From bf17c379fde62966b0e49108e6baf3d6607a4cb3 Mon Sep 17 00:00:00 2001
From: fe7ch <fe7ch@users.noreply.github.com>
Date: Sat, 18 Feb 2017 18:28:41 +0300
Subject: [PATCH] Log standardization of the commands wget/curl/ftpget/tftp.
 (#456)

* Log standardization of the commands wget/curl/ftpget/tftp.

* Bring back call of self.protocol.logDispatch().
---
 cowrie/commands/curl.py   |  9 ++++-----
 cowrie/commands/ftpget.py | 17 +++++++++++------
 cowrie/commands/tftp.py   |  8 ++++----
 cowrie/commands/wget.py   | 16 +++++++---------
 4 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/cowrie/commands/curl.py b/cowrie/commands/curl.py
index 16084688..f2ca872b 100644
--- a/cowrie/commands/curl.py
+++ b/cowrie/commands/curl.py
@@ -314,8 +314,9 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
             log.msg("there's no file " + self.safeoutfile)
             self.exit()
 
-        shasum = hashlib.sha256(open(self.safeoutfile, 'rb').read()).hexdigest()
-        hashPath = os.path.join(self.download_path, shasum)
+        with open(self.safeoutfile, 'rb') as f:
+            shasum = hashlib.sha256(f.read()).hexdigest()
+            hashPath = os.path.join(self.download_path, shasum)
 
         # If we have content already, delete temp file
         if not os.path.exists(hashPath):
@@ -343,9 +344,7 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
         # self.safeoutfile = hashPath
 
         # Update the honeyfs to point to downloaded file
-        if outfile is not None:
-            f = self.fs.getfile(outfile)
-            f[A_REALFILE] = hashPath
+        self.fs.update_realfile(self.fs.getfile(outfile), hashPath)
         self.exit()
 
 
diff --git a/cowrie/commands/ftpget.py b/cowrie/commands/ftpget.py
index 97a0c875..4fb5af43 100644
--- a/cowrie/commands/ftpget.py
+++ b/cowrie/commands/ftpget.py
@@ -104,6 +104,7 @@ Download a file via FTP
         result = self.ftp_download(self.safeoutfile)
 
         if not result:
+            self.safeoutfile = None
             self.exit()
             return
 
@@ -112,15 +113,16 @@ Download a file via FTP
             self.exit()
             return
 
-        shasum = hashlib.sha256(open(self.safeoutfile, 'rb').read()).hexdigest()
-        hash_path = os.path.join(self.download_path, shasum)
+        with open(self.safeoutfile, 'rb') as f:
+            shasum = hashlib.sha256(f.read()).hexdigest()
+            hash_path = os.path.join(self.download_path, shasum)
 
         # If we have content already, delete temp file
         if not os.path.exists(hash_path):
             os.rename(self.safeoutfile, hash_path)
         else:
             os.remove(self.safeoutfile)
-        os.symlink( shasum, self.safeoutfile )
+            log.msg("Not storing duplicate content " + shasum)
 
         log.msg(eventid='cowrie.session.file_download',
                 format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
@@ -128,10 +130,13 @@ Download a file via FTP
                 outfile=hash_path,
                 shasum=shasum)
 
-        # Update the honeyfs to point to downloaded file
-        self.fs.mkfile(fakeoutfile, 0, 0, os.path.getsize(hash_path), 33188)
-        self.fs.update_realfile(self.fs.getfile(fakeoutfile), hash_path)
+        # Link friendly name to hash
+        os.symlink(shasum, self.safeoutfile)
 
+        self.safeoutfile = None
+
+        # Update the honeyfs to point to downloaded file
+        self.fs.update_realfile(self.fs.getfile(fakeoutfile), hash_path)
         self.exit()
 
     def ftp_download(self, safeoutfile):
diff --git a/cowrie/commands/tftp.py b/cowrie/commands/tftp.py
index e6d23277..2c9c4075 100644
--- a/cowrie/commands/tftp.py
+++ b/cowrie/commands/tftp.py
@@ -106,11 +106,11 @@ class command_tftp(HoneyPotCommand):
             # Link friendly name to hash
             os.symlink(shasum, self.safeoutfile)
 
+            self.safeoutfile = None
+
             # Update the honeyfs to point to downloaded file
-            f = self.fs.getfile(self.file_to_get)
-            f[A_REALFILE] = hash_path
-
-
+            self.fs.update_realfile(self.fs.getfile(self.file_to_get), hash_path)
+            self.exit()
 
 
     def start(self):
diff --git a/cowrie/commands/wget.py b/cowrie/commands/wget.py
index 51d47de1..c227c218 100644
--- a/cowrie/commands/wget.py
+++ b/cowrie/commands/wget.py
@@ -194,7 +194,7 @@ class command_wget(HoneyPotCommand):
 
         with open(self.safeoutfile, 'rb') as f:
             shasum = hashlib.sha256(f.read()).hexdigest()
-        hash_path = os.path.join(self.download_path, shasum)
+            hash_path = os.path.join(self.download_path, shasum)
 
         # If we have content already, delete temp file
         if not os.path.exists(hash_path):
@@ -204,10 +204,10 @@ class command_wget(HoneyPotCommand):
             log.msg("Not storing duplicate content " + shasum)
 
         self.protocol.logDispatch(eventid='cowrie.session.file_download',
-            format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
-            url=self.url,
-            outfile=hash_path,
-            shasum=shasum )
+                                  format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
+                                  url=self.url,
+                                  outfile=hash_path,
+                                  shasum=shasum)
 
         log.msg(eventid='cowrie.session.file_download',
                 format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
@@ -218,12 +218,10 @@ class command_wget(HoneyPotCommand):
         # Link friendly name to hash
         os.symlink(shasum, self.safeoutfile)
 
-        # FIXME: is this necessary?
-        # self.safeoutfile = hash_path
+        self.safeoutfile = None
 
         # Update the honeyfs to point to downloaded file
-        f = self.fs.getfile(outfile)
-        f[A_REALFILE] = hash_path
+        self.fs.update_realfile(self.fs.getfile(outfile), hash_path)
         self.exit()