From 731ec40492ade9edc101fb7c4e2acca5743b528e Mon Sep 17 00:00:00 2001
From: Sam Edwards <CFSworks@gmail.com>
Date: Thu, 6 Oct 2016 14:15:42 -0700
Subject: [PATCH] fs: Explore the honeyfs directory for realfile names at init
 time.

The old method of checking the honeyfs directory whenever a file was
accessed for the first time required that the original path to the file
be known. If the file was renamed, copied, moved to a new directory, or
one of its parent directories was renamed before its first access, its
original path would be completely lost and the real filename would not be
resolved.

This new method ensures that all A_REALFILE attributes are populated
upfront, and the filesystem can be rearranged plenty without breaking
honeyfs.
---
 cowrie/core/fs.py | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/cowrie/core/fs.py b/cowrie/core/fs.py
index 1ed1392..b063be9 100644
--- a/cowrie/core/fs.py
+++ b/cowrie/core/fs.py
@@ -65,6 +65,25 @@ class HoneyPotFilesystem(object):
         # Keep count of new files, so we can have an artificial limit
         self.newcount = 0
 
+        # Get the honeyfs path from the config file and explore it for file
+        # contents:
+        self.init_honeyfs(self.cfg.get('honeypot', 'contents_path'))
+
+
+    def init_honeyfs(self, honeyfs_path):
+        """
+        Explore the honeyfs at 'honeyfs_path' and set all A_REALFILE attributes on
+        the virtual filesystem.
+        """
+
+        for path, directories, filenames in os.walk(honeyfs_path):
+            for filename in filenames:
+                realfile_path = os.path.join(path, filename)
+                virtual_path = '/' + os.path.relpath(realfile_path, honeyfs_path)
+
+                f = self.getfile(virtual_path, follow_symlinks=False)
+                if f and f[A_TYPE] == T_FILE:
+                    self.update_realfile(f, realfile_path)
 
     def resolve_path(self, path, cwd):
         """
@@ -214,11 +233,8 @@ class HoneyPotFilesystem(object):
         f = self.getfile(path)
         if f[A_TYPE] == T_DIR:
             raise IsADirectoryError
-        elif f[A_TYPE] == T_FILE:
-            self.update_realfile(f, '%s/%s' % \
-                (self.cfg.get('honeypot', 'contents_path'), path))
-            if f[A_REALFILE]:
-                return file(f[A_REALFILE], 'rb').read()
+        elif f[A_TYPE] == T_FILE and f[A_REALFILE]:
+            return file(f[A_REALFILE], 'rb').read()
 
 
     def mkfile(self, path, uid, gid, size, mode, ctime=None):