From 634e0a94f82a39097d900b98cf5e5da9ae694480 Mon Sep 17 00:00:00 2001 From: doomedraven Date: Wed, 28 Jan 2026 16:04:33 +0100 Subject: [PATCH 1/3] Update web_utils.py --- lib/cuckoo/common/web_utils.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/cuckoo/common/web_utils.py b/lib/cuckoo/common/web_utils.py index 20c4d8b5349..6892370678d 100644 --- a/lib/cuckoo/common/web_utils.py +++ b/lib/cuckoo/common/web_utils.py @@ -1384,6 +1384,11 @@ def perform_search( raise ValueError("Invalid TTP enterred") elif term == "malscore": query_val = {"$gte": float(value)} + elif term == "name": + if re.search(r"[\^\$\|\?\*\+\(\)\[\]\{\}]", value): + query_val = {"$regex": value, "$options": "i"} + else: + query_val = value else: query_val = {"$regex": value, "$options": "i"} From 7be4637da8eae94bc6a2feba6a462ba7e0f0e00f Mon Sep 17 00:00:00 2001 From: doomedraven Date: Wed, 28 Jan 2026 16:34:15 +0100 Subject: [PATCH 2/3] fix "slow mongo" --- changelog.md | 5 +++++ lib/cuckoo/common/web_utils.py | 4 +--- web/templates/analysis/search.html | 3 ++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/changelog.md b/changelog.md index 2958f021d78..43fabc8176d 100644 --- a/changelog.md +++ b/changelog.md @@ -1,3 +1,8 @@ +### [28.01.2026] +* Search optimization: General search terms now use exact match by default for better MongoDB performance. + * Use regex characters (e.g., `^ $ | ? * + ( ) [ ] { }`) to trigger a regex search. + * Updated search UI help and placeholders. + ### [16.01.2026] CAPE v2.5 * Bootstrap 5 upgrade and some visual WEBGUI rewamp. Some improvements still might come soon! * htmlreport - rewamp! diff --git a/lib/cuckoo/common/web_utils.py b/lib/cuckoo/common/web_utils.py index 6892370678d..a8028a32eb4 100644 --- a/lib/cuckoo/common/web_utils.py +++ b/lib/cuckoo/common/web_utils.py @@ -1384,13 +1384,11 @@ def perform_search( raise ValueError("Invalid TTP enterred") elif term == "malscore": query_val = {"$gte": float(value)} - elif term == "name": + else: if re.search(r"[\^\$\|\?\*\+\(\)\[\]\{\}]", value): query_val = {"$regex": value, "$options": "i"} else: query_val = value - else: - query_val = {"$regex": value, "$options": "i"} if term not in search_term_map: return None diff --git a/web/templates/analysis/search.html b/web/templates/analysis/search.html index a1acc17264e..18b21ce3017 100644 --- a/web/templates/analysis/search.html +++ b/web/templates/analysis/search.html @@ -6,7 +6,7 @@
- +
@@ -24,6 +24,7 @@
Search Help<

ElasticSearch queries do not use a prefix. e.g., *windows.* matches 'time.windows.com'.

For MD5, SHA1, SHA256, etc., no prefix is needed (matches any file generated by analysis).

+

By default, searches are exact matches. Use regex characters (e.g., ^ $ | ? * + ( ) [ ] { }) to force a regex search.

