def test_collect_pe_file_info(temp_dir, test_pe_file): output = Outputs(temp_dir, None, False) output.add_collected_file_info('TestArtifact', test_pe_file) output.close() with Reader( output_file_content(temp_dir, '*-file_info.jsonl').splitlines()) as jsonl: record = jsonl.read() assert '@timestamp' in record assert record['labels']['artifact'] == "TestArtifact" assert record['file']['path'].endswith('MSVCR71.dll') assert record['file']['size'] == 348160 assert record['file']['mime_type'] == "application/x-msdownload" assert record['file']['hash'][ 'md5'] == "86f1895ae8c5e8b17d99ece768a70732" assert record['file']['hash'][ 'sha1'] == "d5502a1d00787d68f548ddeebbde1eca5e2b38ca" assert record['file']['hash'][ 'sha256'] == "8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe" assert record['file']['pe']['company'] == "Microsoft Corporation" assert record['file']['pe'][ 'description'] == "Microsoft® C Runtime Library" assert record['file']['pe']['file_version'] == "7.10.3052.4" assert record['file']['pe']['original_file_name'] == "MSVCR71.DLL" assert record['file']['pe'][ 'product'] == "Microsoft® Visual Studio .NET" assert record['file']['pe'][ 'imphash'] == "7acc8c379c768a1ecd81ec502ff5f33e" assert record['file']['pe']['compilation'] == "2003-02-21T12:42:20"
def test_collect_file_info(temp_dir, test_file): output = Outputs(temp_dir, None, False) output.add_collected_file_info('TestArtifact', OSFileSystem('/').get_fullpath(test_file)) output.close() with Reader( output_file_content(temp_dir, '*-file_info.jsonl').splitlines()) as jsonl: record = jsonl.read() assert '@timestamp' in record assert record['file']['path'].endswith('test_file.txt') assert record['file']['size'] == 14 assert record['file']['mime_type'] == "application/x-msdownload" assert record['file']['hash'][ 'md5'] == "10dbf3e392abcc57f8fae061c7c0aeec" assert record['file']['hash'][ 'sha1'] == "7ef0fe6c3855fbac1884e95622d9e45ce1d4ae9b" assert record['file']['hash'][ 'sha256'] == "cfb91ddbf08c52ff294fdf1657081a98c090d270dbb412a91ace815b3df947b6"