def testBadKey(self):
		'''
		Test how the nugget reacts to a bad api key.

		Expected behaviour:
		- set rb_virustotal_return_value to 2
		'''
		# Left clamavNugget test resources here on purpose. No need to split hairs in this case.
		com.Starter.initStop("hsn2-rb-virustotal")
		self.setApiKey("BADKEY")
		com.Starter.initStart("hsn2-rb-virustotal",autoStop=False)
		jobId = com.Console.submitJob("rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-benign.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_virustotal_return_value"), "Expected attribute wasn't set.")
		self.assertFalse(ret[1].isSet("rb_virustotal_classification"), "Unexpected attribute was set.")
		self.assertEqual(ret[1].rb_virustotal_return_value, 2)
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-virustotal", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEqual(objDict.get("classification"), None)
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertTrue(len(objDict) == 1)
		self.assertIn({u'value': 2, u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
	def testUnsupportedFile(self):
		'''
		Test results of processing a file that the nugget doesn't handle.
		The nugget sets no attributes informing about the file being not supported. Output is similar to that of a benign file.
		Nugget sends warnings about file not being supported (no way to access them currently).

		Expected behaviour:
		- set rb_swfscanner_return_value to 0
		- set rb_swfscanner_classification to "benign"
		'''
		jobId = com.Console.submitJob("rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-unsupportedfile.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_swfscanner_classification"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
		self.assertEqual(ret[1].rb_swfscanner_classification, "benign")
		self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_message"), "Unexpected attribute was set.")
		self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_priority"), "Unexpected attribute was set.")
		self.assertFalse(ret[1].isSet("rb_swfscanner_cve"), "Unexpected attribute was set.")
		self.assertFalse(ret[1].isSet("rb_swfscanner_bid"), "Unexpected attribute was set.")
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-swfscanner", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEqual(objDict.get("classification"), "benign")
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertTrue(len(objDict) == 1)
		self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
	def testUnsupportedFile(self):
		'''
		Test results of processing a file that isn't supported by the nugget.
		The nugget sets it's return value to 2 (ERROR) when a file isn't supported.
		- set rb_pdffox_return_value to 2
		'''
		jobId = com.Console.submitJob("rb-pdffox1 feed.uri=/tmp/tests/resources/json/rb-pdffox-unsupportedfile.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertFalse(ret[1].isSet("rb_pdffox_classification"), "Unexpected attribute was set.")
		self.assertTrue(ret[1].isSet("rb_pdffox_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_pdffox_return_value, 2)
		self.assertFalse(ret[1].isSet("rb_pdffox_verdict_message"), "Unexpected attribute was set.")
		self.assertFalse(ret[1].isSet("rb_pdffox_verdict_priority"), "Unexpected attribute was set.")
		self.assertFalse(ret[1].isSet("rb_pdffox_cve"), "Unexpected attribute was set.")
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-pdffox", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEqual(objDict.get("classification"), None)
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
		self.assertTrue(len(objDict) == 1)
		self.assertIn({u'value': u'2', u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
	def testBenign(self):
		'''
		Test how the nugget reacts to a benign file.
		Expected behaviour:
		- set rb_officecat_return_value to 0
		- set rb_officecat_classification to "benign"
		'''
		jobId = com.Console.submitJob("rb-officecat1 feed.uri=/tmp/tests/resources/json/rb-officecat-benign.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_officecat_classification"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_officecat_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_officecat_return_value, 0)
		self.assertEqual(ret[1].rb_officecat_classification, "benign")
		self.assertFalse(ret[1].isSet("rb_officecat_verdict_message"), "Unexpected attribute was set.")
		self.assertFalse(ret[1].isSet("rb_officecat_verdict_priority"), "Unexpected attribute was set.")
		self.assertFalse(ret[1].isSet("rb_officecat_cve"), "Unexpected attribute was set.")
