def test_edit_tag(self):
# Add a tag
db.session.add(Tag('mytag', 'info'))
db.session.commit()
tag_id = Tag.query.filter(Tag.name == 'mytag').first().id
# Access the page with no authentication
rv = self.app.get('/admin/tags/edit/{id}'.format(id=tag_id)).data.decode('utf-8')
self.assertIn('You should be redirected automatically to target URL: <a href="/login">/login</a>',
rv)
# Log in
self.login()
rv = self.app.get('/admin/tags/edit/{id}'.format(id=tag_id)).data.decode('utf-8')
self.assertIn('<h2>Edit tag : {id}</h2>'.format(id=tag_id), rv)
# Acces the page with no id
rv = self.app.get('/admin/tags/edit/').status_code
self.assertEqual(rv, 404)
# Acces the page with invalid id
rv = self.app.get('/admin/tags/edit/978789987987978897879').status_code
self.assertEqual(rv, 404)
# Edit the tag
name = 'MyTag'
color = 'danger'
rv = self.app.post('/admin/tags/edit/{id}'.format(id=tag_id), data=dict(
name=name,
color=color
), follow_redirects=True).data.decode('utf-8')
self.assertIn('<h2>Tags</h2>', rv)
self.assertIn(name, rv)
self.assertIn('label-danger', rv)
def add_tag():
if request.method == 'POST':
tag = Tag(request.form.get('name', ''), request.form.get('color', ''))
db.session.add(tag)
db.session.commit()
return redirect(url_for('admin.tags'))
return render_template('admin/add_tag.html', tag=None)
def delete_tag(tag_id):
tag = Tag.get(tag_id)
if not tag:
abort(404)
db.session.delete(tag)
db.session.commit()
return redirect(request.referrer)
def test_submit_tag(self):
# Submit shitty tag
rv = self.app.get('/tag/submit/{sha256}/SHITTY').data.decode('utf-8')
self.assertEqual(rv, 'NOK')
# Submit a correct tag with invalid sha256
rv = self.app.get('/tag/submit/{sha256}/Tag').data.decode('utf-8')
self.assertEqual(rv, 'NOK')
# Add a tag to the db
tag = Tag('Tag', 'info')
db.session.add(tag)
db.session.commit()
# Submit a correct tag with valid sha256
rv = self.app.get('/tag/submit/{sha256}/Tag'.format(
sha256=global_sha256)).data.decode('utf-8')
self.assertEqual(rv, 'OK')
tags = [tag.name for tag in Sample.get(global_sha256).tags]
self.assertIn('Tag', tags)
# Submit the same tag with the same sha256
rv = self.app.get('/tag/submit/{sha256}/Tag'.format(
sha256=global_sha256)).data.decode('utf-8')
self.assertEqual(rv, 'NOK')
def edit_tag(tag_id):
tag = Tag.get(tag_id)
if not tag:
abort(404)
elif request.method == 'POST':
tag.name = request.form.get('name', '')
tag.color = request.form.get('color', '')
db.session.add(tag)
db.session.commit()
return redirect(url_for('admin.tags'))
return render_template('admin/add_tag.html', tag=tag)
def test_search(self):
rv = self.app.get('/search')
self.assertEqual(200, rv.status_code)
self.assertIn('<h1>Search</h1>', rv.data.decode('utf-8'))
# Add a sample with his tag
tag = Tag('wat', 'danger')
db.session.add(tag)
sample = Sample(
name=['wut.php'],
sha256='6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a',
sha1='6a6f0260611dcd60d502d308f74ff3c1ad590cfe',
md5='149b8ae3ca1cf126af05bd8c58ebde90',
ssdeep='3072:7Q6vU3oUXNiDarHituutTxmakBIRDzGoiTzj7c5hH5D8:7Q6vMXNQarHituutTxmakBcDzGoiTzjF',
entropy='5.65471943656401',
mime='text/x-php',
first_analysis='2000-01-01 10:00:00.00000',
last_analysis='2000-01-01 10:00:00.00000'
)
sample.tags.append(tag)
sample.analyzes.append(Analysis(
type='PHP',
soft='PMF',
sample_sha256='6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a',
analysis_time='0.004575014114379883'
))
db.session.add(sample)
db.session.commit()
result_sha256 = '<a href="/analysis/any/6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a">6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a</a>'
rv = self.app.get('/search')
self.assertIn(result_sha256, rv.data.decode('utf-8'))
# Custom search
rv = search(self.app, '6ffe')
self.assertIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, '6ffe123')
self.assertNotIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'md5:126')
self.assertIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'md5:wat')
self.assertNotIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'name:php')
self.assertIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'name:qweqwe')
self.assertNotIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'fist_analysis:2000-01-01')
self.assertIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'last_analysis:2000-01-03')
self.assertNotIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'tags:wat')
self.assertIn(result_sha256, rv.data.decode('utf-8'))
rv = search(self.app, 'tags:watt')
self.assertNotIn(result_sha256, rv.data.decode('utf-8'))
def analysis(analysis_type, sha256):
""" Analysis result page """
if analysis_type not in current_app.config.get('FILE_TYPES'):
return redirect(
url_for('default.analysis', sha256=sha256, analysis_type=current_app.config.get('FILE_TYPES')[0]))
sample = Sample.query.filter_by(sha256=sha256).first()
if sample is None:
abort(404)
suggest_reanalyse = datetime.datetime.utcnow() - sample.last_analysis > datetime.timedelta(days=90)
neighbours = sample.get_neighbours()
return render_template('analysis.html', sample=sample, analysis_type=analysis_type,
tag_list=Tag.get_all(), reanalyse=suggest_reanalyse, neighbours=neighbours)
def submit_tag(sha256, tag, format):
tags = Tag.get_all()
tag_names = [t.name for t in tags]
if tag is None or tag not in tag_names:
return "NOK"
sample = Sample.get(sha256)
sample_tag_names = [t.name for t in sample.tags]
if sample is None or tag in sample_tag_names:
return "NOK"
_tag = tags[tag_names.index(tag)]
sample.tags.append(_tag) # postgre doesn't like str as objects.
db.session.commit()
return str(_tag) if format else 'OK'
def submit_tag(sha256, tag, format):
tags = Tag.get_all()
tag_names = [t.name for t in tags]
if tag is None or tag not in tag_names:
return "NOK"
sample = Sample.get(sha256)
sample_tag_names = [t.name for t in sample.tags]
if sample is None or tag in sample_tag_names:
return "NOK"
_tag = tags[tag_names.index(tag)]
sample.tags.append(_tag) # postgre doesn't like str as objects.
db.session.commit()
return str(_tag) if format else 'OK'
def test_delete_tag(self):
# Add a tag
db.session.add(Tag('mytag', 'info'))
db.session.commit()
tag_id = Tag.query.filter(Tag.name == 'mytag').first().id
# Access the page with no authentication
rv = self.app.get('/admin/tags/delete/{id}'.format(id=tag_id)).data.decode('utf-8')
self.assertIn('You should be redirected automatically to target URL: <a href="/login">/login</a>',
rv)
# Log in
self.login()
# Acces the page with no id
rv = self.app.get('/admin/tags/delete/').status_code
self.assertEqual(rv, 404)
# Acces the page with invalid id
rv = self.app.get('/admin/tags/delete/978789987987978897879').status_code
self.assertEqual(rv, 404)
# Delete the tag
self.app.get('/admin/tags/delete/{id}'.format(id=tag_id))
self.assertIsNone(Tag.get(tag_id))
def edit(sha256):
""" Edit a sample metadata """
sample = Sample.get(sha256)
if sample:
all_tags = Tag.get_all()
if request.method == 'POST':
all_tags_id = [tag.id for tag in all_tags]
tag_list = []
for value in request.form:
if value.startswith('tag_'):
id = int(value[4:])
if id in all_tags_id:
tag_list.append(Tag.get(id))
sample.name = request.form.get('name', '').replace(' ', '').split(',')
sample.mime = request.form.get('mime', '')
sample.first_analysis = request.form.get('first_analysis', '')
sample.last_analysis = request.form.get('last_analysis', '')
sample.tags = tag_list
db.session.add(sample)
db.session.commit()
return redirect(url_for('admin.samples'))
return render_template('admin/edit.html', sample=sample, names=[tag.name for tag in sample.tags], tags=all_tags)
abort(404)
def analysis(analysis_type, sha256):
""" Analysis result page """
if analysis_type not in current_app.config.get('FILE_TYPES'):
return redirect(
url_for('default.analysis',
sha256=sha256,
analysis_type=current_app.config.get('FILE_TYPES')[0]))
sample = Sample.query.filter_by(sha256=sha256).first()
if sample is None:
abort(404)
suggest_reanalyse = datetime.datetime.utcnow(
) - sample.last_analysis > datetime.timedelta(days=90)
neighbours = sample.get_neighbours()
return render_template('analysis.html',
sample=sample,
analysis_type=analysis_type,
tag_list=Tag.get_all(),
reanalyse=suggest_reanalyse,
neighbours=neighbours)
def tags():
tag_list = Tag.get_all()
return render_template('admin/tags.html', tags=tag_list)