Merge pull request #2387 from kevoreilly/staging

kevoreilly · Nov 4, 2024 · a84ccd7 · a84ccd7
2 parents bdbc19d + fbe5fdf
commit a84ccd7
Show file tree

Hide file tree

Showing 208 changed files with 1,555 additions and 17,820 deletions.
diff --git a/.github/workflows/python-package-windows.yml b/.github/workflows/python-package-windows.yml
@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 20
     strategy:
       matrix:
-        python-version: ["3.10", "3.11"]
+        python-version: ["3.10"]
 
     steps:
       - name: Check out repository code

diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
@@ -15,7 +15,7 @@ jobs:
     timeout-minutes: 20
     strategy:
       matrix:
-        python-version: ["3.10", "3.11"]
+        python-version: ["3.10"]
     steps:
       - name: Check out repository code
         uses: actions/checkout@v4
@@ -42,18 +42,6 @@ jobs:
       - name: Run unit tests
         run: poetry run python -m pytest --import-mode=append
 
-      - name: See if any parser changed
-        uses: dorny/paths-filter@v3
-        id: changes
-        with:
-          filters: |
-            src:
-              - 'modules/processing/parsers/CAPE/*.py'
-
-      - name: Test parsers only if any parser changed
-        if: steps.changes.outputs.src == 'true'
-        run: poetry run python -m pytest tests_parsers -s --import-mode=append
-
   format:
     runs-on: ubuntu-latest
     timeout-minutes: 20

diff --git a/changelog.md b/changelog.md
@@ -1,3 +1,12 @@
+### [01.11.2024] Parsers
+* Malware config parsers aka parsers are moved out of core of CAPE.
+    * Now they are at their own [repository](https://github.com/CAPESandbox/CAPE-parsers).
+        * Feature added. `load=X`, where `X` is one of those: all/core/community
+            * All = core and community
+        * Exclude parsers. Allows to not load some particular parsers. `exclude_parsers=["name1", "name2"]`
+    * Your custom parsers from `custom/parsers/` will still load and overwrite cape carser if name matches.
+* __Action required!__ `cd /opt/CAPEv2 && poetry install`
+
 ### [04.10.2024]
 * Monitor update: Add GetClassObject hook to handle UAC bypass technique using CMSTPLUA COM object
 * PrivateLoader direct syscall capture

diff --git a/conf/default/cuckoo.conf.default b/conf/default/cuckoo.conf.default
@@ -33,6 +33,11 @@ scaling_semaphore = off
 # A configurable wait time between updating the limit value of the scaling bounded semaphore
 scaling_semaphore_update_timer = 10
 
+# Specify a timeout for tasks, useful if you are bound to timely reports awaited by users
+task_timeout = off
+task_pending_timeout = 0 
+task_timeout_scan_interval = 30
+
 # Enable creation of memory dump of the analysis machine before shutting
 # down. Even if turned off, this functionality can also be enabled at
 # submission. Currently available for: VirtualBox and libvirt modules (KVM).

diff --git a/lib/cuckoo/common/aplib.py b/lib/cuckoo/common/aplib.py
diff --git a/lib/cuckoo/common/blzpack.py b/lib/cuckoo/common/blzpack.py
diff --git a/lib/cuckoo/common/blzpack_lib.so b/lib/cuckoo/common/blzpack_lib.so