def do_perform_test(self, caplog, sample, expected): thug = ThugAPI() thug.set_useragent('winxpie70') thug.set_threshold(2) thug.disable_cert_logging() thug.set_features_logging() thug.set_ssl_verify() thug.log_init(sample) thug.reset_customclassifiers() thug.add_customclassifier('url', self.catchall) thug.reset_customclassifiers() thug.add_customclassifier('html', self.catchall) thug.add_customclassifier('url', self.catchall) thug.add_customclassifier('js', self.catchall) thug.add_customclassifier('vbs', self.catchall) thug.add_customclassifier('sample', self.catchall) thug.add_customclassifier('cookie', self.catchall) thug.add_customclassifier('text', self.catchall) thug.add_htmlclassifier( os.path.join(self.signatures_path, "html_signature_1.yar")) thug.add_jsclassifier( os.path.join(self.signatures_path, "js_signature_2.yar")) thug.add_urlclassifier( os.path.join(self.signatures_path, "url_signature_3.yar")) thug.add_urlfilter( os.path.join(self.signatures_path, "url_filter_4.yar")) thug.add_textclassifier( os.path.join(self.signatures_path, "text_signature_5.yar")) thug.add_vbsclassifier( os.path.join(self.signatures_path, "vbs_signature_6.yar")) thug.add_urlclassifier( os.path.join(self.signatures_path, "url_signature_7.yar")) thug.add_urlclassifier( os.path.join(self.signatures_path, "url_signature_13.yar")) thug.run_local(sample) records = [r.message for r in caplog.records] matches = 0 for e in expected: for record in records: if e in record: matches += 1 assert matches >= len(expected)