Merge pull request #205 from cert-ee/bugfix/various-bugfixes

Bugfix/various bugfixes

Author: cert-ee-raidar

.gitignore

@@ -64,3 +64,6 @@ bower_components/
 .sass-cache/
 cuckoo/web/src/package-lock.json
 *.map
+
+# Vagrant
+.vagrant

common/cuckoo/common/misp.py

@@ -186,7 +186,9 @@ def find_events(self, value, type_attribute=None, limit=1, to_ids=1, publish_tim
                 for attribute in attributes['Attribute']
             ]
         except (ValueError, TypeError) as e:
-            return []
+            raise MispError(
+                f"Failure while reading MISP response JSON. Error: {e}"
+            )
 
     def find_file_md5(self, md5, limit=1, to_ids=1, publish_timestamp="365d"):
         return self.find_events(

core/cuckoo/scripts/cleanup.py

@@ -124,7 +124,7 @@ def main(ctx, cwd, debug):
         return
 
 @main.command()
-@click.argument("days", type=int)
+@click.argument("hours", type=int)
 @click.option("--yes", is_flag=True, help="Skip confirmation screen")
 @click.pass_context
 def remotestorage(ctx, days, yes):
@@ -147,7 +147,7 @@ def remotestorage(ctx, days, yes):
 
 
 @main.command("delete")
-@click.argument("state", type=string)
+@click.argument("state", type=str)
 @click.argument("hours", type=int)
 @click.option("--yes", is_flag=True, help="Skip confirmation screen")
 @click.pass_context

core/cuckoo/taskqueue.py

@@ -178,7 +178,7 @@ def _query_tasks(self, platform=None, os_version=None, limit=5):
 
     def count_unscheduled(self):
         return self._ses.query(
-            QueuedTask.id
+            sqlalchemy.func.count(QueuedTask.id)
         ).filter_by(scheduled=False).count()
 
     def get_unscheduled_tasks(self, platform=None, os_version=None):

machineries/cuckoo/machineries/modules/proxmox.py

@@ -1,4 +1,3 @@
-from time import sleep
 from dataclasses import dataclass
 
 from cuckoo.common import machines
@@ -130,11 +129,6 @@ def state(self, machine):
         prox = self._create_proxmoxer_connection()
         current_status = prox.nodes(vm.node_name).qemu(vm.vm_id)\
                 .status.current.get()
-        # prevents spamming during starting and stoping VMs,
-        # which leads to "too many redirection"-exception
-        log.debug("Waiting for status to change...")
-        sleep(5)
-
         if current_status is None:
             raise errors.MachineryConnectionError(
                     f"Error while getting status of {machine.label} "

processing/cuckoo/processing/config.py

@@ -77,12 +77,12 @@ def constraints(self, value):
     "mhr.yaml": {
         "enabled": config.Boolean(default_val=False),
         "timeout": config.Int(default_val=60, min_value=0),
-        "url": config.HTTPUrl(default_val="https://hash.cymru.com/v2/"),
+        "url": config.HTTPUrl(),
         "user": config.String(allow_empty=True),
         "password": config.String(allow_empty=True),
         "min_suspicious": config.Int(default_val=10, min_value=1),
-        "min_malicious": config.Int(default_val=17, min_value=1),
-    },
+        "min_malicious": config.Int(default_val=30, min_value=1),               
+    },    
     "misp.yaml": {
         "processing": {
             "enabled": config.Boolean(default_val=False),

processing/cuckoo/processing/pre/mhr.py

@@ -54,7 +54,7 @@ def _request_json(self, url, **kwargs):
         """Wrapper around doing a request and parsing its JSON output."""
         try:
             r = requests.get(url, auth=HTTPBasicAuth(self.user, self.password),
-                                timeout=self.timeout, **kwargs)
+                                timeout=self.timeout, verify=False, **kwargs)
             return r.json() if r.status_code == 200 else {}
         except (requests.ConnectionError, ValueError) as e:
             self.ctx.log.error(
@@ -78,7 +78,6 @@ def _handle_file_target(self):
 
 
     def start(self):
-        info = None
         antivirus_detection_rate = None
         if self.ctx.analysis.category == "file":
             info = self._handle_file_target()
@@ -96,7 +95,6 @@ def start(self):
                 score = Scores.SUSPICIOUS
         else:
             return {}
-
         if score:
             iocs = [
                 IOC(antivirus="MHR", result=info["antivirus_detection_rate"])
@@ -108,7 +106,7 @@ def start(self):
                 short_description="MHR sources report this target as "
                                   "malicious",
                 description=f"{info['antivirus_detection_rate']} percentage of tested MHR antivirus engines"
-                            f" detect this target as malicious",
+                            f"detect this target as malicious",
                 iocs=iocs
             )
 

processing/cuckoo/processing/pre/static.py

@@ -40,7 +40,7 @@ def start(self):
 
         for ext, handler_subkey in self._EXTENSION_HANDLER.items():
 
-            if not target.filename.lower().endswith(ext):
+            if not target.filename.endswith(ext):
                 continue
 
             handler, subkey = handler_subkey

processing/cuckoo/processing/reporting/disk.py

@@ -37,7 +37,7 @@ def report_identification(self):
 
     def report_pre_analysis(self):
         include_result = [
-            "virustotal", "irma", "static", "misp", "intelmq", "command"
+            "virustotal", "irma", "mhr", "static", "misp", "intelmq", "command"
         ]
 
         # Pre might change settings such as launch args for specific chosen

processing/cuckoo/processing/reporting/elastic.py

@@ -204,7 +204,6 @@ def _update_analysis(self):
         try:
             update_analysis(
                 analysis_id=self.ctx.analysis.id,
-                score=self.ctx.analysis.score,
                 tags=self.ctx.tag_tracker.tags,
                 families=self.ctx.family_tracker.families,
                 ttps=[t.id for t in self.ctx.ttp_tracker.ttps]