def test_imphash():
fo = create_test_file_object(
bin_path=str(Path(get_test_data_dir(), 'test_executable')))
fo.processed_analysis = {'file_type': {'mime': 'application/x-executable'}}
imphash = get_imphash(fo)
assert isinstance(imphash, str), 'imphash should be a string'
assert len(imphash) == 32, 'imphash does not seem to be an md5'
def process_object(self, file_object):
'''
This function must be implemented by the plugin.
Analysis result must be a dict stored in file_object.processed_analysis[self.NAME]
If you want to propagate results to parent objects store a list of strings 'summary' entry of your result dict
'''
file_object.processed_analysis[self.NAME] = {}
for h in self.hashes_to_create:
if h in algorithms_available:
file_object.processed_analysis[self.NAME][h] = get_hash(
h, file_object.binary)
else:
logging.debug('algorithm {} not available'.format(h))
file_object.processed_analysis[self.NAME]['ssdeep'] = get_ssdeep(
file_object.binary)
file_object.processed_analysis[self.NAME]['imphash'] = get_imphash(
file_object)
return file_object
def test_imphash_bad_file():
fo = create_test_file_object()
fo.processed_analysis = {'file_type': {'mime': 'application/x-executable'}}
assert not get_imphash(fo)
def test_imphash():
fo = create_test_file_object(
bin_path=str(Path(get_test_data_dir(), 'test_executable')))
fo.processed_analysis = {'file_type': {'mime': 'application/x-executable'}}
assert get_imphash(
fo) == '80a89f1e3f70b5c421528509ae74503c', 'imphash computation is off'