def test_scanner_null_environemnt(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.set_scanner(version="1.0.0", polyswarmclient_version="2.0.2", signatures_version="2019", vendor_version="1.0.0") # assert Verdict.validate(json.loads(verdict.json()))
def test_scanner_no_vendor_version(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.set_scanner(operating_system="windows", architecture="x86", version="1.0.0", polyswarmclient_version="2.0.2", signatures_version="2019") # assert Verdict.validate(json.loads(verdict.json()))
def test_scanner_invalid_psc_version(): # arrange verdict = Verdict().set_malware_family("Eicar") # assert with pytest.raises(ValueError): # act verdict.set_scanner(operating_system="windows", architecture="x86", version="1.0.0", polyswarmclient_version="asdf", signatures_version="2019", vendor_version="1.0.0") Verdict.validate(json.loads(verdict.json()))
def test_validate_two_domains_at_once(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.add_domains(['polyswarm.io', 'polyswarm.network']) # assert assert Verdict.validate(json.loads(verdict.json()))
def test_validate_two_ip_at_once(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.add_ip_addresses(['192.168.0.1', '8.8.8.8']) # assert assert Verdict.validate(json.loads(verdict.json()))
def test_validate_extra_object(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.add_extra("new_key", {"other_key": "string_value"}) # assert assert Verdict.validate(json.loads(verdict.json()))
def test_extra_array_scanner(): # arrange blob = { "malware_family": "Eicar", "domains": ["polyswarm.io"], "ip_addresses": ["192.168.0.1"], "stix": [{ "schema": "oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json", "signature": "a0" }], "scanner": { "extra": ["test"], "version": "1.0.0", "polyswarmclient_version": "2.0.2", "signatures_version": "2019", "vendor_version": "1.0.0", "environment": { "operating_system": "windows", "architecture": "x86" } }, } # assert assert Verdict.validate(blob)
def test_validate_domains(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.add_domain('polyswarm.io') # assert assert Verdict.validate(json.loads(verdict.json()))
def test_validate_ip(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.add_ip_address('192.168.0.1') # assert assert Verdict.validate(json.loads(verdict.json()))
def test_validate_with_family(): # arrange verdict = Verdict() verdict.set_malware_family("Eicar") # assert blob = verdict.json() # act assert Verdict.validate(json.loads(blob))
def test_validate_two_extra_at_once(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.add_extras([("new_key", "string_value"), ("new_key1", { "other_key": "string_value" })]) # assert assert Verdict.validate(json.loads(verdict.json()))
def test_validate_stix_object(): # arrange verdict = Verdict().set_malware_family("Eicar") # act verdict.add_stix_signature( 'oasis-open/cti-stix2-json-schemas/master/schemas/common/kill-chain-phase.json', { "kill_chain_name": 'asdf', "phase_name": "full" }) # assert assert Verdict.validate(json.loads(verdict.json()))
def test_empty_scanner(): # arrange blob = { "malware_family": "Eicar", "domains": ["polyswarm.io"], "ip_addresses": ["192.168.0.1"], "stix": [{ "schema": "oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json", "signature": "a0" }], "scanner": {} } # assert assert Verdict.validate(blob)
def test_validate_all_output(): # arrange verdict = Verdict().set_malware_family("Eicar")\ .add_domain('polyswarm.io')\ .add_ip_address('192.168.0.1')\ .add_stix_signature( 'oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json', "a0" ) \ .set_scanner(operating_system="windows", architecture="x86", version="1.0.0", polyswarmclient_version="2.0.2", signatures_version="2019", vendor_version="1.0.0")\ .add_extra("new_key", {"other_key": "string_value"})\ .add_extra("new_key1", ["string_value"])\ .add_extra("new_key2", "string_value") result = { "malware_family": "Eicar", "domains": ["polyswarm.io"], "ip_addresses": ["192.168.0.1"], "stix": [{ "schema": "oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json", "signature": "a0" }], "scanner": { "version": "1.0.0", "polyswarmclient_version": "2.0.2", "signatures_version": "2019", "vendor_version": "1.0.0", "environment": { "operating_system": "windows", "architecture": "x86" } }, "new_key": { "other_key": "string_value", }, "new_key1": ["string_value"], "new_key2": "string_value" } # act blob = json.loads(verdict.json()) # assert assert Verdict.validate(blob) assert blob == result
async def scan(self, guid, artifact_type, content, metadata, chain): """Scan an artifact Args: guid (str): GUID of the bounty under analysis, use to track artifacts in the same bounty artifact_type (ArtifactType): Artifact type for the bounty being scanned content (bytes): Content of the artifact to be scan metadata (dict) Dict of metadata for the artifact chain (str): Chain we are operating on Returns: ScanResult: Result of this scan """ results = await asyncio.gather(*[ backend.scan(guid, artifact_type, content, chain) for backend in self.backends ]) # Unpack the results bits = [r.bit for r in results] verdicts = [r.verdict for r in results] confidences = [r.confidence for r in results] metadatas = [r.metadata for r in results] asserted_confidences = [c for b, c in zip(bits, confidences) if b] avg_confidence = sum(asserted_confidences) / len(asserted_confidences) # author responsible for distilling multiple metadata values into a value for ScanResult metadata = metadatas[0] try: metadatas = [ json.loads(metadata) for metadata in metadatas if metadata and Verdict.validate(json.loads(metadata)) ] if metadatas: metadata = Verdict().set_malware_family(metadatas[0].get( 'malware_family', '')).json() except json.JSONDecodeError: logger.exception(f'Error decoding sub metadata') return ScanResult(bit=any(bits), verdict=any(verdicts), confidence=avg_confidence, metadata=metadata)
def test_none_stix_list(): # arrange blob = { "malware_family": "Eicar", "domains": ["polyswarm.io"], "ip_addresses": ["192.168.0.1"], "stix": None, "scanner": { "extra": "test", "version": "1.0.0", "polyswarmclient_version": "2.0.2", "signatures_version": "2019", "vendor_version": "1.0.0", "environment": { "operating_system": "windows", "architecture": "x86" } }, } # assert assert Verdict.validate(blob)
def __post_init__(self): if not VerdictMetadata.validate(self.metadata): raise ValueError