assemblyline-v4-service 4.6.1.dev174__py3-none-any.whl → 4.6.1.dev176__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of assemblyline-v4-service might be problematic. Click here for more details.

Files changed (10) hide show
  1. assemblyline_v4_service/VERSION +1 -1
  2. assemblyline_v4_service/updater/helper.py +1 -1
  3. {assemblyline_v4_service-4.6.1.dev174.dist-info → assemblyline_v4_service-4.6.1.dev176.dist-info}/METADATA +1 -1
  4. {assemblyline_v4_service-4.6.1.dev174.dist-info → assemblyline_v4_service-4.6.1.dev176.dist-info}/RECORD +10 -10
  5. test/test_common/test_ocr.py +21 -19
  6. test/test_common/test_request.py +13 -25
  7. test/test_common/test_result.py +59 -45
  8. {assemblyline_v4_service-4.6.1.dev174.dist-info → assemblyline_v4_service-4.6.1.dev176.dist-info}/WHEEL +0 -0
  9. {assemblyline_v4_service-4.6.1.dev174.dist-info → assemblyline_v4_service-4.6.1.dev176.dist-info}/licenses/LICENCE.md +0 -0
  10. {assemblyline_v4_service-4.6.1.dev174.dist-info → assemblyline_v4_service-4.6.1.dev176.dist-info}/top_level.txt +0 -0
assemblyline_v4_service/VERSION CHANGED
@@ -1 +1 @@
1
- 4.6.1.dev174
1
+ 4.6.1.dev176
assemblyline_v4_service/updater/helper.py CHANGED
@@ -163,7 +163,7 @@ def url_download(source: Dict[str, Any], previous_update: int, logger: Logger, o
163
163
  format = ident_type.split('archive/')[-1]
164
164
 
165
165
  # Make sure identified format is supported by the library
166
- format = format if format in ["zip", "tar"] else None
166
+ format = {"zip": "zip", "tar": "tar", "gzip": "gztar"}.get(format)
167
167
  shutil.unpack_archive(file_path, extract_dir=extract_dir, format=format)
168
168
 
