class TestFile(object):
def setup(self):
# File() will invoke cwd(), so any CWD is required.
set_cwd(tempfile.mkdtemp())
self.path = tempfile.mkstemp()[1]
self.file = File(self.path)
def test_get_name(self):
assert self.path.split(os.sep)[-1] == self.file.get_name()
def test_get_data(self):
assert "" == self.file.get_data()
def test_get_size(self):
assert 0 == self.file.get_size()
def test_get_crc32(self):
assert "00000000" == self.file.get_crc32()
def test_get_md5(self):
assert "d41d8cd98f00b204e9800998ecf8427e" == self.file.get_md5()
def test_get_sha1(self):
assert "da39a3ee5e6b4b0d3255bfef95601890afd80709" == self.file.get_sha1(
)
def test_get_sha256(self):
assert "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" == self.file.get_sha256(
)
def test_get_sha512(self):
assert "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" == self.file.get_sha512(
)
def test_get_ssdeep(self):
try:
import pydeep
assert self.file.get_ssdeep() is not None
pydeep # Fake usage.
except ImportError:
assert self.file.get_ssdeep() is None
def test_get_type(self):
assert "empty" in self.file.get_type()
def test_get_content_type(self):
assert self.file.get_content_type() in [
"inode/x-empty", "application/x-empty"
]
def test_get_all_type(self):
assert isinstance(self.file.get_all(), dict)
def test_get_all_keys(self):
for key in [
"name", "size", "crc32", "md5", "sha1", "sha256", "sha512",
"ssdeep", "type"
]:
assert key in self.file.get_all()
def run(self):
"""Run analysis.
@return: results dict.
"""
self.key = "static"
static = {}
if self.task["category"] == "file":
if not os.path.exists(self.file_path):
return
f = File(self.file_path)
filename = os.path.basename(self.task["target"])
elif self.task["category"] == "archive":
if not os.path.exists(self.file_path):
return
f = Archive(self.file_path).get_file(
self.task["options"]["filename"]
)
filename = os.path.basename(self.task["options"]["filename"])
else:
return
if filename:
ext = filename.split(os.path.extsep)[-1].lower()
else:
ext = None
package = self.task.get("package")
if package == "generic" and (ext == "elf" or "ELF" in f.get_type()):
static["elf"] = ELF(f.file_path).run()
static["keys"] = f.get_keys()
if package == "exe" or ext == "exe" or "PE32" in f.get_type():
static.update(PortableExecutable(f.file_path).run())
static["keys"] = f.get_keys()
if package == "wsf" or ext == "wsf":
static["wsf"] = WindowsScriptFile(f.file_path).run()
if package in ("doc", "ppt", "xls") or ext in self.office_ext:
static["office"] = OfficeDocument(f.file_path, self.task["id"]).run()
if package == "pdf" or ext == "pdf":
if f.get_content_type() == "application/pdf":
static["pdf"] = dispatch(
_pdf_worker, (f.file_path,),
timeout=self.options.pdf_timeout
) or []
else:
static["pdf"] = []
if package == "generic" or ext == "lnk":
static["lnk"] = LnkShortcut(f.file_path).run()
return static
def run(self):
"""Run analysis.
@return: results dict.
"""
self.key = "static"
static = {}
if self.task["category"] == "file":
if not os.path.exists(self.file_path):
return
f = File(self.file_path)
filename = os.path.basename(self.task["target"])
elif self.task["category"] == "archive":
if not os.path.exists(self.file_path):
return
f = Archive(self.file_path).get_file(
self.task["options"]["filename"]
)
filename = os.path.basename(self.task["options"]["filename"])
else:
return
if filename:
ext = filename.split(os.path.extsep)[-1].lower()
else:
ext = None
package = self.task.get("package")
if package == "generic" and (ext == "elf" or "ELF" in f.get_type()):
static["elf"] = ELF(f.file_path).run()
static["keys"] = f.get_keys()
if package == "exe" or ext == "exe" or "PE32" in f.get_type():
static.update(PortableExecutable(f.file_path).run())
static["keys"] = f.get_keys()
if package == "wsf" or ext == "wsf":
static["wsf"] = WindowsScriptFile(f.file_path).run()
if package in ("doc", "ppt", "xls") or ext in self.office_ext:
static["office"] = OfficeDocument(f.file_path, self.task["id"]).run()
if package == "pdf" or ext == "pdf":
if f.get_content_type() == "application/pdf":
static["pdf"] = dispatch(
_pdf_worker, (f.file_path,),
timeout=self.options.pdf_timeout
) or []
else:
static["pdf"] = []
if package == "generic" or ext == "lnk":
static["lnk"] = LnkShortcut(f.file_path).run()
return static
class TestFile(object):
def setup(self):
# File() will invoke cwd(), so any CWD is required.
set_cwd(tempfile.mkdtemp())
self.path = tempfile.mkstemp()[1]
self.file = File(self.path)
def test_get_name(self):
assert self.path.split(os.sep)[-1] == self.file.get_name()
def test_get_data(self):
assert "" == self.file.get_data()
def test_get_size(self):
assert 0 == self.file.get_size()
def test_get_crc32(self):
assert "00000000" == self.file.get_crc32()
def test_get_md5(self):
assert "d41d8cd98f00b204e9800998ecf8427e" == self.file.get_md5()
def test_get_sha1(self):
assert "da39a3ee5e6b4b0d3255bfef95601890afd80709" == self.file.get_sha1()
def test_get_sha256(self):
assert "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" == self.file.get_sha256()
def test_get_sha512(self):
assert "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" == self.file.get_sha512()
def test_get_ssdeep(self):
try:
import pydeep
assert self.file.get_ssdeep() is not None
pydeep # Fake usage.
except ImportError:
assert self.file.get_ssdeep() is None
def test_get_type(self):
assert "empty" in self.file.get_type()
def test_get_content_type(self):
assert self.file.get_content_type() in ["inode/x-empty", "application/x-empty"]
def test_get_all_type(self):
assert isinstance(self.file.get_all(), dict)
def test_get_all_keys(self):
for key in ["name", "size", "crc32", "md5", "sha1", "sha256", "sha512", "ssdeep", "type"]:
assert key in self.file.get_all()
def test_magic1(self):
f = File("tests/files/foo.txt")
assert "ASCII text" in f.get_type()
assert f.get_content_type() == "text/plain"
def test_magic1(self):
f = File("tests/files/foo.txt")
assert "ASCII text" in f.get_type()
assert f.get_content_type() == "text/plain"
