def test_store_file_wrong_path(self, caplog): mock_task_wrong_path = mock_task() mock_task_wrong_path.target += "foobar" analysis_man = AnalysisManager(task=mock_task_wrong_path, error_queue=queue.Queue()) analysis_man.store_file(sha256="e3be3b") is False assert "analysis aborted" in caplog.text
def test_init_storage_already_exists(self, clean_init_storage, caplog): analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) os.makedirs(os.getcwd() + "/storage/analyses/1234") analysis_man.init_storage() assert "already exists at path" in caplog.text
def test_store_file_symlink_err(self, symlink, caplog): with open("binary", "wb") as f: f.write(b"\x00") analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) analysis_man.store_file(sha256="e3be3b") assert "Unable to create symlink/copy" in caplog.text
def test_acquire_machine(self, setup_machinery, setup_machine_lock): class mock_machinery(object): def availables(self): return True def acquire(self, machine_id, platform, tags): class mock_acquire: name = "mock_mach" label = "mock_label" platform = "mock_platform" return mock_acquire() class mock_machine: machine = "mock" class mock_plat: platform = "plat" class mock_tags: tags = "tags" setup_machinery(mock_machinery()) mock_task_machine = mock_task() mock_task_machine.machine = mock_machine() mock_task_machine.platform = mock_plat() mock_task_machine.tags = mock_tags() analysis_man = AnalysisManager(task=mock_task_machine, error_queue=queue.Queue()) analysis_man.acquire_machine() assert analysis_man.machine.name == "mock_mach"
def test_check_file_err(self, mocker): class mock_sample: sha256 = "f3b" analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) mocker.patch("lib.cuckoo.core.database.Database.view_sample", return_value=mock_sample()) assert analysis_man.check_file("e3b") is False
def test_init_storage_other_error(self, clean_init_storage, mocker, caplog): mocker.patch( "lib.cuckoo.core.scheduler.create_folder", side_effect=CuckooOperationalError("foo"), ) analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) # with pytest.raises(CuckooOperationalError) as exc_info: assert analysis_man.init_storage() is False assert "Unable to create analysis folder" in caplog.text
def test_category_checks_modified_file(self, clean_init_storage, mocker): class mock_sample: sha256 = "123" analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) assert analysis_man.init_storage() is True mocker.patch("lib.cuckoo.core.scheduler.Database.view_sample", return_value=mock_sample()) assert analysis_man.category_checks() is False
def test_store_file_delete_original(self): file = tempfile.mkstemp()[1] self.anal["file_path"] = file self.a = AnalysisManager(self.anal) self.a.init_storage() self.a.cfg.cuckoo.delete_original = True self.a.store_file() bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e") assert not os.path.exists(file) os.remove(bin_path)
def test_store_file(self): file = tempfile.mkstemp()[1] self.anal["file_path"] = file self.a = AnalysisManager(self.anal) self.a.init_storage() self.a.store_file() bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e") assert_equals(bin_path, self.a.analysis.stored_file_path) assert os.path.exists(bin_path) os.remove(file) os.remove(bin_path)
def test_build_options(self): class mock_machine: resultserver_ip = "1.2.3.4" resultserver_port = "1337" mock_task_build_opts = mock_task() mock_task_build_opts.package = "foo" mock_task_build_opts.options = "foo=bar" mock_task_build_opts.enforce_timeout = 1 mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01", "%m-%d-%Y %H:%M:%S") mock_task_build_opts.timeout = 10 analysis_man = AnalysisManager(task=mock_task_build_opts, error_queue=queue.Queue()) analysis_man.machine = mock_machine() opts = analysis_man.build_options() opts["target"] = opts["target"].rsplit("/", 1)[-1] assert opts == { "category": "file", "exports": "", "target": "test_scheduler.py", "package": "foo", "terminate_processes": False, "ip": "1.2.3.4", "clock": datetime(2099, 1, 1, 9, 1, 1), "port": "1337", "file_type": "Python script, ASCII text executable", "options": "foo=bar", "enforce_timeout": 1, "evtx": False, "timeout": 10, "file_name": "test_scheduler.py", "browser": True, "curtain": False, "procmon": False, "digisig": True, "disguise": True, "sysmon": False, "filepickup": False, "filecollector": True, "permissions": False, "screenshots_linux": False, "screenshots_windows": True, "tlsdump": True, "usage": False, "human_linux": False, "human_windows": True, "stap": False, "id": 1234, "do_upload_max_size": 0, "upload_max_size": 100000000, "during_script": False, "pre_script": False, }