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-officecat", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEqual(objDict.get("classification"), "benign")
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
		self.assertTrue(len(objDict) == 1)
		self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
示例#5
0
	def testSupported(self):
		'''
		Test how the nugget reacts to a supported file and file-type.
		Expected behaviour:
		- set rb_archiveinflate_return_value to 0
		- total of 11 objects created in the job
		- first extracted file is a directory (size=0) named "files" with a specific hash
		'''
		jobId = com.Console.submitJob("rb-archiveinflate1 feed.uri=/tmp/tests/resources/json/rb-archiveinflate-supported.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_archiveinflate_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_archiveinflate_return_value, 0)
		self.assertEqual(len(ret), 11)
		self.assertEqual(ret[2].size,0)
		self.assertEqual(ret[2].filename,"files")
		self.assertEqual(ret[2].sha256,"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-archiveinflate", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
		self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
示例#6
0
	def testFileNoParent(self):
		'''
		Checks if not providing the parent attribute causes it to not be set.
		'''
		com.Configuration.setWorkflow("/tmp/tests/workflows/integration/process-reporters-file.hwl")
		jobId = com.Console.submitJob("process-reporters-file feed.uri=/tmp/tests/resources/json/process-reporters-file-no-parent.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEquals(objDict.get("parent"), None)
示例#7
0
	def testUrlNoType(self):
		'''
		The type attribute after reporting always has the valuea "url". Not providing it shouldn't impact this.
		'''
		com.Configuration.setWorkflow("/tmp/tests/workflows/integration/process-reporters-url.hwl")
		jobId = com.Console.submitJob("process-reporters-url feed.uri=/tmp/tests/resources/json/process-reporters-url-no-type.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEquals(objDict.get("classification"), "benign")
		self.assertEquals(objDict.get("type"), "url") # this will remain type as it's hard coded in the template.
		self.assertEquals(objDict.get("url_original"), "http://localhost")
    def testUnsupportedFile(self):
        '''
		Test results of processing a file that the nugget doesn't handle.
		The nugget sets no attributes informing about the file being not supported. Output is similar to that of a benign file.
		Nugget sends warnings about file not being supported (no way to access them currently).

		Expected behaviour:
		- set rb_swfscanner_return_value to 0
		- set rb_swfscanner_classification to "benign"
		'''
        jobId = com.Console.submitJob(
            "rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-unsupportedfile.json"
        )
        self.assertIsNotNone(jobId, "Returned job id is none.")
        finished = com.Console.waitForCompletion(jobId, 16, 2, True)
        self.assertTrue(finished, "Job failed or took too long.")
        ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
        self.assertTrue(ret[1].isSet("rb_swfscanner_classification"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"),
                        "Expected attribute wasn't set.")
        self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
        self.assertEqual(ret[1].rb_swfscanner_classification, "benign")
        self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_message"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_priority"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_swfscanner_cve"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_swfscanner_bid"),
                         "Unexpected attribute was set.")
        objDict = com.getFromCouch(jobId,
                                   ret[1].getObjectId(),
                                   "rb-swfscanner",
                                   verbose=False)
        self.assertIsNotNone(objDict, "Failed to get object from couch.")
        self.assertEqual(objDict.get("classification"), "benign")
        objDict = objDict.get('details')
        self.assertIsNotNone(objDict, "Details not found in object.")
        objDict = objDict.get('value')
        self.assertTrue(len(objDict) == 1)
        self.assertIn(
            {
                u'value': u'0',
                u'name': u'return value',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
示例#9
0
	def testUrlNoClassification(self):
		'''
		Checks if not providing a classification causes it to be set to "unknown".
		The type attribute after reporting always has the valuea "url".
		'''
		com.Configuration.setWorkflow("/tmp/tests/workflows/integration/process-reporters-url.hwl")
		jobId = com.Console.submitJob("process-reporters-url feed.uri=/tmp/tests/resources/json/process-reporters-url-no-classification.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEquals(objDict.get("classification"), "unknown")
		self.assertEquals(objDict.get("type"), "url")
		self.assertEquals(objDict.get("url_original"), "http://localhost")
	def testMalicious(self):
		'''
		Test how the nugget reacts to a malicious file.

