示例#1
0
    def test_encryption(self):
        a = Artifact(self.test_binary_data)
        a.packaging.append(XOREncryption(0x4a))
        a.packaging.append(Base64Encoding())
        a2 = round_trip(a, Artifact)

        self.assertEqual(self.test_binary_data, a2.data)
示例#2
0
    def test_tcp_states(self):
        nc = NetworkConnection()
        nc.source_tcp_state = "LISTEN"
        nc.destination_tcp_state = "ESTABLISHED"

        nc2 = round_trip(nc)
        self.assertEqual(nc.to_dict(), nc2.to_dict())
    def test_tcp_states(self):
        nc = NetworkConnection()
        nc.source_tcp_state = "LISTEN"
        nc.destination_tcp_state = "ESTABLISHED"

        nc2 = round_trip(nc)
        self.assertEqual(nc.to_dict(), nc2.to_dict())
示例#4
0
    def _test_round_trip(self, observables):
        self.maxDiff = None
        print(observables.to_xml())
        observables2 = round_trip(observables)
        self.assertEqual(observables.to_dict(), observables2.to_dict())

        return observables2
示例#5
0
    def test_round_trip(self):
        o = Object()
        o.idref = "example:a1"
        o.properties = Address("1.2.3.4", Address.CAT_IPV4)
        o2 = round_trip(o)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#6
0
 def test_nonstandard_type_vocab(self):
     ar = ActionRelationship()
     ar.type = VocabString(u"AddedMultipleTimes")
     ar.type.vocab_reference = "http://example.com/action-types/"
     ar.type.xsi_type = None
     ar2 = round_trip(ar)
     self.assertEqual(ar.to_dict(), ar2.to_dict())
示例#7
0
 def test_nonstandard_type_vocab(self):
     ar = ActionRelationship()
     ar.type = ActionType("AddedMultipleTimes")
     ar.type.vocab_reference = "http://example.com/action-types/"
     ar.type.xsi_type = None
     ar2 = round_trip(ar)
     self.assertEqual(ar.to_dict(), ar2.to_dict())
示例#8
0
 def test_grouping_relationship(self):
     relationship = GroupingRelationship()
     relationship.malware_family_name = UNICODE_STR
     relationship.malware_toolkit_name = UNICODE_STR
     relationship2 = round_trip(relationship)
     self.assertEqual(relationship.malware_family_name, relationship2.malware_family_name)
     self.assertEqual(relationship.malware_toolkit_name, relationship2.malware_toolkit_name)
示例#9
0
    def test_encryption(self):
        a = Artifact(self.test_binary_data)
        a.packaging.append(XOREncryption(0x4a))
        a.packaging.append(Base64Encoding())
        a2 = round_trip(a, Artifact)

        self.assertEqual(self.test_binary_data, a2.data)
示例#10
0
 def test_grouping_relationship(self):
     relationship = GroupingRelationship()
     relationship.malware_family_name = UNICODE_STR
     relationship.malware_toolkit_name = UNICODE_STR
     relationship2 = round_trip(relationship)
     self.assertEqual(relationship.malware_family_name, relationship2.malware_family_name)
     self.assertEqual(relationship.malware_toolkit_name, relationship2.malware_toolkit_name)
示例#11
0
 def test_contributor(self):
     c = Contributor()
     c.name = UNICODE_STR
     c.role = UNICODE_STR
     c.email = UNICODE_STR
     c.phone = UNICODE_STR
     c.organization = UNICODE_STR
     c2 = round_trip(c)
示例#12
0
    def test_base64_encoding(self):
        a = Artifact(self.test_binary_data)
        a.packaging.append(Base64Encoding())
        a2 = round_trip(a, Artifact)
        self.assertEqual(self.test_binary_data, a2.data)

        expected = base64.b64encode(self.test_binary_data)
        self.assertEqual(expected, a2.packed_data)
 def test_contributor(self):
     c = Contributor()
     c.name = UNICODE_STR
     c.role = UNICODE_STR
     c.email = UNICODE_STR
     c.phone = UNICODE_STR
     c.organization = UNICODE_STR
     c2 = round_trip(c)
示例#14
0
    def test_base64_encoding(self):
        a = Artifact(self.test_binary_data)
        a.packaging.append(Base64Encoding())
        a2 = round_trip(a, Artifact)
        self.assertEqual(self.test_binary_data, a2.data)

