def extract_file_rpm(cls, filename, extraction_path): """ Extract rpm packages """ if sys.platform.startswith("linux"): if not inpath("rpm2cpio") or not inpath("cpio"): raise Exception( "'rpm2cpio' and 'cpio' are required to extract rpm files") else: with popen_ctx(["rpm2cpio", filename], stdout=subprocess.PIPE) as proc: return subprocess.call(["cpio", "-idmv"], stdin=proc.stdout, cwd=extraction_path) else: if not inpath("7z"): raise Exception("7z is required to extract rpm files") else: cpio_path = filename.split("\\") cpio_path = "\\".join(cpio_path[:len(cpio_path) - 1]) subprocess.call(f'7z x {filename} -o"{cpio_path}"') for file in os.listdir(cpio_path): if "cpio" in file: filename = cpio_path + "\\" + file subprocess.call(f'7z x {filename} -o"{extraction_path}"') if os.path.isfile(filename): os.remove(filename)
def setup_method(self): assert inpath("ar"), "Required tool 'ar' not found" download_file(TMUX_DEB, os.path.join(self.tempdir, "test.deb")) shutil.copyfile( os.path.join(self.tempdir, "test.deb"), os.path.join(self.tempdir, "test.ipk"), )
def extract_file_zip(cls, filename, extraction_path): """ Extract zip files """ if not inpath("unzip"): shutil.unpack_archive(filename, extraction_path) else: return subprocess.call( ["unzip", "-qq", "-n", "-d", extraction_path, filename])
def setUp(self): self.assertTrue(inpath("ar"), msg="Required tool 'ar' not found") download_file(TMUX_DEB, os.path.join(self.tempdir, "test.deb")) shutil.copyfile( os.path.join(self.tempdir, "test.deb"), os.path.join(self.tempdir, "test.ipk"), )
def is_executable(self, filename): """check if file is an ELF binary file""" output = None if inpath("file"): # use system file if available (for performance reasons) output = subprocess.check_output(["file", filename]) output = output.decode(sys.stdout.encoding) if "cannot open" in output: self.logger.warning( f"Unopenable file {filename} cannot be scanned") return False, None if (("LSB " not in output) and ("LSB shared" not in output) and ("LSB executable" not in output) and ("PE32 executable" not in output) and ("PE32+ executable" not in output) and ("Mach-O" not in output) and ("PKG-INFO: " not in output) and ("METADATA: " not in output) and ("pom.xml" not in output)): return False, None # otherwise use python implementation of file elif not is_binary(filename): return False, None return True, output
def scan_file(self, filename): """Scans a file to see if it contains any of the target libraries, and whether any of those contain CVEs""" self.logger.debug(f"Scanning file: {filename}") self.total_scanned_files += 1 # Do not try to scan symlinks if os.path.islink(filename): return None # Ensure filename is a file if not os.path.isfile(filename): self.logger.warning(f"Invalid file {filename} cannot be scanned") return None # step 1: check if it's an ELF binary file if inpath("file"): # use system file if available (for performance reasons) o = subprocess.check_output(["file", filename]) o = o.decode(sys.stdout.encoding) if "cannot open" in o: self.logger.warning( f"Unopenable file {filename} cannot be scanned") return None if (("LSB " not in o) and ("LSB shared" not in o) and ("LSB executable" not in o) and ("PE32 executable" not in o) and ("PE32+ executable" not in o) and ("Mach-O" not in o)): return None # otherwise use python implementation of file elif not is_binary(filename): return None # parse binary file's strings if inpath("strings"): # use "strings" on system if available (for performance) o = subprocess.check_output(["strings", filename]) lines = o.decode("utf-8").splitlines() else: # Otherwise, use python implementation s = Strings(filename) lines = s.parse() yield from self.run_checkers(filename, lines)
def extract_file_tar(cls, filename, extraction_path): """ Extract tar files """ if not inpath("tar"): """ Acutally MinGW provides tar, so this might never get called """ shutil.unpack_archive(filename, extraction_path) else: return subprocess.call( ["tar", "-C", extraction_path, "-xf", filename])
def extract_file_deb(cls, filename, extraction_path): """ Extract debian packages """ if not inpath("ar"): raise Exception("'ar' is required to extract deb files") else: result = subprocess.call(["ar", "x", filename], cwd=extraction_path) if result != 0: return result if not inpath("tar"): shutil.unpack_archive(filename, extraction_path) else: datafile = glob.glob( os.path.join(extraction_path, "data.tar.*"))[0] # flag a is not supported while using x result = subprocess.call( ["tar", "-C", extraction_path, "-xf", datafile]) return result
def extract_file_cab(cls, filename, extraction_path): """ Extract cab files """ if sys.platform.startswith("linux"): if not inpath("cabextract"): raise Exception( "'cabextract' is required to extract cab files") else: return subprocess.call( ["cabextract", "-d", extraction_path, filename]) else: subprocess.call(["Expand", filename, "-F:*", extraction_path])
def parse_strings(self, filename): """parse binary file's strings""" if inpath("strings"): # use "strings" on system if available (for performance) lines = subprocess.check_output(["strings", filename]).decode("utf-8") else: # Otherwise, use python implementation s = Strings(filename) lines = s.parse() return lines
def setUp(self): self.assertTrue(inpath("tar"), "Required tool 'tar' not found") for filename, tarmode in [ ("test.tgz", "w:gz"), ("test.tar.gz", "w:gz"), ("test.tar.bz2", "w:bz2"), ("test.tar", "w"), ]: tarpath = os.path.join(self.tempdir, filename) tar = tarfile.open(tarpath, mode=tarmode) data = "feedface".encode("utf-8") addfile = BytesIO(data) info = tarfile.TarInfo(name="test.txt") info.size = len(data) tar.addfile(tarinfo=info, fileobj=addfile) tar.close() if sys.version_info.major == 3 and sys.version_info.minor >= 3: tarpath = os.path.join(self.tempdir, "test.tar") tarpath_xz = os.path.join(self.tempdir, "test.tar.xz") with open(tarpath, "rb") as infile, lzma.open(tarpath_xz, "w") as outfile: outfile.write(infile.read())
def test_not_inpath(self): assert not inpath("cve_bin_tool_test_for_not_in_path")
def test_inpath(self): """Test the check to see if a command line utility is installed and in path before we try to run it.""" assert inpath("python")
def setUp(self): self.assertTrue(inpath("unzip"), msg="Required tool 'unzip' not found") for filename in ["test.exe", "test.zip", "test.jar", "test.apk"]: zippath = os.path.join(self.tempdir, filename) with ZipFile(zippath, "w") as zipfile: zipfile.writestr(ZipInfo("test.txt"), "feedface")
def setUp(self): self.assertTrue(inpath("cabextract"), msg="Required tool 'cabextract' not found") download_file(VMWARE_CAB, os.path.join(self.tempdir, "test.cab"))
def test_inpath(self): """ Test the check to see if a command line utility is installed and in path before we try to run it. """ self.assertTrue(inpath('python'))
def test_inpath(self): self.assertTrue(inpath('python'))
def test_not_inpath(self): self.assertFalse(inpath('cve_bin_tool_test_for_not_in_path'))
def setUp(self): self.assertTrue(inpath("rpm2cpio"), msg="Required tool 'rpm2cpio' not found") self.assertTrue(inpath("cpio"), msg="Required tool 'cpio' not found") download_file(CURL_7_20_0_URL, os.path.join(self.tempdir, "test.rpm"))