Merge branch 'master' into staging

Author: doomedraven

agent/agent.py

@@ -43,7 +43,7 @@
 if sys.maxsize > 2**32 and sys.platform == "win32":
     sys.exit("You should install python3 x86! not x64")
 
-AGENT_VERSION = "0.19"
+AGENT_VERSION = "0.20"
 AGENT_FEATURES = [
     "execpy",
     "execute",
@@ -544,7 +544,7 @@ def do_mkdir():
 @app.route("/mktemp", methods=("GET", "POST"))
 def do_mktemp():
     suffix = request.form.get("suffix", "")
-    prefix = request.form.get("prefix", "tmp")
+    prefix = request.form.get("prefix", "")
     dirpath = request.form.get("dirpath")
 
     try:
@@ -560,11 +560,12 @@ def do_mktemp():
 @app.route("/mkdtemp", methods=("GET", "POST"))
 def do_mkdtemp():
     suffix = request.form.get("suffix", "")
-    prefix = request.form.get("prefix", "tmp")
+    prefix = request.form.get("prefix", "")
     dirpath = request.form.get("dirpath")
 
     try:
         dirpath = tempfile.mkdtemp(suffix=suffix, prefix=prefix, dir=dirpath)
+        subprocess.call(["icacls", dirpath, "/inheritance:e", "/grant", "BUILTIN\\Users:(OI)(CI)(RX)"])
     except Exception:
         return json_exception("Error creating temporary directory")
 
@@ -761,7 +762,7 @@ def do_browser_ext():
     AGENT_BROWSER_LOCK.acquire()
     if not AGENT_BROWSER_EXT_PATH:
         try:
-            ext_tmpdir = tempfile.mkdtemp(prefix="tmp")
+            ext_tmpdir = tempfile.mkdtemp(prefix="")
         except Exception:
             AGENT_BROWSER_LOCK.release()
             return json_exception("Error creating temporary directory")

analyzer/windows/dll/capemon.dll

@@ -1,5 +1,14 @@
+### [11.06.2025]
+* __Action required!__ For users of Python 3.12+ in guest, update the agent to solve #2621 affecting e.g. MSI detonation
+* Agent update: Fix issue with analyzer directory creation lacking required ACLs for Python 3.12, remove predictable "tmp" prefix for directory name(s) (fixes #2621)
+
+### [10.06.2025]
+* Monitor update: WMI hooks: add handling for VT_NULL and enable WMI_Get logging
+
 ### [06.06.2025]
-* Monitor update: Fix format string vulnerability in debugger StringsOutput() function
+* Monitor updates: 
+    * WMI hooks
+    * Fix format string vulnerability in debugger StringsOutput() function
 
 ### [03.06.2025]
 * Monitor update: Fix bug in retarget_relative_displacement() relative offset calculation (thanks @ClaudioWayne)

analyzer/windows/dll/capemon_x64.dll

@@ -49,6 +49,7 @@ drive_credentials_location = data/google_creds.json
 enabled = yes
 indent = 4
 encoding = latin-1
+store_compressed = no
 
 # Community
 [reporthtml]

changelog.md

@@ -415,7 +415,7 @@ class Task(Base):
     # Task tags
     tags_tasks = Column(String(256), nullable=True)
     # Virtual machine tags
-    tags = relationship("Tag", secondary=tasks_tags, backref=backref("tasks"), lazy="subquery", cascade="save-update, delete")
+    tags = relationship("Tag", secondary=tasks_tags, backref=backref("tasks"), lazy="subquery")
     options = Column(Text(), nullable=True)
     platform = Column(String(255), nullable=True)
     memory = Column(Boolean, nullable=False, default=False)

conf/default/reporting.conf.default

@@ -4,6 +4,7 @@
 
 import os
 
+from lib.cuckoo.common.utils import create_zip
 from lib.cuckoo.common.abstracts import Report
 from lib.cuckoo.common.exceptions import CuckooReportError
 from lib.cuckoo.common.path_utils import path_write_file
@@ -17,7 +18,6 @@
 
     HAVE_ORJSON = False
 
-
 class JsonDump(Report):
     """Saves analysis results in JSON format."""
 
