search

scVENUS / PeekabooAV

Peekaboo Extended Email Attachment Behavior Observation Owl
https://peekabooav.de
GNU General Public License v3.0
66 stars 20 forks source link

Better cuckoo report #189

Closed michaelweiser closed 3 years ago

michaelweiser commented 3 years ago

Here are some improvements to the Cuckoo report to showcase what would be involved to implement input validation as suggested in #188. Lightly tested: The testsuite runs. See individual commits for rationale.

michaelweiser commented 3 years ago

Some more testing with the dummy Cuckoo API shows the expected behaviour and warning message:

2021-06-29 10:04:41,456 - peekaboo.toolbox.cuckoo - (CuckooJobTracker) - WARNING - Report returned from Cuckoo contained invalid data: signature descriptions are expected to be strings

This also revealed missing type checking for the score and the bigger structures of the report - added.

michaelweiser commented 3 years ago

Fallout from not storing the full report any more should now be addressed by adding the origin URL of the report to our dump instead.

michaelweiser commented 3 years ago

@jack28: Merging this will create conflicts in #188 and require a rebase. Good to go anyway?

Jack28 commented 3 years ago

I'm aware of that. Go ahead