selfextract conf renamed to integrations conf

changelog.md

@@ -1,3 +1,7 @@
+### [11.02.2025]
+* `selfextract.conf` renamed to `integrations.conf`.
+    * Please rename your config file.
+
 ### [10.02.2025]
 * We are now on `Poetry v2`. If you see next message, you need to upgrade your `poetry` version.
     * This one might be tricky as depends if your `poetry` was installed with `apt` or script. But something like this should works:
@@ -534,7 +538,7 @@ rule X_cryptor {
     * You need to download version for your CPU and extract it to `data/NETReactorSlayer.CLI`
         * In case if you are on x64 host, then just run: `poetry run python utils/community.py -waf`
     * Add execution permission with `chmod a+x data/NETReactorSlayer.CLI`
-* Now each section inside of `selfextract.conf` has timeout value. Default is 60 seconds
+* Now each section inside of `integrations.conf` has timeout value. Default is 60 seconds
 
 ### [24.12.2022]
 * Monitor updates: Fix NtAllocateVirtualMemoryEx & NtMapViewOfSectionEx hooks and rebuild with Visual Studio 2022

conf/default/selfextract.conf.default → conf/default/integrations.conf.default

@@ -1,4 +1,4 @@
-# This config is to be able to enable/disable things like MSI/NSIS/UnAutoIt etc
+# This config is to be able to enable/disable things like MSI/NSIS/UnAutoIt, 3rd part services integraitons, etc
 
 [general]
 pefiles = yes
@@ -14,6 +14,17 @@ hwp = yes
 # Number of workers for pool to run them in parallel
 max_workers = 6
 
+[mandiant_intel]
+enabled = no
+api_access =
+api_secret =
+
+# Create your apikey: https://threatfox.abuse.ch/api/#auth_key
+[threatfox]
+enabled = no
+apikey =
+
+
 # sudo apt install msitools
 [msi_extract]
 enabled = yes

conf/default/processing.conf.default

@@ -340,14 +340,3 @@ sigs_path = data/flare-signatures
 
 [html_scraper]
 enabled = no
-
-[mandiant_intel]
-enabled = no
-api_access =
-api_secret =
-
-### Signature utility
-# Create your apikey: https://threatfox.abuse.ch/api/#auth_key
-[threatfox]
-enabled = no
-apikey =

lib/cuckoo/common/abstracts.py

@@ -63,7 +63,7 @@
     HAVE_TLDEXTRACT = False
 
 repconf = Config("reporting")
-procconf = Config("processing")
+integrations_conf = Config("integrations")
 _, categories_need_VM = load_categories()
 
 mitre, HAVE_MITRE, _ = mitre_load(repconf.mitre.enabled)
@@ -1361,13 +1361,13 @@ def check_argument(self, pattern, name=None, api=None, category=None, process=No
         return None
 
     def check_threatfox(self, searchterm: str):
-        if not procconf.threatfox.enabled or not procconf.threatfox.apikey:
+        if not integrations_conf.threatfox.enabled or not integrations_conf.threatfox.apikey:
             return
         try:
             response = requests.post(
                 "https://threatfox-api.abuse.ch/api/v1/",
                 data={"query": "search_ioc", "search_term": searchterm},
-                headers={"Auth-Key": procconf.threatfox.apikey, "User-Agent": "CAPE Sandbox"},
+                headers={"Auth-Key": integrations_conf.threatfox.apikey, "User-Agent": "CAPE Sandbox"},
             )
             return response.json()
         except Exception as e:

lib/cuckoo/common/integrations/file_extra_info.py

@@ -65,7 +65,7 @@
 
 cfg = Config()
 processing_conf = Config("processing")
-selfextract_conf = Config("selfextract")
+integration_conf = Config("integrations")
 
 try:
     from modules.signatures.recon_checkip import dns_indicators
@@ -108,9 +108,9 @@
     HAVE_BAT_DECODER = False
     print("OPTIONAL! Missed dependency: poetry run pip install -U git+https://github.com/DissectMalware/batch_deobfuscator")
 
-unautoit_binary = os.path.join(CUCKOO_ROOT, selfextract_conf.UnAutoIt_extract.binary)
-innoextact_binary = os.path.join(CUCKOO_ROOT, selfextract_conf.Inno_extract.binary)
-sevenzip_binary = os.path.join(CUCKOO_ROOT, selfextract_conf.SevenZip_unpack.binary)
+unautoit_binary = os.path.join(CUCKOO_ROOT, integration_conf.UnAutoIt_extract.binary)
+innoextact_binary = os.path.join(CUCKOO_ROOT, integration_conf.Inno_extract.binary)
+sevenzip_binary = os.path.join(CUCKOO_ROOT, integration_conf.SevenZip_unpack.binary)
 if not path_exists(sevenzip_binary):
     sevenzip_binary = "/usr/bin/7z"
 
@@ -136,7 +136,7 @@
     HAVE_VIRUSTOTAL = True
 
 HAVE_MANDIANT_INTEL = False
-if processing_conf.mandiant_intel.enabled:
+if integration_conf.mandiant_intel.enabled:
     from lib.cuckoo.common.integrations.mandiant_intel import mandiant_lookup
 
