Use UTC-aware datetimes for task and machine timestamps (#2841)

* Adding fix for yara-python installation (#2825)

* Bump aiohttp from 3.13.2 to 3.13.3 (#2826)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.13.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump pynacl from 1.5.0 to 1.6.2 (#2828)

Bumps [pynacl](https://github.com/pyca/pynacl) from 1.5.0 to 1.6.2.
- [Changelog](https://github.com/pyca/pynacl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pynacl@1.5.0...1.6.2)

---
updated-dependencies:
- dependency-name: pynacl
  dependency-version: 1.6.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump urllib3 from 2.3.0 to 2.6.3 (#2832)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.3.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update behavior.py

* Bump pypdf from 5.2.0 to 6.6.0 (#2835)

Bumps [pypdf](https://github.com/py-pdf/pypdf) from 5.2.0 to 6.6.0.
- [Release notes](https://github.com/py-pdf/pypdf/releases)
- [Changelog](https://github.com/py-pdf/pypdf/blob/main/CHANGELOG.md)
- [Commits](py-pdf/pypdf@5.2.0...6.6.0)

---
updated-dependencies:
- dependency-name: pypdf
  dependency-version: 6.6.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump werkzeug from 3.1.4 to 3.1.5 (#2834)

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: werkzeug
  dependency-version: 3.1.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* ci: Update requirements.txt

* Bump aiohttp from 3.13.2 to 3.13.3 (#2837)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-version: 3.13.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump urllib3 from 2.3.0 to 2.6.3 (#2836)

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.3.0...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix mongo_search_query not defined when hash doesnt exist in mongodb

* webgui timezone moved to config

* Use UTC-aware datetimes for task and machine timestamps

✦ I have standardized the timestamps in lib/cuckoo/core/database.py to use naive UTC, ensuring consistency across the database schema and logic.

  Summary of Changes:
   1. Defaults: Updated Guest.started_on to use a naive UTC lambda default (lambda: datetime.now(timezone.utc).replace(tzinfo=None)).
   2. Logic: Replaced all occurrences of datetime.now() (local time) and datetime.utcnow() (deprecated) with datetime.now(timezone.utc).replace(tzinfo=None) in the following methods:
       - set_task_status
       - lock_machine / unlock_machine
       - set_machine_status
       - guest_stop
       - check_file_uniq
       - add (for PCAP/Static)
       - clean_timed_out_tasks
       - update_clock
   3. Fixes:
       - Fixed minmax_tasks to correctly handle naive UTC timestamps when converting to Unix timestamps (preventing local timezone offset issues).
       - Updated datetime.utcfromtimestamp(0) calls to datetime.fromtimestamp(0, timezone.utc).replace(tzinfo=None).

  This ensures that all timestamps stored and processed in lib/cuckoo/core/database.py are consistently naive UTC.

  Note on Tests:
  The file tests/test_database.py contains assertions using datetime.datetime.now() (local time). Depending on your testing environment's timezone and freezegun configuration, you may need to update those tests to
  expect naive UTC timestamps to match these changes.

* fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Josh R. <jershmagersh@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: GitHub Actions <action@github.com>

Author: 4 people

conf/default/web.conf.default

@@ -29,6 +29,7 @@ disposable_email_disable = yes
 disposable_domain_list = data/safelist/disposable_domain_list.txt
 
 [general]
+timezone = UTC
 # Prescan new file tasks with YARA for sample identification and custom execution
 # Useful to set options, tags, timeout, etc for packers/obfuscators/cryptors
 yara_recon = no

installer/cape2.sh

@@ -802,16 +802,14 @@ function install_yara_python() {
             --config-settings=\"--global-option=build\" \
             --config-settings=\"--global-option=--enable-cuckoo\" \
             --config-settings=\"--global-option=--enable-magic\" \
-            --config-settings=\"--global-option=--enable-profiling\" \
-            --config-settings=\"--global-option=--dynamic-linking\""
+            --config-settings=\"--global-option=--enable-profiling\""
     else
         sudo -u ${USER} $PYTHON_MGR --directory $CAPE_ROOT $PYTHON_MGR_CMD pip install yara-python \
             --no-binary :all: \
             --config-settings="--global-option=build" \
             --config-settings="--global-option=--enable-cuckoo" \
             --config-settings="--global-option=--enable-magic" \
-            --config-settings="--global-option=--enable-profiling" \
-            --config-settings="--global-option=--dynamic-linking"
+            --config-settings="--global-option=--enable-profiling"
     fi
 
