def test_pdf_metadata(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf-sample.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf-sample.pdf"
obj = s.run()["pdf"]
assert len(obj) == 2
assert obj[1] == {
"author": "cdaily",
"creation": "D:20000629102108+11'00'",
"creator": "Microsoft Word 8.0",
"javascript": [],
"modification": "2013-10-28T15:24:13-04:00",
"producer": "Acrobat Distiller 4.0 for Windows",
"subject": "",
"title": "This is a test PDF file",
"urls": [],
"version": 1,
}
def test_phishing0_pdf(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "phishing0.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/phishing0.pdf"
assert "googleattachmentsigned" in s.run()["pdf"][0]["urls"][0]
def test_pdf_stringjs(self):
set_cwd(self.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf1-stringjs.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf1-stringjs.pdf"
r = s.run()["pdf"][12]
assert "app.alert({" in r["javascript"][0]["orig_code"]
def test_pdf(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf0.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf0.pdf"
r = s.run()["pdf"][0]
assert "var x = unescape" in r["javascript"][0]["orig_code"]
def test_pdf_stringjs(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf1-stringjs.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf1-stringjs.pdf"
r = s.run()["pdf"][12]
assert "app.alert({" in r["javascript"][0]["orig_code"]
def test_archive_pdf(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "archive",
"package": "pdf",
"options": {
"filename": "files/pdf0.pdf",
},
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf0.zip"
assert "%48%65" in s.run()["pdf"][0]["javascript"][0]["orig_code"]
def test_pdf_ignorefake(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "fakepdf.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/fakepdf.pdf"
assert s.run() == {
"pdf": [],
}
def test_pdf_workercrash(self, md):
set_cwd(self.mkdtemp())
md.return_value = None
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf0.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf0.pdf"
r = s.run()
assert r["pdf"] == []
def test_pdf_ignorefake(self):
set_cwd(self.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "fakepdf.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/fakepdf.pdf"
assert s.run() == {
"pdf": [],
}
def test_pdf_workercrash(self, md):
set_cwd(tempfile.mkdtemp())
md.return_value = None
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf0.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf0.pdf"
r = s.run()
assert r["pdf"] == []
def test_summary_pdf_nometadata(self, p, request):
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": __file__,
})
s.set_options({
"pdf_timeout": 10,
})
s.file_path = __file__
p._get_report.return_value = {
"static": s.run(),
}
r = AnalysisRoutes.detail(request, 1, "static").content
assert "No PDF metadata could be extracted!" in r
def test_pdf_endian(self):
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf-endianerror.pdf"
})
s.file_path = "tests/files/pdf-endianerror.pdf"
s.set_options({
"pdf_timeout": 30,
})
r = s.run()
assert len(r["pdf"][0]["urls"]) == 63
assert r["pdf"][0]["urls"][54] == (
u"http://yourmirror.net/kali-security\u548c"
u"http://yourmirror.net/kali-images"
)
def test_pdf_mock(self, p):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf0.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf0.pdf"
p.return_value = ["hello"]
assert s.run()["pdf"] == ["hello"]
p.assert_called_once_with(mock.ANY, ("tests/files/pdf0.pdf", ),
timeout=30)
def test_pdf_endian(self):
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf-endianerror.pdf"
})
s.file_path = "tests/files/pdf-endianerror.pdf"
s.set_options({
"pdf_timeout": 30,
})
r = s.run()
assert len(r["pdf"][0]["urls"]) == 63
assert r["pdf"][0]["urls"][54] == (
u"http://yourmirror.net/kali-security\u548c"
u"http://yourmirror.net/kali-images"
)
def test_summary_pdf_nometadata(self, p, request):
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": __file__,
})
s.set_options({
"pdf_timeout": 10,
})
s.file_path = __file__
p._get_report.return_value = {
"static": s.run(),
}
r = AnalysisRoutes.detail(request, 1, "static").content
assert "No PDF metadata could be extracted!" in r
def test_summary_pdf_metadata(self, p, request):
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf-sample.pdf",
})
s.set_options({
"pdf_timeout": 10,
})
s.file_path = "tests/files/pdf-sample.pdf"
p._get_report.return_value = {
"static": s.run(),
}
r = AnalysisRoutes.detail(request, 1, "static").content
assert "Microsoft Word 8.0" in r
assert "This is a test PDF file" in r
def test_pdf_mock(self, p):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf0.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf0.pdf"
p.return_value = ["hello"]
assert s.run()["pdf"] == ["hello"]
p.assert_called_once_with(
mock.ANY, ("tests/files/pdf0.pdf",), timeout=30
)
def test_summary_pdf_metadata(self, p, request):
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf-sample.pdf",
})
s.set_options({
"pdf_timeout": 10,
})
s.file_path = "tests/files/pdf-sample.pdf"
p._get_report.return_value = {
"static": s.run(),
}
r = AnalysisRoutes.detail(request, 1, "static").content
assert "Microsoft Word 8.0" in r
assert "This is a test PDF file" in r
def test_pdf_attach(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf_attach.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf_attach.pdf"
obj, = s.run()["pdf"]
assert len(obj["javascript"]) == 1
assert "exportDataObject" in obj["javascript"][0]["orig_code"]
assert len(obj["attachments"]) == 1
assert obj["attachments"][0]["filename"] == "789IVIIUXSF110.docm"
assert "kkkllsslll" in obj["openaction"]
def test_pdf_attach(self):
set_cwd(tempfile.mkdtemp())
s = Static()
s.set_task({
"category": "file",
"package": "pdf",
"target": "pdf_attach.pdf",
})
s.set_options({
"pdf_timeout": 30,
})
s.file_path = "tests/files/pdf_attach.pdf"
obj, = s.run()["pdf"]
assert len(obj["javascript"]) == 1
assert "exportDataObject" in obj["javascript"][0]["orig_code"]
assert len(obj["attachments"]) == 1
assert obj["attachments"][0]["filename"] == "789IVIIUXSF110.docm"
assert "kkkllsslll" in obj["openaction"]