		Expected behaviour:
		- set rb_swfscanner_return_value to 0
		- set rb_swfscanner_classification to "malicious"
		- set rb_swfscanner_verdict_message to "Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution"
		- set rb_swfscanner_verdict_priority to 1
		- set rb_swfscanner_cve to "CVE-2007-0071"
		- set rb_swfscanner_bid to "BID-28695"
		'''
		jobId = com.Console.submitJob("rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-malicious.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_swfscanner_classification"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
		self.assertEqual(ret[1].rb_swfscanner_classification, "malicious")
		self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_message"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_priority"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_swfscanner_cve"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_swfscanner_bid"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_swfscanner_verdict_message, "Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution")
		self.assertEqual(ret[1].rb_swfscanner_verdict_priority, 1)
		self.assertEqual(ret[1].rb_swfscanner_cve, "CVE-2007-0071")
		self.assertEqual(ret[1].rb_swfscanner_bid, "BID-28695")
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-swfscanner", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEqual(objDict.get("classification"), "malicious")
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
		self.assertTrue(len(objDict) == 5)
		self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
		self.assertIn({u'value': u'Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution', u'name': u'message', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
		self.assertIn({u'value': u'1', u'name': u'priority', u'structure': u'text'}, objDict,
					"Didn't find structure priority in the details attribute.")
		self.assertIn({u'value': u'CVE-2007-0071', u'name': u'cve', u'structure': u'text'}, objDict,
					"Didn't find structure cve in the details attribute.")
		self.assertIn({u'value': u'BID-28695', u'name': u'bid', u'structure': u'text'}, objDict,
					"Didn't find structure bid in the details attribute.")
    def testBenign(self):
        '''
		Test how the nugget reacts to a benign file.

		Expected behaviour:
		- set rb_swfscanner_return_value to 0
		- set rb_swfscanner_classification to "benign"
		'''
        jobId = com.Console.submitJob(
            "rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-benign.json"
        )
        self.assertIsNotNone(jobId, "Returned job id is none.")
        finished = com.Console.waitForCompletion(jobId, 16, 2, True)
        self.assertTrue(finished, "Job failed or took too long.")
        ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
        self.assertTrue(ret[1].isSet("rb_swfscanner_classification"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"),
                        "Expected attribute wasn't set.")
        self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
        self.assertEqual(ret[1].rb_swfscanner_classification, "benign")
        self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_message"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_swfscanner_verdict_priority"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_swfscanner_cve"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_swfscanner_bid"),
                         "Unexpected attribute was set.")
        objDict = com.getFromCouch(jobId,
                                   ret[1].getObjectId(),
                                   "rb-swfscanner",
                                   verbose=False)
        self.assertIsNotNone(objDict, "Failed to get object from couch.")
        self.assertEqual(objDict.get("classification"), "benign")
        objDict = objDict.get('details')
        self.assertIsNotNone(objDict, "Details not found in object.")
        objDict = objDict.get('value')
        self.assertTrue(len(objDict) == 1)
        self.assertIn(
            {
                u'value': u'0',
                u'name': u'return value',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
    def testUnsupportedFile(self):
        '''
		Test results of processing a file that isn't supported by the nugget.
		The nugget sets it's return value to 2 (ERROR) when a file isn't supported.
		- set rb_pdffox_return_value to 2
		'''
        jobId = com.Console.submitJob(
            "rb-pdffox1 feed.uri=/tmp/tests/resources/json/rb-pdffox-unsupportedfile.json"
        )
        self.assertIsNotNone(jobId, "Returned job id is none.")
        finished = com.Console.waitForCompletion(jobId, 16, 2, True)
        self.assertTrue(finished, "Job failed or took too long.")
        ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
        self.assertFalse(ret[1].isSet("rb_pdffox_classification"),
                         "Unexpected attribute was set.")
        self.assertTrue(ret[1].isSet("rb_pdffox_return_value"),
                        "Expected attribute wasn't set.")
        self.assertEqual(ret[1].rb_pdffox_return_value, 2)
        self.assertFalse(ret[1].isSet("rb_pdffox_verdict_message"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_pdffox_verdict_priority"),
                         "Unexpected attribute was set.")
        self.assertFalse(ret[1].isSet("rb_pdffox_cve"),
                         "Unexpected attribute was set.")
        objDict = com.getFromCouch(jobId,
                                   ret[1].getObjectId(),
                                   "rb-pdffox",
                                   verbose=False)
        self.assertIsNotNone(objDict, "Failed to get object from couch.")
        self.assertEqual(objDict.get("classification"), None)
        objDict = objDict.get('details')
        self.assertIsNotNone(objDict, "Details not found in object.")
        objDict = objDict.get('value')
        self.assertIsNotNone(
            objDict, "Details in object don't have the value attribute.")
        self.assertTrue(len(objDict) == 1)
        self.assertIn(
            {
                u'value': u'2',
                u'name': u'return value',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
	def testMalicious(self):
		'''
		Test how the nugget reacts to a malicious file.
		Expected behaviour:
		- set rb_officecat_return_value to 0
		- set rb_officecat_classification to "malicious"
		- set rb_officecat_verdict_message to "THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841"
		- set rb_officecat_verdict_priority to 1
		- set rb_officecat_cve to "CVE-2008-4841"
		'''
		jobId = com.Console.submitJob("rb-officecat1 feed.uri=/tmp/tests/resources/json/rb-officecat-malicious.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_officecat_classification"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_officecat_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_officecat_return_value, 0)
		self.assertEqual(ret[1].rb_officecat_classification, "malicious")
		self.assertTrue(ret[1].isSet("rb_officecat_verdict_message"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_officecat_verdict_priority"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_officecat_cve"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_officecat_verdict_message, "THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841")
		self.assertEqual(ret[1].rb_officecat_verdict_priority, 1)
		self.assertEqual(ret[1].rb_officecat_cve, "CVE-2008-4841")
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-officecat", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEqual(objDict.get("classification"), "malicious")
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
		self.assertTrue(len(objDict) == 4)
		self.assertIn({u'value': u'0', u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
		self.assertIn({u'value': u'THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841', u'name': u'message', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
		self.assertIn({u'value': u'1', u'name': u'priority', u'structure': u'text'}, objDict,
					"Didn't find structure priority in the details attribute.")
		self.assertIn({u'value': u'CVE-2008-4841', u'name': u'cve', u'structure': u'text'}, objDict,
					"Didn't find structure cve in the details attribute.")
示例#14
0
	def testUnsupportedFile(self):
		'''
		Test results of processing a file that is mistakenly identified as an archive.
		Expected behaviour:
		- set rb_archiveinflate_return_value to 2
		'''
		jobId = com.Console.submitJob("rb-archiveinflate1 feed.uri=/tmp/tests/resources/json/rb-archiveinflate-unsupportedfile.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_archiveinflate_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_archiveinflate_return_value, 2)
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-archiveinflate", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
		self.assertIn({u'value': u'2', u'name': u'return value', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
	def testMalicious(self):
		'''
		Test how the nugget reacts to a malicious file.

		Expected behaviour:
		- set rb_virustotal_return_value to 0
		- set rb_virustotal_classification to "malicious"
		- set rb_virustotal_verdict_message to "VirusTotal reported block bad"
		- set rb_virustotal_verdict_priority to 1
		- set rb_virustotal_report. Not checking exact message as it is long and may be subject to change.
