Python Static.file_path示例

示例#1

 def test_lnk1(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "lnk",
         "target": "lnk_1.lnk",
     })
     s.file_path = "tests/files/lnk_1.lnk"
     obj = s.run()["lnk"]
     assert obj[
         "basepath"] == "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
     assert obj["flags"] == {
         "cmdline": True,
         "description": True,
         "icon": True,
         "references": True,
         "relapath": True,
         "shellidlist": True,
         "workingdir": False,
     }
     assert obj["description"] == "windows photo viewer"
     assert "shell32.dll" in obj["icon"]
     assert "powershell.exe" in obj["relapath"]
     assert "-NoProfile" in obj["cmdline"]
     assert "eABlACIA" in obj["cmdline"]

示例#2

    def test_pdf_metadata(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf-sample.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf-sample.pdf"
        obj = s.run()["pdf"]
        assert len(obj) == 2
        assert obj[1] == {
            "author": "cdaily",
            "creation": "D:20000629102108+11'00'",
            "creator": "Microsoft Word 8.0",
            "javascript": [],
            "modification": "2013-10-28T15:24:13-04:00",
            "producer": "Acrobat Distiller 4.0 for Windows",
            "subject": "",
            "title": "This is a test PDF file",
            "urls": [],
            "version": 1,
        }

示例#3

 def test_lnk2(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "generic",
         "target": "lnk_2.lnk",
     })
     s.file_path = "tests/files/lnk_2.lnk"
     assert "elf" not in s.run()

示例#4

文件： test_processing.py 项目： LetMeR00t/cuckoo

 def test_lnk2_generic(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "generic",
         "target": "lnk_2.lnk",
     })
     s.file_path = "tests/files/lnk_2.lnk"
     assert "elf" not in s.run()

示例#5

 def test_office(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "doc",
         "target": "createproc1.docm",
     })
     s.file_path = "tests/files/createproc1.docm"
     r = s.run()["office"]
     assert "ThisDocument" in r["macros"][0]["orig_code"]
     assert "Sub AutoOpen" in r["macros"][1]["orig_code"]
     assert 'process.Create("notepad.exe"' in r["macros"][1]["orig_code"]

示例#6

    def test_phishing0_pdf(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "phishing0.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/phishing0.pdf"
        assert "googleattachmentsigned" in s.run()["pdf"][0]["urls"][0]

示例#7

文件： test_processing.py 项目： BF109-k4/cuckoo

    def test_pdf_stringjs(self):
        set_cwd(self.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf1-stringjs.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf1-stringjs.pdf"
        r = s.run()["pdf"][12]
        assert "app.alert({" in r["javascript"][0]["orig_code"]

示例#8

    def test_pdf(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf0.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf0.pdf"
        r = s.run()["pdf"][0]
        assert "var x = unescape" in r["javascript"][0]["orig_code"]

示例#9

def init(package, *filename):
    id_ = task_id()
    init_analysis(id_, package, *filename)
    init_yara()

    s = Static()
    s.set_task({
        "id": id_,
        "category": "file",
        "package": package,
        "target": filename[-1],
    })
    s.file_path = cwd("binary", analysis=id_)
    e = ExtractManager.for_task(id_)
    return s.run(), e.results()

示例#10

文件： test_processing.py 项目： LetMeR00t/cuckoo

    def test_pdf_stringjs(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf1-stringjs.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf1-stringjs.pdf"
        r = s.run()["pdf"][12]
        assert "app.alert({" in r["javascript"][0]["orig_code"]

示例#11

文件： test_static.py 项目： LetMeR00t/cuckoo

def init(package, *filename):
    id_ = task_id()
    init_analysis(id_, package, *filename)
    init_yara()

    s = Static()
    s.set_task({
        "id": id_,
        "category": "file",
        "package": package,
        "target": filename[-1],
    })
    s.file_path = cwd("binary", analysis=id_)
    e = ExtractManager.for_task(id_)
    return s.run(), e.results()

