。
在下文中一共展示了Database.view_task方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: run
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def run(self):
"""Run information gathering.
@return: information dict.
"""
self.key = "info"
if "started_on" not in self.task:
return dict(
version=CUCKOO_VERSION,
started="none",
ended="none",
duration=-1,
id=int(self.task["id"]),
category="unknown",
custom="unknown",
machine=None,
package="unknown"
)
if self.task.get("started_on") and self.task.get("completed_on"):
started = time.strptime(self.task["started_on"], "%Y-%m-%d %H:%M:%S")
started = datetime.fromtimestamp(time.mktime(started))
ended = time.strptime(self.task["completed_on"], "%Y-%m-%d %H:%M:%S")
ended = datetime.fromtimestamp(time.mktime(ended))
duration = (ended - started).seconds
else:
log.critical("Failed to get start/end time from Task.")
started, ended, duration = None, None, -1
db = Database()
# Fetch sqlalchemy object.
task = db.view_task(self.task["id"], details=True)
if task and task.guest:
# Get machine description.
machine = task.guest.to_dict()
# Remove superfluous fields.
del machine["task_id"]
del machine["id"]
else:
machine = None
return dict(
version=CUCKOO_VERSION,
started=self.task["started_on"],
ended=self.task.get("completed_on", "none"),
duration=duration,
id=int(self.task["id"]),
category=self.task["category"],
custom=self.task["custom"],
owner=self.task["owner"],
machine=machine,
package=self.task["package"],
platform=self.task["platform"],
options=self.task["options"],
route=self.task["route"],
)
示例2: instance
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def instance(instance):
maxcount = cfg.cuckoo.max_analysis_count
count = 0
db = Database()
try:
while not maxcount or count != maxcount:
if maxcount:
limit = min(maxcount - count, 32)
else:
limit = 32
tps = db.list_processing_tasks(instance=instance, count=limit)
# No new tasks, we can wait a small while before we query again
# for new tasks.
if not tps:
# Just make sure this instance is still available - it is not
# if the scheduler has been restarted. In that case there will
# be no records at all for this processing task.
if not db.count_processing_tasks(instance):
log.info("This instance (%s) is not available anymore, "
"stopping.", instance)
break
time.sleep(1)
continue
for tp in tps:
task = db.view_task(tp.task_id)
if task.status != TASK_COMPLETED:
log.warning("Task #%d: status (%s) is not completed, "
"ignoring", task.id, task.status)
continue
log.info("Task #%d: reporting task", task.id)
if task.category == "file":
sample = db.view_sample(task.sample_id)
copy_path = os.path.join(CUCKOO_ROOT, "storage",
"binaries", sample.sha256)
else:
copy_path = None
try:
process(task.target, copy_path, task=task.to_dict(),
report=True, auto=True)
db.set_status(task.id, TASK_REPORTED)
except Exception as e:
log.exception("Task #%d: error reporting: %s", task.id, e)
db.set_status(task.id, TASK_FAILED_PROCESSING)
db.delete_processing_task(tp)
except KeyboardInterrupt:
raise
except Exception as e:
log.exception("Caught unknown exception: %s", e)
示例3: unschedule
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def unschedule(request, task_id):
db = Database()
task = db.view_task(task_id)
if task.status == TASK_SCHEDULED:
db.set_status(task_id, TASK_UNSCHEDULED)
return render_to_response("success.html",
{"message": "Task unscheduled, thanks for all the fish."},
context_instance=RequestContext(request))
示例4: run
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def run(self):
"""Run information gathering.
@return: information dict.
