def test_do_run_no_options_only_input_file():
"""Test decompiling without options, produces source code to STDOUT"""
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(args=[f"{SAMPLE_FILE}"])
assert out.startswith("using System;")
assert out.endswith(
"ProcessWindowStyle.Hidden\n\t\t\t});\n\t\t}\n\t}\n}\n")
def test_localhost():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(['127.0.0.1'])
r = json.loads(out)
assert r['org'] is None
assert r['domain_name'] is None
assert r['address'] is None
def test_help():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(["--help"])
assert out.strip().startswith("Clam AntiVirus: Scanner")
assert out.strip().endswith(
"files inside. The above options ensure safe processing of this kind of data."
)
def test_apk_to_jar(tmp_path):
d = tmp_path / "dex2jar_tmp"
d.mkdir()
tool = dockertools.tool_with_file(__file__)
output_d = d.relative_to(os.getcwd()) / "sample.jar"
out = tool.run_get_string(args=[SAMPLE_FILE, "-o", str(output_d)])
assert f"{output_d}" in out
def test_winver_plugin(software_hive):
tool = dockertools.tool_with_file(__file__)
tool.output_dirs = [software_hive.relative_to(os.getcwd())]
out = tool.run_get_string(["-r", str(software_hive), "-p", "winver"])
assert "Windows 7 Enterprise" in out
assert "Service Pack 1" in out
assert "2018-01-03 01:21:25Z" in out
def test_extract(tmp_path):
d = tmp_path / "7zip_tool"
d.mkdir()
tool = dockertools.tool_with_file(__file__)
tool.output_dirs = [d.relative_to(getcwd())]
out = tool.run_get_string(["l", SAMPLE_FILE])
assert "Macros" in out
def test_finnish_ocr():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([SAMPLE_FILE, "-l", "fin"])
assert "Hyvä asiakas, pakettiasi ei" in out
assert "voitu toimittaa 3.9.2019" in out
assert "koska tullimaksuja ei ole" in out
assert "http://v6f.us/Z9zmo" in out
def test_sample_pdf():
tool = dockertools.tool_with_file(__file__)
tool.is_tty = True
out = tool.run_get_string(["--input", SAMPLE_FILE])
assert out.startswith(
"https://kasperskycontenthub.com/securelist/files/2015/05/grabit_us.png"
)
def test_with_log():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(["-i", SAMPLE_FILE])
for line in out.splitlines():
if line.startswith("[NbConvertApp] Writing"):
return
assert False
def test_git_url():
"""Test that trufflehog gives any output from given url"""
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([SAMPLE_FILE])
if not (out is None):
assert True
else:
assert False
def test_samparse_plugin(sam_hive):
tool = dockertools.tool_with_file(__file__)
tool.output_dirs = [sam_hive.relative_to(os.getcwd())]
out = tool.run_get_string(["-r", str(sam_hive), "-p", "samparse"])
assert out.startswith("samparse v.20200825")
assert "S-1-5-21-3583694148-1414552638-2922671848-500" in out
assert "S-1-5-21-3583694148-1414552638-2922671848-1001" in out
assert "S-1-5-21-3583694148-1414552638-2922671848-1000" in out
def test_decompile_jar(tmp_path):
"""Test decompiling jar file"""
d = tmp_path / "jadx_tool"
d.mkdir
tool = dockertools.tool_with_file(__file__)
tool.output_dirs = [d.relative_to(getcwd())]
out = tool.run_get_string([SAMPLE_FILE, "-d", f"{d.relative_to(getcwd()) / 'selendroid-test.zip'}"])
assert Path(d / "selendroid-test.zip").is_dir()
def test_sms_ocr():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([SAMPLE_FILE])
assert "perjantai 6. syyskuuta 2019" in out
assert "Hyva asiakas, pakettiasi ei" in out
assert "voitu toimittaa 3.9.2019" in out
assert "koska tullimaksuja ei ole" in out
assert "http://v6f.us/Z9zmo" in out
def test_entrypoint_and_build():
"""This method just builds the image and checks the output without arguments.
Later methods should use same build image."""
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([])
assert out.strip().startswith("Clam AntiVirus: Scanner")
assert out.strip().endswith(
"files inside. The above options ensure safe processing of this kind of data."
