diff options
author | Felix Bauer <felix.bauer@atos.net> | 2019-10-16 11:56:28 +0200 |
---|---|---|
committer | Felix Bauer <jack@ai4me.de> | 2019-10-29 12:37:07 +0100 |
commit | 9e5a10a2339e2b210ccb9b78d54abb6713c8e62f (patch) | |
tree | 1cc13ed826947f8d323f84b310981e1852085c23 | |
parent | bc27dd62ff5fe6952c0282ff3083ae41d10a8cb5 (diff) |
Fix returned RuleResult istead of CuckooReport
RuleResult was returned in case CuckooSubmitFailedException.
Which lead to AttributeError: RuleResult instance has no attribute 'score' from
expressions.
Now None is returned and handled in expression rule to return Result.failed.
-rw-r--r-- | peekaboo/locale/de/LC_MESSAGES/peekaboo.mo | bin | 4743 -> 4863 bytes | |||
-rw-r--r-- | peekaboo/locale/de/LC_MESSAGES/peekaboo.po | 73 | ||||
-rw-r--r-- | peekaboo/locale/peekaboo.pot | 64 | ||||
-rw-r--r-- | peekaboo/ruleset/rules.py | 11 |
4 files changed, 80 insertions, 68 deletions
diff --git a/peekaboo/locale/de/LC_MESSAGES/peekaboo.mo b/peekaboo/locale/de/LC_MESSAGES/peekaboo.mo Binary files differindex c7ba71f..095544f 100644 --- a/peekaboo/locale/de/LC_MESSAGES/peekaboo.mo +++ b/peekaboo/locale/de/LC_MESSAGES/peekaboo.mo diff --git a/peekaboo/locale/de/LC_MESSAGES/peekaboo.po b/peekaboo/locale/de/LC_MESSAGES/peekaboo.po index f5022ba..61f4dfb 100644 --- a/peekaboo/locale/de/LC_MESSAGES/peekaboo.po +++ b/peekaboo/locale/de/LC_MESSAGES/peekaboo.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PeekabooAV 1.6.2\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2019-09-09 11:18+0200\n" +"POT-Creation-Date: 2019-10-16 11:51+0200\n" "PO-Revision-Date: 2019-02-14 22:02+0000\n" "Last-Translator: Michael Weiser <michael.weiser@gmx.de>\n" "Language: de\n" @@ -104,69 +104,61 @@ msgstr "Nein" msgid "Rule aborted with error" msgstr "Regel mit Fehler abgebrochen" -#: peekaboo/ruleset/rules.py:128 peekaboo/ruleset/rules.py:470 -msgid "" -"Behavioral analysis by Cuckoo has produced an error and did not finish " -"successfully" -msgstr "" -"Die Verhaltensanalyse durch Cuckoo hat einen Fehler produziert und konnte" -" nicht erfolgreich abgeschlossen werden" - -#: peekaboo/ruleset/rules.py:164 +#: peekaboo/ruleset/rules.py:159 msgid "File is not yet known to the system" msgstr "Datei ist dem System noch nicht bekannt" -#: peekaboo/ruleset/rules.py:185 +#: peekaboo/ruleset/rules.py:180 #, python-format msgid "Failure to determine sample file size: %s" msgstr "Ermittlung der Dateigröße fehlgeschlagen: %s" -#: peekaboo/ruleset/rules.py:190 +#: peekaboo/ruleset/rules.py:185 #, python-format msgid "File has more than %d bytes" msgstr "Datei hat mehr als %d bytes" -#: peekaboo/ruleset/rules.py:196 +#: peekaboo/ruleset/rules.py:191 #, python-format msgid "File is only %d bytes long" msgstr "Die Datei ist nur %d bytes groß" -#: peekaboo/ruleset/rules.py:218 +#: peekaboo/ruleset/rules.py:213 msgid "File type is on whitelist" msgstr "Dateityp ist auf Whitelist" -#: peekaboo/ruleset/rules.py:222 +#: peekaboo/ruleset/rules.py:217 msgid "File type is not on whitelist" msgstr "Dateityp ist nicht auf Whitelist" -#: peekaboo/ruleset/rules.py:244 +#: peekaboo/ruleset/rules.py:239 msgid "File type is on the list of types to analyze" msgstr "Dateityp ist auf der Liste der zu analysiserenden Typen" -#: peekaboo/ruleset/rules.py:249 +#: peekaboo/ruleset/rules.py:244 #, python-format msgid "File type is not on the list of types to analyse (%s)" msgstr "Dateityp ist nicht auf der Liste der zu analysierenden Typen (%s)" -#: peekaboo/ruleset/rules.py:265 +#: peekaboo/ruleset/rules.py:261 msgid "File is not an office document" msgstr "Die Datei ist kein Office Dokument" -#: peekaboo/ruleset/rules.py:289 +#: peekaboo/ruleset/rules.py:285 msgid "The file contains an Office macro" msgstr "Die Datei beinhaltet ein Office-Makro" -#: peekaboo/ruleset/rules.py:293 +#: peekaboo/ruleset/rules.py:289 msgid "The file does not contain a recognizable Office macro" msgstr "Die Datei beinhaltet kein erkennbares Office-Makro" -#: peekaboo/ruleset/rules.py:314 +#: peekaboo/ruleset/rules.py:310 msgid "The file contains an