"""
self.key = "info"
if not "started_on" in self.task:
return dict(
version=CUCKOO_VERSION,
started="none",
ended="none",
duration="none",
id=int(self.task["id"]),
category="unknown",
custom="unknown",
machine=None,
package="unknown"
)
try:
started = time.strptime(self.task["started_on"], "%Y-%m-%d %H:%M:%S")
started = datetime.fromtimestamp(time.mktime(started))
ended = time.strptime(self.task["completed_on"], "%Y-%m-%d %H:%M:%S")
ended = datetime.fromtimestamp(time.mktime(ended))
except:
log.critical("Failed to get start/end time from Task.")
duration = -1
else:
duration = (ended - started).seconds
db = Database()
# Fetch sqlalchemy object.
task = db.view_task(self.task["id"], details=True)
if task and task.guest:
# Get machine description.
machine = task.guest.to_dict()
# Remove useless task_id.
del machine["task_id"]
else:
machine = None
return dict(
version=CUCKOO_VERSION,
started=self.task["started_on"],
ended=self.task.get("completed_on", "none"),
duration=duration,
id=int(self.task["id"]),
category=self.task["category"],
custom=self.task["custom"],
machine=machine,
package=self.task["package"]
)
示例5: run
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def run(self):
"""Run information gathering.
@return: information dict.
"""
self.key = "info"
try:
started = time.strptime(self.task["started_on"], "%Y-%m-%d %H:%M:%S")
started = datetime.fromtimestamp(time.mktime(started))
ended = time.strptime(self.task["completed_on"], "%Y-%m-%d %H:%M:%S")
ended = datetime.fromtimestamp(time.mktime(ended))
except:
log.critical("Failed to get start/end time from Task.")
duration = -1
else:
duration = (ended - started).seconds
db = Database()
# Fetch sqlalchemy object.
task = db.view_task(self.task["id"], details=True)
if task and task.guest:
# Get machine description ad json.
machine = task.guest.to_dict()
# Remove useless task_id.
del(machine["task_id"])
# Save.
self.task["machine"] = machine
return dict(
version=CUCKOO_VERSION,
started=self.task["started_on"],
ended=self.task.get("completed_on", "none"),
duration=duration,
id=int(self.task["id"]),
category=self.task["category"],
custom=self.task["custom"],
machine=self.task["machine"],
package=self.get_package(),
timeout=self.had_timeout(),
shrike_url=self.task["shrike_url"],
shrike_refer=self.task["shrike_refer"],
shrike_msg=self.task["shrike_msg"],
shrike_sid=self.task["shrike_sid"],
parent_id=self.task["parent_id"],
options=self.get_options(self.task["options"])
)
示例6: instance
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def instance(instance):
maxcount = cfg.cuckoo.max_analysis_count
count = 0
db = Database()
# There's a good chance MySQL also works, though.
if db.engine.name != "postgresql":
sys.exit("Due to SQL limitations utils/process2.py currently only "
"supports PostgreSQL.")
try:
while not maxcount or count != maxcount:
task_id = db.processing_get_task(instance)
# Wait a small while before trying to fetch a new task.
if task_id is None:
time.sleep(1)
continue
task = db.view_task(task_id)
log.info("Task #%d: reporting task", task.id)
if task.category == "file":
sample = db.view_sample(task.sample_id)
copy_path = os.path.join(CUCKOO_ROOT, "storage",
"binaries", sample.sha256)
else:
copy_path = None
try:
process(task.target, copy_path, task=task.to_dict(),
report=True, auto=True)
db.set_status(task.id, TASK_REPORTED)
except Exception as e:
log.exception("Task #%d: error reporting: %s", task.id, e)
db.set_status(task.id, TASK_FAILED_PROCESSING)
except Exception as e:
log.exception("Caught unknown exception: %s", e)
示例7: terminate
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def terminate(request, task_id):
db = Database()
task = db.view_task(task_id)
db.delete_task(task_id)
if task.status != TASK_PENDING:
task_running = db.list_tasks(experiment=task.experiment_id, status=TASK_RUNNING)
if task_running:
# Ask the task to free the vm once done
task_running.repeat = TASK_SINGLE
else:
# Free the vm assigned to this experiment
db.unlock_machine_by_experiment(task.experiment_id)
if len(db.list_tasks(experiment=task.experiment_id)) == 0:
# No tasks attached to this experiment, no need to keep the experiment
db.delete_experiment(task.experiment_id)
return render_to_response("success.html",
{"message": "Task terminated, thanks for all the fish."},
context_instance=RequestContext(request))
示例8: run
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def run(self):
"""Run information gathering.
