assemblyline-v4-service 4.5.1.dev160__py3-none-any.whl → 4.5.1.dev163__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of assemblyline-v4-service might be problematic. Click here for more details.
- assemblyline_v4_service/VERSION +1 -1
- {assemblyline_v4_service-4.5.1.dev160.dist-info → assemblyline_v4_service-4.5.1.dev163.dist-info}/METADATA +1 -1
- {assemblyline_v4_service-4.5.1.dev160.dist-info → assemblyline_v4_service-4.5.1.dev163.dist-info}/RECORD +7 -7
- test/test_common/test_result.py +104 -23
- {assemblyline_v4_service-4.5.1.dev160.dist-info → assemblyline_v4_service-4.5.1.dev163.dist-info}/LICENCE.md +0 -0
- {assemblyline_v4_service-4.5.1.dev160.dist-info → assemblyline_v4_service-4.5.1.dev163.dist-info}/WHEEL +0 -0
- {assemblyline_v4_service-4.5.1.dev160.dist-info → assemblyline_v4_service-4.5.1.dev163.dist-info}/top_level.txt +0 -0
assemblyline_v4_service/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
4.5.1.
|
|
1
|
+
4.5.1.dev163
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
assemblyline_v4_service/VERSION,sha256=
|
|
1
|
+
assemblyline_v4_service/VERSION,sha256=m30ZVfs98gYzR6ydK0JvythChKump8MpzU4ce7lrW4A,13
|
|
2
2
|
assemblyline_v4_service/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
3
3
|
assemblyline_v4_service/healthz.py,sha256=sS1cFkDLw8hUPMpj7tbHXFv8ZmHcazrwZ0l6oQDwwkQ,1575
|
|
4
4
|
assemblyline_v4_service/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
@@ -35,11 +35,11 @@ test/test_common/test_helper.py,sha256=sO6YAiBhKTqaxlpLhFYDuy2ZdbuF2cg07Ylzo83Zz
|
|
|
35
35
|
test/test_common/test_ocr.py,sha256=mt_PgElgwQKJmNrp2nRVx9NjfMedVk40I6IV317vATI,1753
|
|
36
36
|
test/test_common/test_ontology_helper.py,sha256=KhHEBg_ecJyQbDw79NMT4FzUyA4C1Aak3HEQCwBfM2s,7914
|
|
37
37
|
test/test_common/test_request.py,sha256=Ceyds8BNO1O0f1kH1VEb84faJcaupvSjVKIrGdHexsc,11842
|
|
38
|
-
test/test_common/test_result.py,sha256=
|
|
38
|
+
test/test_common/test_result.py,sha256=6BiOKxEPrKBjOY44jv3TY-yiXm0qI1ok_CZBnjP9TM4,45447
|
|
39
39
|
test/test_common/test_task.py,sha256=P44mNcSe-3tJgDk9ppN3KbM7oN4LBVIuhONG-Gveh74,19007
|
|
40
40
|
test/test_common/test_utils.py,sha256=TbnBxqpS_ZC5ptXR9XJX3xtbItD0mTbtiBxxdyP8J5k,5904
|
|
41
|
-
assemblyline_v4_service-4.5.1.
|
|
42
|
-
assemblyline_v4_service-4.5.1.
|
|
43
|
-
assemblyline_v4_service-4.5.1.
|
|
44
|
-
assemblyline_v4_service-4.5.1.
|
|
45
|
-
assemblyline_v4_service-4.5.1.