169
169
  return extract_dir
{assemblyline_v4_service-4.6.1.dev174.dist-info → assemblyline_v4_service-4.6.1.dev176.dist-info}/METADATA RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: assemblyline-v4-service
3
- Version: 4.6.1.dev174
3
+ Version: 4.6.1.dev176
4
4
  Summary: Assemblyline 4 - Service base
5
5
  Home-page: https://github.com/CybercentreCanada/assemblyline-v4-service/
6
6
  Author: CCCS Assemblyline development team
{assemblyline_v4_service-4.6.1.dev174.dist-info → assemblyline_v4_service-4.6.1.dev176.dist-info}/RECORD RENAMED
@@ -1,4 +1,4 @@
1
- assemblyline_v4_service/VERSION,sha256=EbxBEyOZ_dSv5suFza-J4T2HrLb4_ETNJ4-tUrTOO4Q,13
1
+ assemblyline_v4_service/VERSION,sha256=fSIbUEct3V93DEUYz2IKzFAuxeO3mihXcI4c70NPZX0,13
2
2
  assemblyline_v4_service/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
3
3
  assemblyline_v4_service/healthz.py,sha256=3QGBg0EZuXC6UN411HFwpLNEop9UvS9feFhvBUTP-k4,1576
4
4
  assemblyline_v4_service/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -22,9 +22,9 @@ assemblyline_v4_service/updater/__main__.py,sha256=9Os-u8Tf7MD73JSrUSPmOaErTgfve
22
22
  assemblyline_v4_service/updater/app.py,sha256=Mtmx4bkXfP4nFqqa5q15jW8QIXr4JK84lCovxAVyvPs,3317
23
23
  assemblyline_v4_service/updater/client.py,sha256=tLY84gaGdFBVIDaMgRHIEa7x2S8jBl7lQLzp4seC6aI,11200
24
24
  assemblyline_v4_service/updater/gunicorn_config.py,sha256=p3j2KPBeD5jvMw9O5i7vAtlRgPSVVxIG9AO0DfN82J8,1247
25
- assemblyline_v4_service/updater/helper.py,sha256=GeXrfuPQL0RB5IGcgvx30vcCEehUueorw6SMSExjE9Q,10751
25
+ assemblyline_v4_service/updater/helper.py,sha256=OTV6WA77wBDOSVWaxijNg-HpwvEwnZozH03S3Q4oUns,10764
26
26
  assemblyline_v4_service/updater/updater.py,sha256=XiqabDp89-t_J6C3U33R-RvA5lMIahFW_MsAVUGyXok,31876
27
- assemblyline_v4_service-4.6.1.dev174.dist-info/licenses/LICENCE.md,sha256=NSkYo9EH8h5oOkzg4VhjAHF4339MqPP2cQ8msTPgl-c,1396
27
+ assemblyline_v4_service-4.6.1.dev176.dist-info/licenses/LICENCE.md,sha256=NSkYo9EH8h5oOkzg4VhjAHF4339MqPP2cQ8msTPgl-c,1396
28
28
  test/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
29
29
  test/conftest.py,sha256=W3SieQpZsZpGEmtLqY4aIlxREDSsHceyCrFcFsWUM0U,1851
30
30
  test/test_healthz.py,sha256=DkeLUlrb7rGx3nZ04aADU9HXXu5mZTf_DBwT0xhzIv4,7
@@ -34,13 +34,13 @@ test/test_common/__init__.py,sha256=RkOm3vnVp5L947mD1jTo4bdOgLTZJ24_NX-kqfMn5a8,
34
34
  test/test_common/test_api.py,sha256=7wlo7wgB12T23zMLbwjJ3GIomLHqE_Qvs3xkibSsR1U,4902
35
35
  test/test_common/test_base.py,sha256=fuJSSlPxIDHq6HU1xbvaMFitw2z1spOZNHD2SJ4UUic,13346
36
36
  test/test_common/test_helper.py,sha256=sO6YAiBhKTqaxlpLhFYDuy2ZdbuF2cg07Ylzo83ZzQs,2575
37
- test/test_common/test_ocr.py,sha256=_z0VnwhMjxheudRbOustezIG3VUBXLiZMOuKLz50Ix0,1767
37
+ test/test_common/test_ocr.py,sha256=X_Y3c_yfRljD0o2SRUHuotKLTTX0lD5zW68mzQ7LKu4,1250
38
38
  test/test_common/test_ontology_helper.py,sha256=Q9-Eqeo8Ih7XlbFmlUAXCtgnfW8JCDqqlYFb56077h4,10331
39
- test/test_common/test_request.py,sha256=Ceyds8BNO1O0f1kH1VEb84faJcaupvSjVKIrGdHexsc,11842
40
- test/test_common/test_result.py,sha256=6BiOKxEPrKBjOY44jv3TY-yiXm0qI1ok_CZBnjP9TM4,45447
39
+ test/test_common/test_request.py,sha256=HiDU1n4Rjso_U0qDME4ohA_9j7rpfqLSD1-e2RfqDYs,11186
40
+ test/test_common/test_result.py,sha256=ZtLUddBDA_BTIjG3Jasbq78_AdEjCRe4cb85XLBwH5o,43585
41
41
  test/test_common/test_task.py,sha256=P44mNcSe-3tJgDk9ppN3KbM7oN4LBVIuhONG-Gveh74,19007
42
42
  test/test_common/test_utils.py,sha256=TbnBxqpS_ZC5ptXR9XJX3xtbItD0mTbtiBxxdyP8J5k,5904
43
- assemblyline_v4_service-4.6.1.dev174.dist-info/METADATA,sha256=m9zaoF4cUq42hr9s9qIib0eenp5zgqBbfsS75JbiG4E,5625
44
- assemblyline_v4_service-4.6.1.dev174.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
45
- assemblyline_v4_service-4.6.1.dev174.dist-info/top_level.txt,sha256=LpTOEaVCatkrvbVq3EZseMSIa2PQZU-2rhuO_FTpZgY,29
46
- assemblyline_v4_service-4.6.1.dev174.dist-info/RECORD,,
43
+ assemblyline_v4_service-4.6.1.dev176.dist-info/METADATA,sha256=_ldzkgtEFhAO5qM6OjXj4lJ1sUZQ-7RUG0pwhqftS1I,5625
44
+ assemblyline_v4_service-4.6.1.dev176.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
45
+ assemblyline_v4_service-4.6.1.dev176.dist-info/top_level.txt,sha256=LpTOEaVCatkrvbVq3EZseMSIa2PQZU-2rhuO_FTpZgY,29
46
+ assemblyline_v4_service-4.6.1.dev176.dist-info/RECORD,,
test/test_common/test_ocr.py CHANGED
@@ -1,29 +1,29 @@
1
1
  import os
2
- from test.test_common import TESSERACT_LIST
3
2
 