示例#12

文件： test_processing.py 项目： BF109-k4/cuckoo

    def test_pdf_workercrash(self, md):
        set_cwd(self.mkdtemp())
        md.return_value = None

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf0.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf0.pdf"
        r = s.run()
        assert r["pdf"] == []

示例#13

文件： test_processing.py 项目： BF109-k4/cuckoo

    def test_pdf_ignorefake(self):
        set_cwd(self.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "fakepdf.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/fakepdf.pdf"
        assert s.run() == {
            "pdf": [],
        }

示例#14

文件： test_processing.py 项目： LetMeR00t/cuckoo

    def test_pdf_workercrash(self, md):
        set_cwd(tempfile.mkdtemp())
        md.return_value = None

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf0.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf0.pdf"
        r = s.run()
        assert r["pdf"] == []

示例#15

文件： test_processing.py 项目： LetMeR00t/cuckoo

    def test_pdf_ignorefake(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "fakepdf.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/fakepdf.pdf"
        assert s.run() == {
            "pdf": [],
        }

示例#16

    def test_archive_pdf(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "archive",
            "package": "pdf",
            "options": {
                "filename": "files/pdf0.pdf",
            },
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf0.zip"
        assert "%48%65" in s.run()["pdf"][0]["javascript"][0]["orig_code"]

示例#17

    def test_pdf_mock(self, p):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf0.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf0.pdf"
        p.return_value = ["hello"]
        assert s.run()["pdf"] == ["hello"]
        p.assert_called_once_with(mock.ANY, ("tests/files/pdf0.pdf", ),
                                  timeout=30)

示例#18

文件： test_processing.py 项目： LetMeR00t/cuckoo

 def test_pdf_endian(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "pdf",
         "target": "pdf-endianerror.pdf"
     })
     s.file_path = "tests/files/pdf-endianerror.pdf"
     s.set_options({
         "pdf_timeout": 30,
     })
     r = s.run()
     assert len(r["pdf"][0]["urls"]) == 63
     assert r["pdf"][0]["urls"][54] == (
         u"http://yourmirror.net/kali-security\u548c"
         u"http://yourmirror.net/kali-images"
     )

示例#19

文件： test_web.py 项目： consen/cuckoo

    def test_summary_pdf_nometadata(self, p, request):
        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": __file__,
        })
        s.set_options({
            "pdf_timeout": 10,
        })
        s.file_path = __file__

        p._get_report.return_value = {
            "static": s.run(),
        }
        r = AnalysisRoutes.detail(request, 1, "static").content
        assert "No PDF metadata could be extracted!" in r

示例#20

文件： test_web.py 项目： ptcNOP/cuckoo

    def test_summary_office2(self, p, request):
        s = Static()
        s.set_task({
            "category": "file",
            "package": "doc",
            "target": "createproc1.docm",
        })
        s.file_path = "tests/files/createproc1.docm"

        p._get_report.return_value = {
            "static": s.run(),
        }
        r = AnalysisRoutes.detail(request, 1, "static").content
        assert "ThisDocument" in r
        assert "Sub AutoOpen" in r
        assert "process.Create" in r
        assert "notepad.exe" in r

示例#21

文件： test_processing.py 项目： BF109-k4/cuckoo

 def test_pdf_endian(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "pdf",
         "target": "pdf-endianerror.pdf"
     })
     s.file_path = "tests/files/pdf-endianerror.pdf"
     s.set_options({
         "pdf_timeout": 30,
     })
     r = s.run()
     assert len(r["pdf"][0]["urls"]) == 63
     assert r["pdf"][0]["urls"][54] == (
         u"http://yourmirror.net/kali-security\u548c"
         u"http://yourmirror.net/kali-images"
     )

