diff options
| author | Michael Weiser <michael.weiser@gmx.de> | 2019-05-07 18:13:24 +0000 |
|---|---|---|
| committer | Michael Weiser <michael.weiser@gmx.de> | 2019-05-09 08:14:56 +0000 |
| commit | 91712f60b19ab2227601a33364946e0482b58c58 (patch) | |
| tree | 0f7447be508d77f1c0bc92560a333ea7009bb881 | |
| parent | 1f868015c079aca632adf7c34146b5bc83b7160f (diff) | |
Submit sample with its original filename to Cuckoo
When using the REST API, submit the sample with its original filename if
available via the new name_declared (meta info) property.
Closes #81 and #82 when using api mode. No plans to add this to embed
mode as well since it's deprecated anyway.
| -rw-r--r-- | peekaboo/sample.py | 14 | ||||
| -rw-r--r-- | peekaboo/toolbox/cuckoo.py | 4 |
2 files changed, 14 insertions, 4 deletions
diff --git a/peekaboo/sample.py b/peekaboo/sample.py index af93bfa..35c661d 100644 --- a/peekaboo/sample.py +++ b/peekaboo/sample.py @@ -381,6 +381,12 @@ class Sample(object): return self.__sha256sum @property + def name_declared(self): + """ Returns the name declared by the sample as its original filename, + None if not available. """ + return self.meta_info_name_declared + + @property def file_extension(self): """ Determines the file extension of this sample. """ if self.__file_extension: @@ -391,8 +397,8 @@ class Sample(object): # amavis intentionally hands us files named only p001, p002 and so on. # But we still try it in case there's no declared name. filename = self.__filename - if self.meta_info_name_declared: - filename = self.meta_info_name_declared + if self.name_declared: + filename = self.name_declared # extension or the empty string if none found self.__file_extension = os.path.splitext(filename)[1][1:] @@ -415,8 +421,8 @@ class Sample(object): mime_types.add(declared_mt) declared_filename = self.__filename - if self.meta_info_name_declared: - declared_filename = self.meta_info_name_declared + if self.name_declared: + declared_filename = self.name_declared # check if the sample is an S/MIME signature (smime.p7s) # If so, don't overwrite the MIME type since we do not want to analyse diff --git a/peekaboo/toolbox/cuckoo.py b/peekaboo/toolbox/cuckoo.py index e5495d3..6528c24 100644 --- a/peekaboo/toolbox/cuckoo.py +++ b/peekaboo/toolbox/cuckoo.py @@ -334,6 +334,10 @@ class CuckooApi(Cuckoo): def submit(self, sample): path = sample.submit_path filename = os.path.basename(path) + # override with the original file name if available + if sample.name_declared: + filename = sample.name_declared + files = {"file": (filename, open(path, 'rb'))} logger.debug("Creating Cuckoo task with content from %s and " "filename %s", path, filename) |