def initialize_scanjob_and_unpacker(scan_environment, fileresult): scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() return scanjob, unpacker
def test_featureless_file_is_unpacked(scan_environment): fn = pathlib.Path("unpackers") / "ihex" / "example.txt" fn_abs = testdata_dir / fn # TODO: FileResult asks for relative path fileresult = FileResult(None, fn_abs, set()) fileresult.set_filesize(fn_abs.stat().st_size) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_valid_extension(unpacker) assert fileresult.labels == set() scanjob.check_for_signatures(unpacker) assert fileresult.labels == set() assert fileresult.unpackedfiles == [] scanjob.carve_file_data(unpacker) assert fileresult.unpackedfiles == [] fileresult.labels.add('text') scanjob.check_entire_file(unpacker) assert len(fileresult.unpackedfiles) == 1 j = scan_environment.scanfilequeue.get() expected_extracted_fn = pathlib.Path('.') / \ ("%s-0x%08x-ihex-1" % (fn.name, 0)) / "unpacked-from-ihex" assert j.fileresult.filename == expected_extracted_fn assertUnpackedPathExists(scan_environment, j.fileresult.filename)
def test_carved_padding_file_has_correct_labels(self): self._create_padding_file_in_directory() fileresult = self._create_fileresult_for_file(self.padding_file, self.parent_dir, []) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(self.scan_environment) unpacker = Unpacker() scanjob.prepare_for_unpacking() scanjob.check_unscannable_file() unpacker.append_unpacked_range(0, 5) # bytes [0:5) are unpacked scanjob.carve_file_data(unpacker) j = self.scanfile_queue.get() self.assertSetEqual(j.fileresult.labels, set(['padding', 'synthesized']))
def test_file_is_unpacked_by_extension(scan_environment): fn = pathlib.Path("unpackers") / "gif" / "test.gif" fn_abs = testdata_dir / fn # TODO: FileResult asks for relative path fileresult = FileResult(None, fn_abs, set()) fileresult.set_filesize(fn_abs.stat().st_size) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_valid_extension(unpacker) assert 'gif' in fileresult.labels
def test_file_unpack_signature_fail(scan_environment): fn = pathlib.Path("test.sig1") fileresult = create_tmp_fileresult( scan_environment.temporarydirectory / fn, b"A" * 70) scan_environment.set_unpackparsers([UnpackParserExtractSig1Fail]) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpack_manager = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_signatures(unpack_manager) assertUnpackedPathDoesNotExist(scan_environment, unpack_manager.get_data_unpack_directory()) assert fileresult.unpackedfiles == []
def test_carved_padding_file_has_correct_labels(scan_environment): padding_file = _create_padding_file_in_unpack_directory(scan_environment) fileresult = FileResult(None, scan_environment.unpackdirectory / padding_file, set()) fileresult.set_filesize( (scan_environment.unpackdirectory / padding_file).stat().st_size) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_unscannable_file() unpacker.append_unpacked_range(0, 5) # bytes [0:5) are unpacked scanjob.carve_file_data(unpacker) j = scan_environment.scanfilequeue.get() assert j.fileresult.labels == set(['padding', 'synthesized'])
def test_file_unpack_signature_success(scan_environment): fn = pathlib.Path("test.sig1") fileresult = create_tmp_fileresult( scan_environment.temporarydirectory / fn, b"A" * 70) scan_environment.set_unpackparsers([UnpackParserExtractSig1]) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpack_manager = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_signatures(unpack_manager) unpack_report = fileresult.unpackedfiles[0] assert len(unpack_report['files']) == 2 fn1 = unpack_manager.get_data_unpack_directory() / "sig1_first" fn2 = unpack_manager.get_data_unpack_directory() / "sig1_second" assert unpack_report['files'][0] == fn1 assert unpack_report['files'][1] == fn2 assertUnpackedPathExists(scan_environment, unpack_report['files'][0]) assertUnpackedPathExists(scan_environment, unpack_report['files'][1])
def test_carved_data_is_extracted_from_file(scan_environment): fn = pathlib.Path("unpackers") / "gif" / "test-prepend-random-data.gif" fn_abs = testdata_dir / fn # TODO: FileResult asks for relative path fileresult = FileResult(None, fn_abs, set()) fileresult.set_filesize(fn_abs.stat().st_size) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpacker = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_valid_extension(unpacker) scanjob.check_for_signatures(unpacker) j = scan_environment.scanfilequeue.get() scanjob.carve_file_data(unpacker) j = scan_environment.scanfilequeue.get() synthesized_name = pathlib.Path('.') / \ ("%s-0x%08x-synthesized-1" % (fn.name,0)) / \ ("unpacked-0x%x-0x%x" % (0,127)) assert j.fileresult.filename == synthesized_name assertUnpackedPathExists(scan_environment, j.fileresult.filename)
def test_file_unpack_extension_carve(scan_environment): fn = pathlib.Path("test.ex1") fileresult = create_tmp_fileresult( scan_environment.temporarydirectory / fn, b"A" * 70) scan_environment.set_unpackparsers([UnpackParserExtractEx1Carve]) scanjob = ScanJob(fileresult) scanjob.set_scanenvironment(scan_environment) scanjob.initialize() unpack_manager = UnpackManager(scan_environment.unpackdirectory) scanjob.prepare_for_unpacking() scanjob.check_for_valid_extension(unpack_manager) unpack_report = fileresult.unpackedfiles[0] assert len(unpack_report['files']) == 3 fn1 = unpack_manager.get_data_unpack_directory() / "ex1_first" fn2 = unpack_manager.get_data_unpack_directory() / "ex1_second" fn3 = unpack_manager.get_data_unpack_directory( ) / "unpacked.ex1_extract_carve" assert unpack_report['files'][0] == fn1 assert unpack_report['files'][1] == fn2 assert unpack_report['files'][2] == fn3 assertUnpackedPathExists(scan_environment, unpack_report['files'][0]) assertUnpackedPathExists(scan_environment, unpack_report['files'][1]) assertUnpackedPathExists(scan_environment, unpack_report['files'][2])