示例#22

    def test_summary_office2(self, p, request):
        s = Static()
        s.set_task({
            "category": "file",
            "package": "doc",
            "target": "createproc1.docm",
        })
        s.file_path = "tests/files/createproc1.docm"

        p._get_report.return_value = {
            "static": s.run(),
        }
        r = AnalysisRoutes.detail(request, 1, "static").content
        assert "ThisDocument" in r
        assert "Sub AutoOpen" in r
        assert "process.Create" in r
        assert "notepad.exe" in r

示例#23

    def test_summary_pdf_nometadata(self, p, request):
        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": __file__,
        })
        s.set_options({
            "pdf_timeout": 10,
        })
        s.file_path = __file__

        p._get_report.return_value = {
            "static": s.run(),
        }
        r = AnalysisRoutes.detail(request, 1, "static").content
        assert "No PDF metadata could be extracted!" in r

示例#24

文件： test_processing.py 项目： jgajek/cuckoo

    def test_pdf_mock(self, p):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf0.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf0.pdf"
        p.return_value = ["hello"]
        assert s.run()["pdf"] == ["hello"]
        p.assert_called_once_with(
            mock.ANY, ("tests/files/pdf0.pdf",), timeout=30
        )

示例#25

    def test_summary_pdf_metadata(self, p, request):
        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf-sample.pdf",
        })
        s.set_options({
            "pdf_timeout": 10,
        })
        s.file_path = "tests/files/pdf-sample.pdf"

        p._get_report.return_value = {
            "static": s.run(),
        }
        r = AnalysisRoutes.detail(request, 1, "static").content
        assert "Microsoft Word 8.0" in r
        assert "This is a test PDF file" in r

示例#26

文件： test_web.py 项目： consen/cuckoo

    def test_summary_pdf_metadata(self, p, request):
        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf-sample.pdf",
        })
        s.set_options({
            "pdf_timeout": 10,
        })
        s.file_path = "tests/files/pdf-sample.pdf"

        p._get_report.return_value = {
            "static": s.run(),
        }
        r = AnalysisRoutes.detail(request, 1, "static").content
        assert "Microsoft Word 8.0" in r
        assert "This is a test PDF file" in r

示例#27

文件： test_processing.py 项目： ptcNOP/cuckoo

    def test_pdf_attach(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf_attach.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf_attach.pdf"
        obj, = s.run()["pdf"]
        assert len(obj["javascript"]) == 1
        assert "exportDataObject" in obj["javascript"][0]["orig_code"]
        assert len(obj["attachments"]) == 1
        assert obj["attachments"][0]["filename"] == "789IVIIUXSF110.docm"
        assert "kkkllsslll" in obj["openaction"]

示例#28

    def test_pdf_attach(self):
        set_cwd(tempfile.mkdtemp())

        s = Static()
        s.set_task({
            "category": "file",
            "package": "pdf",
            "target": "pdf_attach.pdf",
        })
        s.set_options({
            "pdf_timeout": 30,
        })
        s.file_path = "tests/files/pdf_attach.pdf"
        obj, = s.run()["pdf"]
        assert len(obj["javascript"]) == 1
        assert "exportDataObject" in obj["javascript"][0]["orig_code"]
        assert len(obj["attachments"]) == 1
        assert obj["attachments"][0]["filename"] == "789IVIIUXSF110.docm"
        assert "kkkllsslll" in obj["openaction"]

示例#29

文件： test_processing.py 项目： BF109-k4/cuckoo

 def test_lnk2(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "lnk",
         "target": "lnk_2.lnk",
     })
     s.file_path = "tests/files/lnk_2.lnk"
     obj = s.run()["lnk"]
     assert obj["basepath"] == "C:\\Windows\\System32\\cmd.exe"
     assert obj["flags"] == {
         "cmdline": True, "description": True, "icon": True,
         "references": True, "relapath": True, "shellidlist": True,
         "workingdir": True,
     }
     assert "digitale" in obj["description"]
     assert obj["icon"] == "C:\\Windows\\System32\\write.exe"
     assert "cmd.exe" in obj["relapath"]
     assert "bitsadmin.exe" in obj["cmdline"]
     assert "/transfer" in obj["cmdline"]

