def do_perform_remote_test(self, caplog, url, expected):
thug = ThugAPI()
thug.set_useragent('win7ie90')
thug.set_image_processing()
thug.set_threshold(2)
thug.disable_cert_logging()
thug.set_features_logging()
thug.set_ssl_verify()
thug.log_init(url)
thug.add_htmlclassifier(
os.path.join(self.signatures_path, "html_signature_12.yar"))
thug.add_imageclassifier(
os.path.join(self.signatures_path, "image_signature_14.yar"))
thug.add_imageclassifier(
os.path.join(self.signatures_path, "image_signature_15.yar"))
thug.run_remote(url)
records = [r.message for r in caplog.records]
matches = 0
for e in expected:
for record in records:
if e in record:
matches += 1
assert matches >= len(expected)
def do_perform_test(self, caplog, sample, expected):
thug = ThugAPI()
thug.log_init(sample)
thug.add_htmlclassifier(os.path.join(self.signatures_path, "html_signature_1.yar"))
thug.add_textclassifier(os.path.join(self.signatures_path, "text_signature_5.yar"))
thug.add_cookieclassifier(os.path.join(self.signatures_path, "cookie_signature_8.yar"))
thug.add_sampleclassifier(os.path.join(self.signatures_path, "sample_signature_10.yar"))
thug.add_imageclassifier(os.path.join(self.signatures_path, "image_signature_14.yar"))
thug.add_htmlfilter(os.path.join(self.signatures_path, "html_filter_2.yar"))
thug.add_jsfilter(os.path.join(self.signatures_path, "js_signature_2.yar"))
thug.add_vbsfilter(os.path.join(self.signatures_path, "vbs_signature_6.yar"))
thug.add_textfilter(os.path.join(self.signatures_path, "text_signature_5.yar"))
thug.add_cookiefilter(os.path.join(self.signatures_path, "cookie_filter_9.yar"))
thug.add_samplefilter(os.path.join(self.signatures_path, "sample_filter_11.yar"))
thug.add_imagefilter(os.path.join(self.signatures_path, "image_filter_16.yar"))
thug.add_htmlclassifier(os.path.join(self.signatures_path, "not_existing.yar"))
thug.add_htmlfilter(os.path.join(self.signatures_path, "not_existing.yar"))
thug.add_customclassifier('wrong_type', 'wrong_method')
thug.add_customclassifier('url', 'wrong_method')
thug.add_customclassifier('sample', self.sample_passthrough)
thug.add_customclassifier('image', self.image_passthrough)
thug.add_customclassifier('cookie', self.cookie_passthrough)
with open(os.path.join(self.samples_path, sample), 'rb') as fd:
data = fd.read()
log.HTMLClassifier.classify(os.path.basename(sample), data)
log.TextClassifier.classify(os.path.basename(sample), data)
log.TextClassifier.classify(os.path.basename(sample), data)
log.CookieClassifier.classify(os.path.basename(sample), data)
log.CookieClassifier.classify(os.path.basename(sample), data)
log.SampleClassifier.classify(data, hashlib.md5(data).hexdigest())
log.ImageClassifier.classify('https://buffer.antifork.org/images/antifork.jpg', 'Antifork')
log.ImageClassifier.classify('https://buffer.antifork.org/images/antifork.jpg', 'Antifork')
log.HTMLClassifier.filter(os.path.basename(sample), data)
log.JSClassifier.filter(os.path.basename(sample), data)
log.VBSClassifier.filter(os.path.basename(sample), data)
log.TextClassifier.filter(os.path.basename(sample), data)
log.CookieClassifier.filter(os.path.basename(sample), data)
log.SampleClassifier.filter(data, hashlib.md5(data).hexdigest())
log.ImageClassifier.filter('https://buffer.antifork.org/images/antifork.jpg', 'Antifork')
records = [r.message for r in caplog.records]
matches = 0
for e in expected:
for record in records:
if e in record:
matches += 1
assert matches >= len(expected)
