def test_rar_decryption_fail(self):
z = RarFile(f("sflock_encrypted2.rar"))
assert z.handles() is True
assert not z.f.selected
with pytest.raises(DecryptionFailedError) as e:
z.unpack()
def test_norar_plain():
assert "RAR archive" in f("rar_plain.rar").magic
t = RarFile(f("rar_plain.rar"))
assert t.handles() is True
with pytest.raises(UnpackException):
t.unpack()
def test_garbage(self):
t = RarFile(f("garbage.bin"))
assert t.handles() is False
assert not t.f.selected
with pytest.raises(UnpackException) as e:
t.unpack()
assert e.value.state == Errors.NOTHING_EXTRACTED
def test_garbage2(self):
t = RarFile(f("rar_garbage.rar"))
assert t.handles() is True
assert not t.f.selected
files = t.unpack()
assert len(files) == 1
assert not files[0].children
assert files[0].mode == "failed"
def test_garbage2(self):
t = RarFile(f(b"rar_garbage.rar"))
assert t.handles() is True
assert not t.f.selected
files = t.unpack()
assert len(files) == 1
assert not files[0].children
assert files[0].mode == "failed"
def test_rar_encrypted(self):
assert "RAR archive" in f("sflock_encrypted.rar").magic
z = RarFile(f("sflock_encrypted.rar"))
assert z.handles() is True
files = list(z.unpack("infected"))
assert len(files) == 1
assert files[0].filepath == "sflock.txt"
assert files[0].contents == "sflock_encrypted_rar"
assert files[0].password == "infected"
assert "ASCII text" in files[0].magic
assert files[0].parentdirs == []
def test_garbage2(self):
t = RarFile(f("rar_garbage.rar"))
assert t.handles() is True
assert not t.f.selected
files = t.unpack()
# The child file is garbage data. It should not be attempted
# to unpack.
assert len(files) == 1
assert not files[0].children
assert files[0].mode is None
def test_rar_encrypted(self):
assert "RAR archive" in f("sflock_encrypted.rar").magic
z = RarFile(f("sflock_encrypted.rar"))
assert z.handles() is True
assert not z.f.selected
files = list(z.unpack())
assert len(files) == 1
assert files[0].relapath == "sflock.txt"
assert files[0].contents == b"sflock_encrypted_rar"
assert "ASCII text" in files[0].magic
assert files[0].parentdirs == []
assert not files[0].selected
def test_plain(self):
assert "RAR archive" in f("rar_plain.rar").magic
t = RarFile(f("rar_plain.rar"))
assert t.handles() is True
assert not t.f.selected
files = list(t.unpack())
assert len(files) == 1
assert files[0].relapath == "bar.txt"
assert files[0].contents == "hello world\n"
assert files[0].magic == "ASCII text"
assert files[0].parentdirs == []
assert not files[0].selected
def test_plain(self):
assert "RAR archive" in f("rar_plain.rar").magic
t = RarFile(f("rar_plain.rar"))
assert t.handles() is True
assert not t.f.selected
files = list(t.unpack())
assert len(files) == 1
assert files[0].relapath == "bar.txt"
assert files[0].contents == "hello world\n"
assert files[0].magic == "ASCII text"
assert files[0].parentdirs == []
assert not files[0].selected
def test_nested2_plain(self):
assert "RAR archive" in f(b"rar_nested2.rar").magic
t = RarFile(f(b"rar_nested2.rar"))
assert t.handles() is True
assert not t.f.selected
files = list(t.unpack())
assert len(files) == 1
assert files[0].relapath == b"deepfoo/foo/bar.txt"
assert files[0].parentdirs == [b"deepfoo", b"foo"]
assert files[0].contents == b"hello world\n"
assert not files[0].password
assert files[0].magic == "ASCII text"
assert not files[0].selected
def test_nested2_plain(self):
assert "RAR archive" in f("rar_nested2.rar").magic
t = RarFile(f("rar_nested2.rar"))
assert t.handles() is True
files = list(t.unpack())
assert len(files) == 1
assert files[0].filepath == "deepfoo/foo/bar.txt"
assert files[0].parentdirs == ["deepfoo", "foo"]
assert files[0].contents == "hello world\n"
assert not files[0].password
assert files[0].magic == "ASCII text"
s = f("rar_nested2.rar").get_signature()
assert s is None
def test_nested2_plain(self):
assert "RAR archive" in f("rar_nested2.rar").magic
t = RarFile(f("rar_nested2.rar"))
assert t.handles() is True
files = list(t.unpack())
assert len(files) == 1
assert files[0].filepath == "deepfoo/foo/bar.txt"
assert files[0].parentdirs == ["deepfoo", "foo"]
assert files[0].contents == "hello world\n"
assert not files[0].password
assert files[0].magic == "ASCII text"
s = f("rar_nested2.rar").get_signature()
assert s is None
def test_plain(self):
assert "RAR archive" in f("rar_plain.rar").magic
t = RarFile(f("rar_plain.rar"))
assert t.handles() is True
files = list(t.unpack())
assert len(files) == 1
assert files[0].filepath == "bar.txt"
assert files[0].contents == "hello world\n"
assert files[0].magic == "ASCII text"
assert files[0].parentdirs == []
