def testBadKey(self):
'''
Test how the nugget reacts to a bad api key.
Expected behaviour:
- set rb_virustotal_return_value to 2
'''
# Left clamavNugget test resources here on purpose. No need to split hairs in this case.
com.Starter.initStop("hsn2-rb-virustotal")
self.setApiKey("BADKEY")
com.Starter.initStart("hsn2-rb-virustotal",autoStop=False)
jobId = com.Console.submitJob("rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-benign.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_virustotal_return_value"), "Expected attribute wasn't set.")
self.assertFalse(ret[1].isSet("rb_virustotal_classification"), "Unexpected attribute was set.")
self.assertEqual(ret[1].rb_virustotal_return_value, 2)
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-virustotal", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), None)
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertTrue(len(objDict) == 1)
self.assertIn({u'value': 2, u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
def testUnsupportedFile(self):
'''
Test results of processing a file that the nugget doesn't handle.
The nugget sets no attributes informing about the file being not supported. Output is similar to that of a benign file.
Nugget sends warnings about file not being supported (no way to access them currently).
Expected behaviour:
- set rb_swfscanner_return_value to 0
- set rb_swfscanner_classification to "benign"
'''
jobId = com.Console.submitJob("rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-unsupportedfile.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_swfscanner_classification"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
self.assertEqual(ret[1].rb_swfscanner_classification, "benign")
self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_message"), "Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_priority"), "Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_cve"), "Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_bid"), "Unexpected attribute was set.")
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-swfscanner", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "benign")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertTrue(len(objDict) == 1)
self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
def testUnsupportedFile(self):
'''
Test results of processing a file that isn't supported by the nugget.
The nugget sets it's return value to 2 (ERROR) when a file isn't supported.
- set rb_pdffox_return_value to 2
'''
jobId = com.Console.submitJob("rb-pdffox1 feed.uri=/tmp/tests/resources/json/rb-pdffox-unsupportedfile.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertFalse(ret[1].isSet("rb_pdffox_classification"), "Unexpected attribute was set.")
self.assertTrue(ret[1].isSet("rb_pdffox_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_pdffox_return_value, 2)
self.assertFalse(ret[1].isSet("rb_pdffox_verdict_message"), "Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_pdffox_verdict_priority"), "Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_pdffox_cve"), "Unexpected attribute was set.")
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-pdffox", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), None)
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 1)
self.assertIn({u'value': u'2', u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
def testBenign(self):
'''
Test how the nugget reacts to a benign file.
Expected behaviour:
- set rb_officecat_return_value to 0
- set rb_officecat_classification to "benign"
'''
jobId = com.Console.submitJob("rb-officecat1 feed.uri=/tmp/tests/resources/json/rb-officecat-benign.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_officecat_classification"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_officecat_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_officecat_return_value, 0)
self.assertEqual(ret[1].rb_officecat_classification, "benign")
self.assertFalse(ret[1].isSet("rb_officecat_verdict_message"), "Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_officecat_verdict_priority"), "Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_officecat_cve"), "Unexpected attribute was set.")
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-officecat", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "benign")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 1)
self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
def testSupported(self):
'''
Test how the nugget reacts to a supported file and file-type.
Expected behaviour:
- set rb_archiveinflate_return_value to 0
- total of 11 objects created in the job
- first extracted file is a directory (size=0) named "files" with a specific hash
'''
jobId = com.Console.submitJob("rb-archiveinflate1 feed.uri=/tmp/tests/resources/json/rb-archiveinflate-supported.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_archiveinflate_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_archiveinflate_return_value, 0)
self.assertEqual(len(ret), 11)
self.assertEqual(ret[2].size,0)
self.assertEqual(ret[2].filename,"files")
self.assertEqual(ret[2].sha256,"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-archiveinflate", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
def testFileNoParent(self):
'''
Checks if not providing the parent attribute causes it to not be set.