)
def test_apk_to_jar(tmp_path):
d = tmp_path / "apk_tool"
d.mkdir()
tool = dockertools.tool_with_file(__file__)
tool.output_dirs = [d.relative_to(getcwd())]
out = tool.run_get_string(
["d", SAMPLE_FILE, "-f", "-o", f"{d.relative_to(getcwd())}"])
assert out.startswith("I: Using Apktool")
assert out.endswith("Copying original files...\n")
def test_do_run_create_project(tmp_path):
"""Test creating of decompiled Visual Studio Project from binary"""
d = tmp_path / "vsp"
d.mkdir()
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(
args=["-o", f"{d.relative_to(Path.cwd())}/", "-p", f"{SAMPLE_FILE}"])
assert len(list(d.iterdir())) == 3
assert Path(d / "Innocent.csproj").is_file()
def test_do_kdbgscan():
with zipfile.ZipFile(SAMPLE + '.zip', 'r') as f:
f.extractall('samples/memory/')
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(['kdbgscan', '-f', SAMPLE])
os.remove(SAMPLE)
assert out.startswith(
'**************************************************\nInstantiating KDBG using:'
)
def test_pe_sample():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(args=['--pe', SAMPLE])
for i, line in enumerate(out.splitlines()):
if i == 9:
assert line.endswith(
"Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI")
if i == 16:
assert line.endswith("InternalName: Innocent.exe")
assert out.startswith('* Manalyze 0.9 *')
def test_analysis():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([SAMPLE_FILE])
for i, line in enumerate(out.splitlines()):
if i == 1:
assert line.startswith(
"Number of rules (primarily dangerous function names) in C/C++ ruleset: 222"
)
if i == 6:
assert line.startswith(
"samples/source/c/overflow.c:7: [4] (buffer) strcpy:")
def test_with_pdf():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([SAMPLE_FILE])
values = {}
for line in out.splitlines():
m = re.match(pattern, line)
if m is not None:
# print("X: {}({})".format(m.group(1), m.group(2)))
values[m.group(1)] = m.group(2)
title = bytearray.fromhex(values['/Title'][5:][:-1].replace(
'00', '').lower()).decode()
assert title == "CinCan"
def test_with_pdf():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([SAMPLE_FILE])
values = {}
for line in out.splitlines():
m = re.match(pattern, line)
if m is not None:
# print("X: {}({})".format(m.group(1), m.group(2)))
values[m.group(1)] = m.group(2)
assert values['obj'] == '13'
assert values['endobj'] == '13'
assert values['stream'] == '2'
assert values['xref'] == '1'
def test_base64dump():
tool = dockertools.tool_with_file(__file__)
commandlog = tool.run(["python", "base64dump.py", SAMPLE_FILE])
out = commandlog.stdout
values = []
for line in out.splitlines():
m = re.match(pattern, line)
if m is not None:
# print("{} {} {}".format(m.group(1), m.group(3), m.group(5)))
values.append((m.group(1), m.group(3), m.group(5)))
assert values[1][0] == '1:'
assert values[1][1] == 'R/Filter'
assert values[1][2] == '8e306826ca2c662dc71e92c6bf8eaef5'
assert values[2][0] == '2:'
assert values[3][0] == '3:'
def test_do_run_get_tmp_json(tmp_path):
"""Test creating of JSON file from test results. Does not work for all files."""
d = tmp_path / "clamav_tmp"
d.mkdir()
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string(args=[
"--gen-json",
"--leave-temps",
f"--tempdir={d.relative_to(os.getcwd())}/",
f"{SAMPLE_FILE}",
])
# Get files
files = [x for x in d.iterdir() if x.is_file()]
assert len(files) == 1
with open(files[0]) as jsonfile:
j_obj = json.load(jsonfile)
# ClamAV calculates MDF5 of sample file, let's check it...
assert j_obj.get("FileMD5") == "c14fe9dbd952233ed549687374d765ec"
def test_fuzz_file(tmp_path):
d = tmp_path / "radamsa_tmp"
d.mkdir()
tool = dockertools.tool_with_file(__file__)
dest_dir = d.relative_to(pathlib.Path.cwd())
tool.output_dirs = [dest_dir / "fuzzed"]
r = tool.run(
['-s', '0', '-n', '10', '-o', f'{dest_dir}/fuzzed/%n', SAMPLE_FILE])
assert r.exit_code == 0
files = [
p.as_posix() for p in sorted(pathlib.Path(d / "fuzzed").iterdir())
]
assert files == [
f'{d}/fuzzed/1',
f'{d}/fuzzed/10',
f'{d}/fuzzed/2',
f'{d}/fuzzed/3',
f'{d}/fuzzed/4',
f'{d}/fuzzed/5',
f'{d}/fuzzed/6',
f'{d}/fuzzed/7',
f'{d}/fuzzed/8',
f'{d}/fuzzed/9',
]
def tool(request):
tool = dockertools.tool_with_file(__file__)
yield tool
def test_help():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([])
assert out.startswith(
"usage: query.py [-h] [-s NAMESERVER] [-t RDTYPES] [-f FILE] [domain]")
def test_entrypoint():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([])
assert out.startswith(
"usage: iocextract [-h] [--input INPUT] [--output OUTPUT] [--extract-emails]"
)
def test_help():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([])
assert out.startswith("usage: iocstrings")
def test_ioc():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([SAMPLE_FILE])
assert "UWk.TbOF" in out
def test_help():
tool = dockertools.tool_with_file(__file__)
out = tool.run_get_string([])
assert out.startswith("d2j-dex2jar")