Python L示例

示例#1

文件： test_sorted.py 项目： binref/refinery

 def test_sorting_by_size(self):
     results = list(
         L('emit A AA B ABA C ABABABB CD EFEW A BVB')[L('sorted -a size')])
     self.assertEqual(results, [
         B'A', B'A', B'B', B'C', B'AA', B'CD', B'ABA', B'BVB', B'EFEW',
         B'ABABABB'
     ])

示例#2

 def test_warzone_sample(self):
     data = self.download_sample(
         '4537fab9de768a668ab4e72ae2cce3169b7af2dd36a1723ddab09c04d31d61a5')
     pipeline = L('vsect .bss') | L('struct I{key:{}}{}')[
         L('rc4 eat:key')
         | L('struct I{host:{}}{port:H} {host:u16}:{port}')]
     self.assertEqual(str(data | pipeline), '165.22.5' '.' '66:1111')

示例#3

文件： test_multibin.py 项目： larsborn/refinery

 def test_subtraction_range(self):
     data = B'\xC0\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F'
     data = data + self.generate_random_buffer(50)
     sub1 = L('put k x::1 [') | L('sub add[var:k]:range::10 ]')
     sub2 = L('sub   x::1  ') | L('sub range::10')
     out1 = bytes(sub1(data))
     out2 = bytes(sub2(data))
     self.assertEqual(out1, out2)

示例#4

    def test_depth3(self):
        p = L('snip :3 3 4 5:')[  # noqa
            L('scope 1:3') | L('rex .')[  # noqa
                L('rep 3')[L('ccp X')]  # noqa
            ]  # noqa
        ]  # noqa

        self.assertEqual(B'AAAXBXBXBXCXCXCDDD', p(B'AAABCDDD'))

示例#5

    def test_example_02_hawkeye_config(self):
        data = self.download_from_malshare('ee790d6f09c2292d457cbe92729937e06b3e21eb6b212bf2e32386ba7c2ff22c')
        rsrc = L('perc RCDATA')(data)

        pipeline = L('xtp guid') [
            L('PBKDF2 48 rep[8]:H:00') | self.ldu('cca', rsrc) | L('aes CBC x::32 --iv=x::16 -Q')
        ] | L('dnds')

        result = json.loads(pipeline(data))
        config = result[2]['Data']['Members']

        self.assertEqual(config['_EmailServer'], F'mail{"."}bandaichemical{"."}com')
        self.assertEqual(config['_EmailUsername'], F'cv{"@"}bandaichemical{"."}com')
        self.assertEqual(config['_EmailPassword'], F'kingqqqqqq1164')
        self.assertEqual(config['_EmailPort'], 587)

示例#6

 def test_vnc_backdoor_sample(self):
     data = self.download_sample(
         '6d9e2f54382ea697203d714424caefdacf1524c001efbaa7c33320738301808d')
     pipe = L(
         'vsnip 0x00403020: | xor h:760000006E00 | jcalg | carve-pe | xtp')
     result = data | pipe | {str}
     self.assertSetEqual(result, {'185.82.202' '.132:443'})

示例#7

文件： test_xtdoc.py 项目： larsborn/refinery

 def test_maldoc(self):
     data = self.download_sample(
         '969ff75448ea54feccc0d5f652e00172af8e1848352e9a5877d705fc97fa0238')
     pipeline = L('xtdoc', 'WordDoc') | L('push') \
         [ L('drp')
         | L('pop', 'junk')
         | L('repl', 'var:junk')
         | L('carve', '-ds', 'b64')
         | L('u16')
         | L('deob-ps1')
         | L('repl', 'var:junk', 'http')
         | L('xtp', 'url')
         ]
     c2s = pipeline(data)
     self.assertIn(B'http://depannage-vehicule-maroc'
                   B'.com/wp-admin/c/', c2s)

示例#8

文件： test_iff.py 项目： binref/refinery

 def test_filter_by_size(self):
     pl = L('emit Tim Ada Jake Elisabeth James Meredith') [ self.load('size > 3') | L('cull') | L('sep') ]
     self.assertEqual(pl(), B'\n'.join([
         B'Jake',
         B'Elisabeth',
         B'James',
         B'Meredith'
     ]))

示例#9

 def test_multiple_pops(self):
     data = B'$a = "foo"; $b = "bar"; $c = "baz"; decode-decode("XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", $a, $b, $c)'
     pl = L(
         'push [[| carve -dm5 string | pop foo bar baz ]| carve -sd string | cfmt {foo}-{bar}-{baz}-{} ]'
     )
     result = pl(data)
     self.assertEqual(result,
                      B'foo-bar-baz-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')