'''
com.Configuration.setWorkflow("/tmp/tests/workflows/integration/process-reporters-file.hwl")
jobId = com.Console.submitJob("process-reporters-file feed.uri=/tmp/tests/resources/json/process-reporters-file-no-parent.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEquals(objDict.get("parent"), None)
def testUrlNoType(self):
'''
The type attribute after reporting always has the valuea "url". Not providing it shouldn't impact this.
'''
com.Configuration.setWorkflow("/tmp/tests/workflows/integration/process-reporters-url.hwl")
jobId = com.Console.submitJob("process-reporters-url feed.uri=/tmp/tests/resources/json/process-reporters-url-no-type.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEquals(objDict.get("classification"), "benign")
self.assertEquals(objDict.get("type"), "url") # this will remain type as it's hard coded in the template.
self.assertEquals(objDict.get("url_original"), "http://localhost")
def testUnsupportedFile(self):
'''
Test results of processing a file that the nugget doesn't handle.
The nugget sets no attributes informing about the file being not supported. Output is similar to that of a benign file.
Nugget sends warnings about file not being supported (no way to access them currently).
Expected behaviour:
- set rb_swfscanner_return_value to 0
- set rb_swfscanner_classification to "benign"
'''
jobId = com.Console.submitJob(
"rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-unsupportedfile.json"
)
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_swfscanner_classification"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"),
"Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
self.assertEqual(ret[1].rb_swfscanner_classification, "benign")
self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_message"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_priority"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_cve"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_bid"),
"Unexpected attribute was set.")
objDict = com.getFromCouch(jobId,
ret[1].getObjectId(),
"rb-swfscanner",
verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "benign")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertTrue(len(objDict) == 1)
self.assertIn(
{
u'value': u'0',
u'name': u'return value',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
def testUrlNoClassification(self):
'''
Checks if not providing a classification causes it to be set to "unknown".
The type attribute after reporting always has the valuea "url".
'''
com.Configuration.setWorkflow("/tmp/tests/workflows/integration/process-reporters-url.hwl")
jobId = com.Console.submitJob("process-reporters-url feed.uri=/tmp/tests/resources/json/process-reporters-url-no-classification.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEquals(objDict.get("classification"), "unknown")
self.assertEquals(objDict.get("type"), "url")
self.assertEquals(objDict.get("url_original"), "http://localhost")
def testMalicious(self):
'''
Test how the nugget reacts to a malicious file.
Expected behaviour:
- set rb_swfscanner_return_value to 0
- set rb_swfscanner_classification to "malicious"
- set rb_swfscanner_verdict_message to "Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution"
- set rb_swfscanner_verdict_priority to 1
- set rb_swfscanner_cve to "CVE-2007-0071"
- set rb_swfscanner_bid to "BID-28695"
'''
jobId = com.Console.submitJob("rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-malicious.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_swfscanner_classification"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
self.assertEqual(ret[1].rb_swfscanner_classification, "malicious")
self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_message"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_priority"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_cve"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_bid"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_swfscanner_verdict_message, "Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution")
self.assertEqual(ret[1].rb_swfscanner_verdict_priority, 1)
self.assertEqual(ret[1].rb_swfscanner_cve, "CVE-2007-0071")
self.assertEqual(ret[1].rb_swfscanner_bid, "BID-28695")
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-swfscanner", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "malicious")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 5)
self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn({u'value': u'Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution', u'name': u'message', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn({u'value': u'1', u'name': u'priority', u'structure': u'text'}, objDict,
"Didn't find structure priority in the details attribute.")
self.assertIn({u'value': u'CVE-2007-0071', u'name': u'cve', u'structure': u'text'}, objDict,
"Didn't find structure cve in the details attribute.")
self.assertIn({u'value': u'BID-28695', u'name': u'bid', u'structure': u'text'}, objDict,
"Didn't find structure bid in the details attribute.")
def testBenign(self):
'''
Test how the nugget reacts to a benign file.
