Skip to content
This repository has been archived by the owner on Apr 26, 2021. It is now read-only.

Error during analysis: could not get process status for pid #3035

Open
omeranson opened this issue May 20, 2020 · 0 comments · May be fixed by #3036
Open

Error during analysis: could not get process status for pid #3035

omeranson opened this issue May 20, 2020 · 0 comments · May be fixed by #3036

Comments

@omeranson
Copy link

Thanks for creating an issue! But first: did you read our community guidelines?
https://cuckoo.sh/docs/introduction/community.html

My issue is: Error during analysis: could not get process status for pid

During analysis, the following error appears in the analyser logs: 'Error during analysis: could not get process status for pid ', and the analysis is cut short.

My Cuckoo version and operating system are: Cuckoo 2.0.7, Centos 7
This can be reproduced by:

Submitting a file to the generic analyser, where the guest is Ubuntu 18.04.

The log, error, files etc can be found at:

The only log is 'CRITICAL: could not get process status for pid XXX' in the analyser log.

Investigation reveals that the error occurs when parsing /proc/<pid>/status. One of the fields is empty, and the parsing code assumes that a value always exists. The error happens in the method get_proc_status, class Process, file: cuckoo/data/analyzer/linux/lib/api/process.py.
omeranson added a commit to omeranson/cuckoo that referenced this issue May 20, 2020
@omeranson
linux/process: Support reading empty values from /proc/pid/status
1cf8c60 
The file /proc/<pid>/status provides information about a process in
the format 'key: value'. The parsing of this file failed if 'value'
was empty.

Add an dummy value that will be taken in case the real value from
the status file does not exist.

Additionally, update the log message from the parsing code to also
output the exception, if one is raised.

Related: cuckoosandbox#3035
omeranson added a commit to omeranson/cuckoo that referenced this issue May 20, 2020
@omeranson
linux/process: Support reading empty values from /proc/pid/status
115f8dd 
The file /proc/<pid>/status provides information about a process in
the format 'key: value'. The parsing of this file failed if 'value'
was empty.

Add an dummy value that will be taken in case the real value from
the status file does not exist.

Additionally, update the log message from the parsing code to also
output the exception, if one is raised.

Related: cuckoosandbox#3035
@omeranson omeranson linked a pull request May 20, 2020 that will close this issue
Open
omeranson added a commit to omeranson/cuckoo that referenced this issue May 20, 2020
@omeranson
linux/process: Support reading empty values from /proc/pid/status
8e88110 
The file /proc/<pid>/status provides information about a process in
the format 'key: value'. The parsing of this file failed if 'value'
was empty.

Add an dummy value that will be taken in case the real value from
the status file does not exist.

Additionally, update the log message from the parsing code to also
output the exception, if one is raised.

Closes: cuckoosandbox#3035
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

linux/process: Support reading empty values from /proc/pid/status omeranson/cuckoo
1 participant
@omeranson