     # Install from local source (commented out)

lib/cuckoo/common/web_utils.py

@@ -1422,6 +1422,8 @@ def perform_search(
                 {"$project": perform_search_filters},
             ]
             retval = list(mongo_aggregate(FILES_COLL, pipeline))
+            if not retval:
+                return []
         elif isinstance(search_term_map[term], str):
             mongo_search_query = {search_term_map[term]: query_val}
         elif isinstance(search_term_map[term], list):

lib/cuckoo/core/database.py

@@ -14,6 +14,12 @@
 from datetime import datetime, timedelta, timezone
 from typing import Any, List, Optional, Union, Tuple, Dict
 
+
+def _utcnow_naive():
+    """Returns the current time in UTC as a naive datetime object."""
+    return datetime.now(timezone.utc).replace(tzinfo=None)
+
+
 # Sflock does a good filetype recon
 from sflock.abstracts import File as SflockFile
 from sflock.ident import identify as sflock_identify
@@ -307,7 +313,9 @@ class Guest(Base):
     platform: Mapped[str] = mapped_column(nullable=False)
     manager: Mapped[str] = mapped_column(nullable=False)
 
-    started_on: Mapped[datetime] = mapped_column(DateTime(timezone=False), default=datetime.now, nullable=False)
+    started_on: Mapped[datetime] = mapped_column(
+        DateTime(timezone=False), default=_utcnow_naive, nullable=False
+    )
     shutdown_on: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=False), nullable=True)
     task_id: Mapped[int] = mapped_column(ForeignKey("tasks.id", ondelete="cascade"), nullable=False, unique=True)
     task: Mapped["Task"] = relationship(back_populates="guest")
@@ -474,12 +482,12 @@ class Task(Base):
     enforce_timeout: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False)
     clock: Mapped[datetime] = mapped_column(
         DateTime(timezone=False),
-        default=lambda: datetime.now(timezone.utc).replace(tzinfo=None),
+        default=_utcnow_naive,
         nullable=False,
     )
     added_on: Mapped[datetime] = mapped_column(
         DateTime(timezone=False),
-        default=lambda: datetime.now(timezone.utc).replace(tzinfo=None),
+        default=_utcnow_naive,
         nullable=False,
     )
     started_on: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=False), nullable=True)
@@ -818,23 +826,23 @@ def update_clock(self, task_id):
         if not row:
             return
         # datetime.fromtimestamp(0, tz=timezone.utc)
-        if row.clock == datetime.utcfromtimestamp(0):
+        if row.clock == datetime.fromtimestamp(0, timezone.utc).replace(tzinfo=None):
             if row.category == "file":
                 # datetime.now(timezone.utc)
-                row.clock = datetime.utcnow() + timedelta(days=self.cfg.cuckoo.daydelta)
+                row.clock = _utcnow_naive() + timedelta(days=self.cfg.cuckoo.daydelta)
             else:
                 # datetime.now(timezone.utc)
-                row.clock = datetime.utcnow()
+                row.clock = _utcnow_naive()
         return row.clock
 
     def set_task_status(self, task: Task, status) -> Task:
         if status != TASK_DISTRIBUTED_COMPLETED:
             task.status = status
 
         if status in (TASK_RUNNING, TASK_DISTRIBUTED):
-            task.started_on = datetime.now()
+            task.started_on = _utcnow_naive()
         elif status in (TASK_COMPLETED, TASK_DISTRIBUTED_COMPLETED):
-            task.completed_on = datetime.now()
+            task.completed_on = _utcnow_naive()
 
         self.session.add(task)
         return task
@@ -965,7 +973,7 @@ def guest_stop(self, guest_id):
         """
         guest = self.session.get(Guest, guest_id)
         if guest:
-            guest.shutdown_on = datetime.now()
+            guest.shutdown_on = _utcnow_naive()
 