4
3
  import pytest
4
+ from assemblyline_v4_service.common.ocr import (
5
+ detections,
6
+ ocr_detections,
7
+ update_ocr_config,
8
+ )
9
+
10
+ from test.test_common import TESSERACT_LIST
5
11
 
6
- from assemblyline_v4_service.common.ocr import ocr_detections, detections, update_ocr_config
7
12
 
8
- @pytest.mark.skipif(len(TESSERACT_LIST) < 1, reason="Requires tesseract-ocr apt package")
13
+ @pytest.mark.skipif(
14
+ len(TESSERACT_LIST) < 1, reason="Requires tesseract-ocr apt package"
15
+ )
9
16
  def test_ocr_detections():
10
17
  update_ocr_config()
11
- file_path = os.path.join(os.path.dirname(__file__), "b32969aa664e3905c20f865cdd7b921f922678f5c3850c78e4c803fbc1757a8e")
18
+ file_path = os.path.join(
19
+ os.path.dirname(__file__),
20
+ "094177fc6c4642f12fbf6dce18f272227ace95576ff1765384902d2abebf09bf",
21
+ )
12
22
  assert ocr_detections(file_path) == {
13
- 'ransomware': [
14
- "YOUR FILES HAVE BEEN ENCRYPTED AND YOU WON'T BE ABLE TO "
15
- 'DECRYPT THEM.',
16
- 'YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS SOFTWARE WILL '
17
- 'ALLOW YOU TO RECOVER ALL OF YOUR DATA AND',
18
- 'RANSOMWARE FROM YOUR COMPUTER. THE PRICE OF THE SOFTWARE IS '
19
- '$.2..%.. PAYMENT CAN BE MADE IN BITCOIN OR XMR.',
20
- 'How 00! PAY, WHERE DO | GET BITCOIN OR XMR?',
21
- 'YOURSELF TO FIND OUT HOW TO BUY BITCOIN OR XMR.',
22
- 'PAYMENT INFORMATION: SEND $15, TO ONE OF OUR CRYPTO '
23
- 'ADDRESSES, THEN SEND US EMAIL WITH PAYMENT',
24
- "CONFIRMATION AND YOU'LL GET THE DECRYPTION SOFTWARE IN EMAIL.",
25
- "BTC ADDRESS : bciqsht77cpgw7kv420r4secmu88g34wvn96dsyc5s",
26
- ],
23
+ "ransomware": [
24
+ "YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS SOFTWARE WILL ALLOW YOU TO RECOVER ALL OF YOUR DATA AND",
25
+ "CONFIRMATION AND YOU'LL GET THE DECRYPTION KEY IN EMAIL.",
26
+ ]
27
27
  }
28
28
 
29
29
 
@@ -40,4 +40,6 @@ def test_detections():
40
40
  assert detections("blah\nrecover them\nblah") == {}
41
41
 
42
42
  # Containing two ransomware strings
43
- assert detections("blah\nrecover data\nblah\nencrypted data") == {"ransomware": ["recover data", "encrypted data"]}
43
+ assert detections("blah\nrecover data\nblah\nencrypted data") == {
44
+ "ransomware": ["recover data", "encrypted data"]
45
+ }
test/test_common/test_request.py CHANGED
@@ -1,7 +1,6 @@
1
1
  import os
2
2
  import tempfile
3
3
  from logging import Logger
4
- from test.test_common import TESSERACT_LIST, setup_module
5
4
 
6
5
  import pytest
7
6
  from assemblyline_v4_service.common.request import ServiceRequest
@@ -9,6 +8,7 @@ from assemblyline_v4_service.common.result import Result, get_heuristic_primitiv
9
8
  from assemblyline_v4_service.common.task import MaxExtractedExceeded, Task
10
9
 
11
10
  from assemblyline.odm.messages.task import Task as ServiceTask
11
+ from test.test_common import TESSERACT_LIST, setup_module
12
12
 
13
13
  # Ensure service manifest is instantiated before importing from OCR submodule
14
14
  setup_module()
@@ -112,19 +112,19 @@ def test_add_extracted(service_request):
112
112
  def test_add_image(service_request):
113
113
  image_path = os.path.join(
114
114
  os.path.dirname(__file__),
115
- "b32969aa664e3905c20f865cdd7b921f922678f5c3850c78e4c803fbc1757a8e")
115
+ "094177fc6c4642f12fbf6dce18f272227ace95576ff1765384902d2abebf09bf")
116
116
 
