convert curl to artifact framework (#1387)

* convert curl to artifact framework
* remove destfile argument
* new certificateoptions object

src/cowrie/commands/curl.py

@@ -4,9 +4,7 @@
 from __future__ import absolute_import, division
 
 import getopt
-import hashlib
 import os
-import re
 import time
 
 from OpenSSL import SSL
@@ -15,6 +13,7 @@ from twisted.internet import reactor, ssl
 from twisted.python import compat, log
 from twisted.web import client
 
+from cowrie.core.artifact import Artifact
 from cowrie.core.config import CowrieConfig
 from cowrie.shell.command import HoneyPotCommand
 
@@ -81,15 +80,10 @@ class command_curl(HoneyPotCommand):
         url = url.encode('ascii')
         self.url = url
 
-        if not hasattr(self, 'safeoutfile'):
+        self.artifactFile = Artifact(outfile)
-            tmp_fname = '%s_%s_%s_%s' % \
+        # HTTPDownloader will close() the file object so need to preserve the name
-                        (time.strftime('%Y%m%d%H%M%S'),
-                         self.protocol.getProtoTransport().transportId,
-                         self.protocol.terminal.transport.session.id,
-                         re.sub('[^A-Za-z0-9]', '_', url.decode('ascii')))
-            self.safeoutfile = os.path.join(self.download_path, tmp_fname)
 
-        self.deferred = self.download(url, outfile, self.safeoutfile)
+        self.deferred = self.download(url, outfile, self.artifactFile)
         if self.deferred:
             self.deferred.addCallback(self.success, outfile)
             self.deferred.addErrback(self.error, url)
@@ -271,8 +265,7 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
             out_addr = (CowrieConfig().get('honeypot', 'out_addr'), 0)
 
         if scheme == 'https':
-            contextFactory = ssl.ClientContextFactory()
+            contextFactory = ssl.CertificationOptions(method=SSL.SSLv23_METHOD)
-            contextFactory.method = SSL.SSLv23_METHOD
             reactor.connectSSL(host, port, factory, contextFactory, bindAddress=out_addr)
         else:  # Can only be http
             self.connection = reactor.connectTCP(
@@ -285,36 +278,22 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
         self.connection.transport.loseConnection()
 
     def success(self, data, outfile):
-        if not os.path.isfile(self.safeoutfile):
+        if not os.path.isfile(self.artifactFile.shasumFilename):
-            log.msg("there's no file " + self.safeoutfile)
+            log.msg("there's no file " + self.artifactFile.shasumFilename)
             self.exit()
 
-        with open(self.safeoutfile, 'rb') as f:
-            shasum = hashlib.sha256(f.read()).hexdigest()
-            hashPath = os.path.join(self.download_path, shasum)
-
-        # If we have content already, delete temp file
-        if not os.path.exists(hashPath):
-            os.rename(self.safeoutfile, hashPath)
-            duplicate = False
-        else:
-            os.remove(self.safeoutfile)
-            duplicate = True
-
         self.protocol.logDispatch(eventid='cowrie.session.file_download',
                                   format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
                                   url=self.url,
-                                  duplicate=duplicate,
+                                  outfile=self.artifactFile.shasumFilename,
-                                  outfile=hashPath,
+                                  shasum=self.artifactFile.shasum)
-                                  shasum=shasum,
-                                  destfile=self.safeoutfile)
 
         # Update the honeyfs to point to downloaded file if output is a file
         if outfile:
-            self.fs.update_realfile(self.fs.getfile(outfile), hashPath)
+            self.fs.update_realfile(self.fs.getfile(outfile), self.artifactFile.shasumFilename)
             self.fs.chown(outfile, self.protocol.user.uid, self.protocol.user.gid)
         else:
-            with open(hashPath, 'rb') as f:
+            with open(self.artifactFile.shasumFilename, 'rb') as f:
                 self.writeBytes(f.read())
 
         self.exit()
@@ -410,13 +389,8 @@ class HTTPProgressDownloader(client.HTTPDownloader):
             self.curl.write(
                 "\r100  {}  100  {}    0     0  {}      0 --:--:-- --:--:-- --:--:-- {}\n".format(
                   self.currentlength, self.currentlength, 63673, 65181))
-
             self.curl.fs.mkfile(self.fakeoutfile, 0, 0, self.totallength, 33188)
-            self.curl.fs.update_realfile(
-                self.curl.fs.getfile(self.fakeoutfile),
-                self.curl.safeoutfile)
 
-        self.curl.fileName = self.fileName
         return client.HTTPDownloader.pageEnd(self)
 
 

src/cowrie/commands/wget.py

@@ -157,8 +157,7 @@ class command_wget(HoneyPotCommand):
             out_addr = (CowrieConfig().get('honeypot', 'out_addr'), 0)
 
         if scheme == b'https':
-            contextFactory = ssl.ClientContextFactory()
+            contextFactory = ssl.CertificationOptions(method=SSL.SSLv23_METHOD)
-            contextFactory.method = SSL.SSLv23_METHOD
             self.connection = reactor.connectSSL(host, port, factory, contextFactory, bindAddress=out_addr)
         elif scheme == b'http':
             self.connection = reactor.connectTCP(host, port, factory, bindAddress=out_addr)
@@ -187,8 +186,7 @@ class command_wget(HoneyPotCommand):
                                   format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
                                   url=self.url,
                                   outfile=self.artifactFile.shasumFilename,
-                                  shasum=self.artifactFile.shasum,
+                                  shasum=self.artifactFile.shasum)
-                                  destfile=outfile)
 
         # Update honeyfs to point to downloaded file or write to screen
         if outfile != '-':