def test_encryption(self): a = Artifact(self.test_binary_data) a.packaging.append(XOREncryption(0x4a)) a.packaging.append(Base64Encoding()) a2 = round_trip(a, Artifact) self.assertEqual(self.test_binary_data, a2.data)
def test_tcp_states(self): nc = NetworkConnection() nc.source_tcp_state = "LISTEN" nc.destination_tcp_state = "ESTABLISHED" nc2 = round_trip(nc) self.assertEqual(nc.to_dict(), nc2.to_dict())
def _test_round_trip(self, observables): self.maxDiff = None print(observables.to_xml()) observables2 = round_trip(observables) self.assertEqual(observables.to_dict(), observables2.to_dict()) return observables2
def test_round_trip(self): o = Object() o.idref = "example:a1" o.properties = Address("1.2.3.4", Address.CAT_IPV4) o2 = round_trip(o) self.assertEqual(o.to_dict(), o2.to_dict())
def test_nonstandard_type_vocab(self): ar = ActionRelationship() ar.type = VocabString(u"AddedMultipleTimes") ar.type.vocab_reference = "http://example.com/action-types/" ar.type.xsi_type = None ar2 = round_trip(ar) self.assertEqual(ar.to_dict(), ar2.to_dict())
def test_nonstandard_type_vocab(self): ar = ActionRelationship() ar.type = ActionType("AddedMultipleTimes") ar.type.vocab_reference = "http://example.com/action-types/" ar.type.xsi_type = None ar2 = round_trip(ar) self.assertEqual(ar.to_dict(), ar2.to_dict())
def test_grouping_relationship(self): relationship = GroupingRelationship() relationship.malware_family_name = UNICODE_STR relationship.malware_toolkit_name = UNICODE_STR relationship2 = round_trip(relationship) self.assertEqual(relationship.malware_family_name, relationship2.malware_family_name) self.assertEqual(relationship.malware_toolkit_name, relationship2.malware_toolkit_name)
def test_contributor(self): c = Contributor() c.name = UNICODE_STR c.role = UNICODE_STR c.email = UNICODE_STR c.phone = UNICODE_STR c.organization = UNICODE_STR c2 = round_trip(c)
def test_base64_encoding(self): a = Artifact(self.test_binary_data) a.packaging.append(Base64Encoding()) a2 = round_trip(a, Artifact) self.assertEqual(self.test_binary_data, a2.data) expected = base64.b64encode(self.test_binary_data) self.assertEqual(expected, a2.packed_data)
def test_av_classification(self): av_class = AVClassification() av_class.engine_version = UNICODE_STR av_class.definition_version = UNICODE_STR av_class.classification_name = UNICODE_STR av_class2 = round_trip(av_class) self.assertEqual(av_class.engine_version, av_class2.engine_version) self.assertEqual(av_class.definition_version, av_class2.definition_version) self.assertEqual(av_class.classification_name, av_class2.classification_name)
def test_zlib_base64_encoding(self): a = Artifact(self.binary_data) a.packaging.append(ZlibCompression()) a.packaging.append(Base64Encoding()) a2 = round_trip(a, Artifact) self.assertEqual(self.binary_data, a2.data) expected = b64encode(compress(self.binary_data)).decode('ascii') self.assertEqual(expected, a2.packed_data)
def _compare(self, recips): recips2 = round_trip(recips, EmailRecipients) self.assertEqual(2, len(recips2.recipients)) recips_dict = recips2.to_dict() self.assertEqual(recips_dict[0]['category'], Address.CAT_EMAIL) self.assertEqual(recips_dict[0]['address_value'], self.email1) self.assertEqual(recips_dict[1]['category'], Address.CAT_EMAIL) self.assertEqual(recips_dict[1]['address_value'], self.email2)
def test_compression(self): a = Artifact(self.binary_data) a.packaging = Packaging() a.packaging.compression.append(Bz2Compression()) a.packaging.encryption.append(XOREncryption(0x4a)) a.packaging.encoding.append(Base64Encoding()) a2 = round_trip(a, Artifact) self.assertEqual(self.binary_data, a2.data)
def test_round_trip(self): v = SimpleHashValue(EMPTY_MD5) t = HashName(Hash.TYPE_MD5) h = Hash(v, t) hash2 = round_trip(h, Hash, output=True) self.assertEqual(hash2.simple_hash_value, v) self.assertEqual(hash2.type_, t)
def test_round_trip(self): o = Observable() o.title = "An observable" o.description = "some text" o.description.structuring_format = "plain" o.id_ = "abc123" o.object_ = Object() o2 = round_trip(o) self.assertEqual(o.to_dict(), o2.to_dict())
def test_keywords(self): o = Observable() o.title = "Test" self.assertTrue("eyword" not in o.to_xml()) o.add_keyword("Foo") print(o.to_xml()) self.assertTrue("<cybox:Keyword>Foo</cybox:Keyword>" in o.to_xml()) o2 = round_trip(o) self.assertEqual(1, len(o2.keywords))
def test_keywords(self): o = Observable() o.title = "Test" self.assertTrue(b"eyword" not in o.to_xml()) o.add_keyword("Foo") logger.info(o.to_xml()) self.assertTrue(b"<cybox:Keyword>Foo</cybox:Keyword>" in o.to_xml()) o2 = round_trip(o) self.assertEqual(1, len(o2.keywords))
def test_round_trip(self): v = String("*****@*****.**") c = Address.CAT_EMAIL a = Address() a.address_value = v a.category = c addr2 = round_trip(a, Address, output=False) self.assertEqual(addr2.address_value, v) self.assertEqual(addr2.category, c)
