def test_find_targets_will_exclude_patterns(self): p = set([r'no_.+_here']) files = list(scan.find_targets(self.target_path, exclude_patterns=p)) matches = [x for x in files if 'no_malware_here' in x] assert matches == [], matches assert len(files) > 4, files p = set([r'/']) files = list(scan.find_targets(self.target_path, exclude_patterns=p)) assert files == [], files
def test_normal_scan(self): files = scan.find_targets(self.target_path) malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist) self.assertEqual(len(malware), 2) self.assertEqual(len(whitelisted), 1)
def test_filter_extensions(self): ext = ['php'] files = scan.find_targets(self.target_path, req_ext=ext) malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist) self.assertEqual(len(malware), 1) self.assertEqual(len(whitelisted), 0)
def test_filter_extensions(self): ext = ['php'] files = scan.find_targets(self.target_path, required_extensions=ext) malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist) self.assertEqual(len(malware), 1) self.assertEqual(len(whitelisted), 0)
def test_external_rule_file(self): files = scan.find_targets(self.target_path) rules_path = os.path.join(self.fixture_path, 'rules-vanilla.yar') self.rules, self.whitelist = self._load_file_rules(rules_path) malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist) self.assertEqual(len(malware), 2) self.assertEqual(len(whitelisted), 0)
def test_scan_targets_for_new_files_only(self): the_past = time.time() - 5 with open(self.new_file, 'w') as fh: fh.write('BAD\n') files = scan.find_targets(self.target_path, newer_than=the_past) self.assertEqual(len(list(files)), 1) os.unlink(self.new_file)
def test_that_symlinks_are_properly_followed(self): paths = scan.find_targets(self.target_path, follow_symlinks=True) files = list(map(os.path.basename, paths)) # py3 returns map whereas py2 returns list, # map can only be iterated once assert len(files) > 5, 'bogus files obj' assert 'im_a_symlink' in files, \ 'no symlink found in results' assert 'recursive_symlink' not in files, \ 'recursive symlink is included' assert 'im_a_broken_symlink' not in files, \ 'broken symlink is included'
def test_scan_callback(self): targets = scan.find_targets(self.target_path) testcb = mock.MagicMock() scan.scan_files(targets, self.rules, self.whitelist, testcb) self.assertEqual(testcb.call_count, 2)