示例#30

文件： test_processing.py 项目： jgajek/cuckoo

 def test_lnk1(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "lnk",
         "target": "lnk_1.lnk",
     })
     s.file_path = "tests/files/lnk_1.lnk"
     obj = s.run()["lnk"]
     assert obj["basepath"] == "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe"
     assert obj["flags"] == {
         "cmdline": True, "description": True, "icon": True,
         "references": True, "relapath": True, "shellidlist": True,
         "workingdir": False,
     }
     assert obj["description"] == "windows photo viewer"
     assert "shell32.dll" in obj["icon"]
     assert "powershell.exe" in obj["relapath"]
     assert "-NoProfile" in obj["cmdline"]
     assert "eABlACIA" in obj["cmdline"]

示例#31

文件： test_processing.py 项目： LetMeR00t/cuckoo

 def test_lnk2(self):
     s = Static()
     s.set_task({
         "category": "file",
         "package": "lnk",
         "target": "lnk_2.lnk",
     })
     s.file_path = "tests/files/lnk_2.lnk"
     obj = s.run()["lnk"]
     assert obj["basepath"] == "C:\\Windows\\System32\\cmd.exe"
     assert obj["flags"] == {
         "cmdline": True, "description": True, "icon": True,
         "references": True, "relapath": True, "shellidlist": True,
         "workingdir": True,
     }
     assert "digitale" in obj["description"]
     assert obj["icon"] == "C:\\Windows\\System32\\write.exe"
     assert "cmd.exe" in obj["relapath"]
     assert "bitsadmin.exe" in obj["cmdline"]
     assert "/transfer" in obj["cmdline"]

示例#32

文件： test_extract.py 项目： frank2411/cuckoo_dev

def test_push_script_recursive():
    set_cwd(tempfile.mkdtemp())
    cuckoo_create()
    mkdir(cwd(analysis=1))

    open(cwd("yara", "office", "ole.yar"), "wb").write("""
        rule OleInside {
            strings:
                $s1 = "Win32_Process"
            condition:
                filename matches /word\/vbaProject.bin/ and $s1
        }
    """)
    init_yara()

    s = Static()
    s.file_path = "tests/files/createproc1.docm"
    s.set_task({
        "id": 1,
        "category": "file",
        "target": s.file_path,
        "package": "doc",
    })
    s.run()

    assert ExtractManager.for_task(1).results()[0]["yara"] == [{
        "name":
        "OleInside",
        "meta": {
            "description": "(no description)",
        },
        "offsets": {
            "s1": [
                (3933, 0),
            ],
        },
        "strings": [
            "Win32_Process".encode("base64").strip(),
        ],
    }]

示例#33

文件： test_extract.py 项目： LetMeR00t/cuckoo

def test_push_script_recursive():
    set_cwd(tempfile.mkdtemp())
    cuckoo_create()
    mkdir(cwd(analysis=1))

    open(cwd("yara", "office", "ole.yar"), "wb").write("""
        rule OleInside {
            strings:
                $s1 = "Win32_Process"
            condition:
                filename matches /word\/vbaProject.bin/ and $s1
        }
    """)
    init_yara()

    s = Static()
    s.file_path = "tests/files/createproc1.docm"
    s.set_task({
        "id": 1,
        "category": "file",
        "target": s.file_path,
        "package": "doc",
    })
    s.run()

    assert ExtractManager.for_task(1).results()[0]["yara"] == [{
        "name": "OleInside",
        "meta": {
            "description": "(no description)",
        },
        "offsets": {
            "s1": [
                (3933, 0),
            ],
        },
        "strings": [
            "Win32_Process".encode("base64").strip(),
        ],
    }]