Skip to content
This repository was archived by the owner on Apr 26, 2021. It is now read-only.

file_type variable is not used for all types of packages in automagical detection #2504

Open
reox opened this issue Sep 28, 2018 · 1 comment
Open

file_type variable is not used for all types of packages in automagical detection #2504

reox opened this issue Sep 28, 2018 · 1 comment

Comments

@reox
Copy link

reox commented Sep 28, 2018
edited
Loading

My question is:

the analysis module chooses the analysis package based on some rules, if no package is specified:

cuckoo/cuckoo/data/analyzer/windows/lib/core/packages.py

Line 20 in c41c7c5

def choose_package(file_type, file_name, exports):

But only for certain type, the file_type variable is used. The majority of files, for example .jar are only judged by their file extension.

Is there a reason not to use file_type for the other formats as well?
If files are submitted with obscured or no extension, usually the generic profile is chosen, even if the package could have been found by the file_type variable.

thanks in advance!

My Cuckoo version and operating system are:

2.0.6
@RicoVZ
Copy link
Contributor

RicoVZ commented Sep 29, 2018

Hi reox,

Thanks for posting an issue. 😄

There is no real reason it is not used for some types. Rewriting and improving package selection is something that is on our short term todo list.

@Jack28 Jack28 mentioned this issue Sep 30, 2018
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reox @RicoVZ