@return: information dict.
"""
self.key = "info"
db = Database()
dbtask = db.view_task(self.task["id"], details=True)
if dbtask:
task = dbtask.to_dict()
else:
# task is gone from the database
if os.path.isfile(self.taskinfo_path):
# we've got task.json, so grab info from there
task = json_decode(open(self.taskinfo_path).read())
else:
# we don't have any info on the task :(
emptytask = Task()
emptytask.id = self.task["id"]
task = emptytask.to_dict()
return dict(
version=CUCKOO_VERSION,
started=task["started_on"],
ended=task.get("completed_on", "none"),
duration=task.get("duration", -1),
id=int(task["id"]),
category=task["category"],
custom=task["custom"],
owner=task["owner"],
machine=task["guest"],
package=task["package"],
platform=task["platform"],
options=task["options"],
route=task["route"],
)
示例9: AnalysisManager
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
#.........这里部分代码省略.........
# not turned dead yet.
machinery.release(self.machine.label)
except CuckooMachineError as e:
log.error("Unable to release machine %s, reason %s. "
"You might need to restore it manually.",
self.machine.label, e)
return succeeded
def process_results(self):
"""Process the analysis results and generate the enabled reports."""
results = RunProcessing(task=self.task.to_dict()).run()
RunSignatures(results=results).run()
RunReporting(task=self.task.to_dict(), results=results).run()
# If the target is a file and the user enabled the option,
# delete the original copy.
if self.task.category == "file" and self.cfg.cuckoo.delete_original:
if not os.path.exists(self.task.target):
log.warning("Original file does not exist anymore: \"%s\": "
"File not found.", self.task.target)
else:
try:
os.remove(self.task.target)
except OSError as e:
log.error("Unable to delete original file at path "
"\"%s\": %s", self.task.target, e)
# If the target is a file and the user enabled the delete copy of
# the binary option, then delete the copy.
if self.task.category == "file" and self.cfg.cuckoo.delete_bin_copy:
if not os.path.exists(self.binary):
log.warning("Copy of the original file does not exist anymore: \"%s\": File not found", self.binary)
else:
try:
os.remove(self.binary)
except OSError as e:
log.error("Unable to delete the copy of the original file at path \"%s\": %s", self.binary, e)
log.info("Task #%d: reports generation completed (path=%s)",
self.task.id, self.storage)
return True
def run(self):
"""Run manager thread."""
global active_analysis_count
active_analysis_count += 1
try:
while True:
try:
success = self.launch_analysis()
except CuckooDeadMachine:
continue
break
self.db.set_status(self.task.id, TASK_COMPLETED)
# If the task is still available in the database, update our task
# variable with what's in the database, as otherwise we're missing
# out on the status and completed_on change. This would then in
# turn thrown an exception in the analysisinfo processing module.
self.task = self.db.view_task(self.task.id) or self.task
log.debug("Released database task #%d with status %s",
self.task.id, success)
if self.cfg.cuckoo.process_results:
self.process_results()
self.db.set_status(self.task.id, TASK_REPORTED)
# We make a symbolic link ("latest") which links to the latest
# analysis - this is useful for debugging purposes. This is only
# supported under systems that support symbolic links.
if hasattr(os, "symlink"):
latest = os.path.join(CUCKOO_ROOT, "storage",
"analyses", "latest")
# First we have to remove the existing symbolic link, then we
# have to create the new one.
# Deal with race conditions using a lock.
latest_symlink_lock.acquire()
try:
# As per documentation, lexists() returns True for dead
# symbolic links.
if os.path.lexists(latest):
os.remove(latest)
os.symlink(self.storage, latest)
except OSError as e:
log.warning("Error pointing latest analysis symlink: %s" % e)
finally:
latest_symlink_lock.release()
log.info("Task #%d: analysis procedure completed", self.task.id)
except:
log.exception("Failure in AnalysisManager.run")
active_analysis_count -= 1
示例10: AnalysisManager
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
class AnalysisManager(threading.Thread):
"""Analysis Manager.
