def _download_base64_decoded_section(self, uid, section, expression_id): with ConnectTo(FrontEndDbInterface, self._config) as sc: file_obj = sc.get_object(uid, analysis_filter=['base64_decoder']) span_in_binary, span_in_section = None, (None, None) for expression in file_obj.processed_analysis['base64_decoder'][section]: if expression['id'] == int(expression_id): span_in_section = expression['span_in_section'] span_in_binary = expression['span_in_binary'] break if not span_in_binary: return render_template('error.html', message='Undisclosed error in base64 decoding') with ConnectTo(InterComFrontEndBinding, self._config) as connection: raw_binary = connection.get_binary_and_filename(file_obj.uid) binary, _ = remove_linebreaks_from_byte_string(raw_binary[0][span_in_binary[0]:span_in_binary[1]]) try: binary = binascii.a2b_base64(binary[span_in_section[0]:span_in_section[1]]) except binascii.Error as error: return render_template('error.html', message=str(error)) else: resp = make_response(binary) resp.headers['Content-Disposition'] = 'attachment; filename={}'.format(file_obj.file_name + '_0x%X' % (span_in_binary[0] + span_in_section[0]) + '-0x%X_decoded' % (span_in_binary[1] - span_in_section[2])) return resp
def process_object(self, file_object): original_binary = file_object.binary my_binary, removed_linebreaks = remove_linebreaks_from_byte_string(original_binary) try: base64_sections = self.find_base64_sections(my_binary, int(self.config[self.NAME]['base64_section_min_length'])) except ValueError as value_error: logging.error(str(value_error)) return file_object file_object.processed_analysis[self.NAME] = self.iterate_base64_sections(base64_sections, original_binary, removed_linebreaks) file_object.processed_analysis[self.NAME]['summary'] = ['Base64 code detected'] if file_object.processed_analysis[self.NAME] else [] return file_object
def test_remove_linebreaks(self): self.assertEqual(remove_linebreaks_from_byte_string(b'abcd'), (b'abcd', 0), 'Linebreaks are not removed correctly') self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0a'), (b'abcd', 1), 'Linebreaks are not removed correctly') self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0d'), (b'abcd', 1), 'Linebreaks are not removed correctly') self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0a\x0d'), (b'abcd', 2), 'Linebreaks are not removed correctly') self.assertEqual(remove_linebreaks_from_byte_string(b'abcd\x0a\x0defgh'), (b'abcdefgh', 2), 'Linebreaks are not removed correctly')