def do_perform_test(self, caplog, sample, expected):
thug = ThugAPI()
thug.set_useragent('winxpie70')
thug.set_threshold(2)
thug.disable_cert_logging()
thug.set_features_logging()
thug.set_ssl_verify()
thug.log_init(sample)
thug.reset_customclassifiers()
thug.add_customclassifier('url', self.catchall)
thug.reset_customclassifiers()
thug.add_customclassifier('html', self.catchall)
thug.add_customclassifier('url', self.catchall)
thug.add_customclassifier('js', self.catchall)
thug.add_customclassifier('vbs', self.catchall)
thug.add_customclassifier('sample', self.catchall)
thug.add_customclassifier('cookie', self.catchall)
thug.add_customclassifier('text', self.catchall)
thug.add_htmlclassifier(
os.path.join(self.signatures_path, "html_signature_1.yar"))
thug.add_jsclassifier(
os.path.join(self.signatures_path, "js_signature_2.yar"))
thug.add_urlclassifier(
os.path.join(self.signatures_path, "url_signature_3.yar"))
thug.add_urlfilter(
os.path.join(self.signatures_path, "url_filter_4.yar"))
thug.add_textclassifier(
os.path.join(self.signatures_path, "text_signature_5.yar"))
thug.add_vbsclassifier(
os.path.join(self.signatures_path, "vbs_signature_6.yar"))
thug.add_urlclassifier(
os.path.join(self.signatures_path, "url_signature_7.yar"))
thug.add_urlclassifier(
os.path.join(self.signatures_path, "url_signature_13.yar"))
thug.run_local(sample)
records = [r.message for r in caplog.records]
matches = 0
for e in expected:
for record in records:
if e in record:
matches += 1
assert matches >= len(expected)
