From cc97a554cbddf205126fbe49d3a3b1022c575bfb Mon Sep 17 00:00:00 2001 From: Felix Bauer Date: Thu, 1 Aug 2019 11:01:39 +0200 Subject: Add support for Cuckoo API Authentication Bearer Token Since version 2.0.7 the Cuckoo API supports authentication via a bearer auth token set in the cuckoo configuration and passed to the API with every request in the HTTP header. Add support for this mechanism to our cuckoo module and a new configuration option to specify the token. --- peekaboo.conf.sample | 4 ++++ peekaboo/config.py | 2 ++ peekaboo/daemon.py | 1 + peekaboo/toolbox/cuckoo.py | 9 ++++++--- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/peekaboo.conf.sample b/peekaboo.conf.sample index 7728b92..6582632 100644 --- a/peekaboo.conf.sample +++ b/peekaboo.conf.sample @@ -79,6 +79,10 @@ # api mode #url : http://127.0.0.1:8090 #poll_interval : 5 +# From version 2.0.7 cuckoo API has authentication support. +# New installations create a bearer token by default and require it but upgraded +# installations don't automatically get one. +#api_token : [cluster] # if multiple instances are to run in parallel and avoid concurrent analysis of diff --git a/peekaboo/config.py b/peekaboo/config.py index f8363b5..5c182bb 100644 --- a/peekaboo/config.py +++ b/peekaboo/config.py @@ -298,6 +298,7 @@ class PeekabooConfig(PeekabooConfigParser): self.ruleset_config = '/opt/peekaboo/etc/ruleset.conf' self.cuckoo_mode = "api" self.cuckoo_url = 'http://127.0.0.1:8090' + self.cuckoo_api_token = '' self.cuckoo_poll_interval = 5 self.cuckoo_storage = '/var/lib/peekaboo/.cuckoo/storage' self.cuckoo_exec = '/opt/cuckoo/bin/cuckoo' @@ -330,6 +331,7 @@ class PeekabooConfig(PeekabooConfigParser): 'ruleset_config': ['ruleset', 'config'], 'cuckoo_mode': ['cuckoo', 'mode'], 'cuckoo_url': ['cuckoo', 'url'], + 'cuckoo_api_token': ['cuckoo', 'api_token'], 'cuckoo_poll_interval': ['cuckoo', 'poll_interval'], 'cuckoo_storage': ['cuckoo', 'storage_path'], 'cuckoo_exec': ['cuckoo', 'exec'], diff --git a/peekaboo/daemon.py b/peekaboo/daemon.py index 13169a4..bb9f594 100644 --- a/peekaboo/daemon.py +++ b/peekaboo/daemon.py @@ -351,6 +351,7 @@ def run(): # otherwise it's the new API method and default else: cuckoo = CuckooApi(job_queue, config.cuckoo_url, + config.cuckoo_api_token, config.cuckoo_poll_interval) sig_handler = SignalHandler() diff --git a/peekaboo/toolbox/cuckoo.py b/peekaboo/toolbox/cuckoo.py index a802cfc..47966aa 100644 --- a/peekaboo/toolbox/cuckoo.py +++ b/peekaboo/toolbox/cuckoo.py @@ -268,10 +268,11 @@ class WhitelistRetry(urllib3.util.retry.Retry): class CuckooApi(Cuckoo): """ Interfaces with a Cuckoo installation via its REST API. """ - def __init__(self, job_queue, url="http://localhost:8090", poll_interval=5, + def __init__(self, job_queue, url="http://localhost:8090", api_token="", poll_interval=5, retries=5, backoff=0.5): super().__init__(job_queue) self.url = url + self.api_token = api_token self.poll_interval = poll_interval # urrlib3 backoff formula: @@ -305,9 +306,10 @@ class CuckooApi(Cuckoo): def __get(self, path): request_url = "%s/%s" % (self.url, path) logger.debug("Getting %s", request_url) + headers = {"Authorization": "Bearer %s" % self.api_token} try: - response = self.session.get(request_url) + response = self.session.get(request_url, headers=headers) # all requests exceptions are derived from RequestsException, including # RetryError, TooManyRedirects and Timeout except requests.exceptions.RequestException as error: @@ -336,10 +338,11 @@ class CuckooApi(Cuckoo): files = {"file": (filename, open(path, 'rb'))} logger.debug("Creating Cuckoo task with content from %s and " "filename %s", path, filename) + headers = {"Authorization": "Bearer %s" % self.api_token} try: response = self.session.post( - "%s/tasks/create/file" % self.url, files=files) + "%s/tasks/create/file" % self.url, headers=headers, files=files) except requests.exceptions.RequestException as error: raise CuckooSubmitFailedException( 'Error creating Cuckoo task: %s' % error) -- cgit v1.2.3