|
|
41
|
+
assemblyline_v4_service-4.5.1.dev163.dist-info/LICENCE.md,sha256=NSkYo9EH8h5oOkzg4VhjAHF4339MqPP2cQ8msTPgl-c,1396
|
|
42
|
+
assemblyline_v4_service-4.5.1.dev163.dist-info/METADATA,sha256=T_zTMXtvCi-Qcj2pFxaB6mi9I8cfF4okfq4eVYCYgG8,9499
|
|
43
|
+
assemblyline_v4_service-4.5.1.dev163.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
|
|
44
|
+
assemblyline_v4_service-4.5.1.dev163.dist-info/top_level.txt,sha256=LpTOEaVCatkrvbVq3EZseMSIa2PQZU-2rhuO_FTpZgY,29
|
|
45
|
+
assemblyline_v4_service-4.5.1.dev163.dist-info/RECORD,,
|
test/test_common/test_result.py
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
from assemblyline.odm.messages.task import Task as ServiceTask
|
|
2
|
+
from assemblyline_v4_service.common.task import Task
|
|
3
|
+
from assemblyline_v4_service.common.result import (
|
|
4
|
+
BODY_FORMAT, DividerSectionBody, GraphSectionBody, Heuristic, ImageSectionBody, InvalidFunctionException,
|
|
5
|
+
InvalidHeuristicException, JSONSectionBody, KVSectionBody, MemorydumpSectionBody, MultiSectionBody,
|
|
6
|
+
OrderedKVSectionBody, ProcessItem, ProcessTreeSectionBody, Result, ResultAggregationException, ResultGraphSection,
|
|
7
|
+
ResultImageSection, ResultJSONSection, ResultKeyValueSection, ResultMemoryDumpSection, ResultMultiSection,
|
|
8
|
+
ResultOrderedKeyValueSection, ResultProcessTreeSection, ResultSection, ResultTableSection, ResultTextSection,
|
|
9
|
+
ResultTimelineSection, ResultURLSection, SectionBody, TableRow, TableSectionBody, TextSectionBody,
|
|
10
|
+
TimelineSectionBody, TypeSpecificResultSection, URLSectionBody, get_heuristic_primitives)
|
|
11
|
+
from assemblyline_v4_service.common.request import ServiceRequest
|
|
12
|
+
import pytest
|
|
1
13
|
import os
|
|
2
14
|
import tempfile
|
|
3
15
|
from test.test_common import TESSERACT_LIST, setup_module
|
|
@@ -6,13 +18,6 @@ from test.test_common import TESSERACT_LIST, setup_module
|
|
|
6
18
|
setup_module()
|
|
7
19
|
|
|
8
20
|
|
|
9
|
-
import pytest
|
|
10
|
-
from assemblyline_v4_service.common.request import ServiceRequest
|
|
11
|
-
from assemblyline_v4_service.common.result import *
|
|
12
|
-
from assemblyline_v4_service.common.task import Task
|
|
13
|
-
|
|
14
|
-
from assemblyline.odm.messages.task import Task as ServiceTask
|
|
15
|
-
|
|
16
21
|
@pytest.fixture
|
|
17
22
|
def heuristic():
|
|
18
23
|
return Heuristic(1)
|
|
@@ -595,11 +600,21 @@ def test_imagesectionbody_init(service_request):
|
|
|
595
600
|
@pytest.mark.skipif(len(TESSERACT_LIST) < 1, reason="Requires tesseract-ocr apt package")
|
|
596
601
|
def test_imagesectionbody_add_image(service_request):
|
|
597
602
|
isb = ImageSectionBody(service_request)
|
|
598
|
-
image_path = os.path.join(
|
|
603
|
+
image_path = os.path.join(
|
|
604
|
+
os.path.dirname(__file__),
|
|
605
|
+
"b32969aa664e3905c20f865cdd7b921f922678f5c3850c78e4c803fbc1757a8e")
|
|
599
606
|
|
|
600
607
|
# Basic
|
|
601
608
|
assert isb.add_image(image_path, "image_name", "description of image") is None
|
|
602
|
-
assert isb._data == [
|
|
609
|
+
assert isb._data == [
|
|
610
|
+
{'img': {
|
|
611
|
+
'name': 'image_name',
|
|
612
|
+
'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
|
|
613
|
+
