Merge pull request #205 from cert-ee/bugfix/various-bugfixes

Bugfix/various bugfixes

Author: cert-ee-raidar

.gitignore

@@ -64,3 +64,6 @@ bower_components/
 .sass-cache/
 cuckoo/web/src/package-lock.json
 *.map
+
+# Vagrant
+.vagrant

common/cuckoo/common/misp.py

@@ -186,7 +186,9 @@ def find_events(self, value, type_attribute=None, limit=1, to_ids=1, publish_tim
                 for attribute in attributes['Attribute']
             ]
         except (ValueError, TypeError) as e:
-            return []
+            raise MispError(
+                f"Failure while reading MISP response JSON. Error: {e}"
+            )
 
     def find_file_md5(self, md5, limit=1, to_ids=1, publish_timestamp="365d"):
         return self.find_events(

core/cuckoo/scripts/cleanup.py

@@ -124,7 +124,7 @@ def main(ctx, cwd, debug):
         return
 
 @main.command()
-@click.argument("days", type=int)
+@click.argument("hours", type=int)
 @click.option("--yes", is_flag=True, help="Skip confirmation screen")
 @click.pass_context
 def remotestorage(ctx, days, yes):
@@ -147,7 +147,7 @@ def remotestorage(ctx, days, yes):
 
 
 @main.command("delete")
-@click.argument("state", type=string)
+@click.argument("state", type=str)
 @click.argument("hours", type=int)
 @click.option("--yes", is_flag=True, help="Skip confirmation screen")
 @click.pass_context

core/cuckoo/taskqueue.py

@@ -178,7 +178,7 @@ def _query_tasks(self, platform=None, os_version=None, limit=5):
 
     def count_unscheduled(self):
         return self._ses.query(
-            QueuedTask.id
+            sqlalchemy.func.count(QueuedTask.id)
         ).filter_by(scheduled=False).count()
 
     def get_unscheduled_tasks(self, platform=None, os_version=None):

machineries/cuckoo/machineries/modules/proxmox.py

@@ -1,4 +1,3 @@
-from time import sleep
 from dataclasses import dataclass
 
 from cuckoo.common import machines
@@ -130,11 +129,6 @@ def state(self, machine):
         prox = self._create_proxmoxer_connection()
         current_status = prox.nodes(vm.node_name).qemu(vm.vm_id)\
                 .status.current.get()
-        # prevents spamming during starting and stoping VMs,
-        # which leads to "too many redirection"-exception
-        log.debug("Waiting for status to change...")
-        sleep(5)
-
         if current_status is None:
             raise errors.MachineryConnectionError(
                     f"Error while getting status of {machine.label} "

processing/cuckoo/processing/config.py

@@ -77,12 +77,12 @@ def constraints(self, value):
     "mhr.yaml": {
         "enabled": config.Boolean(default_val=False),
         "timeout": config.Int(default_val=60, min_value=0),
-        "url": config.HTTPUrl(default_val="https://hash.cymru.com/v2/"),
+        "url": config.HTTPUrl(),
         "user": config.String(allow_empty=True),
         "password": config.String(allow_empty=True),
         "min_suspicious": config.Int(default_val=10, min_value=1),
-        "min_malicious": config.Int(default_val=17, min_value=1),
-    },
+        "min_malicious": config.Int(default_val=30, min_value=1),               
+    },    
     "misp.yaml": {
         "processing": {
             "enabled": config.Boolean(default_val=False),

processing/cuckoo/processing/pre/mhr.py

@@ -54,7 +54,7 @@ def _request_json(self, url, **kwargs):
         """Wrapper around doing a request and parsing its JSON output."""
         try:
             r = requests.get(url, auth=HTTPBasicAuth(self.user, self.password),
-                                timeout=self.timeout, **kwargs)
+                                timeout=self.timeout, verify=False, **kwargs)
             return r.json() if r.status_code == 200 else {}
         except (requests.ConnectionError, ValueError) as e:
             self.ctx.log.error(
@@ -78,7 +78,6 @@ def _handle_file_target(self):
 
