def test_scan_benign_contents(db_session, monkeypatch, benign): monkeypatch.setattr(c, "fetch_url_content", pretend.call_recorder(lambda *a: pretend.stub())) monkeypatch.setattr( c, "extract_file_content", pretend.call_recorder( lambda *a: b"this is a benign string\n" + benign.encode("utf-8")), ) MalwareCheckFactory.create(name="SetupPatternCheck", state=MalwareCheckState.Enabled) check = c.SetupPatternCheck(db_session) file = FileFactory.create(packagetype="sdist") check.scan(obj=file, file_url=pretend.stub()) assert len(check._verdicts) == 1 assert check._verdicts[0].check_id == check.id assert check._verdicts[0].file_id == file.id assert check._verdicts[0].classification == VerdictClassification.Benign assert check._verdicts[0].confidence == VerdictConfidence.Low assert check._verdicts[ 0].message == "No malicious patterns found in setup.py"
def test_scan_matched_content(db_session, monkeypatch, malicious, rule): monkeypatch.setattr(c, "fetch_url_content", pretend.call_recorder(lambda *a: pretend.stub())) monkeypatch.setattr( c, "extract_file_content", pretend.call_recorder(lambda *a: b"this looks suspicious:\n" + malicious.encode("utf-8")), ) MalwareCheckFactory.create(name="SetupPatternCheck", state=MalwareCheckState.Enabled) check = c.SetupPatternCheck(db_session) file = FileFactory.create(packagetype="sdist") check.scan(obj=file, file_url=pretend.stub()) assert len(check._verdicts) == 1 assert check._verdicts[0].check_id == check.id assert check._verdicts[0].file_id == file.id threat_rules = {"process_spawn_in_setup", "subprocess_in_setup"} if set(rule.split(":")) & threat_rules: assert check._verdicts[ 0].classification == VerdictClassification.Threat else: assert check._verdicts[ 0].classification == VerdictClassification.Indeterminate assert check._verdicts[0].confidence == VerdictConfidence.High assert check._verdicts[0].message == rule
def test_initializes(db_session): check_model = MalwareCheckFactory.create(name="SetupPatternCheck", state=MalwareCheckState.Enabled) check = c.SetupPatternCheck(db_session) assert check.id == check_model.id assert isinstance(check._yara_rules, yara.Rules)
def test_scan_no_setup_contents(db_session, monkeypatch): monkeypatch.setattr( c, "fetch_url_content", pretend.call_recorder(lambda *a: pretend.stub()) ) monkeypatch.setattr( c, "extract_file_content", pretend.call_recorder(lambda *a: None) ) MalwareCheckFactory.create( name="SetupPatternCheck", state=MalwareCheckState.Enabled ) check = c.SetupPatternCheck(db_session) file = FileFactory.create(packagetype="sdist") check.scan(obj=file, file_url=pretend.stub()) assert len(check._verdicts) == 1 assert check._verdicts[0].check_id == check.id assert check._verdicts[0].file_id == file.id assert check._verdicts[0].classification == VerdictClassification.Indeterminate assert check._verdicts[0].confidence == VerdictConfidence.High assert ( check._verdicts[0].message == "sdist does not contain a suitable setup.py for analysis" )
def test_scan_missing_kwargs(db_session, obj, file_url): MalwareCheckFactory.create( name="SetupPatternCheck", state=MalwareCheckState.Enabled ) check = c.SetupPatternCheck(db_session) with pytest.raises(c.FatalCheckError): check.scan(obj=obj, file_url=file_url)
def test_scan_non_sdist(db_session): MalwareCheckFactory.create(name="SetupPatternCheck", state=MalwareCheckState.Enabled) check = c.SetupPatternCheck(db_session) file = FileFactory.create(packagetype="bdist_wheel") check.scan(obj=file, file_url=pretend.stub()) assert check._verdicts == []