This class handles the full analysis process for a given task. It takes
care of selecting the analysis machine, preparing the configuration and
interacting with the guest agent and analyzer components to launch and
complete the analysis and store, process and report its results.
"""
def __init__(self, task_id, error_queue):
"""@param task: task object containing the details for the analysis."""
threading.Thread.__init__(self)
self.errors = error_queue
self.cfg = Config()
self.storage = ""
self.binary = ""
self.machine = None
self.db = Database()
self.task = self.db.view_task(task_id)
self.interface = None
self.rt_table = None
def init_storage(self):
"""Initialize analysis storage folder."""
self.storage = os.path.join(CUCKOO_ROOT,
"storage",
"analyses",
str(self.task.id))
# If the analysis storage folder already exists, we need to abort the
# analysis or previous results will be overwritten and lost.
if os.path.exists(self.storage):
log.error("Analysis results folder already exists at path \"%s\","
" analysis aborted", self.storage)
return False
# If we're not able to create the analysis storage folder, we have to
# abort the analysis.
try:
create_folder(folder=self.storage)
except CuckooOperationalError:
log.error("Unable to create analysis folder %s", self.storage)
return False
return True
def check_file(self):
"""Checks the integrity of the file to be analyzed."""
sample = self.db.view_sample(self.task.sample_id)
sha256 = File(self.task.target).get_sha256()
if sha256 != sample.sha256:
log.error("Target file has been modified after submission: \"%s\"", self.task.target)
return False
return True
def store_file(self):
"""Store a copy of the file being analyzed."""
if not os.path.exists(self.task.target):
log.error("The file to analyze does not exist at path \"%s\", "
"analysis aborted", self.task.target)
return False
sha256 = File(self.task.target).get_sha256()
self.binary = os.path.join(CUCKOO_ROOT, "storage", "binaries", sha256)
if os.path.exists(self.binary):
log.info("File already exists at \"%s\"", self.binary)
else:
# TODO: do we really need to abort the analysis in case we are not
# able to store a copy of the file?
try:
shutil.copy(self.task.target, self.binary)
except (IOError, shutil.Error) as e:
log.error("Unable to store file from \"%s\" to \"%s\", "
"analysis aborted", self.task.target, self.binary)
return False
try:
new_binary_path = os.path.join(self.storage, "binary")
if hasattr(os, "symlink"):
os.symlink(self.binary, new_binary_path)
else:
shutil.copy(self.binary, new_binary_path)
except (AttributeError, OSError) as e:
log.error("Unable to create symlink/copy from \"%s\" to "
"\"%s\": %s", self.binary, self.storage, e)
return True
def store_task_info(self):
"""grab latest task from db (if available) and update self.task"""
dbtask = self.db.view_task(self.task.id)
self.task = dbtask.to_dict()
#.........这里部分代码省略.........
示例11: search
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def search(request):
if "search" not in request.POST:
return render_to_response("analysis/search.html",
{"analyses": None,
"term": None,
"error": None},
context_instance=RequestContext(request))
search = request.POST["search"].strip()
if ":" in search:
term, value = search.split(":", 1)
else:
term, value = "", search
if term:
# Check on search size.
if len(value) < 3:
return render_to_response("analysis/search.html",
{"analyses": None,
"term": request.POST["search"],
"error": "Search term too short, minimum 3 characters required"},
context_instance=RequestContext(request))
# name:foo or name: foo
value = value.lstrip()