def test_category_checks_no_store_file(self, clean_init_storage, grab_sample, mocker): class mock_sample: sha256 = "5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b" sample_location = grab_sample(sample_hash="5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b") mock_task_cat = mock_task() mock_task_cat.target = sample_location analysis_man = AnalysisManager(task=mock_task_cat, error_queue=queue.Queue()) assert analysis_man.init_storage() is True mocker.patch("lib.cuckoo.core.scheduler.Database.view_sample", return_value=mock_sample()) mocker.patch("lib.cuckoo.core.scheduler.AnalysisManager.store_file", return_value=False) assert analysis_man.category_checks() is False
class TestAnalysisManager: def setUp(self): create_structure() self.anal = Dictionary() self.anal["id"] = "test-cuckoo-remove-me" self.a = AnalysisManager(self.anal) def test_init_storage(self): self.a.init_storage() assert os.path.exists(self.a.analysis.results_folder) @raises(CuckooAnalysisError) def test_init_storage_error(self): self.a.analysis.results_folder = os.path.join(os.path.join(CUCKOO_ROOT, "storage", "analyses"), self.anal.id) os.mkdir(self.a.analysis.results_folder) self.a.init_storage() def test_store_file(self): file = tempfile.mkstemp()[1] self.anal["file_path"] = file self.a = AnalysisManager(self.anal) self.a.init_storage() self.a.store_file() bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e") assert_equals(bin_path, self.a.analysis.stored_file_path) assert os.path.exists(bin_path) os.remove(file) os.remove(bin_path) def tearDown(self): shutil.rmtree(self.a.analysis.results_folder)
def test_build_options_pe(self, grab_sample): class mock_machine: resultserver_ip = "1.2.3.4" resultserver_port = "1337" sample_location = grab_sample(sample_hash="5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b") mock_task_build_opts = mock_task() mock_task_build_opts.package = "file" mock_task_build_opts.enforce_timeout = 1 mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01", "%m-%d-%Y %H:%M:%S") mock_task_build_opts.timeout = 10 mock_task_build_opts.target = sample_location analysis_man = AnalysisManager(task=mock_task_build_opts, error_queue=queue.Queue()) analysis_man.machine = mock_machine() opts = analysis_man.build_options() opts["target"] = opts["target"].rsplit("/", 1)[-1] assert opts == { "category": "file", "exports": "", "target": "5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b", "package": "file", "terminate_processes": False, "ip": "1.2.3.4", "clock": datetime(2099, 1, 1, 9, 1, 1), "port": "1337", "file_type": "PE32 executable (console) Intel 80386, for MS Windows", "options": "foo=bar", "enforce_timeout": 1, "evtx": False, "timeout": 10, "file_name": "5dd87d3d6b9d8b4016e3c36b189234772661e690c21371f1eb8e018f0f0dec2b", "browser": True, "curtain": False, "procmon": False, "digisig": True, "disguise": True, "sysmon": False, "filepickup": False, "permissions": False, "screenshots": True, "tlsdump": True, "usage": False, "human": True, "id": 1234, "do_upload_max_size": 0, "upload_max_size": 100000000, }
def test_acquire_machine_machine_not_avail(self, setup_machinery, setup_machine_lock, mocker): class mock_machinery(object): def availables(self): return True def acquire(self, machine_id, platform, tags): return None class mock_machine: machine = "mock" class mock_plat: platform = "plat" class mock_tags: tags = "tags" setup_machinery(mock_machinery()) mock_task_machine = mock_task() mock_task_machine.machine = mock_machine() mock_task_machine.platform = mock_plat() mock_task_machine.tags = mock_tags() analysis_man = AnalysisManager(task=mock_task_machine, error_queue=queue.Queue()) try: spy = mocker.spy(scheduler.machine_lock, "release") func_timeout(5, analysis_man.acquire_machine) except FunctionTimedOut: assert spy.call_count >= 4 except Exception as e: print((str(e)))
def test_acquire_machine(self, setup_machinery, setup_machine_lock): class mock_machinery: def availables(self, machine_id, platform, tags, arch): return True def acquire(self, machine_id, platform, tags, arch): class mock_acquire: name = "mock_mach" label = "mock_label" platform = "mock_platform" arch = "x64" return mock_acquire() class mock_machine: machine = "mock" class mock_plat: platform = "plat" class mock_tags: class mock_tag: def __init__(self, name): self.name = name tags = [mock_tag("tag1"), mock_tag("tag2")] def __iter__(self): for tag in self.tags: yield tag class mock_arch: arch = "x64" setup_machinery(mock_machinery()) mock_task_machine = mock_task() mock_task_machine.machine = mock_machine() mock_task_machine.platform = mock_plat() mock_task_machine.tags = mock_tags() mock_task_machine.arch = mock_arch() analysis_man = AnalysisManager(task=mock_task_machine, error_queue=queue.Queue()) analysis_man.acquire_machine() assert analysis_man.machine.name == "mock_mach"
