Add support for Cuckoo API Authentication Bearer Token

Since version 2.0.7 the Cuckoo API supports authentication via a bearer auth token set in the cuckoo configuration and passed to the API with every request in the HTTP header. Add support for this mechanism to our cuckoo module and a new configuration option to specify the token.
author: Felix Bauer <felix.bauer@atos.net> 2019-08-01 11:01:39 +0200
committer: Felix Bauer <felix.bauer@atos.net> 2019-08-06 10:16:29 +0200
commit: cc97a554cbddf205126fbe49d3a3b1022c575bfb (patch)
tree: 781824b0676beca11d022a39496e2ea462f09597
parent: 401c6e8f5036122e4a3855103d9b0caeb6ca3d65 (diff)
4 files changed, 13 insertions, 3 deletions
diff --git a/peekaboo.conf.sample b/peekaboo.conf.sample
index 7728b92..6582632 100644
--- a/peekaboo.conf.sample
+++ b/peekaboo.conf.sample
@@ -79,6 +79,10 @@
 # api mode
 #url              :    http://127.0.0.1:8090
 #poll_interval    :    5
+# From version 2.0.7 cuckoo API has authentication support.
+# New installations create a bearer token by default and require it but upgraded
+# installations don't automatically get one.
+#api_token        :    <empty>
 
 [cluster]
 # if multiple instances are to run in parallel and avoid concurrent analysis of
diff --git a/peekaboo/config.py b/peekaboo/config.py
index f8363b5..5c182bb 100644
--- a/peekaboo/config.py
+++ b/peekaboo/config.py
@@ -298,6 +298,7 @@ class PeekabooConfig(PeekabooConfigParser):
         self.ruleset_config = '/opt/peekaboo/etc/ruleset.conf'
         self.cuckoo_mode = "api"
         self.cuckoo_url = 'http://127.0.0.1:8090'
+        self.cuckoo_api_token = ''
         self.cuckoo_poll_interval = 5
         self.cuckoo_storage = '/var/lib/peekaboo/.cuckoo/storage'
         self.cuckoo_exec = '/opt/cuckoo/bin/cuckoo'
@@ -330,6 +331,7 @@ class PeekabooConfig(PeekabooConfigParser):
             'ruleset_config': ['ruleset', 'config'],
             'cuckoo_mode': ['cuckoo', 'mode'],
             'cuckoo_url': ['cuckoo', 'url'],
+            'cuckoo_api_token': ['cuckoo', 'api_token'],
             'cuckoo_poll_interval': ['cuckoo', 'poll_interval'],
             'cuckoo_storage': ['cuckoo', 'storage_path'],
             'cuckoo_exec': ['cuckoo', 'exec'],
diff --git a/peekaboo/daemon.py b/peekaboo/daemon.py
index 13169a4..bb9f594 100644
--- a/peekaboo/daemon.py
+++ b/peekaboo/daemon.py
@@ -351,6 +351,7 @@ def run():
     # otherwise it's the new API method and default
     else:
         cuckoo = CuckooApi(job_queue, config.cuckoo_url,
+                           config.cuckoo_api_token,
                            config.cuckoo_poll_interval)
 
     sig_handler = SignalHandler()
diff --git a/peekaboo/toolbox/cuckoo.py b/peekaboo/toolbox/cuckoo.py
index a802cfc..47966aa 100644
--- a/peekaboo/toolbox/cuckoo.py
+++ b/peekaboo/toolbox/cuckoo.py
@@ -268,10 +268,11 @@ class WhitelistRetry(urllib3.util.retry.Retry):
 
 class CuckooApi(Cuckoo):
     """ Interfaces with a Cuckoo installation via its REST API. """
-    def __init__(self, job_queue, url="http://localhost:8090", poll_interval=5,
+    def __init__(self, job_queue, url="http://localhost:8090", api_token="", poll_interval=5,
                  retries=5, backoff=0.5):
         super().__init__(job_queue)
         self.url = url
+        self.api_token = api_token
         self.poll_interval = poll_interval
 
         # urrlib3 backoff formula:
@@ -305,9 +306,10 @@ class CuckooApi(Cuckoo):
     def __get(self, path):
         request_url = "%s/%s" % (self.url, path)
         logger.debug("Getting %s", request_url)
+        headers = {"Authorization": "Bearer %s" % self.api_token}
 
         try:
-            response = self.session.get(request_url)
+            response = self.session.get(request_url, headers=headers)
         # all requests exceptions are derived from RequestsException, including
         # RetryError, TooManyRedirects and Timeout
         except requests.exceptions.RequestException as error:
@@ -336,10 +338,11 @@ class CuckooApi(Cuckoo):
         files = {"file": (filename, open(path, 'rb'))}
         logger.debug("Creating Cuckoo task with content from %s and "
                      "filename %s", path, filename)
+        headers = {"Authorization": "Bearer %s" % self.api_token}
 
         try:
             response = self.session.post(
-                "%s/tasks/create/file" % self.url, files=files)
+                "%s/tasks/create/file" % self.url, headers=headers, files=files)
         except requests.exceptions.RequestException as error:
             raise CuckooSubmitFailedException(
                 'Error creating Cuckoo task: %s' % error)
author	Felix Bauer <felix.bauer@atos.net>	2019-08-01 11:01:39 +0200
committer	Felix Bauer <felix.bauer@atos.net>	2019-08-06 10:16:29 +0200
commit	cc97a554cbddf205126fbe49d3a3b1022c575bfb (patch)
tree	781824b0676beca11d022a39496e2ea462f09597
parent	401c6e8f5036122e4a3855103d9b0caeb6ca3d65 (diff)