# Search logic.
if term == "name":
records = results_db.analysis.find({"target.file.name": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "type":
records = results_db.analysis.find({"target.file.type": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "string":
records = results_db.analysis.find({"strings": {"$regex": value, "$options": "-1"}}).sort([["_id", -1]])
elif term == "ssdeep":
records = results_db.analysis.find({"target.file.ssdeep": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "crc32":
records = results_db.analysis.find({"target.file.crc32": value}).sort([["_id", -1]])
elif term == "file":
records = results_db.analysis.find({"behavior.summary.files": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "key":
records = results_db.analysis.find({"behavior.summary.keys": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "mutex":
records = results_db.analysis.find({"behavior.summary.mutexes": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "domain":
records = results_db.analysis.find({"network.domains.domain": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "ip":
records = results_db.analysis.find({"network.hosts": value}).sort([["_id", -1]])
elif term == "signature":
records = results_db.analysis.find({"signatures.description": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "url":
records = results_db.analysis.find({"target.url": value}).sort([["_id", -1]])
elif term == "imphash":
records = results_db.analysis.find({"static.pe_imphash": value}).sort([["_id", -1]])
else:
return render_to_response("analysis/search.html",
{"analyses": None,
"term": request.POST["search"],
"error": "Invalid search term: %s" % term},
context_instance=RequestContext(request))
else:
value = value.lower()
if re.match(r"^([a-fA-F\d]{32})$", value):
records = results_db.analysis.find({"target.file.md5": value}).sort([["_id", -1]])
elif re.match(r"^([a-fA-F\d]{40})$", value):
records = results_db.analysis.find({"target.file.sha1": value}).sort([["_id", -1]])
elif re.match(r"^([a-fA-F\d]{64})$", value):
records = results_db.analysis.find({"target.file.sha256": value}).sort([["_id", -1]])
elif re.match(r"^([a-fA-F\d]{128})$", value):
records = results_db.analysis.find({"target.file.sha512": value}).sort([["_id", -1]])
else:
return render_to_response("analysis/search.html",
{"analyses": None,
"term": None,
"error": "Unable to recognize the search syntax"},
context_instance=RequestContext(request))
# Get data from cuckoo db.
db = Database()
analyses = []
for result in records:
new = db.view_task(result["info"]["id"])
if not new:
continue
new = new.to_dict()
if result["info"]["category"] == "file":
if new["sample_id"]:
sample = db.view_sample(new["sample_id"])
if sample:
new["sample"] = sample.to_dict()
analyses.append(new)
return render_to_response("analysis/search.html",
{"analyses": analyses,
"term": request.POST["search"],
"error": None},
#.........这里部分代码省略.........
示例12: __init__
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
#.........这里部分代码省略.........
transition)
if msg is not None:
try:
connection.send(str(msg))
print ">>> SENDING msg of length {}".format(len(msg))
if len(msg) < 5000:
deco = '#'*80
print "{}\n{}\n{}".format(deco, msg, deco)
except socket.error as e:
print "socket: {} in send operation".format(e)
connection.close()
break
######## Sandbox Related Functions ########
def _run_sample(self):
self.task_id = self.db.add_path(self.bin_name)
print "Running binary in sandbox with ID {}:\n{}".format(self.task_id,
self.bin_name)
######## Tracking Functions ########
def _termination_check(self):
print ">>> CHECKING FOR TERMINATED EXECUTION"
terminated = ""
# verify termination with cuckoo output
if self.cuckoo_session:
# wait until result from execution is stored in db
for i in range(self.timer_termination):
time.sleep(1)
print "."
try:
task = self.db.view_task(self.task_id)
except AttributeError:
print "Err: The cuckoo interface is active but no " \
"cuckoo task has been found! You may consider " \
"setting cuckoo_session to 0 in fuzzer.conf"
sys.exit()
if task.completed_on:
terminated = True
print "Sample execution is terminated!"
else:
return
# verify termination manually
else:
while terminated == "":
inp = raw_input('Connection terminated? [y/n]: ')
if inp == 'y':
terminated = True
elif inp == 'n':
terminated = False
if terminated:
self.status = FUZZ_STATUS_TERMINATED
def _crash_check(self):
""" Set fuzzing status according to result of
last fuzzing input. This function should be read the exit
code of the sample from the sandbox report.
"""
print ">>> CHECKING FOR CRASH"
crash = ""
if self.cuckoo_session:
task = self.db.view_task(self.task_id)
if task.status == "reported":
#fuzzer_path = os.path.dirname(os.path.realpath(__file__))
示例13: AnalysisManager
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
#.........这里部分代码省略.........
