1   
 2   
 3   
 4   
 5   
 6  import logging 
 7  import os.path 
 8  import subprocess 
 9   
10  from lib.cuckoo.common.abstracts import Report 
11  from lib.cuckoo.common.exceptions import CuckooProcessingError 
12   
13  log = logging.getLogger(__name__) 
14   
16      """Moloch reporting module.""" 
17   
18 -    def run(self, results): 
 19          self.moloch_capture = \ 
20              self.options.get("moloch_capture", "/data/moloch/bin/moloch-capture") 
21          self.config_path = self.options.get("conf", "/data/moloch/etc/config.ini") 
22          self.instance = self.options.get("instance", "cuckoo") 
23   
24          if not os.path.isfile(self.pcap_path): 
25              log.warning("Unable to run Moloch as no pcap is available") 
26              return 
27   
28          if not os.path.isfile(self.moloch_capture): 
29              raise CuckooProcessingError("Unable to locate Moloch binary") 
30   
31          if not os.path.isfile(self.config_path): 
32              raise CuckooProcessingError( 
33                  "Unable to locate Moloch configuration" 
34              ) 
35   
36          args = [ 
37              self.moloch_capture, 
38              "-c", self.config_path, 
39              "-r", self.pcap_path, 
40              "-n", self.instance, 
41              "-q", 
42          ] 
43   
44          tags = {} 
45          tags[self.instance] = self.task["id"] 
46   
47          if self.task["category"] == "file": 
48               
49              f = results.get("target", {}).get("file", {}) 
50              for field in ("md5", "sha1", "sha256", "sha512"): 
51                  if field in f: 
52                      tags[field] = f[field] 
53   
54               
55              for variant in results.get("virustotal", {}).get("normalized", []): 
56                  tags["virustotal"] = variant 
57   
58          for key, value in tags.items(): 
59              args += [ 
60                  "-t", "%s:%s" % (key, value), 
61              ] 
62   
63          try: 
64              subprocess.check_call(args) 
65          except subprocess.CalledProcessError as e: 
66              raise CuckooProcessingError( 
67                  "Error submitting PCAP to Moloch: %s" % e) 
  68