     HAVE_MANDIANT_INTEL = True
@@ -186,40 +186,40 @@ def static_file_info(
                 data_dictionary["floss"] = floss_strings
 
         if "Mono" in data_dictionary["type"]:
-            if selfextract_conf.general.dotnet:
+            if integration_conf.general.dotnet:
                 data_dictionary["dotnet"] = DotNETExecutable(file_path).run()
                 if processing_conf.strings.dotnet:
                     dotnet_strings = dotnet_user_strings(file_path)
                     if dotnet_strings:
                         data_dictionary.setdefault("dotnet_strings", dotnet_strings)
 
-    elif HAVE_OLETOOLS and package in {"doc", "ppt", "xls", "pub"} and selfextract_conf.general.office:
+    elif HAVE_OLETOOLS and package in {"doc", "ppt", "xls", "pub"} and integration_conf.general.office:
         # options is dict where we need to get pass get_options
         data_dictionary["office"] = Office(file_path, task_id, data_dictionary["sha256"], options_dict).run()
-    elif ("PDF" in data_dictionary["type"] or file_path.endswith(".pdf")) and selfextract_conf.general.pdf:
+    elif ("PDF" in data_dictionary["type"] or file_path.endswith(".pdf")) and integration_conf.general.pdf:
         data_dictionary["pdf"] = PDF(file_path).run()
     elif (
         package in {"wsf", "hta"} or data_dictionary["type"] == "XML document text" or file_path.endswith(".wsf")
-    ) and selfextract_conf.general.windows_script:
+    ) and integration_conf.general.windows_script:
         data_dictionary["wsf"] = WindowsScriptFile(file_path).run()
     # elif package in {"js", "vbs"}:
     #    data_dictionary["js"] = EncodedScriptFile(file_path).run()
-    elif (package == "lnk" or "MS Windows shortcut" in data_dictionary["type"]) and selfextract_conf.general.lnk:
+    elif (package == "lnk" or "MS Windows shortcut" in data_dictionary["type"]) and integration_conf.general.lnk:
         data_dictionary["lnk"] = LnkShortcut(file_path).run()
-    elif ("Java Jar" in data_dictionary["type"] or file_path.endswith(".jar")) and selfextract_conf.general.java:
-        if selfextract_conf.procyon.binary and not path_exists(selfextract_conf.procyon.binary):
+    elif ("Java Jar" in data_dictionary["type"] or file_path.endswith(".jar")) and integration_conf.general.java:
+        if integration_conf.procyon.binary and not path_exists(integration_conf.procyon.binary):
             log.error("procyon_path specified in processing.conf but the file does not exist")
         else:
-            data_dictionary["java"] = Java(file_path, selfextract_conf.procyon.binary).run()
+            data_dictionary["java"] = Java(file_path, integration_conf.procyon.binary).run()
     elif file_path.endswith(".rdp") or data_dictionary.get("name", {}).endswith(".rdp"):
         data_dictionary["rdp"] = parse_rdp_file(file_path)
     # It's possible to fool libmagic into thinking our 2007+ file is a zip.
     # So until we have static analysis for zip files, we can use oleid to fail us out silently,
     # yeilding no static analysis results for actual zip files.
-    # elif ("ELF" in data_dictionary["type"] or file_path.endswith(".elf")) and selfextract_conf.general.elf:
+    # elif ("ELF" in data_dictionary["type"] or file_path.endswith(".elf")) and integration_conf.general.elf:
     #    data_dictionary["elf"] = ELF(file_path).run()
     #    data_dictionary["keys"] = f.get_keys()
-    # elif HAVE_OLETOOLS and package == "hwp" and selfextract_conf.general.hwp:
+    # elif HAVE_OLETOOLS and package == "hwp" and integration_conf.general.hwp:
     #    data_dictionary["hwp"] = HwpDocument(file_path).run()
 
     data = path_read_file(file_path)
@@ -467,7 +467,7 @@ def generic_file_extractors(
     ]
 
     futures = {}
-    with pebble.ProcessPool(max_workers=int(selfextract_conf.general.max_workers)) as pool:
+    with pebble.ProcessPool(max_workers=int(integration_conf.general.max_workers)) as pool:
         # Prefer custom modules over the built-in ones, since only 1 is allowed
         # to be the extracted_files_tool.
         if extra_info_modules:
@@ -479,12 +479,12 @@ def generic_file_extractors(
         for extraction_func in file_info_funcs:
             funcname = extraction_func.__name__.split(".")[-1]
             if (
-                not getattr(selfextract_conf, funcname, {}).get("enabled", False)
+                not getattr(integration_conf, funcname, {}).get("enabled", False)
                 and getattr(extraction_func, "enabled", False) is False
             ):
                 continue
 
-            func_timeout = int(getattr(selfextract_conf, funcname, {}).get("timeout", 60))
+            func_timeout = int(getattr(integration_conf, funcname, {}).get("timeout", 60))
             futures[funcname] = pool.schedule(extraction_func, args=args, kwargs=kwargs, timeout=func_timeout)
     pool.join()
 
