Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ruff #2410

Merged
merged 15 commits into from
Feb 2, 2025
Prev Previous commit
Next Next commit
fixes 2
doomedraven committed Dec 3, 2024
commit ce113816bc92ef4ce684f80354d643b6a127eb5a
2 changes: 1 addition & 1 deletion analyzer/windows/lib/api/process.py
Original file line number Diff line number Diff line change
@@ -758,7 +758,7 @@ def upload_memdump(self):
try:
upload_to_host(file_path, os.path.join("memory", f"{self.pid}.dmp"), category="memory")
except Exception as e:
log.error(e, exc_info=True)
log.exception(e)
log.error(os.path.join("memory", f"{self.pid}.dmp"))
log.error(file_path)
log.info("Memory dump of %s uploaded", self)
28 changes: 14 additions & 14 deletions modules/machinery/az.py
Original file line number Diff line number Diff line change
@@ -732,16 +732,16 @@ def _thr_wait_for_ready_machine(machine_name, machine_ip):
# We did it!
break
except socket.timeout:
log.debug(f"{machine_name}: Initializing...")
log.debug("%s: Initializing...", machine_name)
except socket.error:
log.debug(f"{machine_name}: Initializing...")
log.debug("%s: Initializing...", machine_name)
if (timeit.default_timer() - start) >= timeout:
# We didn't do it :(
raise CuckooGuestCriticalTimeout(
f"Machine {machine_name}: the guest initialization hit the critical timeout, analysis aborted."
"Machine %s: the guest initialization hit the critical timeout, analysis aborted.", machine_name
)
time.sleep(10)
log.debug(f"Machine {machine_name} was created and available in {round(timeit.default_timer() - start)}s")
log.debug("Machine %s was created and available in %d s", machine_name, round(timeit.default_timer() - start))

@staticmethod
def _azure_api_call(*args, **kwargs):
@@ -761,7 +761,7 @@ def _azure_api_call(*args, **kwargs):
api_call = f"{operation}({args},{kwargs})"

try:
log.debug(f"Trying {api_call}")
log.debug("Trying %s", api_call)
results = operation(*args, **kwargs)
except Exception as exc:
# For ClientRequestErrors, they do not have the attribute 'error'
@@ -779,7 +779,7 @@ def _azure_api_call(*args, **kwargs):
# Log the subscription limits
headers = results._response.headers
log.debug(
f"API Charge: {headers['x-ms-request-charge']}; Remaining Calls: {headers['x-ms-ratelimit-remaining-resource']}"
"API Charge: %s; Remaining Calls: %s", headers['x-ms-request-charge'], headers['x-ms-ratelimit-remaining-resource']
)
return results

@@ -1055,7 +1055,7 @@ def _scale_machine_pool(self, tag, per_platform=False):
if relevant_task_queue == initial_number_of_locked_relevant_machines == 0:
# The VMSS will scale in via the ScaleInPolicy.
machine_pools[vmss_name]["wait"] = True
log.debug(f"System is at rest, scale down {vmss_name} capacity and delete machines.")
log.debug("System is at rest, scale down %s capacity and delete machines.", vmss_name)
# System is not at rest, but task queue is 0, therefore set machines in use to delete
elif relevant_task_queue == 0:
machine_pools[vmss_name]["is_scaling_down"] = True
@@ -1076,7 +1076,7 @@ def _scale_machine_pool(self, tag, per_platform=False):

# We don't want to be stuck in this for longer than the timeout specified
if (timeit.default_timer() - start_time) > AZURE_TIMEOUT:
log.debug(f"Breaking out of the while loop within the scale down section for {vmss_name}.")
log.debug("Breaking out of the while loop within the scale down section for %s.", vmss_name)
break
# Get the updated number of relevant machines required
relevant_task_queue = self._get_number_of_relevant_tasks(tag)
@@ -1141,7 +1141,7 @@ def _scale_machine_pool(self, tag, per_platform=False):
return

timediff = timeit.default_timer() - start_time
log.debug(f"The scaling of {vmss_name} took {round(timediff)}s")
log.debug("The scaling of %s took %d s", vmss_name, round(timediff))
machine_pools[vmss_name]["size"] = number_of_relevant_machines_required

