def test_find_targets_will_exclude_patterns(self):
p = set([r'no_.+_here'])
files = list(scan.find_targets(self.target_path, exclude_patterns=p))
matches = [x for x in files if 'no_malware_here' in x]
assert matches == [], matches
assert len(files) > 4, files
p = set([r'/'])
files = list(scan.find_targets(self.target_path, exclude_patterns=p))
assert files == [], files
def test_find_targets_will_exclude_patterns(self):
p = set([r'no_.+_here'])
files = list(scan.find_targets(self.target_path, exclude_patterns=p))
matches = [x for x in files if 'no_malware_here' in x]
assert matches == [], matches
assert len(files) > 4, files
p = set([r'/'])
files = list(scan.find_targets(self.target_path, exclude_patterns=p))
assert files == [], files
def test_normal_scan(self):
files = scan.find_targets(self.target_path)
malware, whitelisted = scan.scan_files(files, self.rules,
self.whitelist)
self.assertEqual(len(malware), 2)
self.assertEqual(len(whitelisted), 1)
def test_filter_extensions(self):
ext = ['php']
files = scan.find_targets(self.target_path, req_ext=ext)
malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist)
self.assertEqual(len(malware), 1)
self.assertEqual(len(whitelisted), 0)
def test_filter_extensions(self):
ext = ['php']
files = scan.find_targets(self.target_path, required_extensions=ext)
malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist)
self.assertEqual(len(malware), 1)
self.assertEqual(len(whitelisted), 0)
def test_external_rule_file(self):
files = scan.find_targets(self.target_path)
rules_path = os.path.join(self.fixture_path, 'rules-vanilla.yar')
self.rules, self.whitelist = self._load_file_rules(rules_path)
malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist)
self.assertEqual(len(malware), 2)
self.assertEqual(len(whitelisted), 0)
def test_external_rule_file(self):
files = scan.find_targets(self.target_path)
rules_path = os.path.join(self.fixture_path, 'rules-vanilla.yar')
self.rules, self.whitelist = self._load_file_rules(rules_path)
malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist)
self.assertEqual(len(malware), 2)
self.assertEqual(len(whitelisted), 0)
def test_scan_targets_for_new_files_only(self):
the_past = time.time() - 5
with open(self.new_file, 'w') as fh:
fh.write('BAD\n')
files = scan.find_targets(self.target_path, newer_than=the_past)
self.assertEqual(len(list(files)), 1)
os.unlink(self.new_file)
def test_that_symlinks_are_properly_followed(self):
paths = scan.find_targets(self.target_path, follow_symlinks=True)
files = list(map(os.path.basename, paths))
# py3 returns map whereas py2 returns list,
# map can only be iterated once
assert len(files) > 5, 'bogus files obj'
assert 'im_a_symlink' in files, \
'no symlink found in results'
assert 'recursive_symlink' not in files, \
'recursive symlink is included'
assert 'im_a_broken_symlink' not in files, \
'broken symlink is included'
def test_that_symlinks_are_properly_followed(self):
paths = scan.find_targets(self.target_path, follow_symlinks=True)
files = list(map(os.path.basename, paths))
# py3 returns map whereas py2 returns list,
# map can only be iterated once
assert len(files) > 5, 'bogus files obj'
assert 'im_a_symlink' in files, \
'no symlink found in results'
assert 'recursive_symlink' not in files, \
'recursive symlink is included'
assert 'im_a_broken_symlink' not in files, \
'broken symlink is included'
def test_scan_callback(self):
targets = scan.find_targets(self.target_path)
testcb = mock.MagicMock()
scan.scan_files(targets, self.rules, self.whitelist, testcb)
self.assertEqual(testcb.call_count, 2)
def test_scan_callback(self):
targets = scan.find_targets(self.target_path)
testcb = mock.MagicMock()
scan.scan_files(targets, self.rules, self.whitelist, testcb)
self.assertEqual(testcb.call_count, 2)
def test_normal_scan(self):
files = scan.find_targets(self.target_path)
malware, whitelisted = scan.scan_files(files, self.rules, self.whitelist)
self.assertEqual(len(malware), 2)
self.assertEqual(len(whitelisted), 1)
