def testPrepareDescriptiveFileResult(self):
file_analyzer = FileAnalyzer()
file_analyzer._RecordFileType(self.script, self.test_path)
pb = file_analyzer._PrepareDescriptiveFileResult(
self.test_path,
wheelbarrow_pb2.AnalysisResult(),
wheelbarrow_pb2.REMOVE)
reference_file_path = os.path.join(self.base_dir, 'descriptive_file_result')
test_utils.CheckResultProtobufFromFile(self, pb, reference_file_path,
wheelbarrow_pb2.FileResult())
def testPrepareDiffFileResult(self):
diff_pair = wheelbarrow_pb2.AnalysisDescriptor.DiffPair()
diff_pair.before = wheelbarrow_pb2.EXTRACT
diff_pair.after = wheelbarrow_pb2.INSTALL
file_analyzer = FileAnalyzer()
file_analyzer._RecordFileType(self.script, self.test_path)
pb = file_analyzer._PrepareDiffFileResult(
self.test_path,
wheelbarrow_pb2.AnalysisResult(),
wheelbarrow_pb2.ADD, diff_pair)
reference_file_path = os.path.join(self.base_dir, 'diff_file_result')
test_utils.CheckResultProtobufFromFile(self, pb, reference_file_path,
wheelbarrow_pb2.FileResult())
def _PerformAnalysis(self, file_path):
contents = LoadFileToString(file_path)
if contents is None:
raise RecoverableAnalysisError('Could not load file %s for hashing.'
% file_path)
checksum = FileAnalyzer._ComputeStringHash(contents, hashlib.sha256)
return (checksum, contents) if self._record_contents else (checksum, None)
def RunBinaries(self, timeout=60):
"""Run binaries contained in an application package.
Args:
timeout: The maximum duration that each binary should run.
"""
# Add leading slash to package binary paths, since they are recorded as
# paths relative to the package extract directory.
package_binaries = set('/%s' % s for s in FileAnalyzer.GetBinaries())
excluded_binaries = self._GetExcludedBinaries()
dev_null = open(os.devnull, 'w')
for binary in package_binaries - excluded_binaries:
# Exclude .so files.
if binary.endswith('.so'):
continue
# Launch in a timed subprocess, since this may take arbitrarily long
# otherwise.
subproc = TimedSubprocess(timeout)
if subproc.Popen(BinaryLauncher._MakeBinaryCommand(binary, True),
stdout=dev_null,
stderr=dev_null):
if subproc.Wait():
logging.warning('Binary %s terminated with errors.',
binary)
else:
logging.warning('Could not start binary %s.', binary)
dev_null.close()
def RunAnalysis(self, trigger, unused_argument, unused_suite):
"""Run a network listener analysis."""
netstat_results = None
try:
netstat_results = guest_utils.ExecuteCommandAndMatch(
NetworkListenerAnalyzer._NETSTAT_COMMAND,
NetworkListenerAnalyzer._LISTEN_EXPRESSION)
except guest_utils.CommandMatchingError as e:
error = 'Could not execute netstat -anp: %s' % str(e)
logging.error(error)
raise RecoverableAnalysisError(error)
package_binaries = set('/%s' % s for s in FileAnalyzer.GetBinaries())
pid_to_path_map = None
try:
pid_to_path_map = guest_utils.FindPidsForBinaries(package_binaries)
except guest_utils.PidMatchingError as e:
error = ('Could not find pids for binaries %s: %s' %
(str(package_binaries), str(e)))
logging.error(error)
raise RecoverableAnalysisError(error)
self._analysis_results[trigger] = []
for netstat_result in netstat_results:
if netstat_result[6] in pid_to_path_map:
netstat_result_list = list(netstat_result)
netstat_result_list.append(pid_to_path_map[netstat_result[6]])
self._analysis_results[trigger].append(netstat_result_list)
def testComputeStringHash(self):
reference_file_path = os.path.join(self.base_dir, 'descriptive_file_result')
reference_file = open(reference_file_path)
test_string = reference_file.read()
reference_hash = ('2632833731b11b9c9e0f071209e29e8cce04e900f89404f251654921'
'355728dc')
test_hash = FileAnalyzer._ComputeStringHash(test_string, hashlib.sha256)
self.assertEqual(test_hash, reference_hash)
def _PerformAnalysis(self, file_path):
"""Perform a checksum analysis on a file.
Args:
file_path: The path to a file.
Returns:
A tuple with the MD5, SHA-1 and SHA-256 hashes of the input file.
"""
contents = LoadFileToString(file_path)
if not contents:
raise RecoverableAnalysisError('Could not load file %s for hashing.'