# Alter the database based on if we scaled up or down
@@ -1156,7 +1156,7 @@ def _scale_machine_pool(self, tag, per_platform=False):
machine_pools[vmss_name]["is_scaling"] = False
if platform:
is_platform_scaling[platform] = False
log.debug(f"Scaling {vmss_name} has completed.")
log.debug("Scaling %s has completed.", vmss_name)
except Exception as exc:
machine_pools[vmss_name]["wait"] = False
machine_pools[vmss_name]["is_scaling"] = False
@@ -1179,7 +1179,7 @@ def _handle_poller_result(lro_poller_object):
raise CuckooMachineError(repr(e))
time_taken = timeit.default_timer() - start_time
if time_taken >= AZURE_TIMEOUT:
raise CuckooMachineError(f"The task took {round(time_taken)}s to complete! Bad Azure!")
raise CuckooMachineError("The task took %ds to complete! Bad Azure!", round(time_taken))
else:
return lro_poller_result

@@ -1365,7 +1365,7 @@ def _thr_reimage_list_reader(self):
f"{'S' if reimaged else 'Uns'}uccessfully reimaging instances {instance_ids} in {vmss_to_reimage} took {round(timediff)}s"
)
except Exception as e:
log.error(f"Exception occurred in the reimage thread: {e}. Trying again...")
log.error("Exception occurred in the reimage thread: %s. Trying again...", str(e))

def _thr_delete_list_reader(self):
global current_vmss_operations
@@ -1428,7 +1428,7 @@ def _thr_delete_list_reader(self):
if self.initializing and deleted:
# All machines should have been removed from the db and the VMSS at this point.
# To force the VMSS to scale to initial_pool_size, set the size to zero here.
log.debug(f"Setting size to 0 for VMSS {vmss_to_delete_from} after successful deletion")
log.debug("Setting size to 0 for VMSS %s after successful deletion", vmss_to_delete_from)
machine_pools[vmss_to_delete_from]["size"] = 0

with vms_currently_being_deleted_lock:
@@ -1441,4 +1441,4 @@ def _thr_delete_list_reader(self):
f"{'S' if deleted else 'Uns'}uccessfully deleting instances {instance_ids} in {vmss_to_delete_from} took {round(timeit.default_timer() - start_time)}s"
)
except Exception as e:
log.error(f"Exception occurred in the delete thread: {e}. Trying again...")
log.error("Exception occurred in the delete thread: %s. Trying again...", str(e))

Unchanged files with check annotations Beta

strings:
$trap0 = {81 C6 00 10 00 00 [0-88] 81 FE 00 F0 [2] 0F 84 [2] 00 00}
$trap1 = {31 FF [0-128] (B9|C7 85 F8 00 00 00) 60 5F A9 00}
$antihook = {FF 34 08 [0-360] 8F 04 0B [0-360] 83 F9 18 [0-460] FF E3}

Check warning on line 11 in analyzer/windows/data/yara/Guloader.yar

VirusTotal YARA-CI / Rules Analysis

analyzer/windows/data/yara/Guloader.yar#L11

rule "GuloaderB": string "$antihook" may slow down scanning
$trap2 = {83 BD 9C 00 00 00 00 0F 85 [2] 00 00}
condition:
3 of them
$trap0 = {81 C6 00 10 00 00 [0-148] (39 CE|3B B5) [0-6] 0F 84 [2] 00 00}
$trap0A = {E8 00 00 00 00 59 [0-2800] 81 C6 00 10 00 00 [0-148] (39 CE|3B B5) [0-6] 0F 84 [2] 00 00}
$trap1 = {89 D6 60 0F 31 B8 [4] (05|35|2D|B8) [4] (05|35|2D|B8) [4] (05|35|2D|B8) [4] 0F A2}
$antihook = {FF 34 08 [0-360] 8F 04 0B [0-800] FF E3}