 
     def start(self):
-        info = None
         antivirus_detection_rate = None
         if self.ctx.analysis.category == "file":
             info = self._handle_file_target()
@@ -96,7 +95,6 @@ def start(self):
                 score = Scores.SUSPICIOUS
         else:
             return {}
-
         if score:
             iocs = [
                 IOC(antivirus="MHR", result=info["antivirus_detection_rate"])
@@ -108,7 +106,7 @@ def start(self):
                 short_description="MHR sources report this target as "
                                   "malicious",
                 description=f"{info['antivirus_detection_rate']} percentage of tested MHR antivirus engines"
-                            f" detect this target as malicious",
+                            f"detect this target as malicious",
                 iocs=iocs
             )
 

processing/cuckoo/processing/pre/static.py

@@ -40,7 +40,7 @@ def start(self):
 
         for ext, handler_subkey in self._EXTENSION_HANDLER.items():
 
-            if not target.filename.lower().endswith(ext):
+            if not target.filename.endswith(ext):
                 continue
 
             handler, subkey = handler_subkey

processing/cuckoo/processing/reporting/disk.py

@@ -37,7 +37,7 @@ def report_identification(self):
 
     def report_pre_analysis(self):
         include_result = [
-            "virustotal", "irma", "static", "misp", "intelmq", "command"
+            "virustotal", "irma", "mhr", "static", "misp", "intelmq", "command"
         ]
 
         # Pre might change settings such as launch args for specific chosen

processing/cuckoo/processing/reporting/elastic.py

@@ -204,7 +204,6 @@ def _update_analysis(self):
         try:
             update_analysis(
                 analysis_id=self.ctx.analysis.id,
-                score=self.ctx.analysis.score,
                 tags=self.ctx.tag_tracker.tags,
                 families=self.ctx.family_tracker.families,
                 ttps=[t.id for t in self.ctx.ttp_tracker.ttps]

processing/cuckoo/processing/static/pe.py

@@ -48,7 +48,7 @@ def sha256(self):
 
     @property
     def sha512(self):
-        return self._cert_fingerprint_str(hashes.SHA256())
+        return self._cert_fingerprint_str(hashes.SHA512())   
 
     @property
     def serial_number(self):

processing/cuckoo/processing/worker.py

@@ -220,8 +220,8 @@ def _handle_processing(processing_classes, ctx):
         processing_instances = make_plugin_instances(processing_classes, ctx)
     except PluginError as e:
         ctx.set_failed()
-        ctx.errtracker.fatal_exception(e)
-        ctx.log.exception(
+        ctx.errtracker.add_error(e)
+        ctx.log.error(
             "Processing cancelled. Failure during processing plugin "
             "initialization", error=e
         )
@@ -232,7 +232,7 @@ def _handle_processing(processing_classes, ctx):
     except CancelProcessing as e:
         ctx.set_failed()
         ctx.log.error("Processing cancelled", error=e)
-        ctx.errtracker.fatal_exception(e)
+        ctx.errtracker.fatal_error(e)
         return False
     except Exception as e:
         ctx.set_failed()

web/cuckoo/web/submit/urls.py

@@ -18,7 +18,7 @@
         name="Submit/settings"
     ),
     path(
-        "re/<analysis_id:analysis_id>/", views.Resubmit.as_view(),
+        "resubmit/<analysis_id:analysis_id>/", views.Resubmit.as_view(),
         name="Submit/resubmit"
     ),
 ]

web/cuckoo/web/submit/views.py

@@ -12,6 +12,7 @@
 from django.shortcuts import render, redirect
 from django.views import View
 import re
+import logging
 
 from cuckoo.common import submit, analyses
 from cuckoo.common.config import cfg
@@ -20,7 +21,6 @@
 )
 from cuckoo.common.storage import AnalysisPaths
 