From 0ab2a642d4492b124cc0f948299162af28ca0cf6 Mon Sep 17 00:00:00 2001 From: doomedraven Date: Wed, 28 Jan 2026 19:40:13 +0100 Subject: [PATCH 3/3] timezone support (#2873) * timezone support * Update lib/cuckoo/core/database.py Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update test_analysis_manager.py --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- conf/default/cuckoo.conf.default | 4 ++++ lib/cuckoo/core/database.py | 19 +++++++++++++------ tests/test_analysis_manager.py | 32 +------------------------------- 3 files changed, 18 insertions(+), 37 deletions(-) diff --git a/conf/default/cuckoo.conf.default b/conf/default/cuckoo.conf.default index bf00fe0c2b7..3d2318ba93f 100644 --- a/conf/default/cuckoo.conf.default +++ b/conf/default/cuckoo.conf.default @@ -3,6 +3,10 @@ # Ignore Signals, will quit CAPE inmediatelly instead wait jobs to finish ignore_signals = yes +# Specify the timezone for the system (e.g., UTC, Europe/Madrid, America/New_York). +# Default is utc. +timezone = utc + # Which category of tasks do you want to analyze? categories = static, pcap, url, file diff --git a/lib/cuckoo/core/database.py b/lib/cuckoo/core/database.py index 5215e070bbd..b0cf2fbbb93 100644 --- a/lib/cuckoo/core/database.py +++ b/lib/cuckoo/core/database.py @@ -13,11 +13,7 @@ from contextlib import suppress from datetime import datetime, timedelta, timezone from typing import Any, List, Optional, Union, Tuple, Dict - - -def _utcnow_naive(): - """Returns the current time in UTC as a naive datetime object.""" - return datetime.now(timezone.utc).replace(tzinfo=None) +import pytz # Sflock does a good filetype recon @@ -26,7 +22,6 @@ def _utcnow_naive(): from lib.cuckoo.common.cape_utils import static_config_lookup, static_extraction from lib.cuckoo.common.colors import red -from lib.cuckoo.common.config import Config from lib.cuckoo.common.constants import CUCKOO_ROOT from lib.cuckoo.common.demux import demux_sample from lib.cuckoo.common.exceptions import ( @@ -36,6 +31,7 @@ def _utcnow_naive(): CuckooOperationalError, CuckooUnserviceableTaskError, ) +from lib.cuckoo.common.config import Config from lib.cuckoo.common.integrations.parse_pe import PortableExecutable from lib.cuckoo.common.objects import PCAP, URL, File, Static from lib.cuckoo.common.path_utils import path_delete, path_exists @@ -81,6 +77,17 @@ def _utcnow_naive(): except ImportError: # pragma: no cover raise CuckooDependencyError("Unable to import sqlalchemy (install with `poetry install`)") +cfg = Config("cuckoo") +tz_name = cfg.cuckoo.get("timezone", "utc") + +def _utcnow_naive(): + """Returns the current time in the configured timezone as a naive datetime object.""" + try: + tz = pytz.timezone(tz_name) + except pytz.UnknownTimeZoneError: + tz = timezone.utc + return datetime.now(tz).replace(tzinfo=None) + sandbox_packages = ( "access", diff --git a/tests/test_analysis_manager.py b/tests/test_analysis_manager.py index b37cfd6658e..76ead8f4a2d 100644 --- a/tests/test_analysis_manager.py +++ b/tests/test_analysis_manager.py @@ -108,37 +108,7 @@ class TestAnalysisManager: def test_init(self, task: Task): mgr = AnalysisManager(task=task) - assert mgr.cfg.cuckoo == { - "allow_static": False, - "categories": "static, pcap, url, file", - "freespace": 50000, - "delete_original": False, - "tmppath": "/tmp", - "terminate_processes": False, - "memory_dump": False, - "delete_bin_copy": False, - "max_machines_count": 10, - "reschedule": False, - "rooter": "/tmp/cuckoo-rooter", - "machinery": "kvm", - "machinery_screenshots": False, - "delete_archive": True, - "max_vmstartup_count": 5, - "daydelta": 0, - "max_analysis_count": 0, - "max_len": 196, - "sanitize_len": 32, - "sanitize_to_len": 24, - "scaling_semaphore": False, - "scaling_semaphore_update_timer": 10, - "task_pending_timeout": 0, - "task_timeout": False, - "task_timeout_scan_interval": 30, - "freespace_processing": 15000, - "ignore_signals": True, - "periodic_log": False, - "fail_unserviceable": True, - } + assert mgr.cfg.cuckoo == Config("cuckoo").cuckoo assert mgr.task.id == task.id