@@ -48,5 +48,13 @@ def run(self, results):
             else:
                 with open(path, "w") as report:
                     json.dump(results, report, sort_keys=False, indent=int(indent), ensure_ascii=False)
+
+            # useful if you frequently fetch zipped reports to not compress in memory all the time
+            if self.options.get("store_compressed") and os.path.exists(path):
+                zip_path = path + ".zip"
+                zipped_io = create_zip(path)
+                with open(zip_path, "wb") as f:
+                    f.write(zipped_io.getvalue())
+
         except (UnicodeError, TypeError, IOError) as e:
             raise CuckooReportError(f"Failed to generate JSON report: {e}")

lib/cuckoo/core/database.py

@@ -15,7 +15,7 @@ greenlet = "3.0.3"
 Pebble = "5.1.0"
 # pymisp = "2.4.144"
 cryptography = ">=44.0.1"
-requests = {version = "2.32.2", extras = ["security", "socks"]}
+requests = {version = "2.32.4", extras = ["security", "socks"]}
 # pyOpenSSL = "24.0.0"
 pefile = "*"
 tldextract = ">=5.1.2"

modules/reporting/jsondump.py

@@ -380,9 +380,9 @@ django-recaptcha==4.0.0 ; python_version >= "3.10" and python_version < "4.0" \
     --hash=sha256:5316438f97700c431d65351470d1255047e3f2cd9af0f2f13592b637dad9213e
 django-settings-export==1.2.1 ; python_version >= "3.10" and python_version < "4.0" \
     --hash=sha256:fceeae49fc597f654c1217415d8e049fc81c930b7154f5d8f28c432db738ff79
-django==5.1.9 ; python_version >= "3.10" and python_version < "4.0" \
-    --hash=sha256:2fd1d4a0a66a5ba702699eb692e75b0d828b73cc2f4e1fc4b6a854a918967411 \
-    --hash=sha256:565881bdd0eb67da36442e9ac788bda90275386b549070d70aee86327781a4fc
+django==5.1.10 ; python_version >= "3.10" and python_version < "4.0" \
+    --hash=sha256:19c9b771e9cf4de91101861aadd2daaa159bcf10698ca909c5755c88e70ccb84 \
+    --hash=sha256:73e5d191421d177803dbd5495d94bc7d06d156df9561f4eea9e11b4994c07137
 djangorestframework==3.15.2 ; python_version >= "3.10" and python_version < "4.0" \
     --hash=sha256:2b8871b062ba1aefc2de01f773875441a961fefbf79f5eed1e32b2f096944b20 \
     --hash=sha256:36fe88cd2d6c6bec23dca9804bab2ba5517a8bb9d8f47ebc68981b56840107ad
@@ -1216,6 +1216,7 @@ psycopg2-binary==2.9.10 ; python_version >= "3.10" and python_version < "4.0" \
     --hash=sha256:245159e7ab20a71d989da00f280ca57da7641fa2cdcf71749c193cea540a74f7 \
     --hash=sha256:26540d4a9a4e2b096f1ff9cce51253d0504dca5a85872c7f7be23be5a53eb18d \
     --hash=sha256:270934a475a0e4b6925b5f804e3809dd5f90f8613621d062848dd82f9cd62007 \
+    --hash=sha256:27422aa5f11fbcd9b18da48373eb67081243662f9b46e6fd07c3eb46e4535142 \
     --hash=sha256:2ad26b467a405c798aaa1458ba09d7e2b6e5f96b1ce0ac15d82fd9f95dc38a92 \
     --hash=sha256:2b3d2491d4d78b6b14f76881905c7a8a8abcf974aad4a8a0b065273a0ed7a2cb \
     --hash=sha256:2ce3e21dc3437b1d960521eca599d57408a695a0d3c26797ea0f72e834c7ffe5 \
@@ -1667,9 +1668,9 @@ rat-king-parser==4.1.6 ; python_version >= "3.10" and python_version < "4.0" \
 requests-file==2.1.0 ; python_version >= "3.10" and python_version < "4.0" \
     --hash=sha256:0f549a3f3b0699415ac04d167e9cb39bccfb730cb832b4d20be3d9867356e658 \
     --hash=sha256:cf270de5a4c5874e84599fc5778303d496c10ae5e870bfa378818f35d21bda5c