)
else:
try:
os.remove(self.binary)
except OSError as e:
log.error("Task #{0}: Unable to delete the copy of the original file at path "
"'{1}': {2}".format(self.task.id, self.binary, e))
log.info("Task #{0}: reports generation completed (path={1})".format(
self.task.id, self.storage)
)
return True
def run(self):
"""Run manager thread."""
global active_analysis_count
active_analysis_count += 1
try:
while True:
try:
success = self.launch_analysis()
except CuckooDeadMachine:
continue
break
self.db.set_status(self.task.id, TASK_COMPLETED)
# If the task is still available in the database, update our task
# variable with what's in the database, as otherwise we're missing
# out on the status and completed_on change. This would then in
# turn thrown an exception in the analysisinfo processing module.
self.task = self.db.view_task(self.task.id) or self.task
log.debug("Task #{0}: Released database task with status {1}".format(self.task.id, success))
if self.cfg.cuckoo.process_results:
self.process_results()
self.db.set_status(self.task.id, TASK_REPORTED)
# We make a symbolic link ("latest") which links to the latest
# analysis - this is useful for debugging purposes. This is only
# supported under systems that support symbolic links.
if hasattr(os, "symlink"):
latest = os.path.join(CUCKOO_ROOT, "storage",
"analyses", "latest")
# First we have to remove the existing symbolic link, then we
# have to create the new one.
# Deal with race conditions using a lock.
latest_symlink_lock.acquire()
try:
# As per documentation, lexists() returns True for dead
# symbolic links.
if os.path.lexists(latest):
os.remove(latest)
os.symlink(self.storage, latest)
except OSError as e:
log.warning("Task #{0}: Error pointing latest analysis symlink: {1}".format(self.task.id, e))
finally:
latest_symlink_lock.release()
log.info("Task #{0}: analysis procedure completed".format(self.task.id))
except Exception as e:
示例14: search
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def search(request):
if "search" in request.POST:
error = None
try:
term, value = request.POST["search"].strip().split(":", 1)
except ValueError:
term = ""
value = request.POST["search"].strip()
if term:
# Check on search size.
if len(value) < 3:
return render_to_response("analysis/search.html",
{"analyses": None,
"term": request.POST["search"],
"error": "Search term too short, minimum 3 characters required"},
context_instance=RequestContext(request))
# name:foo or name: foo
value = value.lstrip()
# Search logic.
if term == "name":
records = results_db.analysis.find({"target.file.name": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "type":
records = results_db.analysis.find({"target.file.type": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "string":
records = results_db.analysis.find({"strings" : {"$regex" : value, "$options" : "-1"}}).sort([["_id", -1]])
elif term == "ssdeep":
records = results_db.analysis.find({"target.file.ssdeep": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "crc32":
records = results_db.analysis.find({"target.file.crc32": value}).sort([["_id", -1]])
elif term == "file":
records = results_db.analysis.find({"behavior.summary.files": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "key":
records = results_db.analysis.find({"behavior.summary.keys": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "mutex":
records = results_db.analysis.find({"behavior.summary.mutexes": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "domain":
records = results_db.analysis.find({"network.domains.domain": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "ip":
records = results_db.analysis.find({"network.hosts.ip": value}).sort([["_id", -1]])
elif term == "signature":
records = results_db.analysis.find({"signatures.description": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "signame":
records = results_db.analysis.find({"signatures.name": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "url":
records = results_db.analysis.find({"target.url": value}).sort([["_id", -1]])
elif term == "imphash":