		'''
		# Left clamavNugget test resources here on purpose. No need to split hairs in this case.
		jobId = com.Console.submitJob("rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-malicious.json")
		self.assertIsNotNone(jobId, "Returned job id is none.")
		finished = com.Console.waitForCompletion(jobId, 16, 2, True)
		self.assertTrue(finished, "Job failed or took too long.")
		ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
		self.assertTrue(ret[1].isSet("rb_virustotal_classification"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_virustotal_return_value"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_virustotal_return_value, 0)
		self.assertEqual(ret[1].rb_virustotal_classification, "malicious")
		self.assertTrue(ret[1].isSet("rb_virustotal_verdict_message"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_virustotal_verdict_priority"), "Expected attribute wasn't set.")
		self.assertTrue(ret[1].isSet("rb_virustotal_report"), "Expected attribute wasn't set.")
		self.assertEqual(ret[1].rb_virustotal_verdict_message, "VirusTotal reported block bad")
		self.assertEqual(ret[1].rb_virustotal_verdict_priority, 1)
		objDict = com.getFromCouch(jobId, ret[1].getObjectId(), "rb-virustotal", verbose=False)
		self.assertIsNotNone(objDict, "Failed to get object from couch.")
		self.assertEqual(objDict.get("classification"), "malicious")
		objDict = objDict.get('details')
		self.assertIsNotNone(objDict, "Details not found in object.")
		objDict = objDict.get('value')
		self.assertIsNotNone(objDict, "Details in object don't have the value attribute.")
		self.assertTrue(len(objDict) == 4)
		self.assertIn({u'value': 0, u'name': u'return value', u'structure': u'text'}, objDict,
					"Wrong return value (different than 0).")
		self.assertIn({u'value': u'VirusTotal reported block bad', u'name': u'message', u'structure': u'text'}, objDict,
					"Didn't find structure message in the details attribute.")
		self.assertIn({u'value': 1, u'name': u'priority', u'structure': u'text'}, objDict,
					"Didn't find structure priority in the details attribute.")
    def testBadKey(self):
        '''
		Test how the nugget reacts to a bad api key.

		Expected behaviour:
		- set rb_virustotal_return_value to 2
		'''
        # Left clamavNugget test resources here on purpose. No need to split hairs in this case.
        com.Starter.initStop("hsn2-rb-virustotal")
        self.setApiKey("BADKEY")
        com.Starter.initStart("hsn2-rb-virustotal", autoStop=False)
        jobId = com.Console.submitJob(
            "rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-benign.json"
        )
        self.assertIsNotNone(jobId, "Returned job id is none.")
        finished = com.Console.waitForCompletion(jobId, 16, 2, True)
        self.assertTrue(finished, "Job failed or took too long.")
        ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
        self.assertTrue(ret[1].isSet("rb_virustotal_return_value"),
                        "Expected attribute wasn't set.")
        self.assertFalse(ret[1].isSet("rb_virustotal_classification"),
                         "Unexpected attribute was set.")
        self.assertEqual(ret[1].rb_virustotal_return_value, 2)
        objDict = com.getFromCouch(jobId,
                                   ret[1].getObjectId(),
                                   "rb-virustotal",
                                   verbose=False)
        self.assertIsNotNone(objDict, "Failed to get object from couch.")
        self.assertEqual(objDict.get("classification"), None)
        objDict = objDict.get('details')
        self.assertIsNotNone(objDict, "Details not found in object.")
        objDict = objDict.get('value')
        self.assertTrue(len(objDict) == 1)
        self.assertIn(
            {
                u'value': 2,
                u'name': u'return value',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
    def testMalicious(self):
        '''
		Test how the nugget reacts to a malicious file.

		Expected behaviour:
		- set rb_virustotal_return_value to 0
		- set rb_virustotal_classification to "malicious"
		- set rb_virustotal_verdict_message to "VirusTotal reported block bad"
		- set rb_virustotal_verdict_priority to 1
		- set rb_virustotal_report. Not checking exact message as it is long and may be subject to change.
