async def test_scan(self) -> None:
     s = Stoq(plugin_dir_list=[self.plugin_dir])
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(self.generic_data)
     response = await plugin.scan(payload, Request())
     self.assertIsInstance(response, WorkerResponse)
     self.assertEqual('text/plain', response.results['mimetype'])
 async def test_scan(self) -> None:
     s = Stoq(plugin_dir_list=[self.plugin_dir])
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(self.generic_data)
     response = await plugin.scan(payload, Request())
     self.assertIsInstance(response, WorkerResponse)
     self.assertEqual('3:hMCE7pr3Kn:huJ6', response.results['ssdeep'])
 async def test_scan(self) -> None:
     s = Stoq(plugin_dir_list=[self.plugin_dir])
     plugin = s.load_plugin(self.plugin_name)
     with open(f'{self.data_dir}/sample.pdf', 'rb') as f:
         payload = Payload(f.read())
     response = await plugin.scan(payload, Request())
     self.assertIsInstance(response, WorkerResponse)
     self.assertIn('FileType', response.results)
     self.assertEqual('PDF', response.results['FileType'])
     self.assertEqual(6, response.results['PageCount'])
 async def test_scan(self) -> None:
     s = Stoq(plugin_dir_list=[self.plugin_dir])
     plugin = s.load_plugin(self.plugin_name)
     with open(f'{self.data_dir}/TestJavaClass.class', 'rb') as f:
         payload = Payload(f.read())
     response = await plugin.scan(payload, Request())
     self.assertIsInstance(response, WorkerResponse)
     self.assertIn('TestJavaClass', response.results['provided'])
     self.assertGreaterEqual(len(response.results['provided']), 4)
     self.assertGreaterEqual(len(response.results['required']), 2)
     self.assertGreaterEqual(len(response.results['constants']), 10)
 async def test_scan(self) -> None:
     s = Stoq(plugin_dir_list=[self.plugin_dir])
     plugin = s.load_plugin(self.plugin_name)
     xord = bytes(x ^ 92 for x in self.generic_data)
     payload = Payload(xord)
     response = await plugin.scan(payload, Request())
     self.assertIsInstance(response, WorkerResponse)
     self.assertIn('0x5C', response.results)
     self.assertEqual('AdjustTokenPrivileges CurrentVersion',
                      response.results['0x5C'][0]['match'])
     self.assertEqual('CurrentVersion',
                      response.results['0x5C'][1]['match'])
Exemple #6
0
 async def test_dispatcher_save_false(self) -> None:
     s = Stoq(
         plugin_dir_list=[self.plugin_dir],
         plugin_opts={
             self.plugin_name: {
                 'dispatch_rules': f'{self.data_dir}/dispatch_rules.yar'
             }
         },
     )
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(b'save_false')
     response = await plugin.get_dispatches(payload, Request())
     self.assertIsInstance(response, DispatcherResponse)
     self.assertIn('False', response.meta['save_false']['meta']['save'])
Exemple #7
0
 async def test_scan(self) -> None:
     s = Stoq(
         plugin_dir_list=[self.plugin_dir],
         plugin_opts={
             self.plugin_name: {
                 'worker_rules': f'{self.data_dir}/scan_rules.yar'
             }
         },
     )
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(self.generic_data)
     response = await plugin.scan(payload, Request())
     self.assertIsInstance(response, WorkerResponse)
     self.assertEqual('test_scan_rule',
                      response.results['matches'][0]['rule'])
Exemple #8
0
 async def test_dispatcher_create_xorkey(self) -> None:
     s = Stoq(
         plugin_dir_list=[self.plugin_dir],
         plugin_opts={
             self.plugin_name: {
                 'dispatch_rules': f'{self.data_dir}/dispatch_rules.yar'
             }
         },
     )
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(b'This program_A}|f5egzrgtx')
     response = await plugin.get_dispatches(payload, Request())
     self.assertIsInstance(response, DispatcherResponse)
     self.assertEqual(
         21, int(response.meta['xordecode']['meta'].get('xorkey', 'None')))
Exemple #9
0
 async def test_scan_async(self) -> None:
     s = Stoq(
         plugin_dir_list=[self.plugin_dir],
         plugin_opts={
             self.plugin_name: {
                 'worker_rules': f'{self.data_dir}/scan_rules.yar'
             }
         },
     )
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(self.large_data)
     tasks = [plugin.scan(payload, Request()) for i in range(10)]
     results = await asyncio.gather(*tasks)
     for result in results:
         self.assertIsInstance(result, WorkerResponse)
         self.assertEqual('test_scan_rule',
                          result.results['matches'][0]['rule'])
Exemple #10
0
 async def test_dispatcher_create_xor_info(self) -> None:
     s = Stoq(
         plugin_dir_list=[self.plugin_dir],
         plugin_opts={
             self.plugin_name: {
                 'dispatch_rules': f'{self.data_dir}/dispatch_rules.yar',
                 'xor_first_match': False,
             },
         },
     )
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(b'This program_A}|f5egzrgtx Exxc1`c\x7fvbp}`p.')
     response = await plugin.get_dispatches(payload, Request())
     self.assertIsInstance(response, DispatcherResponse)
     self.assertListEqual([(13, '$this_prog', b'\x15'),
                           (26, '$this_prog_2b', b'\x11\x10')],
                          response.meta['xordecode']['meta'].get(
                              'xor_info', '[]'))
Exemple #11
0
 async def test_scan_meta_bytes(self) -> None:
     s = Stoq(
         plugin_dir_list=[self.plugin_dir],
         plugin_opts={
             self.plugin_name: {
                 'worker_rules': f'{self.data_dir}/scan_rules.yar'
             }
         },
     )
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(b'meta_bytes')
     response = await plugin.scan(payload, Request())
     self.assertIsInstance(response, WorkerResponse)
     self.assertEqual('test_scan_metadata_bytes',
                      response.results['matches'][0]['rule'])
     self.assertEqual('ANeato',
                      response.results['matches'][0]['meta']['bytes'])
     self.assertEqual('Peter Rabbit',
                      response.results['matches'][0]['meta']['author'])
     self.assertEqual('save_false',
                      response.results['matches'][0]['meta']['plugin'])
Exemple #12
0
 async def test_dispatcher(self) -> None:
     s = Stoq(
         plugin_dir_list=[self.plugin_dir],
         plugin_opts={
             self.plugin_name: {
                 'dispatch_rules': f'{self.data_dir}/dispatch_rules.yar'
             }
         },
     )
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(self.generic_data)
     response = await plugin.get_dispatches(payload, Request())
     self.assertIsInstance(response, DispatcherResponse)
     self.assertIn('test_dispatch_plugin', response.plugin_names)
     self.assertEqual('test_dispatch_rule',
                      response.meta['test_dispatch_plugin']['rule'])
     self.assertIn(
         'test_dispatch_plugin',
         response.meta['test_dispatch_plugin']['meta']['plugin'],
     )
     self.assertIn('True',
                   response.meta['test_dispatch_plugin']['meta']['save'])
     self.assertEqual(['tag1', 'tag2'],
                      response.meta['test_dispatch_plugin']['tags'])
 async def test_scan_invalid_payload(self) -> None:
     s = Stoq(plugin_dir_list=[self.plugin_dir])
     plugin = s.load_plugin(self.plugin_name)
     payload = Payload(b'definitely not a javaclass payload')
     with self.assertRaises(StoqPluginException):
         response = await plugin.scan(payload, Request())