def test_build_options_false_pe(self, mocker, caplog): class mock_machine(object): resultserver_ip = "1.2.3.4" resultserver_port = "1337" mock_task_build_opts = mock_task() mock_task_build_opts.package = "foo" mock_task_build_opts.enforce_timeout = 1 mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01", "%m-%d-%Y %H:%M:%S") mock_task_build_opts.timeout = 10 analysis_man = AnalysisManager(task=mock_task_build_opts, error_queue=queue.Queue()) analysis_man.machine = mock_machine() mocker.patch( "lib.cuckoo.core.scheduler.File.get_type", return_value="PE32 executable (console) Intel 80386, for MS Windows" ) opts = analysis_man.build_options() opts["target"] = opts["target"].rsplit("/", 1)[-1] assert "PE type not recognised" in caplog.text
def test_build_options(self): class mock_machine(object): resultserver_ip = "1.2.3.4" resultserver_port = "1337" mock_task_build_opts = mock_task() mock_task_build_opts.package = "foo" mock_task_build_opts.options = "foo=bar" mock_task_build_opts.enforce_timeout = 1 mock_task_build_opts.clock = datetime.strptime("01-01-2099 09:01:01", "%m-%d-%Y %H:%M:%S") mock_task_build_opts.timeout = 10 analysis_man = AnalysisManager(task=mock_task_build_opts, error_queue=queue.Queue()) analysis_man.machine = mock_machine() opts = analysis_man.build_options() opts["target"] = opts["target"].split("/")[-1] assert opts == { "category": "file", "exports": "", "target": "test_scheduler.py", "package": "foo", "terminate_processes": False, "ip": "1.2.3.4", "clock": datetime(2099, 1, 1, 9, 1, 1), "port": "1337", "file_type": "Python script, ASCII text executable", "options": "foo=bar", "enforce_timeout": 1, "timeout": 10, "file_name": "test_scheduler.py", "curtain": False, "procmon": False, "sysmon": False, "id": 1234, "do_upload_max_size": 0, "upload_max_size": 100000000, }
def test_init(self): analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) assert analysis_man.cfg.cuckoo == { "freespace": 50000, "delete_original": False, "tmppath": "/tmp", "terminate_processes": False, "memory_dump": False, "delete_bin_copy": False, "max_machines_count": 10, "reschedule": False, "rooter": "/tmp/cuckoo-rooter", "machinery": "kvm", "delete_archive": True, "max_vmstartup_count": 5, "daydelta": 0, "max_analysis_count": 0, } assert analysis_man.task.id == 1234
def setUp(self): create_structure() self.anal = Dictionary() self.anal["id"] = "test-cuckoo-remove-me" self.a = AnalysisManager(self.anal)
def test_store_file_symlink(self, symlink): analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) assert analysis_man.store_file(sha256="e3be3b") is True
def test_store_file_no_dir(self, caplog): analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) assert analysis_man.store_file(sha256="e3be3b") is False assert "Unable to store file" in caplog.text
def test_store_file(self, create_store_file_dir): analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) assert analysis_man.store_file(sha256="e3") is True
class TestAnalysisManager: def setUp(self): create_structure() self.anal = Dictionary() self.anal["id"] = "test-cuckoo-remove-me" self.a = AnalysisManager(self.anal) def test_init_storage(self): self.a.init_storage() assert os.path.exists(self.a.analysis.results_folder) @raises(CuckooAnalysisError) def test_init_storage_error(self): self.a.analysis.results_folder = os.path.join( os.path.join(CUCKOO_ROOT, "storage", "analyses"), self.anal.id) os.mkdir(self.a.analysis.results_folder) self.a.init_storage() def test_store_file(self): file = tempfile.mkstemp()[1] self.anal["file_path"] = file self.a = AnalysisManager(self.anal) self.a.init_storage() self.a.store_file() bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e") assert_equals(bin_path, self.a.analysis.stored_file_path) assert os.path.exists(bin_path) os.remove(file) os.remove(bin_path) def test_store_file_delete_original(self): file = tempfile.mkstemp()[1] self.anal["file_path"] = file self.a = AnalysisManager(self.anal) self.a.init_storage() self.a.cfg.cuckoo.delete_original = True self.a.store_file() bin_path = os.path.join(CUCKOO_ROOT, "storage", "binaries", "d41d8cd98f00b204e9800998ecf8427e") assert not os.path.exists(file) os.remove(bin_path) def tearDown(self): shutil.rmtree(self.a.analysis.results_folder)
def test_init_storage(self, clean_init_storage): analysis_man = AnalysisManager(task=mock_task(), error_queue=queue.Queue()) analysis_man.init_storage() assert analysis_man.storage.rsplit("/", 1)[-1] == "1234"