% file_path)
md5hash = FileAnalyzer._ComputeStringHash(contents, hashlib.md5)
sha1hash = FileAnalyzer._ComputeStringHash(contents, hashlib.sha1)
sha256hash = FileAnalyzer._ComputeStringHash(contents, hashlib.sha256)
return (md5hash, sha1hash, sha256hash)
def testRunBinariesWithTimeout(self):
binary_launcher = BinaryLauncher(None)
self.mox.StubOutWithMock(binary_launcher, '_GetExcludedBinaries')
self.mox.StubOutWithMock(BinaryLauncher, '_MakeBinaryCommand')
FileAnalyzer.GetBinaries().AndReturn(set(['bin/sleep']))
binary_launcher._GetExcludedBinaries().AndReturn(set())
BinaryLauncher._MakeBinaryCommand('/bin/sleep',
True).AndReturn(['/bin/sleep', '5'])
self.mox.ReplayAll()
binary_launcher.RunBinaries(1)
self.mox.VerifyAll()
def testRunBinariesWithBadBinary(self):
bad_binary = os.path.join(self.base_dir, 'bad_binary')
binary_launcher = BinaryLauncher(None)
self.mox.StubOutWithMock(binary_launcher, '_GetExcludedBinaries')
self.mox.StubOutWithMock(BinaryLauncher, '_MakeBinaryCommand')
FileAnalyzer.GetBinaries().AndReturn(set([bad_binary[1:]]))
binary_launcher._GetExcludedBinaries().AndReturn(set())
BinaryLauncher._MakeBinaryCommand(bad_binary,
True).AndReturn([bad_binary])
logging.error('Unable to run command %s: %s', [bad_binary],
mox.IgnoreArg())
logging.warning('Could not start binary %s.', bad_binary)
self.mox.ReplayAll()
binary_launcher.RunBinaries()
self.mox.VerifyAll()
def testRunAnalysisWithPsFailure(self):
self.mox.StubOutWithMock(subprocess, 'check_output')
self.mox.StubOutWithMock(FileAnalyzer, 'GetBinaries')
self.mox.StubOutWithMock(guest_utils, 'FindPidsForBinaries')
netstat_out = self.LoadNetstatOut()
subprocess.check_output(
NetworkListenerAnalyzer._NETSTAT_COMMAND,
stderr=subprocess.STDOUT).AndReturn(netstat_out)
FileAnalyzer.GetBinaries().AndReturn(self.binaries)
guest_utils.FindPidsForBinaries(set(
'/%s' % s
for s in self.binaries)).AndRaise(RecoverableAnalysisError)
self.mox.ReplayAll()
analyzer = NetworkListenerAnalyzer()
self.assertRaises(RecoverableAnalysisError, analyzer.RunAnalysis,
wheelbarrow_pb2.RUN_BINARIES, None, None)
self.mox.VerifyAll()
def testRunAnalysisWithSuccess(self):
self.mox.StubOutWithMock(subprocess, 'check_output')
self.mox.StubOutWithMock(FileAnalyzer, 'GetBinaries')
netstat_out = self.LoadNetstatOut()
subprocess.check_output(
NetworkListenerAnalyzer._NETSTAT_COMMAND,
stderr=subprocess.STDOUT).AndReturn(netstat_out)
FileAnalyzer.GetBinaries().AndReturn(self.binaries)
ps_path = os.path.join(self.base_dir1, 'ps_aux')
ps_file = open(ps_path)
ps_out = ps_file.read()
ps_file.close()
subprocess.check_output(guest_utils._PS_COMMAND,
stderr=subprocess.STDOUT).AndReturn(ps_out)
self.mox.ReplayAll()
analyzer = NetworkListenerAnalyzer()
analyzer.RunAnalysis(wheelbarrow_pb2.RUN_BINARIES, None, None)
self.assertEqual(analyzer._analysis_results, self.expected_result)
def testRunAnalysisWithImplementedPerformAnalysis(self):
out = 'test'
trigger = wheelbarrow_pb2.EXTRACT
self.mox.StubOutWithMock(FileAnalyzer, '_PerformAnalysis')
file_analyzer = FileAnalyzer()
file_analyzer._PerformAnalysis(self.script).AndReturn(out)
self.mox.ReplayAll()
argument = [(self.script, self.script)]
file_analyzer.RunAnalysis(trigger, argument, '')
self.mox.VerifyAll()
self.assertEqual(
file_analyzer._GetAnalysisResultForTrigger(trigger)[self.script],
out)
def testRunAnalysisWithNotImplementedPerformAnalysis(self):
argument = [(self.test_path, self.test_path)]
analyzer = FileAnalyzer()
self.assertRaises(NotImplementedError, analyzer.RunAnalysis, None, argument,
'')
def CheckFileType(self, file_name, file_type): file_name = os.path.realpath(file_name) self.assertEqual(FileAnalyzer()._DetermineFileType(file_name), file_type)
def testPrepareFileResultWithBadArguments(self):
self.assertRaises(analysis.FatalAnalysisError,
FileAnalyzer()._PrepareFileResult, self.test_path,
wheelbarrow_pb2.AnalysisResult(),
wheelbarrow_pb2.ADD, None, None)