        expected = base64.b64encode(self.test_binary_data)
        self.assertEqual(expected, a2.packed_data)
示例#15
0
 def test_av_classification(self):
     av_class = AVClassification()
     av_class.engine_version = UNICODE_STR
     av_class.definition_version = UNICODE_STR
     av_class.classification_name = UNICODE_STR
     av_class2 = round_trip(av_class)
     self.assertEqual(av_class.engine_version, av_class2.engine_version)
     self.assertEqual(av_class.definition_version, av_class2.definition_version)
     self.assertEqual(av_class.classification_name, av_class2.classification_name)
示例#16
0
    def test_zlib_base64_encoding(self):
        a = Artifact(self.binary_data)
        a.packaging.append(ZlibCompression())
        a.packaging.append(Base64Encoding())
        a2 = round_trip(a, Artifact)
        self.assertEqual(self.binary_data, a2.data)

        expected = b64encode(compress(self.binary_data)).decode('ascii')
        self.assertEqual(expected, a2.packed_data)
示例#17
0
    def _compare(self, recips):
        recips2 = round_trip(recips, EmailRecipients)
        self.assertEqual(2, len(recips2.recipients))

        recips_dict = recips2.to_dict()
        self.assertEqual(recips_dict[0]['category'], Address.CAT_EMAIL)
        self.assertEqual(recips_dict[0]['address_value'], self.email1)
        self.assertEqual(recips_dict[1]['category'], Address.CAT_EMAIL)
        self.assertEqual(recips_dict[1]['address_value'], self.email2)
示例#18
0
    def test_compression(self):
        a = Artifact(self.binary_data)
        a.packaging = Packaging()
        a.packaging.compression.append(Bz2Compression())
        a.packaging.encryption.append(XOREncryption(0x4a))
        a.packaging.encoding.append(Base64Encoding())
        a2 = round_trip(a, Artifact)

        self.assertEqual(self.binary_data, a2.data)
示例#19
0
 def test_av_classification(self):
     av_class = AVClassification()
     av_class.engine_version = UNICODE_STR
     av_class.definition_version = UNICODE_STR
     av_class.classification_name = UNICODE_STR
     av_class2 = round_trip(av_class)
     self.assertEqual(av_class.engine_version, av_class2.engine_version)
     self.assertEqual(av_class.definition_version, av_class2.definition_version)
     self.assertEqual(av_class.classification_name, av_class2.classification_name)
示例#20
0
    def test_zlib_base64_encoding(self):
        a = Artifact(self.binary_data)
        a.packaging.append(ZlibCompression())
        a.packaging.append(Base64Encoding())
        a2 = round_trip(a, Artifact)
        self.assertEqual(self.binary_data, a2.data)

        expected = b64encode(compress(self.binary_data)).decode('ascii')
        self.assertEqual(expected, a2.packed_data)
示例#21
0
    def test_round_trip(self):
        v = SimpleHashValue(EMPTY_MD5)
        t = HashName(Hash.TYPE_MD5)

        h = Hash(v, t)

        hash2 = round_trip(h, Hash, output=True)

        self.assertEqual(hash2.simple_hash_value, v)
        self.assertEqual(hash2.type_, t)
示例#22
0
    def test_round_trip(self):
        o = Observable()
        o.title = "An observable"
        o.description = "some text"
        o.description.structuring_format = "plain"
        o.id_ = "abc123"
        o.object_ = Object()

        o2 = round_trip(o)
        self.assertEqual(o.to_dict(), o2.to_dict())
示例#23
0
    def test_keywords(self):
        o = Observable()
        o.title = "Test"

        self.assertTrue("eyword" not in o.to_xml())
        o.add_keyword("Foo")
        print(o.to_xml())
        self.assertTrue("<cybox:Keyword>Foo</cybox:Keyword>" in o.to_xml())

        o2 = round_trip(o)
        self.assertEqual(1, len(o2.keywords))
示例#24
0
    def test_keywords(self):
        o = Observable()
        o.title = "Test"

        self.assertTrue(b"eyword" not in o.to_xml())
        o.add_keyword("Foo")
        logger.info(o.to_xml())
        self.assertTrue(b"<cybox:Keyword>Foo</cybox:Keyword>" in o.to_xml())

        o2 = round_trip(o)
        self.assertEqual(1, len(o2.keywords))
示例#25
0
    def test_round_trip(self):
        v = String("*****@*****.**")
        c = Address.CAT_EMAIL

        a = Address()
        a.address_value = v
        a.category = c

        addr2 = round_trip(a, Address, output=False)

        self.assertEqual(addr2.address_value, v)
        self.assertEqual(addr2.category, c)
示例#26
0
    def test_round_trip(self):
        v = AnyURI("http://www.example.com")
        t = URI.TYPE_URL

        u = URI()
        u.value = v
        u.type_ = t

        uri2 = round_trip(u, URI, output=False)

        self.assertEqual(uri2.value, v)
        self.assertEqual(uri2.type_, t)
示例#27
0
    def test_round_trip(self):
        o = Analysis()
        o.source = Source()
        o.source.name = "ThreatExpert"
        o.source.organization = "ThreatExpert"
        o.source.method = "triage"
        o.source.url = "http://www.threatexpert.com"

        o.start_datetime = "2014-08-06T18:30:00"

