search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.56k stars 1.71k forks source link

Status of vCenter machines is not reliable #1348

Open shahar4499 opened 7 years ago

shahar4499 commented 7 years ago

The Issue: I'm using the VSphere machinery module. When consuming the REST API to check a machine's status, I sometimes get the previous status, or just a status that is inaccurate. For example I got "poweredOn" when the machine was off for quite a while, and I got "null" or "suspended" instead of "poweredOff".

When it can happen: I don't have an exact way to reproduce this, but here are some examples for when I got it:

Reflections As I see in the code, the Flask API only queries the DB, and it doesn't make a new request to VSphere API in order to get the current status. This may save a tiny bit of load, but it is highly unreliable. I personally think cuckoo should query the VSphere API each time. I'm still not familiar enough with the code to fix this completely by myself, but with a little bit of guidance, I'd love to.

jbremer commented 7 years ago

Perhaps I should start with: what's your goal and why is it important to know the exact machine status?

shahar4499 commented 7 years ago

I'll try to spare you the details. I'm integrating Cuckoo to a large system. The priority queue of the analyses is managed by our own server, and it sends tasks to Cuckoo with the API, after querying it for an available machine. If the status of the machine is powered off, it won't be used (and usually it gets stuck with this status until restarting Cuckoo). We have some good reasons that our server shouldn't query the VSphere API by itself (both design-wise and security-wise).

EDIT: Also, I'm wondering, if the machine status in the DB is 'poweredOff', won't Cuckoo also skip it when receiving a task?

jgajek commented 7 years ago

@shahar4499 Thanks for the report -- I'll take a look.

jbremer commented 7 years ago

@shahar4499 @jgajek any update here?

jgajek commented 7 years ago

The vSphere machinery module already gets the status directly from the vSphere API (see the _status() function in /cuckoo/machinery/vsphere.py). There must be something else going on -- I'm going to add a call to _status() at the end of each start() and stop() to force the DB status for the machine to be updated.