Submit sample with its original filename to Cuckoo

When using the REST API, submit the sample with its original filename if available via the new name_declared (meta info) property. Closes scVENUS#81 and scVENUS#82 when using api mode. No plans to add this to embed mode as well since it's deprecated anyway.
michaelweiser · May 7, 2019 · 92762a7 · 92762a7
1 parent d5e0d58
commit 92762a7
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/peekaboo/sample.py b/peekaboo/sample.py
@@ -380,6 +380,12 @@ def sha256sum(self):
 
         return self.__sha256sum
 
+    @property
+    def name_declared(self):
+        """ Returns the name declared by the sample as its original filename,
+        None if not available. """
+        return self.meta_info_name_declared
+
     @property
     def file_extension(self):
         """ Determines the file extension of this sample. """
@@ -391,8 +397,8 @@ def file_extension(self):
         # amavis intentionally hands us files named only p001, p002 and so on.
         # But we still try it in case there's no declared name.
         filename = self.__filename
-        if self.meta_info_name_declared:
-            filename = self.meta_info_name_declared
+        if self.name_declared:
+            filename = self.name_declared
 
         # extension or the empty string if none found
         self.__file_extension = os.path.splitext(filename)[1][1:]
@@ -415,8 +421,8 @@ def mimetypes(self):
                 mime_types.add(declared_mt)
 
         declared_filename = self.__filename
-        if self.meta_info_name_declared:
-            declared_filename = self.meta_info_name_declared
+        if self.name_declared:
+            declared_filename = self.name_declared
 
         # check if the sample is an S/MIME signature (smime.p7s)
         # If so, don't overwrite the MIME type since we do not want to analyse

diff --git a/peekaboo/toolbox/cuckoo.py b/peekaboo/toolbox/cuckoo.py
@@ -334,6 +334,10 @@ def __status(self):
     def submit(self, sample):
         path = sample.submit_path
         filename = os.path.basename(path)
+        # override with the original file name if available
+        if sample.name_declared:
+            filename = sample.name_declared
+
         files = {"file": (filename, open(path, 'rb'))}
         logger.debug("Creating Cuckoo task with content from %s and "
                      "filename %s", path, filename)