'description': 'description of image'},
|
|
614
|
+
'thumb': {
|
|
615
|
+
'name': 'image_name.thumb',
|
|
616
|
+
'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
|
|
617
|
+
'description': 'description of image (thumbnail)'}}]
|
|
603
618
|
|
|
604
619
|
isb._data.clear()
|
|
605
620
|
|
|
@@ -607,8 +622,25 @@ def test_imagesectionbody_add_image(service_request):
|
|
|
607
622
|
ocr_heuristic_id = 1
|
|
608
623
|
_, path = tempfile.mkstemp()
|
|
609
624
|
ocr_io = open(path, "w")
|
|
610
|
-
assert isb.add_image(image_path, "image_name", "description of image", "TLP:A", ocr_heuristic_id,
|
|
611
|
-
|
|
625
|
+
assert isb.add_image(image_path, "image_name", "description of image", "TLP:A", ocr_heuristic_id,
|
|
626
|
+
ocr_io).body == '{"ransomware": ["YOUR FILES HAVE BEEN ENCRYPTED AND YOU WON\'T BE ABLE TO ' \
|
|
627
|
+
'DECRYPT THEM.", "YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS SOFTWARE ' \
|
|
628
|
+
'WILL ALLOW YOU TO RECOVER ALL OF YOUR DATA AND", "RANSOMWARE FROM YOUR ' \
|
|
629
|
+
'COMPUTER. THE PRICE OF THE SOFTWARE IS $.2..%.. PAYMENT CAN BE MADE IN ' \
|
|
630
|
+
'BITCOIN OR XMR.", "How 00! PAY, WHERE DO | GET BITCOIN OR XMR?", "YOURSELF ' \
|
|
631
|
+
'TO FIND OUT HOW TO BUY BITCOIN OR XMR.", "PAYMENT INFORMATION: SEND $15, ' \
|
|
632
|
+
'TO ONE OF OUR CRYPTO ADDRESSES, THEN SEND US EMAIL WITH PAYMENT", ' \
|
|
633
|
+
'"CONFIRMATION AND YOU\'LL GET THE DECRYPTION SOFTWARE IN EMAIL.", ' \
|
|
634
|
+
'"BTC ADDRESS : bciqsht77cpgw7kv420r4secmu88g34wvn96dsyc5s"]}'
|
|
635
|
+
assert isb._data == [
|
|
636
|
+
{'img': {
|
|
637
|
+
'name': 'image_name',
|
|
638
|
+
'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
|
|
639
|
+
'description': 'description of image'},
|
|
640
|
+
'thumb': {
|
|
641
|
+
'name': 'image_name.thumb',
|
|
642
|
+
'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
|
|
643
|
+
'description': 'description of image (thumbnail)'}}]
|
|
612
644
|
|
|
613
645
|
|
|
614
646
|
# Ensure that the image files added are marked as `is_image_section`
|
|
@@ -653,7 +685,8 @@ def test_timelinesectionbody_add_node():
|
|
|
653
685
|
|
|
654
686
|
tsb.add_node("title", "content", "opposite_content")
|
|
655
687
|
assert tsb._format == BODY_FORMAT.TIMELINE
|
|
656
|
-
assert tsb._data == [{'title': 'title', 'content': 'content',
|
|
688
|
+
assert tsb._data == [{'title': 'title', 'content': 'content',
|
|
689
|
+
'opposite_content': 'opposite_content', 'icon': None, 'signatures': [], 'score': 0}]
|
|
657
690
|
|
|
658
691
|
|
|
659
692
|
def test_resultsection_init():
|
|
@@ -710,7 +743,8 @@ def test_resultsection_init():
|
|
|
710
743
|
assert rs._body_format == BODY_FORMAT.GRAPH_DATA
|
|
711
744
|
assert rs._body_config == {}
|
|
712
745
|
assert rs.classification == 'TLP:AMBER'
|
|
713
|
-
assert get_heuristic_primitives(rs._heuristic) == {'heur_id': 1, 'score': 250, 'attack_ids': [
|
|
746
|
+
assert get_heuristic_primitives(rs._heuristic) == {'heur_id': 1, 'score': 250, 'attack_ids': [
|
|
747
|
+
'T1005'], 'signatures': {}, 'frequency': 1, 'score_map': {}}
|
|
714
748
|
assert rs._tags == {"a": "b"}
|
|
715
749
|
assert rs.zeroize_on_tag_safe is True
|
|
716
750
|
assert rs.auto_collapse is True
|
|