Check warning on line 44 in analyzer/windows/data/yara/Guloader.yar

VirusTotal YARA-CI / Rules Analysis

analyzer/windows/data/yara/Guloader.yar#L44

rule "GuloaderC": string "$antihook" may slow down scanning
condition:
3 of them
}
$trap1 = {49 83 F9 00 75 [1-20] 83 FF 00 [2-6] 81 FF}
$trap2 = {39 CB 59 01 D7 49 85 C8 83 F9 00 75 B3}
$trap3 = {61 0F AE E8 0F 31 0F AE E8 C1 E2 20 09 C2 29 F2 83 FA 00 7E CE C3}
$antihook = {FF 34 08 [0-360] 8F 04 0B [0-800] FF E3}

Check warning on line 12 in data/yara/CAPE/Guloader.yar

VirusTotal YARA-CI / Rules Analysis

data/yara/CAPE/Guloader.yar#L12

rule "Guloader": string "$antihook" may slow down scanning
$antidbg = {39 48 04 0F 85 [4] 39 48 08 0F 85 [4] 39 48 0C 0F 85 [4] 39 48 10 0F 85 [4] 39 48 14 0F 85 [4] 39 48 18 0F 85}
$except = {8B 45 08 8B 00 [0-1] 8B 58 18 [0-20] 81 38 05 00 00 C0 0F 85 [4-7] 83 FB 00 (0F 84|74)}
$cape_string = "cape_options"
$download2 = {8B 75 ?? 8D 4D ?? 8B 7D ?? 8B D6 57 89 1E 89 1F E8 [4] 59 3D C8 00 00 00 75 05 33 C0 40 EB}
$download3 = {B8 50 00 00 00 66 89 45 ?? 4C 89 65 ?? 4C 89 75 ?? E8 [4] 48 8B 1E 3D 94 01 00 00}
$major_ver = {0F B6 05 ?? ?? ?? ?? 6A ?? 6A 72 FF 75 0C 6A 70 50 FF 35 ?? ?? ?? ?? 8D 45 80 FF 35 ?? ?? ?? ?? 6A 63 FF 75 08 6A 67 50 FF 75 10 FF 15 ?? ?? ?? ?? 83 C4 38 8B E5 5D C3}
$decode1 = {4? 8D [5-6] 8A 4? [1-3] 32 }//0? 01 88 44 [2] 4?}

Check warning on line 18 in data/yara/CAPE/IcedIDLoader.yar

VirusTotal YARA-CI / Rules Analysis

data/yara/CAPE/IcedIDLoader.yar#L18

rule "IcedIDLoader": string "$decode1" may slow down scanning
$decode2 = {42 0F B6 4C 02 ?? 42 0F B6 04 02 32 C8 88 8C 15 ?? ?? ?? ?? 48 FF C2 48 83 FA 20}
condition:
2 of them
$anti_appdirs = {E8 [4] 83 F8 0? 7? ?? E8}
$anti_procs_ram = {E8 [4] 83 F8 0? 7? ?? E8 [4] 3D (FF 0E | 00 0F | FF 16) 00 00}
$anti_procs = {4C 89 F1 [0-9] FF D3 83 7C 24 ?? (03 | 07)}
$anti_ram = {E8 [4] 3D (FF 1F | 00 20 | 00 17 | FF 0E | FF 16 | FF 2F) 00 00}

Check warning on line 11 in data/yara/CAPE/Quickbind.yar

VirusTotal YARA-CI / Rules Analysis

data/yara/CAPE/Quickbind.yar#L11

rule "Quickbind": string "$anti_ram" may slow down scanning
$sleep = {B9 64 00 00 00 [0-7] FF}
$mutex_api = "CreateMutexW"
$mutex_error = {FF [1-5] 3D B7 00 00 00}
new_processes = current_processes - known_processes
for pid in new_processes:
log.info(f"New child process detected: {pid}")

