def _download_base64_decoded_section(self, uid, section, expression_id):
with ConnectTo(FrontEndDbInterface, self._config) as sc:
file_obj = sc.get_object(uid, analysis_filter=['base64_decoder'])
span_in_binary, span_in_section = None, (None, None)
for expression in file_obj.processed_analysis['base64_decoder'][section]:
if expression['id'] == int(expression_id):
span_in_section = expression['span_in_section']
span_in_binary = expression['span_in_binary']
break
if not span_in_binary:
return render_template('error.html', message='Undisclosed error in base64 decoding')
with ConnectTo(InterComFrontEndBinding, self._config) as connection:
raw_binary = connection.get_binary_and_filename(file_obj.uid)
binary, _ = remove_linebreaks_from_byte_string(raw_binary[0][span_in_binary[0]:span_in_binary[1]])
try:
binary = binascii.a2b_base64(binary[span_in_section[0]:span_in_section[1]])
except binascii.Error as error:
return render_template('error.html', message=str(error))
else:
resp = make_response(binary)
resp.headers['Content-Disposition'] = 'attachment; filename={}'.format(file_obj.file_name + '_0x%X' % (span_in_binary[0] + span_in_section[0]) + '-0x%X_decoded' % (span_in_binary[1] - span_in_section[2]))
return resp
def process_object(self, file_object):
original_binary = file_object.binary
my_binary, removed_linebreaks = remove_linebreaks_from_byte_string(original_binary)
try:
base64_sections = self.find_base64_sections(my_binary, int(self.config[self.NAME]['base64_section_min_length']))
except ValueError as value_error:
logging.error(str(value_error))
return file_object
file_object.processed_analysis[self.NAME] = self.iterate_base64_sections(base64_sections, original_binary, removed_linebreaks)
file_object.processed_analysis[self.NAME]['summary'] = ['Base64 code detected'] if file_object.processed_analysis[self.NAME] else []
return file_object
def test_remove_linebreaks(self):
self.assertEqual(remove_linebreaks_from_byte_string(b'abcd'), (b'abcd', 0), 'Linebreaks are not removed correctly')
self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0a'), (b'abcd', 1), 'Linebreaks are not removed correctly')
self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0d'), (b'abcd', 1), 'Linebreaks are not removed correctly')
self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0a\x0d'), (b'abcd', 2), 'Linebreaks are not removed correctly')
self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0a\x0defgh'), (b'abcdefgh', 2), 'Linebreaks are not removed correctly')