		'''
        # Left clamavNugget test resources here on purpose. No need to split hairs in this case.
        jobId = com.Console.submitJob(
            "rb-virustotal1 feed.uri=/tmp/tests/resources/json/rb-clamavnugget-malicious.json"
        )
        self.assertIsNotNone(jobId, "Returned job id is none.")
        finished = com.Console.waitForCompletion(jobId, 16, 2, True)
        self.assertTrue(finished, "Job failed or took too long.")
        ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
        self.assertTrue(ret[1].isSet("rb_virustotal_classification"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_virustotal_return_value"),
                        "Expected attribute wasn't set.")
        self.assertEqual(ret[1].rb_virustotal_return_value, 0)
        self.assertEqual(ret[1].rb_virustotal_classification, "malicious")
        self.assertTrue(ret[1].isSet("rb_virustotal_verdict_message"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_virustotal_verdict_priority"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_virustotal_report"),
                        "Expected attribute wasn't set.")
        self.assertEqual(ret[1].rb_virustotal_verdict_message,
                         "VirusTotal reported block bad")
        self.assertEqual(ret[1].rb_virustotal_verdict_priority, 1)
        objDict = com.getFromCouch(jobId,
                                   ret[1].getObjectId(),
                                   "rb-virustotal",
                                   verbose=False)
        self.assertIsNotNone(objDict, "Failed to get object from couch.")
        self.assertEqual(objDict.get("classification"), "malicious")
        objDict = objDict.get('details')
        self.assertIsNotNone(objDict, "Details not found in object.")
        objDict = objDict.get('value')
        self.assertIsNotNone(
            objDict, "Details in object don't have the value attribute.")
        self.assertTrue(len(objDict) == 4)
        self.assertIn(
            {
                u'value': 0,
                u'name': u'return value',
                u'structure': u'text'
            }, objDict, "Wrong return value (different than 0).")
        self.assertIn(
            {
                u'value': u'VirusTotal reported block bad',
                u'name': u'message',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
        self.assertIn(
            {
                u'value': 1,
                u'name': u'priority',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure priority in the details attribute.")
    def testMalicious(self):
        '''
		Test how the nugget reacts to a malicious file.
		Expected behaviour:
		- set rb_officecat_return_value to 0
		- set rb_officecat_classification to "malicious"
		- set rb_officecat_verdict_message to "THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841"
		- set rb_officecat_verdict_priority to 1
		- set rb_officecat_cve to "CVE-2008-4841"
		'''
        jobId = com.Console.submitJob(
            "rb-officecat1 feed.uri=/tmp/tests/resources/json/rb-officecat-malicious.json"
        )
        self.assertIsNotNone(jobId, "Returned job id is none.")
        finished = com.Console.waitForCompletion(jobId, 16, 2, True)
        self.assertTrue(finished, "Job failed or took too long.")
        ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
        self.assertTrue(ret[1].isSet("rb_officecat_classification"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_officecat_return_value"),
                        "Expected attribute wasn't set.")
        self.assertEqual(ret[1].rb_officecat_return_value, 0)
        self.assertEqual(ret[1].rb_officecat_classification, "malicious")
        self.assertTrue(ret[1].isSet("rb_officecat_verdict_message"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_officecat_verdict_priority"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_officecat_cve"),
                        "Expected attribute wasn't set.")
        self.assertEqual(
            ret[1].rb_officecat_verdict_message,
            "THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841")
        self.assertEqual(ret[1].rb_officecat_verdict_priority, 1)
        self.assertEqual(ret[1].rb_officecat_cve, "CVE-2008-4841")
        objDict = com.getFromCouch(jobId,
                                   ret[1].getObjectId(),
                                   "rb-officecat",
                                   verbose=False)
        self.assertIsNotNone(objDict, "Failed to get object from couch.")
        self.assertEqual(objDict.get("classification"), "malicious")
        objDict = objDict.get('details')
        self.assertIsNotNone(objDict, "Details not found in object.")