-requests==2.32.2 ; python_version >= "3.10" and python_version < "4.0" \
-    --hash=sha256:dd951ff5ecf3e3b3aa26b40703ba77495dab41da839ae72ef3c8e5d8e2433289 \
-    --hash=sha256:fc06670dd0ed212426dfeb94fc1b983d917c4f9847c863f313c9dfaaffb7c23c
+requests==2.32.4 ; python_version >= "3.10" and python_version < "4.0" \
+    --hash=sha256:27babd3cda2a6d50b30443204ee89830707d396671944c998b5975b031ac2b2c \
+    --hash=sha256:27d0316682c8a29834d3264820024b62a36942083d52caf2f14c0591336d3422
 rich==13.9.4 ; python_version >= "3.10" and python_version < "4.0" \
     --hash=sha256:439594978a49a09530cff7ebc4b5c7103ef57baf48d5ea3184f21d9a2befa098 \
     --hash=sha256:6049d5e6ec054bf2779ab3358186963bac2ea89175919d699e378b99738c2a90
@@ -1678,13 +1679,16 @@ ruamel-yaml-clib==0.2.12 ; python_version >= "3.10" and python_version < "3.13"
     --hash=sha256:0467c5965282c62203273b838ae77c0d29d7638c8a4e3a1c8bdd3602c10904e4 \
     --hash=sha256:0b7e75b4965e1d4690e93021adfcecccbca7d61c7bddd8e22406ef2ff20d74ef \
     --hash=sha256:11f891336688faf5156a36293a9c362bdc7c88f03a8a027c2c1d8e0bcde998e5 \
+    --hash=sha256:1492a6051dab8d912fc2adeef0e8c72216b24d57bd896ea607cb90bb0c4981d3 \
     --hash=sha256:20b0f8dc160ba83b6dcc0e256846e1a02d044e13f7ea74a3d1d56ede4e48c632 \
     --hash=sha256:22353049ba4181685023b25b5b51a574bce33e7f51c759371a7422dcae5402a6 \
+    --hash=sha256:2c59aa6170b990d8d2719323e628aaf36f3bfbc1c26279c0eeeb24d05d2d11c7 \
     --hash=sha256:32621c177bbf782ca5a18ba4d7af0f1082a3f6e517ac2a18b3974d4edf349680 \
     --hash=sha256:3bc2a80e6420ca8b7d3590791e2dfc709c88ab9152c00eeb511c9875ce5778bf \
     --hash=sha256:3eac5a91891ceb88138c113f9db04f3cebdae277f5d44eaa3651a4f573e6a5da \
     --hash=sha256:4a6679521a58256a90b0d89e03992c15144c5f3858f40d7c18886023d7943db6 \
     --hash=sha256:4c8c5d82f50bb53986a5e02d1b3092b03622c02c2eb78e29bec33fd9593bae1a \
+    --hash=sha256:4f6f3eac23941b32afccc23081e1f50612bdbe4e982012ef4f5797986828cd01 \
     --hash=sha256:5a0e060aace4c24dcaf71023bbd7d42674e3b230f7e7b97317baf1e953e5b519 \
     --hash=sha256:6442cb36270b3afb1b4951f060eccca1ce49f3d087ca1ca4563a6eb479cb3de6 \
     --hash=sha256:6c8fbb13ec503f99a91901ab46e0b07ae7941cd527393187039aec586fdfd36f \
@@ -1696,8 +1700,10 @@ ruamel-yaml-clib==0.2.12 ; python_version >= "3.10" and python_version < "3.13"
     --hash=sha256:95c3829bb364fdb8e0332c9931ecf57d9be3519241323c5274bd82f709cebc0c \
     --hash=sha256:96777d473c05ee3e5e3c3e999f5d23c6f4ec5b0c38c098b3a5229085f74236c6 \
     --hash=sha256:a274fb2cb086c7a3dea4322ec27f4cb5cc4b6298adb583ab0e211a4682f241eb \
+    --hash=sha256:a52d48f4e7bf9005e8f0a89209bf9a73f7190ddf0489eee5eb51377385f59f2a \
     --hash=sha256:a606ef75a60ecf3d924613892cc603b154178ee25abb3055db5062da811fd969 \
     --hash=sha256:ab007f2f5a87bd08ab1499bdf96f3d5c6ad4dcfa364884cb4549aa0154b13a28 \
+    --hash=sha256:b82a7c94a498853aa0b272fd5bc67f29008da798d4f93a2f9f289feb8426a58d \
     --hash=sha256:bb43a269eb827806502c7c8efb7ae7e9e9d0573257a46e8e952f4d4caba4f31e \
     --hash=sha256:bc5f1e1c28e966d61d2519f2a3d451ba989f9ea0f2307de7bc45baa526de9e45 \
     --hash=sha256:bd0a08f0bab19093c54e18a14a10b4322e1eacc5217056f3c063bd2f59853ce4 \