def test_featureless_file_is_unpacked(scan_environment): fn = pathlib.Path("unpackers") / "ihex" / "example.txt" fn_abs = testdata_dir / fn # TODO: FileResult asks for relative path fileresult = FileResult(None, fn_abs, set()) fileresult.set_filesize(fn_abs.stat().st_size) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_valid_extension(unpacker) assert fileresult.labels == set() scanjob.check_for_signatures(unpacker) assert fileresult.labels == set() assert fileresult.unpackedfiles == [] scanjob.carve_file_data(unpacker) assert fileresult.unpackedfiles == [] fileresult.labels.add('text') scanjob.check_entire_file(unpacker) assert len(fileresult.unpackedfiles) == 1 j = scan_environment.scanfilequeue.get() expected_extracted_fn = pathlib.Path('.') / \ ("%s-0x%08x-ihex-1" % (fn.name, 0)) / "unpacked-from-ihex" assert j.fileresult.filename == expected_extracted_fn assertUnpackedPathExists(scan_environment, j.fileresult.filename)
def test_file_unpack_signature_fail(scan_environment): fn = pathlib.Path("test.sig1") fileresult = create_tmp_fileresult( scan_environment.temporarydirectory / fn, b"A" * 70) scan_environment.set_unpackparsers([UnpackParserExtractSig1Fail]) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpack_manager = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_signatures(unpack_manager) assertUnpackedPathDoesNotExist(scan_environment, unpack_manager.get_data_unpack_directory()) assert fileresult.unpackedfiles == []
def test_file_is_unpacked_by_signature(scan_environment): fn = pathlib.Path("unpackers") / "gif" / "test-prepend-random-data.gif" fn_abs = testdata_dir / fn # TODO: FileResult asks for relative path fileresult = FileResult(None, fn_abs, set()) fileresult.set_filesize(fn_abs.stat().st_size) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_valid_extension(unpacker) assert 'gif' not in fileresult.labels scanjob.check_for_signatures(unpacker) assert 'gif' not in fileresult.labels j = scan_environment.scanfilequeue.get() assert 'gif' in j.fileresult.labels
def test_file_unpack_signature_success(scan_environment): fn = pathlib.Path("test.sig1") fileresult = create_tmp_fileresult( scan_environment.temporarydirectory / fn, b"A" * 70) scan_environment.set_unpackparsers([UnpackParserExtractSig1]) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpack_manager = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_signatures(unpack_manager) unpack_report = fileresult.unpackedfiles[0] assert len(unpack_report['files']) == 2 fn1 = unpack_manager.get_data_unpack_directory() / "sig1_first" fn2 = unpack_manager.get_data_unpack_directory() / "sig1_second" assert unpack_report['files'][0] == fn1 assert unpack_report['files'][1] == fn2 assertUnpackedPathExists(scan_environment, unpack_report['files'][0]) assertUnpackedPathExists(scan_environment, unpack_report['files'][1])
def test_carved_data_is_extracted_from_file(scan_environment): fn = pathlib.Path("unpackers") / "gif" / "test-prepend-random-data.gif" fn_abs = testdata_dir / fn # TODO: FileResult asks for relative path fileresult = FileResult(None, fn_abs, set()) fileresult.set_filesize(fn_abs.stat().st_size) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_valid_extension(unpacker) scanjob.check_for_signatures(unpacker) j = scan_environment.scanfilequeue.get() scanjob.carve_file_data(unpacker) j = scan_environment.scanfilequeue.get() synthesized_name = pathlib.Path('.') / \ ("%s-0x%08x-synthesized-1" % (fn.name,0)) / \ ("unpacked-0x%x-0x%x" % (0,127)) assert j.fileresult.filename == synthesized_name assertUnpackedPathExists(scan_environment, j.fileresult.filename)