@@ -939,14 +973,16 @@ def test_resultsection_set_heuristic():
|
|
|
939
973
|
|
|
940
974
|
# Pass int heuristic
|
|
941
975
|
assert rs.set_heuristic(1) is None
|
|
942
|
-
assert get_heuristic_primitives(rs._heuristic) == {'heur_id': 1, 'score': 250, 'attack_ids': [
|
|
976
|
+
assert get_heuristic_primitives(rs._heuristic) == {'heur_id': 1, 'score': 250, 'attack_ids': [
|
|
977
|
+
'T1005'], 'signatures': {}, 'frequency': 1, 'score_map': {}}
|
|
943
978
|
|
|
944
979
|
rs._heuristic = None
|
|
945
980
|
|
|
946
981
|
# Pass Heuristic heuristic
|
|
947
982
|
heur = Heuristic(1)
|
|
948
983
|
assert rs.set_heuristic(heur) is None
|
|
949
|
-
assert get_heuristic_primitives(rs._heuristic) == {'heur_id': 1, 'score': 250, 'attack_ids': [
|
|
984
|
+
assert get_heuristic_primitives(rs._heuristic) == {'heur_id': 1, 'score': 250, 'attack_ids': [
|
|
985
|
+
'T1005'], 'signatures': {}, 'frequency': 1, 'score_map': {}}
|
|
950
986
|
|
|
951
987
|
# Try adding a heuristic again
|
|
952
988
|
with pytest.raises(InvalidHeuristicException):
|
|
@@ -957,13 +993,21 @@ def test_resultsection_set_heuristic():
|
|
|
957
993
|
# Set the Heuristic heuristic with attack ID and signature
|
|
958
994
|
heur = Heuristic(1)
|
|
959
995
|
assert rs.set_heuristic(heur, attack_id="T1001", signature="blah") is None
|
|
960
|
-
assert get_heuristic_primitives(
|
|
996
|
+
assert get_heuristic_primitives(
|
|
997
|
+
rs._heuristic) == {
|
|
998
|
+
'heur_id': 1, 'score': 250, 'attack_ids': ['T1005', 'T1001'],
|
|
999
|
+
'signatures': {"blah": 1},
|
|
1000
|
+
'frequency': 1, 'score_map': {}}
|
|
961
1001
|
|
|
962
1002
|
rs._heuristic = None
|
|
963
1003
|
|
|
964
1004
|
# Set the int heuristic with attack ID and signature
|
|
965
1005
|
assert rs.set_heuristic(1, attack_id="T1001", signature="blah") is None
|
|
966
|
-
assert get_heuristic_primitives(
|
|
1006
|
+
assert get_heuristic_primitives(
|
|
1007
|
+
rs._heuristic) == {
|
|
1008
|
+
'heur_id': 1, 'score': 250, 'attack_ids': ['T1005', 'T1001'],
|
|
1009
|
+
'signatures': {"blah": 1},
|
|
1010
|
+
'frequency': 1, 'score_map': {}}
|
|
967
1011
|
|
|
968
1012
|
|
|
969
1013
|
def test_resultsection_set_tags():
|
|
@@ -1241,7 +1285,15 @@ def test_resultimagesection_add_image(service_request):
|
|
|
1241
1285
|
|
|
1242
1286
|
# Basic
|
|
1243
1287
|
assert ris.add_image(image_path, "image_name", "description of image") is None
|
|
1244
|
-
assert ris.section_body._data == [{
|
|
1288
|
+
assert ris.section_body._data == [{
|
|
1289
|
+
'img':
|
|
1290
|
+
{'name': 'image_name',
|
|
1291
|
+
'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
|
|
1292
|
+
'description': 'description of image'},
|
|
1293
|
+
'thumb':
|
|
1294
|
+
{'name': 'image_name.thumb',
|
|
1295
|
+
'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
|
|
1296
|
+
'description': 'description of image (thumbnail)'}}]
|
|
1245
1297
|
|
|
1246
1298
|
ris = ResultImageSection(service_request, "title_text_as_str")
|
|
1247
1299
|
|
|
@@ -1250,8 +1302,15 @@ def test_resultimagesection_add_image(service_request):
|
|
|
1250
1302
|
_, path = tempfile.mkstemp()
|
|
1251
1303
|
ocr_io = open(path, "w")
|
|
1252
1304
|
assert ris.add_image(image_path, "image_name", "description of image", "TLP:A", ocr_heuristic_id, ocr_io) is None
