def test_scan_benign_contents(db_session, monkeypatch, benign):
monkeypatch.setattr(c, "fetch_url_content",
pretend.call_recorder(lambda *a: pretend.stub()))
monkeypatch.setattr(
c,
"extract_file_content",
pretend.call_recorder(
lambda *a: b"this is a benign string\n" + benign.encode("utf-8")),
)
MalwareCheckFactory.create(name="SetupPatternCheck",
state=MalwareCheckState.Enabled)
check = c.SetupPatternCheck(db_session)
file = FileFactory.create(packagetype="sdist")
check.scan(obj=file, file_url=pretend.stub())
assert len(check._verdicts) == 1
assert check._verdicts[0].check_id == check.id
assert check._verdicts[0].file_id == file.id
assert check._verdicts[0].classification == VerdictClassification.Benign
assert check._verdicts[0].confidence == VerdictConfidence.Low
assert check._verdicts[
0].message == "No malicious patterns found in setup.py"
def test_scan_matched_content(db_session, monkeypatch, malicious, rule):
monkeypatch.setattr(c, "fetch_url_content",
pretend.call_recorder(lambda *a: pretend.stub()))
monkeypatch.setattr(
c,
"extract_file_content",
pretend.call_recorder(lambda *a: b"this looks suspicious:\n" +
malicious.encode("utf-8")),
)
MalwareCheckFactory.create(name="SetupPatternCheck",
state=MalwareCheckState.Enabled)
check = c.SetupPatternCheck(db_session)
file = FileFactory.create(packagetype="sdist")
check.scan(obj=file, file_url=pretend.stub())
assert len(check._verdicts) == 1
assert check._verdicts[0].check_id == check.id
assert check._verdicts[0].file_id == file.id
threat_rules = {"process_spawn_in_setup", "subprocess_in_setup"}
if set(rule.split(":")) & threat_rules:
assert check._verdicts[
0].classification == VerdictClassification.Threat
else:
assert check._verdicts[
0].classification == VerdictClassification.Indeterminate
assert check._verdicts[0].confidence == VerdictConfidence.High
assert check._verdicts[0].message == rule
def test_initializes(db_session):
check_model = MalwareCheckFactory.create(name="SetupPatternCheck",
state=MalwareCheckState.Enabled)
check = c.SetupPatternCheck(db_session)
assert check.id == check_model.id
assert isinstance(check._yara_rules, yara.Rules)
def test_scan_no_setup_contents(db_session, monkeypatch):
monkeypatch.setattr(
c, "fetch_url_content", pretend.call_recorder(lambda *a: pretend.stub())
)
monkeypatch.setattr(
c, "extract_file_content", pretend.call_recorder(lambda *a: None)
)
MalwareCheckFactory.create(
name="SetupPatternCheck", state=MalwareCheckState.Enabled
)
check = c.SetupPatternCheck(db_session)
file = FileFactory.create(packagetype="sdist")
check.scan(obj=file, file_url=pretend.stub())
assert len(check._verdicts) == 1
assert check._verdicts[0].check_id == check.id
assert check._verdicts[0].file_id == file.id
assert check._verdicts[0].classification == VerdictClassification.Indeterminate
assert check._verdicts[0].confidence == VerdictConfidence.High
assert (
check._verdicts[0].message
== "sdist does not contain a suitable setup.py for analysis"
)
def test_scan_missing_kwargs(db_session, obj, file_url):
MalwareCheckFactory.create(
name="SetupPatternCheck", state=MalwareCheckState.Enabled
)
check = c.SetupPatternCheck(db_session)
with pytest.raises(c.FatalCheckError):
check.scan(obj=obj, file_url=file_url)
def test_scan_non_sdist(db_session):
MalwareCheckFactory.create(name="SetupPatternCheck",
state=MalwareCheckState.Enabled)
check = c.SetupPatternCheck(db_session)
file = FileFactory.create(packagetype="bdist_wheel")
check.scan(obj=file, file_url=pretend.stub())
assert check._verdicts == []