Check failure on line 74 in analyzer/linux/analyzer.py

GitHub Actions / test (3.10)

Ruff (G004)

analyzer/linux/analyzer.py:74:22: G004 Logging statement uses f-string
dump_memory(pid)
add_pids(pid) # Add the new process to PROCESS_LIST
chunk = mem_file.read(end - start)
output_file.write(chunk)
except (OSError, ValueError) as e:
log.error(f"Could not read memory range {start:x}-{end:x}: {e}")

Check failure on line 121 in analyzer/linux/analyzer.py

GitHub Actions / test (3.10)

Ruff (G004)

analyzer/linux/analyzer.py:121:31: G004 Logging statement uses f-string
maps_file.close()
mem_file.close()
output_file.close()
except FileNotFoundError:
log.error(f"Process with PID {pid} not found.")

Check failure on line 126 in analyzer/linux/analyzer.py

GitHub Actions / test (3.10)

Ruff (G004)

analyzer/linux/analyzer.py:126:19: G004 Logging statement uses f-string
except PermissionError:
log.error(f"Permission denied to access process with PID {pid}.")

Check failure on line 128 in analyzer/linux/analyzer.py

GitHub Actions / test (3.10)

Ruff (G004)

analyzer/linux/analyzer.py:128:19: G004 Logging statement uses f-string
if os.path.exists(f"{MEM_PATH}/{pid}.dmp"):
upload_to_host(f"{MEM_PATH}/{pid}.dmp", f"memory/{pid}.dmp")
DUMPED_LIST.add(pid)
else:
log.error(f"Memdump file not found in guest machine for PID {pid}")

Check failure on line 134 in analyzer/linux/analyzer.py

GitHub Actions / test (3.10)

Ruff (G004)

analyzer/linux/analyzer.py:134:19: G004 Logging statement uses f-string
class Analyzer:
log.info("Detected non-Gnome desktop environment.")
else:
self._is_gnome = True
log.info(f"Detected Gnome version {version}")

Check failure on line 142 in analyzer/linux/lib/api/screenshot.py

GitHub Actions / test (3.10)

Ruff (G004)

analyzer/linux/lib/api/screenshot.py:142:30: G004 Logging statement uses f-string
name = "org.gnome.Screenshot"
resp = await self.bus.request_name(name)
if resp not in (
if response == 0:
await queue.put(urllib.parse.urlparse(results["uri"].value).path)
else:
log.warning(f"Received non-zero response when taking screenshot: {response}")

Check failure on line 263 in analyzer/linux/lib/api/screenshot.py

GitHub Actions / test (3.10)

Ruff (G004)

analyzer/linux/lib/api/screenshot.py:263:33: G004 Logging statement uses f-string
await queue.put(None)
# Set up the signal handler
log = logging.getLogger(__name__)
FILE_NAME_REGEX = re.compile("[\s]{2}((?:[a-zA-Z0-9\.\-,_\\\\]+( [a-zA-Z0-9\.\-,_\\\\]+)?)+)\\r")

Check failure on line 21 in analyzer/windows/lib/common/zip_utils.py

GitHub Actions / test (3.10)

Ruff (W605)

analyzer/windows/lib/common/zip_utils.py:21:32: W605 Invalid escape sequence: `\s`

Check failure on line 21 in analyzer/windows/lib/common/zip_utils.py

GitHub Actions / test (3.10)

Ruff (W605)

analyzer/windows/lib/common/zip_utils.py:21:52: W605 Invalid escape sequence: `\.`

Check failure on line 21 in analyzer/windows/lib/common/zip_utils.py

GitHub Actions / test (3.10)

Ruff (W605)

analyzer/windows/lib/common/zip_utils.py:21:54: W605 Invalid escape sequence: `\-`
FILE_EXT_OF_INTEREST = [
".bat",
".cmd",