aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2026-01-31 12:04:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

add new artifact framework

Browse Source
This commit is contained in:
Michel Oosterhof
2016-11-01 23:21:59 +04:00
parent 73fc6c4f4a
commit f2602a461e
1 changed files with 93 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
cowrie/core/artifact.py Normal file
View File

@@ -0,0 +1,93 @@
# Copyright (c) 2016 Michel Oosterhof <michel@oosterhof.net>
"""
This module contains code to handling saving of honeypot artifacts
These will typically be files uploaded to the honeypot and files
downloaded inside the honeypot, or input being piped in.
Code behaves like a normal Python file handle.
Example:
with Artifact(name) as f:
f.write("abc")
or:
g = Artifact("testme2")
g.write( "def" )
g.close()
"""
import hashlib
import os
import re
import time
import tempfile
from twisted.python import log
class Artifact:
"""
"""
def __init__(self, cfg, label):
"""
"""
self.label = label
self.artifactDir = cfg.get('honeypot', 'download_path')
self.fp = tempfile.NamedTemporaryFile(dir=self.artifactDir, delete=False)
self.tempFilename = self.fp.name
def __enter__(self):
"""
"""
return self.fp
def __exit__(self, exception_type, exception_value, trace):
"""
"""
self.close()
def write(self, bytes):
"""
"""
self.fp.write(bytes)
def fileno(self):
"""
"""
return self.fp.fileno()
def close(self, keepEmpty=True):
"""
"""
size = self.fp.tell()
self.fp.seek(0)
shasum = hashlib.sha256(self.fp.read()).hexdigest()
self.fp.close()
shasumFilename = self.artifactDir + "/" + shasum
if size == 0 and keepEmpty == False:
os.remove(self.fp.name)
elif os.path.exists(shasumFilename):
os.remove(self.fp.name)
else:
os.rename(self.fp.name, shasumFilename)
if size>0:
linkName = self.artifactDir + "/" \
+ time.strftime('%Y%m%dT%H%M%S') \
+ "_" + re.sub('[^-A-Za-z0-9]', '_', self.label)
os.symlink(shasum, linkName)
return shasum, shasumFilename