@@ -602,7 +602,7 @@ def eziriz_deobfuscate(file: str, *, data_dictionary: dict, **_) -> ExtractorRet
     if all(".NET Reactor" not in string for string in data_dictionary.get("die", [])):
         return
 
-    binary = shlex.split(selfextract_conf.eziriz_deobfuscate.binary.strip())[0]
+    binary = shlex.split(integration_conf.eziriz_deobfuscate.binary.strip())[0]
     binary = os.path.join(CUCKOO_ROOT, binary)
     if not binary:
         log.warning("eziriz_deobfuscate.binary is not defined in the configuration.")
@@ -625,7 +625,7 @@ def eziriz_deobfuscate(file: str, *, data_dictionary: dict, **_) -> ExtractorRet
         _ = run_tool(
             [
                 os.path.join(CUCKOO_ROOT, binary),
-                *shlex.split(selfextract_conf.eziriz_deobfuscate.extra_args.strip()),
+                *shlex.split(integration_conf.eziriz_deobfuscate.extra_args.strip()),
                 file,
             ],
             universal_newlines=True,
@@ -644,7 +644,7 @@ def de4dot_deobfuscate(file: str, *, filetype: str, **_) -> ExtractorReturnType:
     if "Mono" not in filetype:
         return
 
-    binary = shlex.split(selfextract_conf.de4dot_deobfuscate.binary.strip())[0]
+    binary = shlex.split(integration_conf.de4dot_deobfuscate.binary.strip())[0]
     if not binary:
         log.warning("de4dot_deobfuscate.binary is not defined in the configuration.")
         return
@@ -658,7 +658,7 @@ def de4dot_deobfuscate(file: str, *, filetype: str, **_) -> ExtractorReturnType:
         _ = run_tool(
             [
                 binary,
-                *shlex.split(selfextract_conf.de4dot_deobfuscate.extra_args.strip()),
+                *shlex.split(integration_conf.de4dot_deobfuscate.extra_args.strip()),
                 "-f",
                 file,
                 "-o",
@@ -687,7 +687,7 @@ def msi_extract(file: str, *, filetype: str, **kwargs) -> ExtractorReturnType:
         if not kwargs.get("tests"):
             # msiextract in different way that 7z, we need to add subfolder support
             output = run_tool(
-                [selfextract_conf.msi_extract.binary, file, "--directory", tempdir],
+                [integration_conf.msi_extract.binary, file, "--directory", tempdir],
                 universal_newlines=True,
                 stderr=subprocess.PIPE,
             )

lib/cuckoo/common/integrations/mandiant_intel.py

@@ -17,10 +17,10 @@
 MANDIANT_AUTH_URL = "https://api.intelligence.mandiant.com/token"
 MANDIANT_SEARCH_URL = "https://api.intelligence.mandiant.com/v4/search"
 
-processing_conf = Config("processing")
+integragrations_conf = Config("integrations")
 
-api_access = processing_conf.mandiant_intel.api_access
-api_secret = processing_conf.mandiant_intel.api_secret
+api_access = integragrations_conf.mandiant_intel.api_access
+api_secret = integragrations_conf.mandiant_intel.api_secret
 
 
 class MandiantAPIClient:
@@ -116,7 +116,7 @@ def parse_response(self, response):
 
 
 def mandiant_lookup(category: str, target: str, results: dict = {}):
-    if not processing_conf.mandiant_intel.enabled:
+    if not integragrations_conf.mandiant_intel.enabled:
         return results
 
     mandiant_intel = {}

lib/cuckoo/common/load_extra_modules.py

@@ -7,7 +7,7 @@
 
 from lib.cuckoo.common.config import Config
 
-selfextract_conf = Config("selfextract")
+integrations_conf = Config("integrations")
 
 
 def ratdecodedr_load_decoders(path: str):
@@ -146,7 +146,7 @@ def file_extra_info_load_modules(CUCKOO_ROOT: str):
 
     This function searches for Python modules in the "file_extra_info_modules" directory
     within the given CUCKOO_ROOT path. It imports and returns a list of modules that are
-    enabled based on their internal configuration or the selfextract_conf settings.
+    enabled based on their internal configuration or the integrations_conf settings.
 
     Args:
         CUCKOO_ROOT (str): The root directory of the CUCKOO installation.
@@ -170,7 +170,7 @@ def file_extra_info_load_modules(CUCKOO_ROOT: str):
     for name in EXTRA_MODULES:
         try:
             module = importlib.import_module(f"lib.cuckoo.common.integrations.file_extra_info_modules.{name}")
-            if not getattr(module, "enabled", False) and not selfextract_conf.__dict__.get(name, {}).get("enabled", False):
+            if not getattr(module, "enabled", False) and not integrations_conf.__dict__.get(name, {}).get("enabled", False):
                 continue
             file_extra_modules.append(module)
         except (ImportError, IndexError, AttributeError) as e: