def test_duplicate2(): if ".7z" not in supported(): return duplicates = [] assert unpack(b"tests/files/7z_plain.7z", duplicates=duplicates).children[0].duplicate is False assert unpack(b"tests/files/7z_nested.7z", duplicates=duplicates).children[0].duplicate is True
def test_heuristics(self): unpacker = "zipfile" if os.path.exists(Zip7File.exe): unpacker = "7zfile" t = unpack("tests/files/zip_plain.zip", filename="foo") assert t.unpacker == unpacker assert t.filename == "foo" t = unpack("tests/files/zip_nested.zip", filename="foo") assert t.unpacker == unpacker assert t.filename == "foo" t = unpack("tests/files/zip_nested2.zip", filename="foo") assert t.unpacker == unpacker assert t.filename == "foo" t = unpack("tests/files/zip_encrypted.zip", filename="foo") assert t.unpacker == unpacker assert t.filename == "foo" # No password provided - pass is sflock t = unpack("tests/files/zip_encrypted2.zip", filename="foo") assert t.mode == Errors.DECRYPTION_FAILED assert t.unpacker == unpacker assert t.filename == "foo"
def test_bup(): mso = unpack("tests/files/msg_invoice.msg").read("oledata.mso") # At the moment we only look at the file extension for .mso files. # TODO Allow bruteforcing to identify file type. Note that this is # currently not supported as it slows down our unit tests by two (!). assert unpack(contents=mso).unpacker == "msofile"
def test_zipify4(): a = unpack("tests/files/tar_plain2.tar") b = unpack("foo.zip", zipify(a)) assert len(a.children) == len(b.children) assert a.children[0].filepath == b.children[0].filepath assert a.children[0].contents == b.children[0].contents assert a.children[1].filepath == b.children[1].filepath assert a.children[1].contents == b.children[1].contents
def test_zipify4(): a = unpack(b"tests/files/tar_plain2.tar") b = unpack(b"foo.zip", zipify(a)) assert len(a.children) == len(b.children) assert a.children[0].relapath == b.children[0].relapath assert a.children[0].contents == b.children[0].contents assert a.children[1].relapath == b.children[1].relapath assert a.children[1].contents == b.children[1].contents
def test_heuristics(self): t = unpack("tests/files/cab2.cab", filename="foo") assert t.unpacker == "cabfile" assert t.filename == "foo" t = unpack("tests/files/readelf.cab", filename="foo") assert t.unpacker == "cabfile" assert t.filename == "foo"
def test_zipify4(): a = unpack("tests/files/tar_plain2.tar") b = unpack(File(contents=zipify(a)).temp_path()) assert len(a.children) == len(b.children) assert a.children[0].relapath == b.children[0].relapath assert a.children[0].contents == b.children[0].contents assert a.children[1].relapath == b.children[1].relapath assert a.children[1].contents == b.children[1].contents
def test_passwords(): assert len(unpack(f2(b"zip_encrypted.zip")).children) == 1 z = unpack(f2(b"zip_encrypted2.zip")) assert not z.children[0].magic z = unpack(f2(b"zip_encrypted2.zip"), password="******") assert z.children[0].magic == "ASCII text"
def test_identify(): assert identify(File(b"tests/files/script.js")) == "js" assert identify(File(b"tests/files/script.wsf")) == "wsf" assert identify(File(b"tests/files/script.vbs")) == "vbs" assert identify(File(b"tests/files/script.ps1")) == "ps1" f = unpack(contents=open("tests/files/sample.jar", "rb").read()) assert f.package == "jar" f = unpack(contents=open("tests/files/sample.apk", "rb").read()) assert f.package == "apk" assert identify(File(b"tests/files/maldoc_office.htm")) == "doc" assert identify(File(b"tests/files/maldoc.xls")) == "xls" assert identify(File(b"tests/files/test.hta_")) == "hta"
def test_heuristics(self): t = unpack("tests/files/ace_plain.ace", filename="foo") assert t.unpacker == "acefile" assert t.filename == "foo" t = unpack("tests/files/ace_nested.ace", filename="foo") assert t.unpacker == "acefile" assert t.filename == "foo" t = unpack("tests/files/ace_nested2.ace", filename="foo") assert t.unpacker == "acefile" assert t.filename == "foo"
def test_zipify5(): a = unpack("tests/files/tar_plain2.tar") b = unpack("foo.zip", zipify(a, "notthepassword")) assert b.children[0].mode == "failed" # Fortunately sflock is capable of bruteforcing "password". b = unpack("foo.zip", zipify(a, "password")) assert len(a.children) == len(b.children) assert a.children[0].relapath == b.children[0].relapath assert a.children[0].contents == b.children[0].contents assert a.children[1].relapath == b.children[1].relapath assert a.children[1].contents == b.children[1].contents
def test_heuristics(self): t = unpack("tests/files/7z_plain.7z", filename="foo") assert t.unpacker == "7zfile" assert t.filename == "foo" t = unpack("tests/files/7z_nested.7z", filename="foo") assert t.unpacker == "7zfile" assert t.filename == "foo" t = unpack("tests/files/7z_nested2.7z", filename="foo") assert t.unpacker == "7zfile" assert t.filename == "foo" """
def test_heuristics(self): t = unpack(b"tests/files/tar_plain.tar", filename=b"foo") assert t.unpacker == "tarfile" assert t.filename == b"foo" t = unpack(b"tests/files/tar_plain2.tar", filename=b"foo") assert t.unpacker == "tarfile" assert t.filename == b"foo" t = unpack(b"tests/files/tar_plain2.tar.gz", filename=b"foo") assert t.unpacker == "targzfile" assert t.filename == b"foo" t = unpack(b"tests/files/tar_plain2.tar.bz2", filename=b"foo") assert t.unpacker == "tarbz2file" assert t.filename == b"foo" t = unpack(b"tests/files/tar_nested.tar", filename=b"foo") assert t.unpacker == "tarfile" assert t.filename == b"foo" t = unpack(b"tests/files/tar_nested.tar.gz", filename=b"foo") assert t.unpacker == "targzfile" assert t.filename == b"foo" t = unpack(b"tests/files/tar_nested.tar.bz2", filename=b"foo") assert t.unpacker == "tarbz2file" assert t.filename == b"foo" t = unpack(b"tests/files/tar_nested2.tar", filename=b"foo") assert t.unpacker == "tarfile" assert t.filename == b"foo"
def test_heuristics(self): t = unpack("tests/files/tar_plain.tar", filename="foo") assert t.unpacker == "tarfile" assert t.filename == "foo" t = unpack("tests/files/tar_plain2.tar", filename="foo") assert t.unpacker == "tarfile" assert t.filename == "foo" t = unpack("tests/files/tar_plain2.tar.gz", filename="foo") assert t.unpacker == "targzfile" assert t.filename == "foo" t = unpack("tests/files/tar_plain2.tar.bz2", filename="foo") assert t.unpacker == "tarbz2file" assert t.filename == "foo" t = unpack("tests/files/tar_nested.tar", filename="foo") assert t.unpacker == "tarfile" assert t.filename == "foo" t = unpack("tests/files/tar_nested.tar.gz", filename="foo") assert t.unpacker == "targzfile" assert t.filename == "foo" t = unpack("tests/files/tar_nested.tar.bz2", filename="foo") assert t.unpacker == "tarbz2file" assert t.filename == "foo" t = unpack("tests/files/tar_nested2.tar", filename="foo") assert t.unpacker == "tarfile" assert t.filename == "foo"
def test_passwords(): f = unpack(f2("zip_encrypted.zip")) assert len(f.children) == 1 assert f.children[0].filesize == 21 # Give no password. Should result in error z = unpack(f2("zip_encrypted2.zip")) assert z.mode == Errors.DECRYPTION_FAILED z = unpack(f2("zip_encrypted2.zip"), password="******") assert z.children[0].magic == "ASCII text" z = unpack(f2("zip_encrypted2.zip"), password=["sflock"]) assert z.children[0].magic == "ASCII text"
def test_inmemory(self): contents = open("tests/files/cab2.cab", "rb").read() t = unpack(contents=contents) assert t.unpacker == "cabfile" assert t.filename is None assert t.filepath is None assert len(t.children) == 1
def test_invalid_characters(self): """Tests .zip files with invalid character filenames in it, which can't be unpacked on Windows.""" buf = io.BytesIO() z = zipfile.ZipFile(buf, "w") z.writestr('foo"bar', "foo1") z.writestr("foo*bar", "foo2") z.writestr("foo<bar", "foo3") z.writestr("foo>bar", "foo4") z.writestr("foo?bar", "foo5") z.writestr("foo@bar", "foo5") z.writestr("1.js", "bar") z.close() dirpath = tempfile.mkdtemp() # Test that zipfile.ZipFile().extractall() works on our zipped # version after unpacking. Zipception, basically. f = zipify(unpack(contents=buf.getvalue())) zipfile.ZipFile(io.BytesIO(f)).extractall(dirpath) assert len(os.listdir(dirpath)) == 2 filepath1 = os.path.join(dirpath, "foo@bar") filepath2 = os.path.join(dirpath, "1.js") assert open(filepath1, "rb").read() == b"foo5" assert open(filepath2, "rb").read() == b"bar"
def test_astree1(): f = unpack("tests/files/zip_nested2.zip") assert f.astree(finger=False) == { "duplicate": False, "password": None, "filename": "zip_nested2.zip", "filepath": "tests/files/zip_nested2.zip", "size": 496, "package": None, "type": "container", "children": [ { "type": "directory", "filename": "deepfoo", "children": [ { "type": "directory", "filename": "foo", "children": [ { "filename": "bar.txt", "filepath": "deepfoo/foo/bar.txt", "duplicate": False, "password": None, "size": 12, "package": None, "type": "file", "children": [], }, ], }, ], }, ], }
def test_read2(): f = unpack(b"tests/files/msg_invoice.msg") assert len(f.read(b"oledata.mso")) == 234898 assert len(f.read([ b"oledata.mso", b"Firefox Setup Stub 43.0.1.exe", ])) == 249336
def test_read1(): f = unpack("tests/files/bup_test.bup") assert len(f.read("efax_9057733019_pdf.zip")) == 212663 assert len(f.read([ "efax_9057733019_pdf.zip", "efax_9057733019_pdf.scr", ])) == 377856
def test_inmemory(self): contents = open("tests/files/7z_plain.7z", "rb").read() t = unpack(contents=contents) assert t.unpacker == "7zfile" assert t.filename is None assert t.filepath is None assert len(t.children) == 1
def test_heuristics(self): t = unpack("tests/files/rar_plain.rar", filename="foo") assert t.unpacker == "rarfile" assert t.filename == "foo" t = unpack("tests/files/rar_nested.rar", filename="foo") assert t.unpacker == "rarfile" assert t.filename == "foo" t = unpack("tests/files/rar_nested2.rar", filename="foo") assert t.unpacker == "rarfile" assert t.filename == "foo" t = unpack("tests/files/sflock_encrypted.rar", filename="foo", password="******") assert t.unpacker == "rarfile" assert t.filename == "foo"
def test_inmemory(self): contents = open(b"tests/files/rar_plain.rar", "rb").read() t = unpack(contents=contents) assert t.unpacker == "rarfile" assert t.filename is None assert t.filepath is None assert len(t.children) == 1
def test_maxsize_7z(): if ".7z" not in supported(): return f = unpack(b"tests/files/1025mb.7z") assert f.unpacker == "7zfile" assert not f.children assert f.error == "files_too_large"
def test_unpack2(): f = unpack(b"tests/files/tar_nested.tar.bz2") assert len(f.children) == 1 f = f.children[0] assert len(f.children) == 1 assert f.children[0].relapath == b"foo/bar.txt" assert f.children[0].relaname == b"foo/bar.txt" assert f.children[0].contents == b"hello world\n"
def test_maxsize_7z(): if ".7z" not in supported(): return f = unpack("tests/files/1025mb.7z") assert f.unpacker == "7zfile" assert not f.children assert f.mode == Errors.TOTAL_TOO_LARGE
def test_udf_iso_noext(self): upacker = Zip7File(f("iso_udf_noext")) assert upacker.handles() assert upacker.supported() t = unpack("tests/files/iso_udf_noext") assert t.unpacker == "7zfile" assert len(t.children) == 1 assert t.children[0].filename == "ATTACHME.EXE"
def test_heuristics(self): t = unpack(b"tests/files/rar_plain.rar", filename=b"foo") assert t.unpacker == "rarfile" assert t.filename == b"foo" t = unpack(b"tests/files/rar_nested.rar", filename=b"foo") assert t.unpacker == "rarfile" assert t.filename == b"foo" t = unpack(b"tests/files/rar_nested2.rar", filename=b"foo") assert t.unpacker == "rarfile" assert t.filename == b"foo" t = unpack(b"tests/files/sflock_encrypted.rar", filename=b"foo", password=b"infected") assert t.unpacker == "rarfile" assert t.filename == b"foo"
def test_ppt(): f = unpack(contents=open("tests/files/ppt_1.pptx", "rb").read()) assert f.duplicate is False assert f.preview is False assert f.selected is True assert f.package == "ppt" assert f.platform == "windows" assert f.get_child(b"[Content_Types].xml") is not None assert len(f.children) == 37
def test_unpack_py3(): with pytest.raises(IncorrectUsageException): unpack(filepath=b"filepath") with pytest.raises(IncorrectUsageException): unpack(contents="contents") with pytest.raises(IncorrectUsageException): unpack(password=b"password") with pytest.raises(IncorrectUsageException): unpack(filename=b"filename") # It works, but no children are extracted from this Python file. assert not unpack(__file__).children
def test_attributes(): for filename in os.listdir("tests/files"): if os.path.isdir("tests/files/%s" % filename): continue if "encrypted" in filename: continue f = unpack("tests/files/%s" % filename) assert json.loads(json.dumps(list(f.to_dict()))) == list(f.to_dict())
def test_oledoc1(): f = unpack("tests/files/oledoc1.doc_") assert f.extension == "doc" assert f.platforms == [ {"platform": "windows", "os_version": ""}, {"platform": "darwin", "os_version": ""}, {"platform": "linux", "os_version": ""}, {"platform": "android", "os_version": ""}, {"platform": "ios", "os_version": ""} ]
def test_slk(): f = unpack("tests/files/1.slk") assert f.extension == "slk" assert f.platforms == [ {"platform": "windows", "os_version": ""}, {"platform": "darwin", "os_version": ""}, {"platform": "linux", "os_version": ""}, {"platform": "android", "os_version": ""}, {"platform": "ios", "os_version": ""} ]
def test_doc2(): f = unpack(b"tests/files/doc_2.xlsx_") assert f.duplicate is False assert f.selected is True assert f.preview is False assert f.package == "xls" assert f.platform == "windows" assert f.get_child(b"[Content_Types].xml") is not None assert len(f.children) == 12 assert f.children[0].selected is False assert f.children[11].selected is False
def test_heuristics(self): t = unpack("tests/files/zip_plain.zip", filename="foo") assert t.unpacker == "zipfile" assert t.filename == "foo" t = unpack("tests/files/zip_nested.zip", filename="foo") assert t.unpacker == "zipfile" assert t.filename == "foo" t = unpack("tests/files/zip_nested2.zip", filename="foo") assert t.unpacker == "zipfile" assert t.filename == "foo" t = unpack("tests/files/zip_encrypted.zip", filename="foo") assert t.unpacker == "zipfile" assert t.filename == "foo" t = unpack("tests/files/zip_encrypted2.zip", filename="foo") assert t.unpacker == "zipfile" assert t.filename == "foo"
def test_astree3(): f = unpack("tests/files/eml_nested_eml.eml") assert f.astree(finger=False) == { "duplicate": False, "filename": "eml_nested_eml.eml", "filepath": "tests/files/eml_nested_eml.eml", "package": None, "password": None, "size": 24607, "type": "container", "children": [ { "duplicate": False, "filename": u"multipart.eml", "filepath": u"multipart.eml", "package": None, "password": None, "size": 17482, "type": "container", "children": [ { "duplicate": False, "filename": u"\u60e1\u610f\u8edf\u9ad4.doc", "filepath": u"\u60e1\u610f\u8edf\u9ad4.doc", "package": "doc", "password": None, "size": 12, "type": "file", "children": [], }, { "duplicate": False, "filename": u"cuckoo.png", "filepath": u"cuckoo.png", "package": None, "password": None, "size": 11970, "type": "file", "children": [], } ], }, { "duplicate": False, "filename": "att1", "filepath": "att1", "package": None, "password": None, "size": 12, "type": "file", "children": [], }, ], }
def test_astree4(): f = unpack("tests/files/msg_invoice.msg") assert f.astree(finger=False) == { "filepath": "tests/files/msg_invoice.msg", "filename": "msg_invoice.msg", "size": 270848, "duplicate": False, "package": None, "password": None, "type": "container", "children": [ { "duplicate": False, "filename": u"image003.emz", "filepath": u"image003.emz", "package": None, "password": None, "size": 1137, "type": "file", "children": [], }, { "duplicate": False, "filename": u"image004.png", "filepath": u"image004.png", "package": None, "password": None, "size": 1132, "type": "file", "children": [], }, { "duplicate": False, "filename": u"oledata.mso", "filepath": u"oledata.mso", "package": "doc", "password": None, "size": 234898, "type": "container", "children": [ { "duplicate": False, "filename": "Firefox Setup Stub 43.0.1.exe", "filepath": "Firefox Setup Stub 43.0.1.exe", "package": "exe", "password": None, "size": 249336, "type": "file", "children": [], }, ], }, ], }
def test_astree2(): f = unpack("tests/files/eml_tar_nested2.eml") assert f.astree(finger=False) == { "password": None, "duplicate": False, "filename": "eml_tar_nested2.eml", "filepath": "tests/files/eml_tar_nested2.eml", "size": 15035, "password": None, "package": None, "type": "container", "children": [ { "type": "container", "password": None, "duplicate": False, "filename": u"tar_nested2.tar", "filepath": u"tar_nested2.tar", "package": None, "size": 10240, "children": [ { "type": "directory", "filename": "deepfoo", "children": [ { "type": "directory", "filename": "foo", "children": [ { "type": "file", "size": 12, "children": [], "password": None, "duplicate": False, "package": None, "filename": "bar.txt", "filepath": "deepfoo/foo/bar.txt" }, ], }, ], }, ], }, ], }
def test_unpack2(): f = unpack("tests/files/tar_nested.tar.bz2") assert len(f.children) == 1 assert f.children[0].filepath == "foo/bar.txt" assert f.children[0].contents == "hello world\n"
def test_zipify3(): a = unpack("tests/files/7z_nested2.7z") b = unpack("foo.zip", zipify(a)) assert len(a.children) == len(b.children) assert a.children[0].filepath == b.children[0].filepath assert a.children[0].contents == b.children[0].contents
def test_unpack3(): f = unpack("tests/files/zip_nested2.zip") assert len(f.children) == 1 assert f.children[0].filepath == "deepfoo/foo/bar.txt" assert f.children[0].contents == "hello world\n"
def test_unpack4(): f = unpack("hoi.txt", "hello world") assert not f.children
else: file_type = filename.rsplit('.', 1)[1] #txt file if file_type in ALLOWED_EXTENSIONS: with open(file_full_path,'r') as f: content = f.read() r_serv_log_submit.set(uuid + ':nb_total', 1) create_paste(uuid, content.encode(), ltags, ltagsgalaxies, uuid) remove_submit_uuid(uuid) #compressed file else: #decompress file try: if password == '': files = unpack(file_full_path.encode()) #print(files.children) else: try: files = unpack(file_full_path.encode(), password=password.encode()) #print(files.children) except sflock.exception.IncorrectUsageException: abord_file_submission(uuid, "Wrong Password") continue except: abord_file_submission(uuid, "file decompression error") continue print('unpacking {} file'.format(files.unpacker)) if(not files.children): abord_file_submission(uuid, "Empty compressed file") continue
def test_unpack1(): f = unpack("tests/files/tar_plain.tar") assert len(f.children) == 1 assert f.children[0].contents == "sflock_plain_tar\n"
def test_zipify2(): a = unpack("tests/files/zip_nested.zip") b = unpack("foo.zip", zipify(a)) assert len(a.children) == len(b.children) assert a.children[0].relapath == b.children[0].relapath assert a.children[0].contents == b.children[0].contents