        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#28
0
    def test_round_trip(self):
        o = Analysis()
        o.source = Source()
        o.source.name = "ThreatExpert"
        o.source.organization = "ThreatExpert"
        o.source.method = "triage"
        o.source.url = "http://www.threatexpert.com"

        o.start_datetime = "2014-08-06T18:30:00"

        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#29
0
    def test_round_trip(self):
        a = Address("*****@*****.**", Address.CAT_EMAIL)
        a2 = Address("*****@*****.**", Address.CAT_EMAIL)

        ms = MeasureSource()
        ms.class_ = "System"
        ms.source_type = "Analysis"
        ms.description = StructuredText("A Description")

        o = Observables([a, a2])
        o.observable_package_source = ms

        o2 = round_trip(o, output=True)
        self.assertEqual(o.to_dict(), o2.to_dict())
示例#30
0
    def test_round_trip(self):
        a = Address("*****@*****.**", Address.CAT_EMAIL)
        a2 = Address("*****@*****.**", Address.CAT_EMAIL)

        ms = MeasureSource()
        ms.class_ = "System"
        ms.source_type = "Analysis"
        ms.description = StructuredText("A Description")

        o = Observables([a, a2])
        o.observable_package_source = ms

        o2 = round_trip(o, output=True)
        self.assertEqual(o.to_dict(), o2.to_dict())
示例#31
0
 def test_roundtrip(self):
     d = {
           'boundary': "----MIME_BOUNDARY------",
           'content_type': "mime/multi-part",
           'mime_version': "1.0",
           'precedence': "High",
           'x_mailer': "Outlook Express",
           'x_originating_ip': {'address_value': "1.2.3.4",
                                'category': "ipv4-addr"},
           'x_priority': 3,
         }
     self.maxDiff = None
     o = OptionalHeader.from_dict(d)
     o2 = round_trip(o, OptionalHeader)
     d2 = o2.to_dict()
     self.assertEqual(d, d2)
示例#32
0
    def test_round_trip(self):
        o = Observable()
        o.title = "An observable"
        o.description = "some text"
        o.description.structuring_format = "plain"
        o.id_ = "abc123"
        o.object_ = Object()

        pf = PatternFidelity()
        ot = ObfuscationTechnique()
        ot.description = "X0Rz"
        pf.evasion_techniques = ObfuscationTechniques()
        pf.evasion_techniques.append(ot)
        o.pattern_fidelity = pf

        o2 = round_trip(o)
        self.assertEqual(o.to_dict(), o2.to_dict())
示例#33
0
    def test_round_trip(self):
        o = Observable()
        o.title = "An observable"
        o.description = "some text"
        o.description.structuring_format = "plain"
        o.id_ = "abc123"
        o.object_ = Object()

        pf = PatternFidelity()
        ot = ObfuscationTechnique()
        ot.description = "X0Rz"
        pf.evasion_techniques = ObfuscationTechniques()
        pf.evasion_techniques.append(ot)
        o.pattern_fidelity = pf

        o2 = round_trip(o)
        self.assertEqual(o.to_dict(), o2.to_dict())
    def test_round_trip(self):
        o = ProcessTree()
        root = ProcessTreeNode()
        spawned_child1 = ProcessTreeNode()
        spawned_child2 = ProcessTreeNode()
        injected_child = ProcessTreeNode()
        spawned_grandchild = ProcessTreeNode()

        o.set_root_process(root)
        root.add_spawned_process(spawned_child1)
        root.add_spawned_process(spawned_child2)
        root.add_injected_process(injected_child)
        spawned_child1.add_spawned_process(spawned_grandchild)

        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
    def test_round_trip(self):
        o = ProcessTree()
        root = ProcessTreeNode()
        spawned_child1 = ProcessTreeNode()
        spawned_child2 = ProcessTreeNode()
        injected_child = ProcessTreeNode()
        spawned_grandchild = ProcessTreeNode()

        o.set_root_process(root)
        root.add_spawned_process(spawned_child1)
        root.add_spawned_process(spawned_child2)
        root.add_injected_process(injected_child)
        spawned_child1.add_spawned_process(spawned_grandchild)