示例#10

 def test_documentation_example_04(self):
     p = L('emit aaaaaaaa namtaB')[  # noqa
         L('scope 0') | L('rex .')[  # noqa
             L('ccp N')  # noqa
         ] | L('scope 1') | L('rev') | L('sep -')  # noqa
     ]
     self.assertEqual(B'NaNaNaNaNaNaNaNa-Batman', p(B''))

示例#11

 def test_real_world_01(self):
     u = self.ldu
     encoded = (
         B'''3018152148501567213310184800633409362144880559105294049701126311246081131975615343153231062913116111'''
         B'''1811157103091659005342125241030117185058391257506811185641455415793050760678905403191251022718260080'''
         B'''7906431133491248306004123002146510940169690710820141169320955312014120171102115059068660995810412198'''
         B'''2616881062361714809255109191754708061112151124515802166780656805937169201403509433094710978206187056'''
         B'''2218138176051220720074069511229205186057281368405973054061286713377066441598840591412906137750687906'''
         B'''4041396607792051271161313019124720712811569074680757406931112780654609788055291148605702141810628505'''
         B'''8151284909456087890549404926117480955908477066171262212153090600834110276067051380014345098520912112'''
         B'''2241190813511132231202511818125031403011344099331108705657086800634310034109011420913464079540893910'''
         B'''4470969005365078580853510871072121313211155088071361612710133620813710651092820619305073070401034210'''
         B'''1700736108238105500938306036107630802012367076910524001430513808135271167207124119480954609725118261'''
         B'''1783060490948006355088131302012370073291143410911132710725209182061211224310017126311126607719124590'''
         B'''8460083860575009354089740698805569074161279005364079321115309035108401031812509134770666308092051560'''
         B'''8742101371066807584059750686707610133510927307091052361073810533110580851412944099810629305007136760'''
         B'''6785058391040214112131151286507879064780654110262081570860613789054610829404903140281154709601142450'''
         B'''9822121301130413987056231204''')
     decoded = (
         B'''wMIc  'prOcess'   "cALl"  crEAtE   "powErsHell  -NoNiNtErAC -NoPrOFi -WIn 00000000000000000000000000'''
         B'''0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000'''
         B'''0000000000000000000000000000000000000000000000000000000000000000000000000000000000000'''
     )
     pl = L('chop 0x01DC')[  # noqa
         L('chop 5 -t')[  # noqa
             L('sorted') | L('snip 2:') | L('sep')  # noqa
         ] | L('pack 10') | L('blockop --dec -sN B-S')  # noqa
     ]
     self.assertEqual(decoded, pl(encoded))

示例#12

 def test_stream_mode(self):
     with tempfile.TemporaryDirectory() as root:
         path = os.path.join(root, 'test')
         dump = self.load(path, stream=True)
         data = self.generate_random_buffer(1024)
         with io.BytesIO(data) as stream:
             list(stream | L('chop 32')[dump])
         self.assertTrue(os.path.exists(path))
         with open(path, 'rb') as result:
             self.assertEqual(result.read(), data)

示例#13

文件： test_frame.py 项目： reanimat0r/refinery

 def test_simple_frame(self):
     chunks = [B'A' * k for k in (0x14, 0x154, 0x81, 0x12031, 0x1311, 0x8012)]
     buffer = io.BytesIO()
     for chunk in (io.BytesIO(B'\n'.join(chunks)) | L('resplit [')):
         buffer.write(chunk)
     buffer.seek(0)
     expected = []
     unpacked = FrameUnpacker(buffer)
     while unpacked.nextframe():
         expected.extend(c for c in unpacked)
     self.assertEqual(chunks, expected)

示例#14

文件： test_xfcc.py 项目： binref/refinery

 def test_01(self):
     pipeline = L('emit ABDF AEC ABE [| rex . [| xfcc ]]')
     results = {bytes(chunk): chunk['count'] for chunk in pipeline}
     self.assertEqual(results, {
         B'A': 3,
         B'B': 2,
         B'C': 1,
         B'D': 1,
         B'E': 2,
         B'F': 1,
     })

示例#15

文件： test_peek.py 项目： binref/refinery

 def test_encoding_metavars(self):
     pfmt = 'emit s: [| put test "s:{}" | peek -m ]'
     for value, requires_prefix in {
             'b64:b64:b64': True,
             'accu:@msvc': True,
             'u[:!krz--dk': False,
             'ftp://t.com': False,
     }.items():
         with errbuf() as stderr:
             prefix = 's:' * requires_prefix
             L(pfmt.format(value))()
             self.assertIn(F'test = {prefix}{value}', stderr.getvalue())

示例#16

 def test_panic(self):
     data = B'BINARY REFINERY REFINES BINARIES FINER THAN BINARY TOOLS'
     pp = L('aes -R CBC range:16 --iv rep[16]:H:AC') | L(
         'ccp rep[16]:H:AC') | L('aes CBC range:16 --iv x::16')
     self.assertEqual(pp(data), data)