def test_round_trip(self): v = AnyURI("http://www.example.com") t = URI.TYPE_URL u = URI() u.value = v u.type_ = t uri2 = round_trip(u, URI, output=False) self.assertEqual(uri2.value, v) self.assertEqual(uri2.type_, t)
def test_round_trip(self): o = Analysis() o.source = Source() o.source.name = "ThreatExpert" o.source.organization = "ThreatExpert" o.source.method = "triage" o.source.url = "http://www.threatexpert.com" o.start_datetime = "2014-08-06T18:30:00" o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self): a = Address("*****@*****.**", Address.CAT_EMAIL) a2 = Address("*****@*****.**", Address.CAT_EMAIL) ms = MeasureSource() ms.class_ = "System" ms.source_type = "Analysis" ms.description = StructuredText("A Description") o = Observables([a, a2]) o.observable_package_source = ms o2 = round_trip(o, output=True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_roundtrip(self): d = { 'boundary': "----MIME_BOUNDARY------", 'content_type': "mime/multi-part", 'mime_version': "1.0", 'precedence': "High", 'x_mailer': "Outlook Express", 'x_originating_ip': {'address_value': "1.2.3.4", 'category': "ipv4-addr"}, 'x_priority': 3, } self.maxDiff = None o = OptionalHeader.from_dict(d) o2 = round_trip(o, OptionalHeader) d2 = o2.to_dict() self.assertEqual(d, d2)
def test_round_trip(self): o = Observable() o.title = "An observable" o.description = "some text" o.description.structuring_format = "plain" o.id_ = "abc123" o.object_ = Object() pf = PatternFidelity() ot = ObfuscationTechnique() ot.description = "X0Rz" pf.evasion_techniques = ObfuscationTechniques() pf.evasion_techniques.append(ot) o.pattern_fidelity = pf o2 = round_trip(o) self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self): o = ProcessTree() root = ProcessTreeNode() spawned_child1 = ProcessTreeNode() spawned_child2 = ProcessTreeNode() injected_child = ProcessTreeNode() spawned_grandchild = ProcessTreeNode() o.set_root_process(root) root.add_spawned_process(spawned_child1) root.add_spawned_process(spawned_child2) root.add_injected_process(injected_child) spawned_child1.add_spawned_process(spawned_grandchild) o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_custom_encoding(self): @EncodingFactory.register_extension class Base32Encoding(Encoding): _ENCODING_TYPE = "Base32" def __init__(self): super(Base32Encoding, self).__init__(algorithm="Base32") def pack(self, data): return base64.b32encode(data) def unpack(self, packed_data): return base64.b32decode(packed_data) a = Artifact(self.binary_data) a.packaging = Packaging() a.packaging.compression.append(Bz2Compression()) a.packaging.encryption.append(XOREncryption(0x4a)) a.packaging.encoding.append(Base32Encoding()) a2 = round_trip(a, Artifact) self.assertEqual(self.binary_data, a2.data)
def test_round_trip(self): o = Bundle() o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self): o = Package() o2 = round_trip(o) self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self): a = Artifact(self.test_text_data, Artifact.TYPE_GENERIC) a2 = round_trip(a, Artifact) self.assertEqual(a.to_dict(), a2.to_dict())
def test_measure_source(self): o = MeasureSource() o.name = UNICODE_STR o2 = round_trip(o)
def test_observable(self): o = Observable() o.title = UNICODE_STR o2 = round_trip(o)
def test_round_trip(self): # Without any packaging, the only data an Artifact can encode # successfully is ASCII data. a = Artifact(self.ascii_data, Artifact.TYPE_GENERIC) a2 = round_trip(a, Artifact) self.assertEqual(a.to_dict(), a2.to_dict())
def test_double_encode(self): s = String(UNICODE_STR) s2 = round_trip(s)
def test_capability(self): capability = Capability() capability.description = UNICODE_STR capability2 = round_trip(capability) self.assertEqual(capability.description, capability2.description)
def test_round_trip(self): o = AVClassification('Some!Trojan') o.vendor = 'McAfee' o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_whois(self): o = WhoisEntry() o.dnssec = UNICODE_STR o2 = round_trip(o)
def test_round_trip(self): o = Capability() o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_round_trip(self): o = Behavior() o2 = round_trip(o, True) self.assertEqual(o.to_dict(), o2.to_dict())
def test_dynamic_analysis_metadata(self): metadata = DynamicAnalysisMetadata() metadata.command_line = UNICODE_STR metadata2 = round_trip(metadata) self.assertEqual(metadata.command_line, metadata2.command_line)
def test_code(self): cs = Code() cs.code_segment_xor = CodeSegmentXOR() cs.code_segment_xor.xor_pattern = UNICODE_STR cs2 = round_trip(cs) self.assertEqual(cs.to_dict(), cs2.to_dict())
def test_behavior(self): behavior = Behavior() behavior.description = UNICODE_STR behavior2 = round_trip(behavior) self.assertEqual(behavior.description, behavior2.description)
def test_malware_configuration_parameter(self): config = MalwareConfigurationParameter() config.value = UNICODE_STR config2 = round_trip(config) self.assertEqual(config.value, config2.value)