        objDict = objDict.get('value')
        self.assertIsNotNone(
            objDict, "Details in object don't have the value attribute.")
        self.assertTrue(len(objDict) == 4)
        self.assertIn(
            {
                u'value': u'0',
                u'name': u'return value',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
        self.assertIn(
            {
                u'value':
                u'THE FOLLOWING HAS BEEN FOUND BY OFFICECAT: CVE-2008-4841',
                u'name': u'message',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
        self.assertIn(
            {
                u'value': u'1',
                u'name': u'priority',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure priority in the details attribute.")
        self.assertIn(
            {
                u'value': u'CVE-2008-4841',
                u'name': u'cve',
                u'structure': u'text'
            }, objDict, "Didn't find structure cve in the details attribute.")
    def testMalicious(self):
        '''
		Test how the nugget reacts to a malicious file.

		Expected behaviour:
		- set rb_swfscanner_return_value to 0
		- set rb_swfscanner_classification to "malicious"
		- set rb_swfscanner_verdict_message to "Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution"
		- set rb_swfscanner_verdict_priority to 1
		- set rb_swfscanner_cve to "CVE-2007-0071"
		- set rb_swfscanner_bid to "BID-28695"
		'''
        jobId = com.Console.submitJob(
            "rb-swfscanner1 feed.uri=/tmp/tests/resources/json/rb-swfscanner-malicious.json"
        )
        self.assertIsNotNone(jobId, "Returned job id is none.")
        finished = com.Console.waitForCompletion(jobId, 16, 2, True)
        self.assertTrue(finished, "Job failed or took too long.")
        ret = com.Console.getDumpAsObjects(jobId, agg=self.testHelp.agg)
        self.assertTrue(ret[1].isSet("rb_swfscanner_classification"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_swfscanner_return_value"),
                        "Expected attribute wasn't set.")
        self.assertEqual(ret[1].rb_swfscanner_return_value, 0)
        self.assertEqual(ret[1].rb_swfscanner_classification, "malicious")
        self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_message"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_swfscanner_verdict_priority"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_swfscanner_cve"),
                        "Expected attribute wasn't set.")
        self.assertTrue(ret[1].isSet("rb_swfscanner_bid"),
                        "Expected attribute wasn't set.")
        self.assertEqual(
            ret[1].rb_swfscanner_verdict_message,
            "Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution"
        )
        self.assertEqual(ret[1].rb_swfscanner_verdict_priority, 1)
        self.assertEqual(ret[1].rb_swfscanner_cve, "CVE-2007-0071")
        self.assertEqual(ret[1].rb_swfscanner_bid, "BID-28695")
        objDict = com.getFromCouch(jobId,
                                   ret[1].getObjectId(),
                                   "rb-swfscanner",
                                   verbose=False)
        self.assertIsNotNone(objDict, "Failed to get object from couch.")
        self.assertEqual(objDict.get("classification"), "malicious")
        objDict = objDict.get('details')
        self.assertIsNotNone(objDict, "Details not found in object.")
        objDict = objDict.get('value')
        self.assertIsNotNone(
            objDict, "Details in object don't have the value attribute.")
        self.assertTrue(len(objDict) == 5)
        self.assertIn(
            {
                u'value': u'0',
                u'name': u'return value',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
        self.assertIn(
            {
                u'value':
                u'Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution',
                u'name': u'message',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure message in the details attribute.")
        self.assertIn(
            {
                u'value': u'1',
                u'name': u'priority',
                u'structure': u'text'
            }, objDict,
            "Didn't find structure priority in the details attribute.")
        self.assertIn(
            {
                u'value': u'CVE-2007-0071',
                u'name': u'cve',
                u'structure': u'text'
            }, objDict, "Didn't find structure cve in the details attribute.")
        self.assertIn(
            {
                u'value': u'BID-28695',
                u'name': u'bid',
                u'structure': u'text'
            }, objDict, "Didn't find structure bid in the details attribute.")