Merge pull request #91 from CybercentreCanada/update/zip-support

Adding zip support
CybercentreCanada · Sep 7, 2022 · 463f88a · 463f88a
2 parents 5b85ec2 + e930901
commit 463f88a
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/cape/cape_main.py b/cape/cape_main.py
@@ -1163,7 +1163,7 @@ def _set_task_parameters(self, kwargs: Dict[str, Any], parent_section: ResultSec
 
         # This is a CAPE workaround because otherwise CAPE will extract an archive
         # into extracted files and submit each as a separate task
-        elif self.request.file_type in ["archive/iso", "archive/vhd", "archive/udf"]:
+        elif self.request.file_type in ["archive/iso", "archive/vhd", "archive/udf", "archive/zip"]:
             task_options.append("file=")
 
         if package:

diff --git a/cape/cape_result.py b/cape/cape_result.py
@@ -101,6 +101,7 @@
     "xls",
     "xlsm",
     "xlsx",
+    "zip",
 ]
 ANALYSIS_ERRORS = "Analysis Errors"
 # Substring of Warning Message frm https://github.com/cuckoosandbox/cuckoo/blob/50452a39ff7c3e0c4c94d114bc6317101633b958/cuckoo/core/guest.py#L561

diff --git a/service_manifest.yml b/service_manifest.yml
@@ -2,7 +2,7 @@ name: CAPE
 version: $SERVICE_TAG
 description: Provides dynamic malware analysis through sandboxing.
 
-accepts: (executable/(windows|linux)|java|audiovisual|meta)/.*|document/(installer/windows|office/(excel|ole|powerpoint|rtf|unknown|word|mhtml)|pdf)|code/(javascript|jscript|python|vbs|wsf|html|ps1|batch|hta)|shortcut/windows|archive/(iso|vhd|udf)
+accepts: (executable/(windows|linux)|java|audiovisual|meta)/.*|document/(installer/windows|office/(excel|ole|powerpoint|rtf|unknown|word|mhtml)|pdf)|code/(javascript|jscript|python|vbs|wsf|html|ps1|batch|hta)|shortcut/windows|archive/(iso|vhd|udf|zip)
 rejects: empty|metadata/.*
 
 stage: CORE

diff --git a/tests/test_cape_main.py b/tests/test_cape_main.py
@@ -394,7 +394,7 @@ def test_supported_extensions_constant():
         assert SUPPORTED_EXTENSIONS == ['bat', 'bin', 'cpl', 'dll', 'doc', 'docm', 'docx', 'dotm', 'elf', 'eml', 'exe',
                                         'hta', 'htm', 'html', 'hwp', 'iso', 'jar', 'js', 'lnk', 'mht', 'msg', 'msi', 'pdf',
                                         'potm', 'potx', 'pps', 'ppsm', 'ppsx', 'ppt', 'pptm', 'pptx', 'ps1', 'pub',
-                                        'py', 'pyc', 'rar', 'rtf', 'sh', 'swf', 'udf', 'vbs', 'vhd', 'wsf', 'xls', 'xlsm', 'xlsx']
+                                        'py', 'pyc', 'rar', 'rtf', 'sh', 'swf', 'udf', 'vbs', 'vhd', 'wsf', 'xls', 'xlsm', 'xlsx', 'zip']
 
     @staticmethod
     def test_illegal_filename_chars_constant():
-Original file line number
+Diff line change
@@ Expand Up / @@ -101,6 +101,7 @@ @@
         "xls",
         "xlsm",
         "xlsx",
+        "zip",
     ]
     ANALYSIS_ERRORS = "Analysis Errors"
     # Substring of Warning Message frm https://github.com/cuckoosandbox/cuckoo/blob/50452a39ff7c3e0c4c94d114bc6317101633b958/cuckoo/core/guest.py#L561
@@ Expand Down @@