class TestFile(object): def setup(self): # File() will invoke cwd(), so any CWD is required. set_cwd(tempfile.mkdtemp()) self.path = tempfile.mkstemp()[1] self.file = File(self.path) def test_get_name(self): assert self.path.split(os.sep)[-1] == self.file.get_name() def test_get_data(self): assert "" == self.file.get_data() def test_get_size(self): assert 0 == self.file.get_size() def test_get_crc32(self): assert "00000000" == self.file.get_crc32() def test_get_md5(self): assert "d41d8cd98f00b204e9800998ecf8427e" == self.file.get_md5() def test_get_sha1(self): assert "da39a3ee5e6b4b0d3255bfef95601890afd80709" == self.file.get_sha1( ) def test_get_sha256(self): assert "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" == self.file.get_sha256( ) def test_get_sha512(self): assert "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" == self.file.get_sha512( ) def test_get_ssdeep(self): try: import pydeep assert self.file.get_ssdeep() is not None pydeep # Fake usage. except ImportError: assert self.file.get_ssdeep() is None def test_get_type(self): assert "empty" in self.file.get_type() def test_get_content_type(self): assert self.file.get_content_type() in [ "inode/x-empty", "application/x-empty" ] def test_get_all_type(self): assert isinstance(self.file.get_all(), dict) def test_get_all_keys(self): for key in [ "name", "size", "crc32", "md5", "sha1", "sha256", "sha512", "ssdeep", "type" ]: assert key in self.file.get_all()
def run(self): """Run analysis. @return: results dict. """ self.key = "static" static = {} if self.task["category"] == "file": if not os.path.exists(self.file_path): return f = File(self.file_path) filename = os.path.basename(self.task["target"]) elif self.task["category"] == "archive": if not os.path.exists(self.file_path): return f = Archive(self.file_path).get_file( self.task["options"]["filename"] ) filename = os.path.basename(self.task["options"]["filename"]) else: return if filename: ext = filename.split(os.path.extsep)[-1].lower() else: ext = None package = self.task.get("package") if package == "generic" and (ext == "elf" or "ELF" in f.get_type()): static["elf"] = ELF(f.file_path).run() static["keys"] = f.get_keys() if package == "exe" or ext == "exe" or "PE32" in f.get_type(): static.update(PortableExecutable(f.file_path).run()) static["keys"] = f.get_keys() if package == "wsf" or ext == "wsf": static["wsf"] = WindowsScriptFile(f.file_path).run() if package in ("doc", "ppt", "xls") or ext in self.office_ext: static["office"] = OfficeDocument(f.file_path, self.task["id"]).run() if package == "pdf" or ext == "pdf": if f.get_content_type() == "application/pdf": static["pdf"] = dispatch( _pdf_worker, (f.file_path,), timeout=self.options.pdf_timeout ) or [] else: static["pdf"] = [] if package == "generic" or ext == "lnk": static["lnk"] = LnkShortcut(f.file_path).run() return static
def run(self): """Run analysis. @return: results dict. """ self.key = "static" static = {} if self.task["category"] == "file": if not os.path.exists(self.file_path): return f = File(self.file_path) filename = os.path.basename(self.task["target"]) elif self.task["category"] == "archive": if not os.path.exists(self.file_path): return f = Archive(self.file_path).get_file( self.task["options"]["filename"] ) filename = os.path.basename(self.task["options"]["filename"]) else: return if filename: ext = filename.split(os.path.extsep)[-1].lower() else: ext = None package = self.task.get("package") if package == "generic" and (ext == "elf" or "ELF" in f.get_type()): static["elf"] = ELF(f.file_path).run() static["keys"] = f.get_keys() if package == "exe" or ext == "exe" or "PE32" in f.get_type(): static.update(PortableExecutable(f.file_path).run()) static["keys"] = f.get_keys() if package == "wsf" or ext == "wsf": static["wsf"] = WindowsScriptFile(f.file_path).run() if package in ("doc", "ppt", "xls") or ext in self.office_ext: static["office"] = OfficeDocument(f.file_path, self.task["id"]).run() if package == "pdf" or ext == "pdf": if f.get_content_type() == "application/pdf": static["pdf"] = dispatch( _pdf_worker, (f.file_path,), timeout=self.options.pdf_timeout ) or [] else: static["pdf"] = [] if package == "generic" or ext == "lnk": static["lnk"] = LnkShortcut(f.file_path).run() return static
class TestFile(object): def setup(self): # File() will invoke cwd(), so any CWD is required. set_cwd(tempfile.mkdtemp()) self.path = tempfile.mkstemp()[1] self.file = File(self.path) def test_get_name(self): assert self.path.split(os.sep)[-1] == self.file.get_name() def test_get_data(self): assert "" == self.file.get_data() def test_get_size(self): assert 0 == self.file.get_size() def test_get_crc32(self): assert "00000000" == self.file.get_crc32() def test_get_md5(self): assert "d41d8cd98f00b204e9800998ecf8427e" == self.file.get_md5() def test_get_sha1(self): assert "da39a3ee5e6b4b0d3255bfef95601890afd80709" == self.file.get_sha1() def test_get_sha256(self): assert "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" == self.file.get_sha256() def test_get_sha512(self): assert "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" == self.file.get_sha512() def test_get_ssdeep(self): try: import pydeep assert self.file.get_ssdeep() is not None pydeep # Fake usage. except ImportError: assert self.file.get_ssdeep() is None def test_get_type(self): assert "empty" in self.file.get_type() def test_get_content_type(self): assert self.file.get_content_type() in ["inode/x-empty", "application/x-empty"] def test_get_all_type(self): assert isinstance(self.file.get_all(), dict) def test_get_all_keys(self): for key in ["name", "size", "crc32", "md5", "sha1", "sha256", "sha512", "ssdeep", "type"]: assert key in self.file.get_all()
def test_magic1(self): f = File("tests/files/foo.txt") assert "ASCII text" in f.get_type() assert f.get_content_type() == "text/plain"
def test_magic1(self): f = File("tests/files/foo.txt") assert "ASCII text" in f.get_type() assert f.get_content_type() == "text/plain"