117
117
  # Basic
118
118
  assert service_request.add_image(image_path, "image_name", "description of image") == {
119
119
  'img': {
120
120
  'description': 'description of image',
121
121
  'name': 'image_name',
122
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329'
122
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f'
123
123
  },
124
124
  'thumb': {
125
125
  'description': 'description of image (thumbnail)',
126
126
  'name': 'image_name.thumb',
127
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901'
127
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8'
128
128
  }
129
129
  }
130
130
 
@@ -139,7 +139,7 @@ def test_add_image(service_request):
139
139
  'is_supplementary': True,
140
140
  'name': 'image_name',
141
141
  'parent_relation': 'INFORMATION',
142
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329'
142
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f'
143
143
  },
144
144
  {
145
145
  'allow_dynamic_recursion': False,
@@ -149,7 +149,7 @@ def test_add_image(service_request):
149
149
  'is_supplementary': True,
150
150
  'name': 'image_name.thumb',
151
151
  'parent_relation': 'INFORMATION',
152
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901'
152
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8'
153
153
  },
154
154
  ]
155
155
 
@@ -164,31 +164,19 @@ def test_add_image(service_request):
164
164
  assert data["img"] == {
165
165
  'description': 'description of image',
166
166
  'name': 'image_name',
167
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329'
167
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f'
168
168
  }
169
169
  assert data["thumb"] == {
170
170
  'description': 'description of image (thumbnail)',
171
171
  'name': 'image_name.thumb',
172
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901'
172
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8'
173
173
  }
174
174
  assert data["ocr_section"].__dict__["section_body"].__dict__ == {
175
175
  '_config': {},
176
176
  '_data': {
177
- 'ransomware': [
178
- "YOUR FILES HAVE BEEN ENCRYPTED AND YOU WON'T BE "
179
- 'ABLE TO DECRYPT THEM.',
180
- 'YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS '
181
- 'SOFTWARE WILL ALLOW YOU TO RECOVER ALL OF YOUR DATA '
182
- 'AND',
183
- 'RANSOMWARE FROM YOUR COMPUTER. THE PRICE OF THE '
184
- 'SOFTWARE IS $.2..%.. PAYMENT CAN BE MADE IN BITCOIN '
185
- 'OR XMR.',
186
- 'How 00! PAY, WHERE DO | GET BITCOIN OR XMR?',
187
- 'YOURSELF TO FIND OUT HOW TO BUY BITCOIN OR XMR.',
188
- 'PAYMENT INFORMATION: SEND $15, TO ONE OF OUR CRYPTO '
189
- 'ADDRESSES, THEN SEND US EMAIL WITH PAYMENT',
190
- "CONFIRMATION AND YOU'LL GET THE DECRYPTION SOFTWARE IN EMAIL.",
191
- "BTC ADDRESS : bciqsht77cpgw7kv420r4secmu88g34wvn96dsyc5s",
177
+ "ransomware": [
178
+ "YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS SOFTWARE WILL ALLOW YOU TO RECOVER ALL OF YOUR DATA AND",
179
+ "CONFIRMATION AND YOU'LL GET THE DECRYPTION KEY IN EMAIL.",
192
180
  ]
193
181
  },
194
182
  '_format': 'KEY_VALUE'
@@ -197,8 +185,8 @@ def test_add_image(service_request):
197
185
  heur_dict = get_heuristic_primitives(data["ocr_section"].__dict__["_heuristic"])
198
186
 
199
187
  assert heur_dict == {
200
- 'heur_id': 1, 'score': 1200, 'attack_ids': ['T1005'],
201
- 'signatures': {'ransomware_strings': 8},
188
+ 'heur_id': 1, 'score': 500, 'attack_ids': ['T1005'],
189
+ 'signatures': {'ransomware_strings': 2},
202
190
  'frequency': 0, 'score_map': {}}
203
191
 
