def test_temporary_file(self):
a = Archive("tests/files/pdf0.zip")
f = a.get_file("files/pdf0.pdf")
filepath = f.file_path
assert f.get_size() == 680
assert os.path.exists(filepath)
del f
assert not os.path.exists(filepath)
def test_temporary_file(self):
a = Archive("tests/files/pdf0.zip")
f = a.get_file("files/pdf0.pdf")
filepath = f.file_path
assert f.get_size() == 680
assert os.path.exists(filepath)
del f
assert not os.path.exists(filepath)
def run(self):
"""Run analysis.
@return: results dict.
"""
self.key = "static"
static = {}
if self.task["category"] == "file":
if not os.path.exists(self.file_path):
return
f = File(self.file_path)
filename = os.path.basename(self.task["target"])
elif self.task["category"] == "archive":
if not os.path.exists(self.file_path):
return
f = Archive(self.file_path).get_file(
self.task["options"]["filename"]
)
filename = os.path.basename(self.task["options"]["filename"])
else:
return
if filename:
ext = filename.split(os.path.extsep)[-1].lower()
else:
ext = None
package = self.task.get("package")
if package == "generic" and (ext == "elf" or "ELF" in f.get_type()):
static["elf"] = ELF(f.file_path).run()
static["keys"] = f.get_keys()
if package == "exe" or ext == "exe" or "PE32" in f.get_type():
static.update(PortableExecutable(f.file_path).run())
static["keys"] = f.get_keys()
if package == "wsf" or ext == "wsf":
static["wsf"] = WindowsScriptFile(f.file_path).run()
if package in ("doc", "ppt", "xls") or ext in self.office_ext:
static["office"] = OfficeDocument(f.file_path, self.task["id"]).run()
if package == "pdf" or ext == "pdf":
if f.get_content_type() == "application/pdf":
static["pdf"] = dispatch(
_pdf_worker, (f.file_path,),
timeout=self.options.pdf_timeout
) or []
else:
static["pdf"] = []
if package == "generic" or ext == "lnk":
static["lnk"] = LnkShortcut(f.file_path).run()
return static
def run(self):
"""Run file information gathering.
@return: information dict.
"""
self.key = "target"
ret = {
"category": self.task["category"],
}
# We have to deal with file, archive, and URL targets.
if self.task["category"] == "file":
ret["file"] = {}
# Let's try to get as much information as possible, i.e., the
# filename if the file is not available anymore.
if os.path.exists(self.file_path):
ret["file"] = File(self.file_path).get_all()
else:
ret["file"]["path"] = None
ret["file"]["yara"] = []
ret["file"]["name"] = File(self.task["target"]).get_name()
elif self.task["category"] == "archive":
ret["filename"] = self.task["options"]["filename"]
if os.path.exists(self.file_path):
ret["archive"] = File(self.file_path).get_all()
a = Archive(self.file_path)
ret["file"] = a.get_file(ret["filename"]).get_all()
else:
ret["archive"] = {}
ret["file"] = {}
ret["archive"]["name"] = File(self.task["target"]).get_name()
ret["human"] = "%s @ %s" % (
ret["filename"], ret["archive"]["name"]
)
ret["file"]["name"] = os.path.basename(ret["filename"])
elif self.task["category"] == "url":
ret["url"] = self.task["target"]
return ret
def run(self):
"""Run file information gathering.
@return: information dict.
"""
self.key = "target"
ret = {
"category": self.task["category"],
}
# We have to deal with file, archive, and URL targets.
if self.task["category"] == "file":
ret["file"] = {}
# Let's try to get as much information as possible, i.e., the
# filename if the file is not available anymore.
if os.path.exists(self.file_path):
ret["file"] = File(self.file_path).get_all()
else:
ret["file"]["path"] = None
ret["file"]["yara"] = []
ret["file"]["name"] = File(self.task["target"]).get_name()
elif self.task["category"] == "archive":
ret["filename"] = self.task["options"]["filename"]
if os.path.exists(self.file_path):
ret["archive"] = File(self.file_path).get_all()
a = Archive(self.file_path)
ret["file"] = a.get_file(ret["filename"]).get_all()
else:
ret["archive"] = {}
ret["file"] = {}
ret["archive"]["name"] = File(self.task["target"]).get_name()
ret["human"] = "%s @ %s" % (ret["filename"],
ret["archive"]["name"])
ret["file"]["name"] = os.path.basename(ret["filename"])
elif self.task["category"] == "url":
ret["url"] = self.task["target"]
return ret
def test_get_file(self):
a = Archive("tests/files/pdf0.zip")
assert a.get_file("files/pdf0.pdf").get_size() == 680
def test_get_file(self):
a = Archive("tests/files/pdf0.zip")
assert a.get_file("files/pdf0.pdf").get_size() == 680