def test_scanner_null_environemnt():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.set_scanner(version="1.0.0",
                        polyswarmclient_version="2.0.2",
                        signatures_version="2019",
                        vendor_version="1.0.0")
    # assert
    Verdict.validate(json.loads(verdict.json()))
def test_scanner_no_vendor_version():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.set_scanner(operating_system="windows",
                        architecture="x86",
                        version="1.0.0",
                        polyswarmclient_version="2.0.2",
                        signatures_version="2019")
    # assert
    Verdict.validate(json.loads(verdict.json()))
def test_scanner_invalid_psc_version():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # assert
    with pytest.raises(ValueError):
        # act
        verdict.set_scanner(operating_system="windows",
                            architecture="x86",
                            version="1.0.0",
                            polyswarmclient_version="asdf",
                            signatures_version="2019",
                            vendor_version="1.0.0")
        Verdict.validate(json.loads(verdict.json()))
def test_validate_two_domains_at_once():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.add_domains(['polyswarm.io', 'polyswarm.network'])
    # assert
    assert Verdict.validate(json.loads(verdict.json()))
def test_validate_two_ip_at_once():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.add_ip_addresses(['192.168.0.1', '8.8.8.8'])
    # assert
    assert Verdict.validate(json.loads(verdict.json()))
def test_validate_extra_object():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.add_extra("new_key", {"other_key": "string_value"})
    # assert
    assert Verdict.validate(json.loads(verdict.json()))
def test_extra_array_scanner():
    # arrange
    blob = {
        "malware_family":
        "Eicar",
        "domains": ["polyswarm.io"],
        "ip_addresses": ["192.168.0.1"],
        "stix": [{
            "schema":
            "oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json",
            "signature": "a0"
        }],
        "scanner": {
            "extra": ["test"],
            "version": "1.0.0",
            "polyswarmclient_version": "2.0.2",
            "signatures_version": "2019",
            "vendor_version": "1.0.0",
            "environment": {
                "operating_system": "windows",
                "architecture": "x86"
            }
        },
    }
    # assert
    assert Verdict.validate(blob)
def test_validate_domains():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.add_domain('polyswarm.io')
    # assert
    assert Verdict.validate(json.loads(verdict.json()))
def test_validate_ip():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.add_ip_address('192.168.0.1')
    # assert
    assert Verdict.validate(json.loads(verdict.json()))
def test_validate_with_family():
    # arrange
    verdict = Verdict()
    verdict.set_malware_family("Eicar")
    # assert
    blob = verdict.json()
    # act
    assert Verdict.validate(json.loads(blob))
def test_validate_two_extra_at_once():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.add_extras([("new_key", "string_value"),
                        ("new_key1", {
                            "other_key": "string_value"
                        })])
    # assert
    assert Verdict.validate(json.loads(verdict.json()))
def test_validate_stix_object():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")
    # act
    verdict.add_stix_signature(
        'oasis-open/cti-stix2-json-schemas/master/schemas/common/kill-chain-phase.json',
        {
            "kill_chain_name": 'asdf',
            "phase_name": "full"
        })
    # assert
    assert Verdict.validate(json.loads(verdict.json()))
def test_empty_scanner():
    # arrange
    blob = {
        "malware_family":
        "Eicar",
        "domains": ["polyswarm.io"],
        "ip_addresses": ["192.168.0.1"],
        "stix": [{
            "schema":
            "oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json",
            "signature": "a0"
        }],
        "scanner": {}
    }
    # assert
    assert Verdict.validate(blob)
def test_validate_all_output():
    # arrange
    verdict = Verdict().set_malware_family("Eicar")\
        .add_domain('polyswarm.io')\
        .add_ip_address('192.168.0.1')\
        .add_stix_signature(
        'oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json',
        "a0"
        ) \
        .set_scanner(operating_system="windows", architecture="x86", version="1.0.0", polyswarmclient_version="2.0.2",
                     signatures_version="2019", vendor_version="1.0.0")\
        .add_extra("new_key", {"other_key": "string_value"})\
        .add_extra("new_key1", ["string_value"])\
        .add_extra("new_key2", "string_value")

    result = {
        "malware_family":
        "Eicar",
        "domains": ["polyswarm.io"],
        "ip_addresses": ["192.168.0.1"],
        "stix": [{
            "schema":
            "oasis-open/cti-stix2-json-schemas/master/schemas/common/hex.json",
            "signature": "a0"
        }],
        "scanner": {
            "version": "1.0.0",
            "polyswarmclient_version": "2.0.2",
            "signatures_version": "2019",
            "vendor_version": "1.0.0",
            "environment": {
                "operating_system": "windows",
                "architecture": "x86"
            }
        },
        "new_key": {
            "other_key": "string_value",
        },
        "new_key1": ["string_value"],
        "new_key2":
        "string_value"
    }
    # act
    blob = json.loads(verdict.json())
    # assert
    assert Verdict.validate(blob)
    assert blob == result
示例#15
0
    async def scan(self, guid, artifact_type, content, metadata, chain):
        """Scan an artifact

        Args:
            guid (str): GUID of the bounty under analysis, use to track artifacts in the same bounty
            artifact_type (ArtifactType): Artifact type for the bounty being scanned
            content (bytes): Content of the artifact to be scan
            metadata (dict) Dict of metadata for the artifact
            chain (str): Chain we are operating on
        Returns:
            ScanResult: Result of this scan
        """
        results = await asyncio.gather(*[
            backend.scan(guid, artifact_type, content, chain)
            for backend in self.backends
        ])

        # Unpack the results
        bits = [r.bit for r in results]
        verdicts = [r.verdict for r in results]
        confidences = [r.confidence for r in results]
        metadatas = [r.metadata for r in results]

        asserted_confidences = [c for b, c in zip(bits, confidences) if b]
        avg_confidence = sum(asserted_confidences) / len(asserted_confidences)

        # author responsible for distilling multiple metadata values into a value for ScanResult
        metadata = metadatas[0]
        try:
            metadatas = [
                json.loads(metadata) for metadata in metadatas
                if metadata and Verdict.validate(json.loads(metadata))
            ]
            if metadatas:
                metadata = Verdict().set_malware_family(metadatas[0].get(
                    'malware_family', '')).json()
        except json.JSONDecodeError:
            logger.exception(f'Error decoding sub metadata')

        return ScanResult(bit=any(bits),
                          verdict=any(verdicts),
                          confidence=avg_confidence,
                          metadata=metadata)
def test_none_stix_list():
    # arrange
    blob = {
        "malware_family": "Eicar",
        "domains": ["polyswarm.io"],
        "ip_addresses": ["192.168.0.1"],
        "stix": None,
        "scanner": {
            "extra": "test",
            "version": "1.0.0",
            "polyswarmclient_version": "2.0.2",
            "signatures_version": "2019",
            "vendor_version": "1.0.0",
            "environment": {
                "operating_system": "windows",
                "architecture": "x86"
            }
        },
    }
    # assert
    assert Verdict.validate(blob)
示例#17
0
 def __post_init__(self):
     if not VerdictMetadata.validate(self.metadata):
         raise ValueError