# TODO A combination of file extension, file magic, and initial bytes
# signature should be used instead of just the bytes (as this call
# should not yield None).
assert f("rar_plain.rar").get_signature() is None
def test_plain(self):
assert "RAR archive" in f("rar_plain.rar").magic
t = RarFile(f("rar_plain.rar"))
assert t.handles() is True
files = list(t.unpack())
assert len(files) == 1
assert files[0].filepath == "bar.txt"
assert files[0].contents == "hello world\n"
assert files[0].magic == "ASCII text"
assert files[0].parentdirs == []
# TODO A combination of file extension, file magic, and initial bytes
# signature should be used instead of just the bytes (as this call
# should not yield None).
assert f("rar_plain.rar").get_signature() is None
def extract_archive(cls, f):
logger.debug(f"Extracting {f.filename}")
content = f.blob
if f.password:
# Sflock expects byte string
pw = f.password.encode("utf-8")
else:
pw = None
if f.extension == "zip":
if "v5.1" in f.content_guess:
# Unzip is not capable to process this version, 7z is required (Zip7File)
archive_file = Zip7File(
SflockFile(contents=content, password=pw))
else:
archive_file = ZipFile(
SflockFile(contents=content, password=pw))
elif f.extension == "rar":
archive_file = RarFile(SflockFile(contents=content, password=pw))
elif f.extension == "tar":
archive_file = TarFile(SflockFile(contents=content, password=pw))
else: # Fallback to zip
archive_file = Zip7File(SflockFile(contents=content, password=pw))
files_in_zip = list(archive_file.unpack(password=pw, duplicates=[]))
extracted_files = []
for zf in files_in_zip:
h = HashFactory.get_hashstruct_from_bytes(zf.contents)
cg = zf.magic
fn = zf.filename.decode("utf-8")
ext = fn.rsplit(".", 1)[-1] if "." in fn else ""
f.extractions.append(
Extraction(content_guess=cg,
extension=ext,
description=fn,
hash=h))
file_struct = File(
content_guess=cg,
extension=ext,
encoding='application/octet-stream', # alternative: "hex"
filename=fn,
hash=h,
blob=zf.contents,
timestamp=f.timestamp)
extracted_files.append(file_struct)
logger.info(f"Extracted {zf.filename}")
f.is_enriched = True
return f, extracted_files
def test_count_supported():
count = 15
if AceFile(None).supported():
count += 1
if CabFile(None).supported():
count += 1
if RarFile(None).supported():
count += 1
if Zip7File(None).supported():
count += 7
assert count == len(supported())
def test_count_supported():
count = 10
if DaaFile(None).supported():
count += 1
if VHDFile(None).supported():
count += 2
if AceFile(None).supported():
count += 1
if CabFile(None).supported():
count += 1
if RarFile(None).supported():
count += 1
if Zip7File(None).supported():
count += 5
assert count == len(supported())
def test_norar_plain():
assert "RAR archive" in f("rar_plain.rar").magic
t = RarFile(f("rar_plain.rar"))
assert t.handles() is True
assert not t.f.selected
def test_garbage(self):
t = RarFile(f("garbage.bin"))
assert t.handles() is False
with pytest.raises(UnpackException):
t.unpack()
def test_norar_plain():
assert "RAR archive" in f(b"rar_plain.rar").magic
t = RarFile(f(b"rar_plain.rar"))
assert t.handles() is True
assert not t.f.selected
def test_suffix():
assert "RAR archive" in f(b"rar_suffix.docx").magic
t = RarFile(f(b"rar_suffix.docx"))
assert t.handles() is True
assert t.f.package == "rar"
def test_garbage(self):
t = RarFile(f(b"garbage.bin"))
assert t.handles() is False
assert not t.f.selected
assert not t.unpack()
assert t.f.mode == "failed"
def test_garbage(self):
t = RarFile(f("garbage.bin"))
assert t.handles() is False
assert not t.f.selected
assert not t.unpack()
assert t.f.mode == "failed"
