Ruff

.github/workflows/python-package.yml

@@ -37,7 +37,7 @@ jobs:
           poetry run pip install pyattck==7.1.2 maco
 
       - name: Run Ruff
-        run: poetry run ruff check . --line-length 132 --ignore E501,E402
+        run: poetry run ruff check . --output-format=github .
 
       - name: Run unit tests
         run: poetry run python -m pytest --import-mode=append
@@ -59,20 +59,15 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: Format with black
-        run: poetry run black .
-
-      # to be replaced with ruff
-      - name: Format imports with isort
-        run: poetry run isort .
-
       - name: Commit changes if any
         # Skip this step if being run by nektos/act
         if: ${{ !env.ACT }}
         run: |
           git config user.name "GitHub Actions"
           git config user.email "[email protected]"
           if output=$(git status --porcelain) && [ ! -z "$output" ]; then
+            git pull
+            git add .
             git commit -m "style: Automatic code formatting" -a
             git push
           fi

agent/agent.py

@@ -226,7 +226,6 @@ def handle(self, obj):
             self.close_connection = True
 
     def shutdown(self):
-
         # BaseServer also features a .shutdown() method, but you can't use
         # that from the same thread as that will deadlock the whole thing.
         if hasattr(self, "s"):

analyzer/linux/lib/common/results.py

@@ -38,7 +38,7 @@ def upload_to_host(file_path, dump_path, pids="", ppids="", metadata="", categor
                     nc.send(buf, retry=True)
                     buf = infd.read(BUFSIZE)
     except Exception as e:
-        log.error("Exception uploading file %s to host: %s", file_path, e, exc_info=True)
+        log.exception("Exception uploading file %s to host: %s", file_path, e)
     finally:
         if nc:
             nc.close()

analyzer/linux/modules/auxiliary/filecollector.py

@@ -51,7 +51,6 @@ def __init__(self, options, config):
                 self.thread.join(0.5)
 
     def run(self):
-
         if not HAVE_PYINOTIFY:
             log.info("Missed dependency: pip3 install pyinotify")
             return False

analyzer/linux/modules/auxiliary/screenshots.py

@@ -11,6 +11,7 @@
 
 if HAVE_PIL and HAVE_DBUS_NEXT:
     from PIL import Image
+
     from lib.api.screenshot import Screenshot, ScreenshotGrabber, ScreenshotsUnsupported
 
 from lib.common.abstracts import Auxiliary

analyzer/linux/modules/packages/zip.py

@@ -17,7 +17,6 @@
 
 
 class Zip(Package):
-
     real_package = None
 
     def prepare(self):

analyzer/windows/analyzer.py

@@ -691,7 +691,7 @@ def analysis_loop(self, aux_modules):
                                     try:
                                         Process(pid=pid).upload_memdump()
                                     except Exception as e:
-                                        log.error(e, exc_info=True)
+                                        log.exception(e)
                                 log.info("Process with pid %s appears to have terminated", pid)
                                 if pid in self.process_list.pids:
                                     self.process_list.remove_pid(pid)
@@ -915,7 +915,7 @@ def dump_file(self, filepath, metadata="", pids="", ppids="", category="files"):
         except (IOError, socket.error) as e:
             log.error('Unable to upload dropped file at path "%s": %s', filepath, e)
         except Exception as e:
-            log.error(e, exc_info=True)
+            log.exception(e)
 
     def delete_file(self, filepath, pid=None):
         """A file is about to removed and thus should be dumped right away."""
@@ -1508,8 +1508,7 @@ def dispatch(self, data):
                 try:
                     response = fn(arguments)
                 except Exception as e:
-                    log.error(e, exc_info=True)
-                    log.exception("Pipe command handler exception occurred (command %s args %s)", command, arguments)
+                    log.exception("Pipe command handler exception occurred (command %s args %s). %s", command, arguments, str(e))
 
         return response
 
@@ -1536,7 +1535,7 @@ def dispatch(self, data):
 