|
|
1253
|
-
assert ris.section_body._data == [{
|
|
1254
|
-
|
|
1305
|
+
assert ris.section_body._data == [{
|
|
1306
|
+
'img':
|
|
1307
|
+
{'name': 'image_name',
|
|
1308
|
+
'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
|
|
1309
|
+
'description': 'description of image'},
|
|
1310
|
+
'thumb':
|
|
1311
|
+
{'name': 'image_name.thumb',
|
|
1312
|
+
'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
|
|
1313
|
+
'description': 'description of image (thumbnail)'}}]
|
|
1255
1314
|
|
|
1256
1315
|
ris = ResultImageSection(service_request, "title_text_as_str")
|
|
1257
1316
|
|
|
@@ -1259,8 +1318,28 @@ def test_resultimagesection_add_image(service_request):
|
|
|
1259
1318
|
ocr_heuristic_id = 1
|
|
1260
1319
|
_, path = tempfile.mkstemp()
|
|
1261
1320
|
ocr_io = open(path, "w")
|
|
1262
|
-
assert ris.add_image(image_path, "image_name", "description of image", "TLP:A", ocr_heuristic_id, ocr_io,
|
|
1263
|
-
|
|
1321
|
+
assert ris.add_image(image_path, "image_name", "description of image", "TLP:A", ocr_heuristic_id, ocr_io,
|
|
1322
|
+
auto_add_ocr_section=False).body == '{"ransomware": ["YOUR FILES HAVE BEEN ENCRYPTED AND ' \
|
|
1323
|
+
'YOU WON\'T BE ABLE TO DECRYPT THEM.", "YOU CAN BUY ' \
|
|
1324
|
+
'DECRYPTION SOFTWARE FROM US, THIS SOFTWARE WILL ALLOW ' \
|
|
1325
|
+
'YOU TO RECOVER ALL OF YOUR DATA AND", "RANSOMWARE FROM ' \
|
|
1326
|
+
'YOUR COMPUTER. THE PRICE OF THE SOFTWARE IS $.2..%.. ' \
|
|
1327
|
+
'PAYMENT CAN BE MADE IN BITCOIN OR XMR.", "How 00! PAY, ' \
|
|
1328
|
+
'WHERE DO | GET BITCOIN OR XMR?", "YOURSELF TO FIND OUT ' \
|
|
1329
|
+
'HOW TO BUY BITCOIN OR XMR.", "PAYMENT INFORMATION: ' \
|
|
1330
|
+
'SEND $15, TO ONE OF OUR CRYPTO ADDRESSES, THEN SEND ' \
|
|
1331
|
+
'US EMAIL WITH PAYMENT", "CONFIRMATION AND YOU\'LL GET ' \
|
|
1332
|
+
'THE DECRYPTION SOFTWARE IN EMAIL.", "BTC ADDRESS : ' \
|
|
1333
|
+
'bciqsht77cpgw7kv420r4secmu88g34wvn96dsyc5s"]}'
|
|
1334
|
+
assert ris.section_body._data == [{
|
|
1335
|
+
'img': {
|
|
1336
|
+
'name': 'image_name',
|
|
1337
|
+
'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
|
|
1338
|
+
'description': 'description of image'},
|
|
1339
|
+
'thumb': {
|
|
1340
|
+
'name': 'image_name.thumb',
|
|
1341
|
+
'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
|
|
1342
|
+
'description': 'description of image (thumbnail)'}}]
|
|
1264
1343
|
|
|
1265
1344
|
# Ensure that the image files added are marked as `is_image_section`
|
|
1266
1345
|
image_hashes = [img['sha256'] for img in ris.section_body._data[0].values()]
|
|
@@ -1281,7 +1360,9 @@ def test_resulttimelinesection_add_node():
|
|
|
1281
1360
|
|
|
1282
1361
|
rts.add_node("title", "content", "opposite_content")
|
|
1283
1362
|
assert rts.body_format == BODY_FORMAT.TIMELINE
|
|
1284
|
-
assert rts.section_body._data == [
|
|
1363
|
+
assert rts.section_body._data == [
|
|
1364
|
+
{'title': 'title', 'content': 'content',
|
|
1365
|
+
'opposite_content': 'opposite_content', 'icon': None, 'signatures': [], 'score': 0}]
|
|
1285
1366
|
|
|
1286
1367
|
|
|
1287
1368
|
def test_resultmultisection_init():
|
|
File without changes
|
|
File without changes
|
|
File without changes
|