Merge pull request kevoreilly#2938 from enzok/fix-01

Fix on-demand subfile updates and handle related oversized Mongo writes

Author: kevoreilly

web/analysis/views.py

@@ -26,6 +26,14 @@
 from django.views.decorators.http import require_POST, require_safe
 from rest_framework.decorators import api_view
 
+MONGO_DOCUMENT_TOO_LARGE_ERRORS = ()
+try:
+    from pymongo.errors import DocumentTooLarge
+
+    MONGO_DOCUMENT_TOO_LARGE_ERRORS = (DocumentTooLarge,)
+except ImportError:
+    pass
+
 sys.path.append(settings.CUCKOO_PATH)
 
 from lib.cuckoo.common.pcap_utils import PcapToNg
@@ -2521,6 +2529,11 @@ def on_demand(request, service: str, task_id: str, category: str, sha256):
     ).get("on_demand"):
         return render(request, "error.html", {"error": "Not supported/enabled service on demand"})
 
+    # Restrict category to known report sections writable by this endpoint.
+    allowed_categories = {"static", "CAPE", "procdump", "procmemory", "dropped"}
+    if category not in allowed_categories:
+        return render(request, "error.html", {"error": f"Unsupported category: {category}"}, status=400)
+
     # Self Extracted support folder
     path = os.path.join(CUCKOO_ROOT, "storage", "analyses", task_id, "selfextracted", sha256)
 
@@ -2534,7 +2547,9 @@ def on_demand(request, service: str, task_id: str, category: str, sha256):
         else:
             path = os.path.join(ANALYSIS_BASE_PATH, "analyses", task_id, category, sha256)
     else:
-        category = "target.file"
+        # selfextracted storage is shared by multiple categories; keep non-static category intact
+        if category == "static":
+            category = "target.file"
         extractedfile = True
 
     if path and (not _path_safe(path) or not path_exists(path)):
@@ -2587,37 +2602,65 @@ def on_demand(request, service: str, task_id: str, category: str, sha256):
         details = Floss(path, package, on_demand=True).run()
         if not details:
             details = {"msg": "No results"}
+
+    def _set_service_by_sha256(node, target_sha256, service_name, service_details):
+        if isinstance(node, dict):
+            if node.get("sha256") == target_sha256:
+                node[service_name] = service_details
+                return True
+            for value in node.values():
+                if isinstance(value, (dict, list)) and _set_service_by_sha256(value, target_sha256, service_name, service_details):
+                    return True
+            return False
+        if isinstance(node, list):
+            for item in node:
+                if _set_service_by_sha256(item, target_sha256, service_name, service_details):
+                    return True
+        return False
+
     if details:
         buf = mongo_find_one("analysis", {"info.id": int(task_id)}, {"_id": 1, category: 1})
 
         servicedata = {}
         if category == "CAPE":
-            for block in buf[category].get("payloads", []) or []:
-                if block.get("sha256") == sha256:
-                    block[service] = details
-                    break
+            _set_service_by_sha256(buf[category].get("payloads", []) or [], sha256, service, details)
             servicedata = buf[category]
         elif category in ("procdump", "procmemory", "dropped"):
-            for block in buf[category] or []:
-                if block.get("sha256") == sha256:
-                    block[service] = details
-                    break
+            _set_service_by_sha256(buf[category] or [], sha256, service, details)
             servicedata = buf[category]
-        elif "target" in category:
+        elif category == "target.file":
             servicedata = buf.get("target", {}).get("file", {})
             if servicedata:
                 if service == "xlsdeobf":
                     servicedata.setdefault("office", {}).setdefault("XLMMacroDeobfuscator", details)
                 elif extractedfile:
-                    for block in servicedata.get("extracted_files", []):
-                        if block.get("sha256") == sha256:
-                            block[service] = details
-                            break
+                    _set_service_by_sha256(servicedata, sha256, service, details)
                 else:
                     servicedata.setdefault(service, details)
 
         if servicedata:
-            mongo_update_one("analysis", {"_id": ObjectId(buf["_id"])}, {"$set": {category: servicedata}})
+            try:
+                mongo_update_one("analysis", {"_id": ObjectId(buf["_id"])}, {"$set": {category: servicedata}})
+            except MONGO_DOCUMENT_TOO_LARGE_ERRORS:
+                return render(
+                    request,
+                    "error.html",
+                    {
+                        "error": (
+                            f"Generated {service} data is too large to store for this file. "
+                            "Please narrow extraction scope or use offline extraction."
+                        )
+                    },
+                    status=413,
+                )
+            except Exception as e:
+                print(f"on_demand update failed for task_id={task_id} service={service} category={category} sha256={sha256}: {e}")
+                return render(
+                    request,
+                    "error.html",
+                    {"error": f"Failed to store generated {service} data."},
+                    status=500,
+                )
         del details
 
     return redirect("report", task_id=task_id)

web/templates/analysis/generic/_file_info.html

@@ -273,31 +273,31 @@ <h5 class="mb-0 text-white"><i class="fas fa-file-alt me-2 text-info"></i> File
 
