def test_get_md5_float(self):
data = 1.056
# correct value calculated by
# $ md5 -s 100500
# MD5 ("100500") = e745a6bad4ffe5a1b35aac134ea148c7
self.assertEqual(
get_md5(data).hexdigest(), "a50a79a1862f5ae748ed507f45f244bc")
def test_get_md5_int(self):
data = 100500
# correct value calculated by
# $ md5 -s 100500
# MD5 ("100500") = e745a6bad4ffe5a1b35aac134ea148c7
self.assertEqual(
get_md5(data).hexdigest(), "e745a6bad4ffe5a1b35aac134ea148c7")
def test_get_md5_str(self):
data = "a"
# correct value calculated by
# $ md5 -s a
# MD5 ("a") = 0cc175b9c0f1b6a831c399e269772661
self.assertEqual(
get_md5(data).hexdigest(), "0cc175b9c0f1b6a831c399e269772661")
def test_get_md5_dict_deep(self):
data = {
"c": ["ba", "bu", "nm"],
"a": 100500,
"b": {
"c": ["ba", "bu", "nm"],
"a": {
"c": {
"c": ["ba", "bu", "nm"],
"a": 100500,
"b": {
"c": ["ba", "bu", "nm"],
"a": 100500,
"b": 1056,
},
},
"a": 100500,
"b": 1056,
},
"b": 1056,
}
}
# note, different key order, but same digest as above
self.assertEqual(
get_md5(data).hexdigest(), "e0614921e306095859c904e487c29f17")
def test_get_md5_dict_2(self):
data = {
"c": ["ba", "bu", "nm"],
"a": 100500,
"b": 1056,
}
# note, different key order, but same digest as above
self.assertEqual(
get_md5(data).hexdigest(), "e17234cd2697951f7e0116945d11d824")
def upload_form(request):
if request.method == 'POST':
form = UploadFileForm(request.POST, request.FILES)
if form.is_valid():
# handle_uploaded_file(request.FILES['file'])
# newsample = Sample(sample = request.FILES['sample'])
f = request.FILES['sample']
newsample = Sample(
sample = f,
ticket = request.POST['ticket'],
filename = f.name,
size = f.size,
# type = f.content_type,
type = handler.get_filetype(f),
md5 = handler.get_md5(f),
sha1 = handler.get_sha1(f),
sha256 = handler.get_sha256(f),
fuzzy = handler.get_fuzzy(f),
)
#breakdebug
newsample.save()
#Do post-processing stuff here
s = Sample.objects.filter().order_by('-id')[0]
#s.exif = handler.get_exif(s.sample).encode('ascii', errors='replace')
#s.exif = unicode(handler.get_exif(s.sample))
s.exif = handler.get_exif(s.sample)
s.strings = handler.get_strings(s.sample)
s.balbuzard = handler.get_balbuzard(s.sample)
s.trid = handler.get_trid(s.sample)
#SSDEEP/Fuzzy hash comparison
s.ssdeep_compare = handler.ssdeep_compare(s.fuzzy, s.md5)
#VirusTotal Search
vt_res, vt_short_res = handler.get_vt(s.md5)
if vt_res:
s.vt = vt_res
s.vt_short = vt_short_res
#If EXE file, run EXE-specific checks
if "PE32" and "Windows" in s.type:
s.peframe = handler.get_peframe(s.sample)
s.pescanner = handler.get_pescanner(s.sample)
#If PDF file, run PDF-specific checks
if "PDF" in s.type:
s.pdfid = handler.get_pdfid(s.sample)
s.peepdf = handler.get_peepdf(s.sample)
s.pdf_strings = handler.get_pdfstrings(s.sample)
#If DOC file, run DOC-specific checks
if "Document File V2" in s.type:
s.oleid = handler.get_oleid(s.sample)
#If valid OLE file, run OLEMETA
olematch = re.compile(r'\|\s+OLE format\s+\|\s+True\s+\|')
if olematch.search(s.oleid):
s.olemeta = handler.get_olemeta(s.sample)
#If VBA code detected, run OLEVBA
vbamatch = re.compile(r'\|\s+VBA Macros\s+\|\s+True\s+\|')
if vbamatch.search(s.oleid):
s.olevba = handler.get_olevba(s.sample)
#If RTF file, run RTFOBJ
if "Rich Text Format" in s.type:
rtfobj, rtflist = handler.get_rtfobj(s.sample)
s.rtfobj = rtfobj
#If Objects found, run strings/balbuzard against them
#REMOVED - TOO RESOURCE-INTENSIVE
# if rtflist:
# s.rtfobj_str = handler.get_rtfobj_str(rtflist)
# s.rtfobj_balbuz = handler.get_rtfobj_balbuz(rtflist)
s.save()
newpage = "/sanalysis/md5/" + s.md5 + "/?upload=True"
return HttpResponseRedirect(newpage)
else:
form = UploadFileForm()
sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample},
context_instance = RequestContext(request))
# return HttpResponseRedirect('/sanalysis/')
# return render(request, 'sanalysis/sample_page.html', {'sample': sample,
# 'savename': savename,
# 'ta_use': ta_use,
# 'ta_analyses': ta_analyses,
# 'ta_risks': ta_risks,
# 'ta_network': ta_network,
# 'ta_ips': ta_ips,
# 'ta_domains': ta_domains,
# 'ta_commands': ta_commands,
# 'ta_submit': ta_submit,
# 'crits_use': crits_use,
# 'crits': crits_dict,
# 'crits_submit': crits_submit, })
else:
form = UploadFileForm()
sample = Sample.objects.filter(created__lte=timezone.now()).order_by('-id')[:25]
return render(request, 'sanalysis/upload_form.html', {'form': form, 'sample': sample})
def test_get_md5_dict_1(self):
data = {"a": 100500, "b": 1056, "c": ["ba", "bu", "nm"]}
self.assertEqual(
get_md5(data).hexdigest(), "e17234cd2697951f7e0116945d11d824")
def test_get_md5_list_2(self):
data = [100500, "a", 1.056]
self.assertEqual(
get_md5(data).hexdigest(), "0943aa9c84423613b63eda3c18c02ce8")
def test_get_md5_list_1(self):
data = ["a", 100500, 1.056]
self.assertEqual(
get_md5(data).hexdigest(), "0023ec2e3fef8f649c130f22ea6b7820")