     # When user set wrong package, Example: Emotet package when submit doc, package only is for EXE!
     except CuckooError:
-        log.info("You probably submitted the job with wrong package", exc_info=True)
+        log.exception("You probably submitted the job with wrong package")
         data["status"] = "exception"
         data["description"] = "You probably submitted the job with wrong package"
         try:

analyzer/windows/lib/api/process.py

@@ -43,13 +43,13 @@
         CAPEMON64_NAME,
         LOADER32_NAME,
         LOADER64_NAME,
-        TTD32_NAME,
-        TTD64_NAME,
         LOGSERVER_PREFIX,
         PATHS,
         PIPE,
         SHUTDOWN_MUTEX,
         TERMINATE_EVENT,
+        TTD32_NAME,
+        TTD64_NAME,
     )
     from lib.common.defines import (
         KERNEL32,
@@ -601,7 +601,6 @@ def is_64bit(self):
         return False
 
     def write_monitor_config(self, interest=None, nosleepskip=False):
-
         config_path = os.path.join(Path.cwd(), "dll", f"{self.pid}.ini")
         log.info("Monitor config for %s: %s", self, config_path)
 
@@ -759,7 +758,7 @@ def upload_memdump(self):
         try:
             upload_to_host(file_path, os.path.join("memory", f"{self.pid}.dmp"), category="memory")
         except Exception as e:
-            log.error(e, exc_info=True)
+            log.exception(e)
             log.error(os.path.join("memory", f"{self.pid}.dmp"))
             log.error(file_path)
         log.info("Memory dump of %s uploaded", self)

analyzer/windows/lib/common/results.py

@@ -61,7 +61,7 @@ def upload_to_host(file_path, dump_path, pids="", ppids="", metadata="", categor
                         size -= read_size
                         buf = infd.read(BUFSIZE)
     except Exception as e:
-        log.error("Exception uploading file %s to host: %s", file_path, e, exc_info=True)
+        log.exception("Exception uploading file %s to host: %s", file_path, e)
 
 
 def upload_buffer_to_host(buffer, dump_path, filepath=False, pids="", ppids="", metadata="", category="", duplicated=False):

analyzer/windows/lib/core/pipe.py

@@ -224,7 +224,7 @@ def stop(self):
                 if h.is_alive():
                     h.stop()
             except Exception as e:
-                log.error(e, exc_info=True)
+                log.exception(e)
 
 
 def disconnect_pipes():

analyzer/windows/modules/auxiliary/dns_etw.py

@@ -43,7 +43,6 @@ def encode(data, encoding="utf-8"):
 if HAVE_ETW:
 
     class ETW_provider(ETW):
-
         def __init__(
             self,
             ring_buf_size=1024,

analyzer/windows/modules/auxiliary/evtx.py

@@ -12,7 +12,6 @@
 
 
 class Evtx(Thread, Auxiliary):
-
     evtx_dump = "evtx.zip"
 
     windows_logs = [

analyzer/windows/modules/auxiliary/permissions.py

@@ -34,7 +34,6 @@ def start(self):
 
         log.debug("Adjusting permissions for %s", locations)
         for location in locations:
-
             # First add a non-inherited permission for Admin Read+Execute
             # icacls <location> /grant:r "BUILTIN\Administrators:(OI)(CI)(RX)" "BUILTIN\\Administrators:(RX)" /t /c /q
             modify_admin_params = [

analyzer/windows/modules/packages/pub.py

@@ -30,7 +30,6 @@ def __init__(self, options=None, config=None):
     The .pub filename extension will be added automatically."""
 
     def set_keys(self):
-
         baseOfficeKeyPath = r"Software\Microsoft\Office"
         installedVersions = []
         try:

analyzer/windows/modules/packages/pub2016.py

@@ -26,7 +26,6 @@ def __init__(self, options=None, config=None):
     The .pub filename extension will be added automatically."""
 