             {% if config.flare_capa %}
                 {% if not file.flare_capa and on_demand.flare_capa %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "flare_capa" id tab_name file.sha256 %}">Gen CAPA</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "flare_capa" id tab_name file.sha256 %}">Extract: CAPA</a>
                 {% elif file.flare_capa %}
                     <a class="btn btn-sm btn-outline-warning me-2 mb-2" data-bs-toggle="collapse" href="#flare_capa_{{file.sha256}}">View CAPA</a>
                 {% endif %}
             {% endif %}
 
             {% if config.strings %}
                 {% if "strings" not in file %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "strings" id tab_name file.sha256 %}">Gen Strings</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "strings" id tab_name file.sha256 %}">Extract: Strings</a>
                 {% elif file.strings %}
                     <a class="btn btn-sm btn-outline-light me-2 mb-2" data-bs-toggle="collapse" href="#strings_{{file.sha256}}">Strings</a>
                 {% endif %}
             {% endif %}
 
             {% if config.floss %}
                 {% if not file.floss %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "floss" id tab_name file.sha256 %}">Gen Floss</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "floss" id tab_name file.sha256 %}">Extract: Floss</a>
                 {% else %}
                     <a class="btn btn-sm btn-outline-light me-2 mb-2" data-bs-toggle="collapse" href="#floss_{{file.sha256}}">Floss</a>
                 {% endif %}
             {% endif %}
 
             {% if config.bingraph %}
                 {% if not graphs.bingraph.content|getkey:file.sha256 and on_demand.bingraph %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "bingraph" id tab_name file.sha256 %}">Gen BinGraph</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "bingraph" id tab_name file.sha256 %}">Extract: BinGraph</a>
                 {% else %}
                     <a class="btn btn-sm btn-outline-light me-2 mb-2" href="{% url "file_nl" "bingraph" id file.sha256 %}">BinGraph</a>
                 {% endif %}

web/templates/analysis/generic/_subfile_info.html

@@ -270,31 +270,31 @@ <h5 class="mb-0 text-white"><i class="fas fa-file-invoice me-2 text-info"></i> S
 
             {% if config.flare_capa %}
                 {% if not sub_file.flare_capa and on_demand.flare_capa %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "flare_capa" id tab_name sub_file.sha256 %}">Gen CAPA</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "flare_capa" id tab_name sub_file.sha256 %}">Extract: CAPA</a>
                 {% elif sub_file.flare_capa %}
                     <a class="btn btn-sm btn-outline-warning me-2 mb-2" data-bs-toggle="collapse" href="#flare_capa_{{sub_file.sha256}}">View CAPA</a>
                 {% endif %}
             {% endif %}
 
             {% if config.strings %}
                 {% if "strings" not in sub_file %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "strings" id "static" sub_file.sha256 %}">Gen Strings</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "strings" id tab_name sub_file.sha256 %}">Extract: Strings</a>
                 {% elif sub_file.strings %}
                     <a class="btn btn-sm btn-outline-light me-2 mb-2" data-bs-toggle="collapse" href="#strings_{{sub_file.sha256}}">Strings</a>
                 {% endif %}
             {% endif %}
 
             {% if config.floss %}
                 {% if not sub_file.floss %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "floss" id "static" sub_file.sha256 %}">Gen Floss</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "floss" id tab_name sub_file.sha256 %}">Extract: Floss</a>
                 {% else %}
                     <a class="btn btn-sm btn-outline-light me-2 mb-2" data-bs-toggle="collapse" href="#floss_{{sub_file.sha256}}">Floss</a>
                 {% endif %}
             {% endif %}
 
             {% if config.bingraph %}
                 {% if not graphs.bingraph.content|getkey:sub_file.sha256 and on_demand.bingraph %}
-                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "bingraph" id tab_name sub_file.sha256 %}">Gen BinGraph</a>
+                    <a class="btn btn-sm btn-secondary me-2 mb-2" href="{% url "on_demand" "bingraph" id tab_name sub_file.sha256 %}">Extract: BinGraph</a>
                 {% elif graphs.bingraph.content|getkey:sub_file.sha256 %}
                     <a class="btn btn-sm btn-outline-light me-2 mb-2" href="{% url "file_nl" "bingraph" id sub_file.sha256 %}">BinGraph</a>
                 {% endif %}
@@ -350,7 +350,7 @@ <h5 class="mb-0 text-white"><i class="fas fa-file-invoice me-2 text-info"></i> S
             <div class="card bg-dark text-white">
                 <div class="card-header"><h6 class="mb-0">Strings</h6></div>
                 <div class="card-body" style="max-height: 400px; overflow-y: auto;">
-                    {{sub_file.strings|safe}}
+                    <pre class="mb-0 small">{% for string in sub_file.strings %}{{string}}<br>{% endfor %}</pre>
                 </div>
             </div>
         </div>
@@ -361,7 +361,7 @@ <h5 class="mb-0 text-white"><i class="fas fa-file-invoice me-2 text-info"></i> S
             <div class="card bg-dark text-white">
                 <div class="card-header"><h6 class="mb-0">.NET Strings</h6></div>
                 <div class="card-body" style="max-height: 400px; overflow-y: auto;">
-                    {% for string in sub_file.dotnet_strings %}<div>{{string|safe}}</div>{% endfor %}
+                    <pre class="mb-0 small">{% for string in sub_file.dotnet_strings %}{{string}}<br>{% endfor %}</pre>
                 </div>
             </div>
         </div>