-
 def _validate_website_url(website):
     """Validate website into valid URL"""
     msg = f"Cannot validate this URL: {website}"
@@ -32,18 +32,6 @@ def _validate_website_url(website):
     return website
 
 
-def _validate_analysis_id(analysis_id):
-    """Validate analysis id"""
-    ANALYSIS_ID_REGEX = "[0-9]{8}-[A-Z0-9]{6}"
-
-    msg = f"Cannot validate this analysis_id: {analysis_id}"
-    complied_regex = re.compile(ANALYSIS_ID_REGEX)
-    match = complied_regex.fullmatch(analysis_id)
-    if not match:
-        raise ValidationError(message=msg)
-    return analysis_id
-
-
 def _make_web_platforms(available_platforms):
     fallbacks = cfg(
         "analysissettings.yaml", "platform", "fallback_platforms"
@@ -138,56 +126,6 @@ def post(self, request):
 
         return redirect("Submit/waitidentify", analysis_id=analysis_id)
 
-class Resubmit(View):
-
-    def get(self, request, *args, **kwargs):
-        analysis_id = kwargs.get("analysis_id")
-
-        if analysis_id:
-            try:
-                analysis_id = _validate_analysis_id(analysis_id)
-            except ValidationError as e:
-                return render(
-                    request, template_name="submit/index.html.jinja2",
-                    status=400, context={"error": str(e)}
-                )
-        else:
-            return HttpResponseBadRequest()
-
-        analysis = retriever.get_analysis(analysis_id).analysis
-
-
-        try:
-            s_maker = submit.settings_maker.new_settings()
-            s_maker.set_manual(True)
-
-            password = analysis.settings.password
-            if password:
-                s_maker.set_password(password)
-
-            settings = s_maker.make_settings()
-            if analysis.category == "file":
-                submit_path = AnalysisPaths.submitted_file(analysis_id, resolve=True)
-                analysis_id = submit.file(
-                    submit_path, settings, file_name=analysis.target.target
-                )
-            else:
-                analysis_id = submit.url(analysis.target.target, settings)
-        except submit.SubmissionError as e:
-            return render(
-                request, template_name="submit/index.html.jinja2",
-                status=400, context={"error": str(e)}
-            )
-
-        try:
-            submit.notify()
-        except submit.SubmissionError as e:
-            return HttpResponseServerError(
-                f"Failed to notify Cuckoo of new analysis {analysis_id}. {e}."
-            )
-
-        return redirect("Submit/waitidentify", analysis_id=analysis_id)
-
 
 class WaitIdentify(View):
 
@@ -241,3 +179,69 @@ def get(self, request, analysis_id):
             request, template_name="submit/settings.html.jinja2",
             context=context
         )
+
+
+
+def _validate_analysis_id(analysis_id):
+    """Validate analysis id"""
+    ANALYSIS_ID_REGEX = "[0-9]{8}-[A-Z0-9]{6}"
+
+    #msg = "Cannot validate analysis_id": %s" % analysis_id
+    msg = f"Cannot validate this analysis_id: {analysis_id}"
+    complied_regex = re.compile(ANALYSIS_ID_REGEX)
+    match = complied_regex.fullmatch(analysis_id)
+    if not match:
+        raise ValidationError(message=msg)
+    return analysis_id
+
+class Resubmit(View):
+
+    def get(self, request, *args, **kwargs):
+        analysis_id = kwargs.get("analysis_id")
+        #analysis_id = request.GET.get("analysis_id")
+
+        if analysis_id:
+            try:
+                analysis_id = _validate_analysis_id(analysis_id)
+            except ValidationError as e:
+                return render(
+                    request, template_name="submit/index.html.jinja2",
+                    status=400, context={"error": str(e)}
+                )
+        else:
+            return HttpResponseBadRequest()
+
+        analysis = retriever.get_analysis(analysis_id).analysis
+
+
+        try:
+            s_maker = submit.settings_maker.new_settings()
+            s_maker.set_manual(True)
+
+            password = analysis.settings.password
+            if password:
+                s_maker.set_password(password)
+
+            settings = s_maker.make_settings()
+            if analysis.category == "file":
+                submit_path = AnalysisPaths.submitted_file(analysis_id, resolve=True)
+                analysis_id = submit.file(
+                    submit_path, settings, file_name=analysis.target.target
+                )
+            else:
+                analysis_id = submit.url(analysis.target.target, settings)
+        except submit.SubmissionError as e:
+            return render(
+                request, template_name="submit/index.html.jinja2",
+                status=400, context={"error": str(e)}
+            )
+
+        try:
+            submit.notify()
+        except submit.SubmissionError as e:
+            logging.error(f"Failed to notify Cuckoo of new analysis {analysis_id}. Exception: {e}")
+            return HttpResponseServerError(
+                "Failed to notify Cuckoo of new analysis. Please try again later."
+            )
+
+        return redirect("Submit/waitidentify", analysis_id=analysis_id)      