     def set_keys(self):
-
         baseOfficeKeyPath = r"Software\Microsoft\Office"
         installedVersions = []
         try:

analyzer/windows/prescripts/prescript_detection.py

@@ -599,7 +599,7 @@ def create_trigger(
 
 def change_execution_dir(dir):
     log.info(f"Changing execution directory to {dir}")
-    log.warn("Changing directory not available in prescript testing")
+    log.warning("Changing directory not available in prescript testing")
 
 
 def main(args):

analyzer/windows/tests/lib/common/test_abstracts.py

@@ -6,7 +6,6 @@
 
 
 class TestPackageConfiguration(unittest.TestCase):
-
     def test_private_package_configuration(self):
         # test analysis package
         package_module = self.__class__.__module__

analyzer/windows/tests/test_analyzer.py

@@ -81,7 +81,6 @@ def test_prepare(self, set_lock, init_logging, config, pipeserver):
 
 
 class TestAnalyzerChoosePackage(unittest.TestCase):
-
     def test_choose_package_shellcode(self):
         test = analyzer.Analyzer()
         test.config = MagicMock()

lib/cuckoo/common/abstracts.py

@@ -833,7 +833,6 @@ def set_path(self, analysis_path):
             CuckooReportError(e)
 
     def yara_detected(self, name):
-
         target = self.results.get("target", {})
         if target.get("category") in ("file", "static") and target.get("file"):
             for keyword in ("cape_yara", "yara"):
@@ -889,16 +888,22 @@ def yara_detected(self, name):
             for yara_block in self.results["static"]["office"]["Macro"]["info"].get("macroname", []) or []:
                 for sub_block in self.results["static"]["office"]["Macro"]["info"]["macroname"].get(yara_block, []) or []:
                     if re.findall(name, sub_block["name"], re.I):
-                        yield "macro", os.path.join(macro_path, macroname), sub_block, self.results["static"]["office"]["Macro"][
-                            "info"
-                        ]
+                        yield (
+                            "macro",
+                            os.path.join(macro_path, macroname),
+                            sub_block,
+                            self.results["static"]["office"]["Macro"]["info"],
+                        )
 
         if self.results.get("static", {}).get("office", {}).get("XLMMacroDeobfuscator", False):
             for yara_block in self.results["static"]["office"]["XLMMacroDeobfuscator"].get("info", []).get("yara_macro", []) or []:
                 if re.findall(name, yara_block["name"], re.I):
-                    yield "macro", os.path.join(macro_path, "xlm_macro"), yara_block, self.results["static"]["office"][
-                        "XLMMacroDeobfuscator"
-                    ]["info"]
+                    yield (
+                        "macro",
+                        os.path.join(macro_path, "xlm_macro"),
+                        yara_block,
+                        self.results["static"]["office"]["XLMMacroDeobfuscator"]["info"],
+                    )
 
     def signature_matched(self, signame: str) -> bool:
         # Check if signature has matched (useful for ordered signatures)
@@ -964,7 +969,6 @@ def _get_ip_by_host(self, hostname):
         )
 
     def _get_ip_by_host_dns(self, hostname):
-
         ips = []
 
         try:
@@ -1722,7 +1726,7 @@ def update(self) -> bool:
             try:
                 req = requests.get(self.downloadurl, headers=headers, verify=True)
             except requests.exceptions.RequestException as e:
-                log.warn("Error downloading feed for %s: %s", self.feedname, e)
+                log.warning("Error downloading feed for %s: %s", self.feedname, e)
                 return False
             if req.status_code == 200:
                 self.downloaddata = req.content

lib/cuckoo/common/admin_utils.py

@@ -382,7 +382,7 @@ def execute_command_on_all(remote_command, servers: list, ssh_proxy: SSHClient):
         except TimeoutError as e:
             sys.exit(f"Did you forget to use jump box? {str(e)}")
         except Exception as e:
-            log.error(e, exc_info=True)
+            log.exception(e)
 
 
 def bulk_deploy(files, yara_category, dry_run=False, servers: list = [], ssh_proxy: SSHClient = False):

lib/cuckoo/common/cape_utils.py

@@ -194,7 +194,7 @@ def static_config_parsers(cape_name, file_path, file_data):
                     cape_config[cape_name].update({key: [value]})
                 parser_loaded = True
         except Exception as e:
-            log.error("CAPE: parsing error on %s with %s: %s", file_path, cape_name, e, exc_info=True)
+            log.exception("CAPE: parsing error on %s with %s: %s", file_path, cape_name, e)
 
