Ejemplo n.º 1
0
def test_collect_pe_file_info(temp_dir, test_pe_file):
    output = Outputs(temp_dir, None, False)
    output.add_collected_file_info('TestArtifact', test_pe_file)
    output.close()

    with Reader(
            output_file_content(temp_dir,
                                '*-file_info.jsonl').splitlines()) as jsonl:
        record = jsonl.read()

        assert '@timestamp' in record
        assert record['labels']['artifact'] == "TestArtifact"
        assert record['file']['path'].endswith('MSVCR71.dll')
        assert record['file']['size'] == 348160
        assert record['file']['mime_type'] == "application/x-msdownload"
        assert record['file']['hash'][
            'md5'] == "86f1895ae8c5e8b17d99ece768a70732"
        assert record['file']['hash'][
            'sha1'] == "d5502a1d00787d68f548ddeebbde1eca5e2b38ca"
        assert record['file']['hash'][
            'sha256'] == "8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe"
        assert record['file']['pe']['company'] == "Microsoft Corporation"
        assert record['file']['pe'][
            'description'] == "Microsoft® C Runtime Library"
        assert record['file']['pe']['file_version'] == "7.10.3052.4"
        assert record['file']['pe']['original_file_name'] == "MSVCR71.DLL"
        assert record['file']['pe'][
            'product'] == "Microsoft® Visual Studio .NET"
        assert record['file']['pe'][
            'imphash'] == "7acc8c379c768a1ecd81ec502ff5f33e"
        assert record['file']['pe']['compilation'] == "2003-02-21T12:42:20"
Ejemplo n.º 2
0
def test_collect_file_info(temp_dir, test_file):
    output = Outputs(temp_dir, None, False)
    output.add_collected_file_info('TestArtifact',
                                   OSFileSystem('/').get_fullpath(test_file))
    output.close()

    with Reader(
            output_file_content(temp_dir,
                                '*-file_info.jsonl').splitlines()) as jsonl:
        record = jsonl.read()

        assert '@timestamp' in record
        assert record['file']['path'].endswith('test_file.txt')
        assert record['file']['size'] == 14
        assert record['file']['mime_type'] == "application/x-msdownload"
        assert record['file']['hash'][
            'md5'] == "10dbf3e392abcc57f8fae061c7c0aeec"
        assert record['file']['hash'][
            'sha1'] == "7ef0fe6c3855fbac1884e95622d9e45ce1d4ae9b"
        assert record['file']['hash'][
            'sha256'] == "cfb91ddbf08c52ff294fdf1657081a98c090d270dbb412a91ace815b3df947b6"