Expected behaviour:
- set rb_swfscanner_return_value to 0
- set rb_swfscanner_classification to "benign"
'''
jobId = com.Console.submitJob(
"rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-benign.json"
)
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_swfscanner_classification"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"),
"Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
self.assertEqual(ret[1].rb_swfscanner_classification, "benign")
self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_message"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_priority"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_cve"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_swfscanner_bid"),
"Unexpected attribute was set.")
objDict = com.getFromCouch(jobId,
ret[1].getObjectId(),
"rb-swfscanner",
verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "benign")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertTrue(len(objDict) == 1)
self.assertIn(
{
u'value': u'0',
u'name': u'return value',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
def testUnsupportedFile(self):
'''
Test results of processing a file that isn't supported by the nugget.
The nugget sets it's return value to 2 (ERROR) when a file isn't supported.
- set rb_pdffox_return_value to 2
'''
jobId = com.Console.submitJob(
"rb-pdffox1 feed.uri=/tmp/tests/resources/json/rb-pdffox-unsupportedfile.json"
)
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertFalse(ret[1].isSet("rb_pdffox_classification"),
"Unexpected attribute was set.")
self.assertTrue(ret[1].isSet("rb_pdffox_return_value"),
"Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_pdffox_return_value, 2)
self.assertFalse(ret[1].isSet("rb_pdffox_verdict_message"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_pdffox_verdict_priority"),
"Unexpected attribute was set.")
self.assertFalse(ret[1].isSet("rb_pdffox_cve"),
"Unexpected attribute was set.")
objDict = com.getFromCouch(jobId,
ret[1].getObjectId(),
"rb-pdffox",
verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), None)
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(
objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 1)
self.assertIn(
{
u'value': u'2',
u'name': u'return value',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
def testMalicious(self):
'''
Test how the nugget reacts to a malicious file.
Expected behaviour:
- set rb_officecat_return_value to 0
- set rb_officecat_classification to "malicious"
- set rb_officecat_verdict_message to "THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841"
- set rb_officecat_verdict_priority to 1
- set rb_officecat_cve to "CVE-2008-4841"
'''
jobId = com.Console.submitJob("rb-officecat1 feed.uri=/tmp/tests/resources/json/rb-officecat-malicious.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_officecat_classification"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_officecat_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_officecat_return_value, 0)
self.assertEqual(ret[1].rb_officecat_classification, "malicious")
self.assertTrue(ret[1].isSet("rb_officecat_verdict_message"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_officecat_verdict_priority"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_officecat_cve"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_officecat_verdict_message, "THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841")
self.assertEqual(ret[1].rb_officecat_verdict_priority, 1)
self.assertEqual(ret[1].rb_officecat_cve, "CVE-2008-4841")
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-officecat", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "malicious")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 4)
self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn({u'value': u'THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841', u'name': u'message', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn({u'value': u'1', u'name': u'priority', u'structure': u'text'}, objDict,
"Didn't find structure priority in the details attribute.")
self.assertIn({u'value': u'CVE-2008-4841', u'name': u'cve', u'structure': u'text'}, objDict,
"Didn't find structure cve in the details attribute.")
def testUnsupportedFile(self):
'''
Test results of processing a file that is mistakenly identified as an archive.
Expected behaviour:
- set rb_archiveinflate_return_value to 2
'''
jobId = com.Console.submitJob("rb-archiveinflate1 feed.uri=/tmp/tests/resources/json/rb-archiveinflate-unsupportedfile.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_archiveinflate_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_archiveinflate_return_value, 2)
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-archiveinflate", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
self.assertIn({u'value': u'2', u'name': u'return value', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
def testMalicious(self):
'''
Test how the nugget reacts to a malicious file.
Expected behaviour:
- set rb_virustotal_return_value to 0
- set rb_virustotal_classification to "malicious"
- set rb_virustotal_verdict_message to "VirusTotal reported block bad"
- set rb_virustotal_verdict_priority to 1
- set rb_virustotal_report. Not checking exact message as it is long and may be subject to change.