        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#36
0
    def test_custom_encoding(self):
        @EncodingFactory.register_extension
        class Base32Encoding(Encoding):
            _ENCODING_TYPE = "Base32"

            def __init__(self):
                super(Base32Encoding, self).__init__(algorithm="Base32")

            def pack(self, data):
                return base64.b32encode(data)

            def unpack(self, packed_data):
                return base64.b32decode(packed_data)

        a = Artifact(self.binary_data)
        a.packaging = Packaging()
        a.packaging.compression.append(Bz2Compression())
        a.packaging.encryption.append(XOREncryption(0x4a))
        a.packaging.encoding.append(Base32Encoding())
        a2 = round_trip(a, Artifact)

        self.assertEqual(self.binary_data, a2.data)
示例#37
0
    def test_round_trip(self):
        o = Bundle()
        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#38
0
    def test_round_trip(self):
        o = Package()
        o2 = round_trip(o)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#39
0
 def test_round_trip(self):
     a = Artifact(self.test_text_data, Artifact.TYPE_GENERIC)
     a2 = round_trip(a, Artifact)
     self.assertEqual(a.to_dict(), a2.to_dict())
示例#40
0
 def test_measure_source(self):
     o = MeasureSource()
     o.name = UNICODE_STR
     o2 = round_trip(o)
示例#41
0
 def test_observable(self):
     o = Observable()
     o.title = UNICODE_STR
     o2 = round_trip(o)
示例#42
0
 def test_round_trip(self):
     # Without any packaging, the only data an Artifact can encode
     # successfully is ASCII data.
     a = Artifact(self.ascii_data, Artifact.TYPE_GENERIC)
     a2 = round_trip(a, Artifact)
     self.assertEqual(a.to_dict(), a2.to_dict())
示例#43
0
    def test_round_trip(self):
        o = Package()
        o2 = round_trip(o)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#44
0
 def test_double_encode(self):
     s = String(UNICODE_STR)
     s2 = round_trip(s)
示例#45
0
 def test_capability(self):
     capability = Capability()
     capability.description = UNICODE_STR
     capability2 = round_trip(capability)
     self.assertEqual(capability.description, capability2.description)
示例#46
0
 def test_capability(self):
     capability = Capability()
     capability.description = UNICODE_STR
     capability2 = round_trip(capability)
     self.assertEqual(capability.description, capability2.description)
    def test_round_trip(self):
        o = AVClassification('Some!Trojan')
        o.vendor = 'McAfee'
        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#48
0
 def test_whois(self):
     o = WhoisEntry()
     o.dnssec = UNICODE_STR
     o2 = round_trip(o)
示例#49
0
    def test_round_trip(self):
        o = Capability()
        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#50
0
    def test_round_trip(self):
        o = Behavior()
        o2 = round_trip(o, True)

        self.assertEqual(o.to_dict(), o2.to_dict())
示例#51
0
 def test_dynamic_analysis_metadata(self):
     metadata = DynamicAnalysisMetadata()
     metadata.command_line = UNICODE_STR
     metadata2 = round_trip(metadata)
     self.assertEqual(metadata.command_line, metadata2.command_line)
示例#52
0
 def test_code(self):
     cs = Code()
     cs.code_segment_xor = CodeSegmentXOR()
     cs.code_segment_xor.xor_pattern = UNICODE_STR
     cs2 = round_trip(cs)
     self.assertEqual(cs.to_dict(), cs2.to_dict())
示例#53
0
 def test_behavior(self):
     behavior = Behavior()
     behavior.description = UNICODE_STR
     behavior2 = round_trip(behavior)
     self.assertEqual(behavior.description, behavior2.description)
 def test_whois(self):
     o = WhoisEntry()
     o.dnssec = UNICODE_STR
     o2 = round_trip(o)
示例#55
0
 def test_round_trip(self):
     # Without any packaging, the only data an Artifact can encode
     # successfully is ASCII data.
     a = Artifact(self.ascii_data, Artifact.TYPE_GENERIC)
     a2 = round_trip(a, Artifact)
     self.assertEqual(a.to_dict(), a2.to_dict())
示例#56
0
 def test_malware_configuration_parameter(self):
     config = MalwareConfigurationParameter()
     config.value = UNICODE_STR
     config2 = round_trip(config)
     self.assertEqual(config.value, config2.value)
示例#57
0
 def test_behavior(self):
     behavior = Behavior()
     behavior.description = UNICODE_STR
     behavior2 = round_trip(behavior)
     self.assertEqual(behavior.description, behavior2.description)
示例#58
0
 def test_round_trip(self):
     a = Artifact(self.test_text_data, Artifact.TYPE_GENERIC)
     a2 = round_trip(a, Artifact)
     self.assertEqual(a.to_dict(), a2.to_dict())