示例#17

文件： test_push.py 项目： larsborn/refinery

 def test_variable_in_modifier(self):
     pl = L('push [[') | L('pop x ]') | L('cca cca[cca[var:x]:Q]:T') | L(
         'rev ]]')
     self.assertEqual(pl(B'x'), B'xQTx')

示例#18

文件： test_resplit.py 项目： larsborn/refinery

 def test_count_restriction(self):
     pl = L('emit eeny,meeny,miny,moe') | L('resplit -c1 ,')
     self.assertEqual(pl(), B'eeny\nmeeny,miny,moe')

示例#19

    def test_example_01_maldoc(self):
        data = self.download_from_malshare('81a1fca7a1fb97fe021a1f2cf0bf9011dd2e72a5864aad674f8fea4ef009417b')

        # flake8: noqa
        pipeline = L('xlxtr 9.5:11.5 15.15 12.5:14.5') [
            L('scope -n 3') | L('chop -t 5') [
                L('sorted') | L('snip 2:') | L('sep')
            ]| L('pack 10') | L('blockop --dec -sN B-S')
        ]| L('carveb64z') | L('deob_ps1') | L('carveb64z') | L('deob_ps1') | L('xtp -f domain')

        with BytesIO(data) as sample:
            c2servers = set(sample | pipeline)

        self.assertSetEqual(
            c2servers,
            set(c2 % 0x2E for c2 in {
                b'udatapost%cred',
                b'marvellstudio%conline',
                b'sdkscontrol%cpw',
                b'abrakam%csite',
                b'hiteronak%cicu',
                b'ublaznze%conline',
                b'sutsyiekha%ccasa',
                b'makretplaise%cxyz',
            })
        )

示例#20

文件： test_push.py 项目： larsborn/refinery

 def test_simple_variable_01(self):
     pl = L('emit "FOO BAR" [') | L('push') | L('snip :4') | L(
         'pop oof') | L('nop') | L('ccp var:oof ]')  # noqa
     self.assertEqual(pl(), B'FOO FOO BAR')

示例#21

文件： test_iffx.py 项目： binref/refinery

 def test_filter_identifier_letters(self):
     pl = L('emit range::256') | L('chop 1')[self.load('\\w') | L('cull')]
     self.assertEqual(
         pl(),
         B'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz')

示例#22

文件： test_push.py 项目： larsborn/refinery

 def test_push_pop_in_frame(self):
     pl = L('rex . [') | L('push [') | L('pop copy ]') | L('swap copy ]')
     self.assertEqual(pl(B'foobar'), B'foobar')

示例#23

文件： test_resplit.py 项目： larsborn/refinery

 def test_change_separator(self):
     pl = L('emit eeny,meeny,miny,moe') | L('resplit (,) [') | L('scope 1::2') | L('cfmt - ]')
     self.assertEqual(pl(), B'eeny-meeny-miny-moe')

示例#24

文件： test_iff.py 项目： binref/refinery

 def test_pick_only_odd_items(self):
     pl = L('emit Marry had a little lamb.') [ self.load('index % 2 == 0') | L('cull') | L('sep " "') ]
     self.assertEqual(pl(), B'Marry a lamb.')

示例#25

 def test_clipboard_copy(self):
     copy = self.load()
     with temporary_clipboard():
         L('emit Too much technology')[copy]()
         self.assertEqual(pyperclip.paste(), 'Too')

示例#26

文件： test_iff.py 项目： binref/refinery

 def test_comparison_01(self):
     pl = L('emit A BB C D EEE') [ self.load('size', '-ge', '2') ]
     self.assertEqual(pl(), B'BBEEE')

示例#27

文件： test_put.py 项目： larsborn/refinery

 def test_pop_variable(self):
     pl = L('emit AB CD EF [') | L('put k x::1') | L('sub xvar:k ]')
     self.assertEqual(pl(), B'\x01\x01\x01')

示例#28

文件： test_push.py 项目： larsborn/refinery

 def test_variable_outside_modifier(self):
     pl = L('push [[') | L('pop x ]') | L('cca T') | L('cca var:x') | L(
         'rev ]')
     self.assertEqual(pl(B'x'), B'xTx')

示例#29

文件： test_iff.py 项目： binref/refinery

 def test_comparison_02(self):
     pl = L('emit A BB C D EEE') [ self.load('size', '-lt', '2') ]
     self.assertEqual(pl(), B'ACD')

示例#30

文件： test_put.py 项目： larsborn/refinery

 def test_simple_variable_01(self):
     pl = L('emit "FOO BAR" [') | L('put ff rep[5]:copy::1') | L('nop') | L(
         'ccp var:ff ]')  # noqa
     self.assertEqual(pl(), B'FFFFFFOO BAR')