'''
# Left clamavNugget test resources here on purpose. No need to split hairs in this case.
jobId = com.Console.submitJob("rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-malicious.json")
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_virustotal_classification"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_virustotal_return_value"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_virustotal_return_value, 0)
self.assertEqual(ret[1].rb_virustotal_classification, "malicious")
self.assertTrue(ret[1].isSet("rb_virustotal_verdict_message"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_virustotal_verdict_priority"), "Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_virustotal_report"), "Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_virustotal_verdict_message, "VirusTotal reported block bad")
self.assertEqual(ret[1].rb_virustotal_verdict_priority, 1)
objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-virustotal", verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "malicious")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 4)
self.assertIn({u'value': 0, u'name': u'return value', u'structure': u'text'}, objDict,
"Wrong return value (different than 0).")
self.assertIn({u'value': u'VirusTotal reported block bad', u'name': u'message', u'structure': u'text'}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn({u'value': 1, u'name': u'priority', u'structure': u'text'}, objDict,
"Didn't find structure priority in the details attribute.")
def testBadKey(self):
'''
Test how the nugget reacts to a bad api key.
Expected behaviour:
- set rb_virustotal_return_value to 2
'''
# Left clamavNugget test resources here on purpose. No need to split hairs in this case.
com.Starter.initStop("hsn2-rb-virustotal")
self.setApiKey("BADKEY")
com.Starter.initStart("hsn2-rb-virustotal", autoStop=False)
jobId = com.Console.submitJob(
"rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-benign.json"
)
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_virustotal_return_value"),
"Expected attribute wasn't set.")
self.assertFalse(ret[1].isSet("rb_virustotal_classification"),
"Unexpected attribute was set.")
self.assertEqual(ret[1].rb_virustotal_return_value, 2)
objDict = com.getFromCouch(jobId,
ret[1].getObjectId(),
"rb-virustotal",
verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), None)
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertTrue(len(objDict) == 1)
self.assertIn(
{
u'value': 2,
u'name': u'return value',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
def testMalicious(self):
'''
Test how the nugget reacts to a malicious file.
Expected behaviour:
- set rb_virustotal_return_value to 0
- set rb_virustotal_classification to "malicious"
- set rb_virustotal_verdict_message to "VirusTotal reported block bad"
- set rb_virustotal_verdict_priority to 1
- set rb_virustotal_report. Not checking exact message as it is long and may be subject to change.
'''
# Left clamavNugget test resources here on purpose. No need to split hairs in this case.
jobId = com.Console.submitJob(
"rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-malicious.json"
)
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_virustotal_classification"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_virustotal_return_value"),
"Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_virustotal_return_value, 0)
self.assertEqual(ret[1].rb_virustotal_classification, "malicious")
self.assertTrue(ret[1].isSet("rb_virustotal_verdict_message"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_virustotal_verdict_priority"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_virustotal_report"),
"Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_virustotal_verdict_message,
"VirusTotal reported block bad")
self.assertEqual(ret[1].rb_virustotal_verdict_priority, 1)
objDict = com.getFromCouch(jobId,
ret[1].getObjectId(),
"rb-virustotal",
verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "malicious")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(
objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 4)
self.assertIn(
{
u'value': 0,
u'name': u'return value',
u'structure': u'text'
}, objDict, "Wrong return value (different than 0).")
self.assertIn(
{
u'value': u'VirusTotal reported block bad',
u'name': u'message',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn(
{
u'value': 1,
u'name': u'priority',
u'structure': u'text'
}, objDict,
"Didn't find structure priority in the details attribute.")
def testMalicious(self):
'''
Test how the nugget reacts to a malicious file.