web/cuckoo/web/templates/analysis/components/mhr.html.jinja2

@@ -8,9 +8,9 @@
     </thead>
     <tbody>
         <tr>
-          <td {{ pre.mhr.antivirus_detection_rate }}</td>
-          <td>{{ pre.mhr.last_run_date|formatisodatetime }}</td>
+          <td>{{ pre.mhr.antivirus_detection_rate|default('', True) }}</td>
+          <td>{{ pre.mhr.last_run_date|formatisodatetime if pre.mhr.last_run_date }}</td>
         </tr>
     </tbody>
   </table>
-{% endcall %}
+{% endcall %}

web/cuckoo/web/templates/analysis/components/summary.html.jinja2

@@ -74,7 +74,7 @@
           </div>
         {% endif %}
         {% if (("submittedfiledownload" | feature_enabled) and (filedownload_allowed is sameas true) and (analysis.category == "file")) %}
-          <a href="{{ url('Analysis/submittedfile', args=[analysis.id]) }}" class="button is-small has-margin-y">Download submitted file</a>
+          <a href="{{ url('Analysis/submittedfile', args=[analysis.id]) }}" class="button is-small has-margin-y">Download submitted file {{filedownload_allowed}}</a>
         {% endif %}
         <a onclick="deleteSubmission('{{ analysis.id}}')" class="button is-small has-margin-y">Delete analysis</a>
         <a onclick="reSubmission('{{ analysis.id}}')" class="button is-small has-margin-y">Resubmit</a>

web/cuckoo/web/templates/analysis/index.html.jinja2

@@ -135,7 +135,7 @@
 
         {# tab: static.mhr #}
         {% if pre.mhr is defined %}
-          {% if pre.mhr.antivirus_detection_rate %}
+          {% if pre.mhr %}
             <div role="region" id="mhr" hidden>
               {% include "analysis/components/mhr.html.jinja2" %}
             </div>

web/cuckoo/web/templates/analysis/static.html.jinja2

@@ -96,8 +96,8 @@
         {% endif %}
         {# tab: static.irma #}
         {% if pre.irma %}
-        <div id="tab-irma">
-            {% call ui_box(title="IRMA Antivirus Engines", has_padding=False, collapsed=True) %}
+        <div id="tab-irma" >
+            {% call ui_box(title="IRMA Antivirus Engines", has_padding=False, hidden=True) %}
               {{ render_table(
                   data=pre.irma.probe_results.antivirus,
                   cols=["engine_name","result"],

web/cuckoo/web/templates/partial/analysis-index.html.jinja2

@@ -2,6 +2,7 @@
   This file is included in the analysis and task views to display the navigation
   sidebar.
 #}
+{% from 'macros.html.jinja2' import color_class %}
 <ul class="list is-index">
   <li>
     <p class="label">Analysis</p>