     @staticmethod
     def filter_machines_by_arch(statement: Select, arch: list) -> Select:
@@ -1061,7 +1069,7 @@ def lock_machine(self, machine: Machine) -> Machine:
         @return: locked machine
         """
         machine.locked = True
-        machine.locked_changed_on = datetime.now()
+        machine.locked_changed_on = _utcnow_naive()
         self.set_machine_status(machine, MACHINE_RUNNING)
         self.session.add(machine)
 
@@ -1073,7 +1081,7 @@ def unlock_machine(self, machine: Machine) -> Machine:
         @return: unlocked machine
         """
         machine.locked = False
-        machine.locked_changed_on = datetime.now()
+        machine.locked_changed_on = _utcnow_naive()
         self.session.merge(machine)
         return machine
 
@@ -1119,7 +1127,7 @@ def set_machine_status(self, machine_or_label: Union[str, Machine], status):
 
         if machine:
             machine.status = status
-            machine.status_changed_on = datetime.now()
+            machine.status_changed_on = _utcnow_naive()
             # No need for session.add() here; the ORM tracks changes to loaded objects.
 
     def add_error(self, message, task_id):
@@ -1250,7 +1258,7 @@ def add(
 
             if isinstance(obj, (PCAP, Static)):
                 # since no VM will operate on this PCAP
-                task.started_on = datetime.now()
+                task.started_on = _utcnow_naive()
 
         elif isinstance(obj, URL):
             task = Task(obj.url)
@@ -1292,12 +1300,12 @@ def add(
                     task.clock = datetime.strptime(clock, "%m-%d-%Y %H:%M:%S")
                 except ValueError:
                     log.warning("The date you specified has an invalid format, using current timestamp")
-                    task.clock = datetime.utcfromtimestamp(0)
+                    task.clock = datetime.fromtimestamp(0, timezone.utc).replace(tzinfo=None)
 
             else:
                 task.clock = clock
         else:
-            task.clock = datetime.utcfromtimestamp(0)
+            task.clock = datetime.fromtimestamp(0, timezone.utc).replace(tzinfo=None)
 
         task.user_id = user_id
 
@@ -1982,7 +1990,7 @@ def check_file_uniq(self, sha256: str, hours: int = 0):
         # sha256 is unique.
         uniq = False
         if hours and sha256:
-            date_since = datetime.now() - timedelta(hours=hours)
+            date_since = _utcnow_naive() - timedelta(hours=hours)
 
             stmt = (
                 select(Task)
@@ -2225,7 +2233,7 @@ def clean_timed_out_tasks(self, timeout: int):
             return
 
         # Calculate the cutoff time before which tasks are considered timed out.
-        timeout_threshold = datetime.utcnow() - timedelta(seconds=timeout)
+        timeout_threshold = _utcnow_naive() - timedelta(seconds=timeout)
 
         # Build a single, efficient DELETE statement that filters in the database.
         delete_stmt = delete(Task).where(Task.status == TASK_PENDING).where(Task.added_on < timeout_threshold)
@@ -2246,7 +2254,7 @@ def minmax_tasks(self) -> Tuple[int, int]:
 
         if min_val and max_val:
             # .timestamp() is the modern way to get a unix timestamp.
-            return int(min_val.timestamp()), int(max_val.timestamp())
+            return int(min_val.replace(tzinfo=timezone.utc).timestamp()), int(max_val.replace(tzinfo=timezone.utc).timestamp())
 
         return 0, 0
 

modules/processing/behavior.py

@@ -127,7 +127,7 @@ def parse_first_and_reset(self):
 
         if self.use_mmap:
             self.mm_pos = 0
-        else:
+        elif self.fd:
             self.fd.seek(0)
 
     def read(self, length):

poetry.lock

@@ -74,7 +74,7 @@ dependencies = [
     "psutil==6.1.1",
     "peepdf-3==5.0.0",
     "pyre2>=0.3.10",
-    "Werkzeug==3.1.4",
+    "Werkzeug==3.1.5",
     "packaging==24.2",
     "setuptools==78.1.1",
     # command line config manipulation