Office macro which runs at document open" msgstr "" "Die Datei beinhaltet ein Office Makro welches beim Öffnen der Datei " "ausgeführt wird" -#: peekaboo/ruleset/rules.py:319 +#: peekaboo/ruleset/rules.py:315 msgid "" "The file does not contain a recognizable Office macro that is run at " "document open" @@ -174,48 +166,60 @@ msgstr "" "Die Datei beinhaltet kein erkennbares Office Makro welches beim Öffnen " "ausgeführt wird" -#: peekaboo/ruleset/rules.py:390 +#: peekaboo/ruleset/rules.py:386 msgid "No signature suggesting malware detected" msgstr "Keine Signatur erkannt die auf Schadcode hindeutet" -#: peekaboo/ruleset/rules.py:395 +#: peekaboo/ruleset/rules.py:391 #, python-format msgid "The following signatures have been recognized: %s" msgstr "Folgende Signaturen wurden erkannt: %s" -#: peekaboo/ruleset/rules.py:414 +#: peekaboo/ruleset/rules.py:410 #, python-format msgid "Cuckoo score >= %s: %s" msgstr "" -#: peekaboo/ruleset/rules.py:419 +#: peekaboo/ruleset/rules.py:415 #, python-format msgid "Cuckoo score < %s: %s" msgstr "" -#: peekaboo/ruleset/rules.py:443 +#: peekaboo/ruleset/rules.py:439 #, python-format msgid "The file attempts to contact at least one domain on the blacklist (%s)" msgstr "" "Die Datei versucht mindestens eine Domain aus der Blacklist zu " "kontaktieren (%s)" -#: peekaboo/ruleset/rules.py:449 +#: peekaboo/ruleset/rules.py:445 msgid "File does not seem to attempt contact with domains on the blacklist" msgstr "Datei scheint keine Domains aus der Blacklist kontaktieren zu wollen" -#: peekaboo/ruleset/rules.py:486 +#: peekaboo/ruleset/rules.py:466 +msgid "" +"Behavioral analysis by Cuckoo has produced an error and did not finish " +"successfully" +msgstr "" +"Die Verhaltensanalyse durch Cuckoo hat einen Fehler produziert und konnte" +" nicht erfolgreich abgeschlossen werden" + +#: peekaboo/ruleset/rules.py:482 msgid "Behavioral analysis by Cuckoo completed successfully" msgstr "Die Verhaltensanalyse durch Cuckoo wurde erfolgreich abgeschlossen" -#: peekaboo/ruleset/rules.py:539 +#: peekaboo/ruleset/rules.py:532 +msgid "Evaluation of expression couldn't get cuckoo report." +msgstr "Auswertung des Ausdrucks konnte Cuckoo Report nicht bekommen." + +#: peekaboo/ruleset/rules.py:540 msgid "Evaluation of expression uses undefined identifier." msgstr "Auswertung des Ausdrucks nutzt nicht definierten Bezeichner." -#: peekaboo/ruleset/rules.py:544 +#: peekaboo/ruleset/rules.py:545 #, python-format -msgid "The rule (%s) classified the sample as %s" -msgstr "Die Regel (%s) klassifizierte die Datei als %s" +msgid "A rule classified the sample as %s" +msgstr "Eine Regel klassifizierte die Datei als %s" #: peekaboo/ruleset/rules.py:550 msgid "No rule classified the sample in any way." @@ -225,3 +229,6 @@ msgstr "Keine Regel klassifizierte die Datei in irgendeiner Weise." msgid "File does not seem to exhibit recognizable malicious behaviour" msgstr "Datei scheint keine erkennbaren Schadroutinen zu starten" +#~ msgid "The rule (%s) classified the sample as %s" +#~ msgstr "Die Regel (%s) klassifizierte die Datei als %s" + diff --git a/peekaboo/locale/peekaboo.pot b/peekaboo/locale/peekaboo.pot index e1b3f34..1632421 100644 --- a/peekaboo/locale/peekaboo.pot +++ b/peekaboo/locale/peekaboo.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2019-09-09 11:18+0200\n" +"POT-Creation-Date: 2019-10-16 11:51+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -103,109 +103,113 @@ msgstr "" msgid "Rule aborted with error" msgstr "" -#: peekaboo/ruleset/rules.py:128 peekaboo/ruleset/rules.py:470 -msgid "" -"Behavioral analysis by Cuckoo has produced an error and did not finish " -"successfully" -msgstr "" - -#: peekaboo/ruleset/rules.py:164 +#: peekaboo/ruleset/rules.py:159 msgid "File is not yet known to the system" msgstr "" -#: peekaboo/ruleset/rules.py:185 +#: peekaboo/ruleset/rules.py:180 #, python-format msgid "Failure to determine sample file size: %s" msgstr "" -#: peekaboo/ruleset/rules.py:190 +#: peekaboo/ruleset/rules.py:185 #, python-format msgid "File has more than %d bytes" msgstr "" -#: peekaboo/ruleset/rules.py:196 +#: peekaboo/ruleset/rules.py:191 #, python-format msgid "File is only %d bytes long" msgstr "" -#: peekaboo/ruleset/rules.py:218 +#: peekaboo/ruleset/rules.py:213 msgid "File type is on whitelist" msgstr "" -#: peekaboo/ruleset/rules.py:222 +#: peekaboo/ruleset/rules.py:217 msgid "File type is not on whitelist" msgstr "" -#: peekaboo/ruleset/rules.py:244 +#: peekaboo/ruleset/rules.py:239 msgid "File type is on the list of types to analyze" msgstr "" -#: peekaboo/ruleset/rules.py:249 +#: peekaboo/ruleset/rules.py:244 #, python-format msgid "File type is not on the list of types to analyse (%s)" msgstr "" -#: peekaboo/ruleset/rules.py:265 +#: peekaboo/ruleset/rules.py:261 msgid "File is not an office document" msgstr "" -#: peekaboo/ruleset/rules.py:289 +#: peekaboo/ruleset/rules.py:285 msgid "The file contains an Office macro" msgstr "" -#: peekaboo/ruleset/rules.py:293 +#: peekaboo/ruleset/rules.py:289 msgid "The file does not contain a recognizable Office macro" msgstr "" -#: peekaboo/ruleset/rules.py:314 +#: peekaboo/ruleset/rules.py:310 msgid "The file contains an Office macro which runs at document open" msgstr "" -#: peekaboo/ruleset/rules.py:319 +#: peekaboo/ruleset/rules.py:315 msgid "" "The file does not contain a recognizable Office macro that is run at " "document open" msgstr "" -#: peekaboo/ruleset/rules.py:390 +#: peekaboo/ruleset/rules.py:386 msgid "No signature suggesting malware detected" msgstr "" -#: peekaboo/ruleset/rules.py:395 +#: peekaboo/ruleset/rules.py:391 #, python-format msgid "The following signatures have been recognized: %s" msgstr "" -#: peekaboo/ruleset/rules.py:414 +#: peekaboo/ruleset/rules.py:410 #, python-format msgid "Cuckoo score >= %s: %s" msgstr "" -#: peekaboo/ruleset/rules.py:419 +#: peekaboo/ruleset/rules.py:415 #, python-format msgid "Cuckoo score < %s: %s" msgstr "" -#: peekaboo/ruleset/rules.py:443 +#: peekaboo/ruleset/rules.py:439 #, python-format msgid "The file attempts to contact at least one domain on the blacklist (%s)" msgstr "" -#: peekaboo/ruleset/rules.py:449 +#: peekaboo/ruleset/rules.py:445 msgid "File does not seem to attempt contact with domains on the blacklist" msgstr "" -#: peekaboo/ruleset/rules.py:486 +#: peekaboo/ruleset/rules.py:466 +msgid "" +"Behavioral analysis by Cuckoo has produced an error and did not finish " +"successfully" +msgstr "" + +#: peekaboo/ruleset/rules.py:482 msgid "Behavioral analysis by Cuckoo completed successfully" msgstr "" -#: peekaboo/ruleset/rules.py:539 +#: peekaboo/ruleset/rules.py:532 +msgid "Evaluation of expression couldn't get cuckoo report." +msgstr "" + +#: peekaboo/ruleset/rules.py:540 msgid "Evaluation of expression uses undefined identifier." msgstr "" -#: peekaboo/ruleset/rules.py:544 +#: peekaboo/ruleset/rules.py:545 #, python-format -msgid "The rule (%s) classified the sample as %s" +msgid "A rule classified the sample as %s" msgstr "" #: peekaboo/ruleset/rules.py:550 diff --git a/peekaboo/ruleset/rules.py b/peekaboo/ruleset/rules.py index f88c7d9..c041c00 100644 --- a/peekaboo/ruleset/rules.py +++ b/peekaboo/ruleset/rules.py @@ -122,11 +122,7 @@ class Rule(object): # exception message intentionally not present in message # delivered back to client as to not disclose internal # information, should request user to contact admin instead - return self.result( - Result.failed, - _("Behavioral analysis by Cuckoo has produced an error " - "and did not finish successfully"), - False) + return None logger.info('Sample submitted to Cuckoo. Job ID: %s. ' 'Sample: %s', job_id, sample) @@ -530,6 +526,11 @@ class ExpressionRule(Rule): except IdentifierMissingException as error: if error.args[0] == "cuckooreport": context['variables']['cuckooreport'] = self.get_cuckoo_report(sample) + if not context['variables']['cuckooreport']: + return self.result( + Result.failed, + _("Evaluation of expression couldn't get cuckoo report."), + False) elif error.args[0] == "olereport": context['variables']['olereport'] = self.get_oletools_report(sample) # here elif for other reports |