Expected behaviour:
- set rb_officecat_return_value to 0
- set rb_officecat_classification to "malicious"
- set rb_officecat_verdict_message to "THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841"
- set rb_officecat_verdict_priority to 1
- set rb_officecat_cve to "CVE-2008-4841"
'''
jobId = com.Console.submitJob(
"rb-officecat1 feed.uri=/tmp/tests/resources/json/rb-officecat-malicious.json"
)
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_officecat_classification"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_officecat_return_value"),
"Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_officecat_return_value, 0)
self.assertEqual(ret[1].rb_officecat_classification, "malicious")
self.assertTrue(ret[1].isSet("rb_officecat_verdict_message"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_officecat_verdict_priority"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_officecat_cve"),
"Expected attribute wasn't set.")
self.assertEqual(
ret[1].rb_officecat_verdict_message,
"THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841")
self.assertEqual(ret[1].rb_officecat_verdict_priority, 1)
self.assertEqual(ret[1].rb_officecat_cve, "CVE-2008-4841")
objDict = com.getFromCouch(jobId,
ret[1].getObjectId(),
"rb-officecat",
verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "malicious")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(
objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 4)
self.assertIn(
{
u'value': u'0',
u'name': u'return value',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn(
{
u'value':
u'THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841',
u'name': u'message',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn(
{
u'value': u'1',
u'name': u'priority',
u'structure': u'text'
}, objDict,
"Didn't find structure priority in the details attribute.")
self.assertIn(
{
u'value': u'CVE-2008-4841',
u'name': u'cve',
u'structure': u'text'
}, objDict, "Didn't find structure cve in the details attribute.")
def testMalicious(self):
'''
Test how the nugget reacts to a malicious file.
Expected behaviour:
- set rb_swfscanner_return_value to 0
- set rb_swfscanner_classification to "malicious"
- set rb_swfscanner_verdict_message to "Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution"
- set rb_swfscanner_verdict_priority to 1
- set rb_swfscanner_cve to "CVE-2007-0071"
- set rb_swfscanner_bid to "BID-28695"
'''
jobId = com.Console.submitJob(
"rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-malicious.json"
)
self.assertIsNotNone(jobId, "Returned job id is none.")
finished = com.Console.waitForCompletion(jobId, 16, 2, True)
self.assertTrue(finished, "Job failed or took too long.")
ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
self.assertTrue(ret[1].isSet("rb_swfscanner_classification"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"),
"Expected attribute wasn't set.")
self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
self.assertEqual(ret[1].rb_swfscanner_classification, "malicious")
self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_message"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_priority"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_cve"),
"Expected attribute wasn't set.")
self.assertTrue(ret[1].isSet("rb_swfscanner_bid"),
"Expected attribute wasn't set.")
self.assertEqual(
ret[1].rb_swfscanner_verdict_message,
"Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution"
)
self.assertEqual(ret[1].rb_swfscanner_verdict_priority, 1)
self.assertEqual(ret[1].rb_swfscanner_cve, "CVE-2007-0071")
self.assertEqual(ret[1].rb_swfscanner_bid, "BID-28695")
objDict = com.getFromCouch(jobId,
ret[1].getObjectId(),
"rb-swfscanner",
verbose=False)
self.assertIsNotNone(objDict, "Failed to get object from couch.")
self.assertEqual(objDict.get("classification"), "malicious")
objDict = objDict.get('details')
self.assertIsNotNone(objDict, "Details not found in object.")
objDict = objDict.get('value')
self.assertIsNotNone(
objDict, "Details in object don't have the value attribute.")
self.assertTrue(len(objDict) == 5)
self.assertIn(
{
u'value': u'0',
u'name': u'return value',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn(
{
u'value':
u'Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution',
u'name': u'message',
u'structure': u'text'
}, objDict,
"Didn't find structure message in the details attribute.")
self.assertIn(
{
u'value': u'1',
u'name': u'priority',
u'structure': u'text'
}, objDict,
"Didn't find structure priority in the details attribute.")
self.assertIn(
{
u'value': u'CVE-2007-0071',
u'name': u'cve',
u'structure': u'text'
}, objDict, "Didn't find structure cve in the details attribute.")
self.assertIn(
{
u'value': u'BID-28695',
u'name': u'bid',
u'structure': u'text'
}, objDict, "Didn't find structure bid in the details attribute.")