     # DC3-MWCP
     if HAS_MWCP and not parser_loaded and cape_name and cape_name in mwcp_decoders:
@@ -260,7 +260,7 @@ def static_config_parsers(cape_name, file_path, file_data):
             if "rules" in str(e):
                 log.warning("You probably need to compile yara-python with dotnet support")
             else:
-                log.error(e, exc_info=True)
+                log.exception(e)
                 log.warning(
                     "malwareconfig parsing error for %s with %s: %s, you should submit issue/fix to https://github.com/kevthehermit/RATDecoders/",
                     file_path,

lib/cuckoo/common/cleaners_utils.py

@@ -229,7 +229,7 @@ def delete_data(tid):
         elif repconf.elasticsearchdb.enabled:
             delete_analysis_and_related_calls(tid)
     except Exception as e:
-        log.error("failed to remove analysis info (may not exist) %s due to %s" % (tid, e), exc_info=True)
+        log.exception("failed to remove analysis info (may not exist) %s due to %s" % (tid, e))
     with db.session.begin():
         if db.delete_task(tid):
             delete_folder(os.path.join(CUCKOO_ROOT, "storage", "analyses", "%s" % tid))
@@ -654,7 +654,6 @@ def binaries_clean_before_day(days: int):
 
 
 def execute_cleanup(args: dict, init_log=True):
-
     if init_log:
         init_console_logging()
 

lib/cuckoo/common/demux.py

@@ -184,7 +184,7 @@ def _sf_children(child: sfFile):  # -> bytes:
                 path_to_extract = os.path.join(tmp_dir, sanitize_filename((child.filename).decode()))
                 _ = path_write_file(path_to_extract, child.contents)
         except Exception as e:
-            log.error(e, exc_info=True)
+            log.exception(e)
     return (path_to_extract.encode(), child.platform, child.get_type(), child.get_size())
 
 
@@ -220,7 +220,7 @@ def demux_sflock(filename: bytes, options: str, check_shellcode: bool = True):
             else:
                 retlist.append(_sf_children(sf_child))
     except Exception as e:
-        log.error(e, exc_info=True)
+        log.exception(e)
     return list(filter(None, retlist)), ""
 
 

lib/cuckoo/common/dotnet_utils.py

@@ -14,7 +14,6 @@
 
 
 def dotnet_user_strings(file: str = False, data: bytes = False, dn_whitelisting: list = []):
-
     if not HAVE_DNFILE:
         return []
 

lib/cuckoo/common/email_utils.py

@@ -28,7 +28,6 @@ def find_attachments_in_email(s, expand_attachment):
 
 
 def _find_attachments_in_email(mesg, expand_attachment, atts):
-
     # MHTML detection
     if mesg.get_content_maintype() == "multipart" and mesg.get_content_subtype() == "related":
         for part in mesg.walk():

lib/cuckoo/common/gcp.py

@@ -63,7 +63,7 @@ def list_instances(self) -> dict:
                         ]
                         servers.setdefault(instance["name"], ips)
                 except Exception as e:
-                    log.error(e, exc_info=True)
+                    log.exception(e)
         elif HAVE_GCP:
             try:
                 instance_client = compute_v1.InstancesClient()
@@ -88,7 +88,6 @@ def list_instances(self) -> dict:
         return servers
 
     def autodiscovery(self):
-
         while True:
             servers = self.list_instances()
             if not servers:
@@ -109,9 +108,9 @@ def autodiscovery(self):
                             if not r.ok:
                                 log.error("Can't registger worker with IP: %s. status_code: %d ", ip, r.status_code)
                         except Exception as e:
-                            log.error(e, exc_info=True)
+                            log.exception(e)
                         break
                     except Exception as e:
-                        log.error(e, exc_info=True)
+                        log.exception(e)
 
             time.sleep(int(self.dist_cfg.GCP.autodiscovery))

lib/cuckoo/common/hypervisor_config.py

@@ -8,7 +8,6 @@
 
 
 def proxmox_shutdown_vm(machineName: str):
-
     proxmox_server = proxmox_conf.proxmox.hostname
     # Not supporting multiple servers
     nodes = proxmox_conf.proxmox.nodes