def test_wrong_profile(self, p, q):
q.side_effect = vol_exc.AddrSpaceError()
q.side_effect.append_reason("hello",
"No suitable address space mapping found")
p.return_value.calculate.return_value = []
with pytest.raises(CuckooOperationalError) as e:
VolatilityManager(None, "WinXPSP2x86").run()
e.match("An incorrect OS has been specified")
def test_plugin_enabled(self, p):
set_cwd(tempfile.mkdtemp())
cuckoo_create(cfg={
"memory": {
"pslist": {
"enabled": True,
},
"psxview": {
"enabled": False,
},
},
})
p.return_value = 12345
m = VolatilityManager(None, "WinXPSP2x86")
assert m.vol.addr_space == 12345
assert m.enabled("pslist", []) is True
assert m.enabled("psxview", []) is False
assert m.enabled("sockscan", ["winxp"]) is True
assert m.enabled("netscan", ["vista", "win7"]) is False
m = VolatilityManager(None, "Win7SP1x64")
assert m.enabled("pslist", []) is True
assert m.enabled("psxview", []) is False
assert m.enabled("sockscan", ["winxp"]) is False
assert m.enabled("netscan", ["vista", "win7"]) is True
m = VolatilityManager(None, "Win10x64")
assert m.enabled("pslist", []) is True
assert m.enabled("psxview", []) is False
assert m.enabled("sockscan", ["winxp"]) is False
assert m.enabled("netscan", ["vista", "win7"]) is False
def test_invalid_profile(self):
with pytest.raises(CuckooOperationalError) as e:
VolatilityManager(None, "invalid_profile").run()
e.match("does not exist!")
def test_empty_profile(self):
with pytest.raises(CuckooOperationalError) as e:
VolatilityManager(None, None).run()
e.match("no OS profile has been defined")
