From 79102f42deaa02641b4c78b894b8f17b8fbef53b Mon Sep 17 00:00:00 2001 From: Sebastian Deiss Date: Thu, 21 Jun 2018 15:06:21 +0200 Subject: Improve detection of failed Cuckoo analysis --- peekaboo/sample.py | 2 ++ peekaboo/toolbox/cuckoo.py | 18 ++++++++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/peekaboo/sample.py b/peekaboo/sample.py index 68209d0..c07887d 100644 --- a/peekaboo/sample.py +++ b/peekaboo/sample.py @@ -429,6 +429,8 @@ class Sample(object): self.set_attr('cuckoo_failed', True) else: self.set_attr('cuckoo_failed', False) + else: + self.set_attr('cuckoo_failed', True) return self.get_attr('cuckoo_failed') def __create_symlink(self): diff --git a/peekaboo/toolbox/cuckoo.py b/peekaboo/toolbox/cuckoo.py index 28b0780..86b08f5 100644 --- a/peekaboo/toolbox/cuckoo.py +++ b/peekaboo/toolbox/cuckoo.py @@ -214,7 +214,7 @@ class CuckooReport(object): try: return [d['request'] for d in self.report['network']['dns']] except KeyError: - return None + return [] @property def signatures(self): @@ -227,7 +227,7 @@ class CuckooReport(object): try: return self.report['signatures'] except KeyError: - return None + return [] @property def score(self): @@ -240,7 +240,7 @@ class CuckooReport(object): try: return self.report['info']['score'] except KeyError: - return None + return 0.0 @property def errors(self): @@ -253,7 +253,7 @@ class CuckooReport(object): try: return self.report['debug']['errors'] except KeyError: - return None + return [] @property def analysis_failed(self): @@ -263,6 +263,12 @@ class CuckooReport(object): :return: True if the Cuckoo analysis failed, otherwise False. """ if self.errors: - logger.warning('Cuckoo run_analysis failed. Reason: %s' % str(self.errors)) + logger.warning('Cuckoo produced %d error(s) during processing.' % len(self.errors)) + try: + log = self.report['debug']['cuckoo'] + for entry in log: + if 'analysis completed successfully' in entry: + return False + return True + except KeyError: return True - return False -- cgit v1.2.3