diff options
| author | Sebastian Deiss <sebastian.deiss@atos.net> | 2018-06-21 15:06:21 +0200 |
|---|---|---|
| committer | Sebastian Deiss <sebastian.deiss@atos.net> | 2018-06-21 15:06:21 +0200 |
| commit | 79102f42deaa02641b4c78b894b8f17b8fbef53b (patch) | |
| tree | b40492b6528d856a942ee50b81d9058a76ef7754 | |
| parent | 356567d964721343aa0be47b6868c0b4a442ffd3 (diff) | |
Improve detection of failed Cuckoo analysis
| -rw-r--r-- | peekaboo/sample.py | 2 | ||||
| -rw-r--r-- | peekaboo/toolbox/cuckoo.py | 18 |
2 files changed, 14 insertions, 6 deletions
diff --git a/peekaboo/sample.py b/peekaboo/sample.py index 68209d0..c07887d 100644 --- a/peekaboo/sample.py +++ b/peekaboo/sample.py @@ -429,6 +429,8 @@ class Sample(object): self.set_attr('cuckoo_failed', True) else: self.set_attr('cuckoo_failed', False) + else: + self.set_attr('cuckoo_failed', True) return self.get_attr('cuckoo_failed') def __create_symlink(self): diff --git a/peekaboo/toolbox/cuckoo.py b/peekaboo/toolbox/cuckoo.py index 28b0780..86b08f5 100644 --- a/peekaboo/toolbox/cuckoo.py +++ b/peekaboo/toolbox/cuckoo.py @@ -214,7 +214,7 @@ class CuckooReport(object): try: return [d['request'] for d in self.report['network']['dns']] except KeyError: - return None + return [] @property def signatures(self): @@ -227,7 +227,7 @@ class CuckooReport(object): try: return self.report['signatures'] except KeyError: - return None + return [] @property def score(self): @@ -240,7 +240,7 @@ class CuckooReport(object): try: return self.report['info']['score'] except KeyError: - return None + return 0.0 @property def errors(self): @@ -253,7 +253,7 @@ class CuckooReport(object): try: return self.report['debug']['errors'] except KeyError: - return None + return [] @property def analysis_failed(self): @@ -263,6 +263,12 @@ class CuckooReport(object): :return: True if the Cuckoo analysis failed, otherwise False. """ if self.errors: - logger.warning('Cuckoo run_analysis failed. Reason: %s' % str(self.errors)) + logger.warning('Cuckoo produced %d error(s) during processing.' % len(self.errors)) + try: + log = self.report['debug']['cuckoo'] + for entry in log: + if 'analysis completed successfully' in entry: + return False + return True + except KeyError: return True - return False |