records = results_db.analysis.find({"static.pe_imphash": value}).sort([["_id", -1]])
elif term == "surialert":
records = results_db.analysis.find({"suricata.alerts": {"$regex" : value, "$options" : "-1"}}).sort([["_id", -1]])
elif term == "surihttp":
records = results_db.analysis.find({"suricata.http": {"$regex" : value, "$options" : "-1"}}).sort([["_id", -1]])
elif term == "suritls":
records = results_db.analysis.find({"suricata.tls": {"$regex" : value, "$options" : "-1"}}).sort([["_id", -1]])
elif term == "clamav":
records = results_db.analysis.find({"target.file.clamav": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "yaraname":
records = results_db.analysis.find({"target.file.yara.name": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "strings":
records = results_db.analysis.find({"strings": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
elif term == "virustotal":
records = results_db.analysis.find({"virustotal.results.sig": {"$regex": value, "$options": "-i"}}).sort([["_id", -1]])
else:
return render_to_response("analysis/search.html",
{"analyses": None,
"term": request.POST["search"],
"error": "Invalid search term: %s" % term},
context_instance=RequestContext(request))
else:
# hash matching is lowercase and case sensitive
value = value.lower()
if re.match(r"^([a-fA-F\d]{32})$", value):
records = results_db.analysis.find({"target.file.md5": value}).sort([["_id", -1]])
elif re.match(r"^([a-fA-F\d]{40})$", value):
records = results_db.analysis.find({"target.file.sha1": value}).sort([["_id", -1]])
elif re.match(r"^([a-fA-F\d]{64})$", value):
records = results_db.analysis.find({"target.file.sha256": value}).sort([["_id", -1]])
elif re.match(r"^([a-fA-F\d]{128})$", value):
records = results_db.analysis.find({"target.file.sha512": value}).sort([["_id", -1]])
else:
return render_to_response("analysis/search.html",
{"analyses": None,
"term": None,
"error": "Unable to recognize the search syntax"},
context_instance=RequestContext(request))
# Get data from cuckoo db.
db = Database()
analyses = []
for result in records:
new = db.view_task(result["info"]["id"])
if not new:
continue
new = new.to_dict()
if result["info"]["category"] == "file":
#.........这里部分代码省略.........
示例15: run
# 需要导入模块: from lib.cuckoo.core.database import Database [as 别名]
# 或者: from lib.cuckoo.core.database.Database import view_task [as 别名]
def run(self):
"""Run information gathering.
@return: information dict.
"""
self.key = "info"
db = Database()
dbtask = db.view_task(self.task["id"], details=True)
if dbtask:
task = dbtask.to_dict()
else:
# task is gone from the database
if os.path.isfile(self.taskinfo_path):
# we've got task.json, so grab info from there
task = json_decode(open(self.taskinfo_path).read())
else:
# we don't have any info on the task :(
emptytask = Task()
emptytask.id = self.task["id"]
task = emptytask.to_dict()
filepath = os.path.join(
CUCKOO_ROOT, ".git", "refs", "heads", "master"
)
if os.path.exists(filepath) and os.access(filepath, os.R_OK):
git_head = open(filepath, "rb").read().strip()
else:
git_head = None
filepath = os.path.join(CUCKOO_ROOT, ".git", "FETCH_HEAD")
if os.path.exists(filepath) and os.access(filepath, os.R_OK):
git_fetch_head = open(filepath, "rb").read().strip()
# Only obtain the hash.
if git_fetch_head:
git_fetch_head = git_fetch_head.split()[0]
else:
git_fetch_head = None
monitor = os.path.join(
CUCKOO_ROOT, "data", "monitor",
task["options"].get("monitor", "latest")
)
if os.path.islink(monitor):
monitor = os.readlink(monitor)
elif os.path.isfile(monitor):
monitor = open(monitor, "rb").read().strip()
elif os.path.isdir(monitor):
monitor = os.path.basename(monitor)
else:
monitor = None
return dict(
version=CUCKOO_VERSION,
git={
"head": git_head,
"fetch_head": git_fetch_head,
},
monitor=monitor,
started=task["started_on"],
ended=task.get("completed_on", "none"),
duration=task.get("duration", -1),
id=int(task["id"]),
category=task["category"],
custom=task["custom"],
owner=task["owner"],
machine=task["guest"],
package=task["package"],
platform=task["platform"],
options=emit_options(task["options"]),
route=task["route"],
)