204
192
  assert service_request.temp_submission_data == {}
test/test_common/test_result.py CHANGED
@@ -1,17 +1,50 @@
1
- from assemblyline.odm.messages.task import Task as ServiceTask
2
- from assemblyline_v4_service.common.task import Task
3
- from assemblyline_v4_service.common.result import (
4
- BODY_FORMAT, DividerSectionBody, GraphSectionBody, Heuristic, ImageSectionBody, InvalidFunctionException,
5
- InvalidHeuristicException, JSONSectionBody, KVSectionBody, MemorydumpSectionBody, MultiSectionBody,
6
- OrderedKVSectionBody, ProcessItem, ProcessTreeSectionBody, Result, ResultAggregationException, ResultGraphSection,
7
- ResultImageSection, ResultJSONSection, ResultKeyValueSection, ResultMemoryDumpSection, ResultMultiSection,
8
- ResultOrderedKeyValueSection, ResultProcessTreeSection, ResultSection, ResultTableSection, ResultTextSection,
9
- ResultTimelineSection, ResultURLSection, SectionBody, TableRow, TableSectionBody, TextSectionBody,
10
- TimelineSectionBody, TypeSpecificResultSection, URLSectionBody, get_heuristic_primitives)
11
- from assemblyline_v4_service.common.request import ServiceRequest
12
- import pytest
13
1
  import os
14
2
  import tempfile
3
+
4
+ import pytest
5
+ from assemblyline_v4_service.common.request import ServiceRequest
6
+ from assemblyline_v4_service.common.result import (
7
+ BODY_FORMAT,
8
+ DividerSectionBody,
9
+ GraphSectionBody,
10
+ Heuristic,
11
+ ImageSectionBody,
12
+ InvalidFunctionException,
13
+ InvalidHeuristicException,
14
+ JSONSectionBody,
15
+ KVSectionBody,
16
+ MemorydumpSectionBody,
17
+ MultiSectionBody,
18
+ OrderedKVSectionBody,
19
+ ProcessItem,
20
+ ProcessTreeSectionBody,
21
+ Result,
22
+ ResultAggregationException,
23
+ ResultGraphSection,
24
+ ResultImageSection,
25
+ ResultJSONSection,
26
+ ResultKeyValueSection,
27
+ ResultMemoryDumpSection,
28
+ ResultMultiSection,
29
+ ResultOrderedKeyValueSection,
30
+ ResultProcessTreeSection,
31
+ ResultSection,
32
+ ResultTableSection,
33
+ ResultTextSection,
34
+ ResultTimelineSection,
35
+ ResultURLSection,
36
+ SectionBody,
37
+ TableRow,
38
+ TableSectionBody,
39
+ TextSectionBody,
40
+ TimelineSectionBody,
41
+ TypeSpecificResultSection,
42
+ URLSectionBody,
43
+ get_heuristic_primitives,
44
+ )
45
+ from assemblyline_v4_service.common.task import Task
46
+
47
+ from assemblyline.odm.messages.task import Task as ServiceTask
15
48
  from test.test_common import TESSERACT_LIST, setup_module
16
49
 
17
50
  # Ensure service manifest is instantiated before importing from OCR submodule
@@ -602,18 +635,18 @@ def test_imagesectionbody_add_image(service_request):
602
635
  isb = ImageSectionBody(service_request)
603
636
  image_path = os.path.join(
604
637
  os.path.dirname(__file__),
605
- "b32969aa664e3905c20f865cdd7b921f922678f5c3850c78e4c803fbc1757a8e")
638
+ "094177fc6c4642f12fbf6dce18f272227ace95576ff1765384902d2abebf09bf")
606
639
 
607
640
  # Basic
608
641
  assert isb.add_image(image_path, "image_name", "description of image") is None
609
642
  assert isb._data == [
610
643
  {'img': {
611
644
  'name': 'image_name',
612
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
645
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f',
613
646
  'description': 'description of image'},
614
647
  'thumb': {
615
648
  'name': 'image_name.thumb',
616
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
649
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8',
617
650
  'description': 'description of image (thumbnail)'}}]
618
651
 
619
652
  isb._data.clear()
@@ -623,23 +656,15 @@ def test_imagesectionbody_add_image(service_request):
623
656
  _, path = tempfile.mkstemp()
624
657
  ocr_io = open(path, "w")
625
658
  assert isb.add_image(image_path, "image_name", "description of image", "TLP:A", ocr_heuristic_id,
626
- ocr_io).body == '{"ransomware": ["YOUR FILES HAVE BEEN ENCRYPTED AND YOU WON\'T BE ABLE TO ' \
627
- 'DECRYPT THEM.", "YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS SOFTWARE ' \
628
- 'WILL ALLOW YOU TO RECOVER ALL OF YOUR DATA AND", "RANSOMWARE FROM YOUR ' \
629
- 'COMPUTER. THE PRICE OF THE SOFTWARE IS $.2..%.. PAYMENT CAN BE MADE IN ' \
630
- 'BITCOIN OR XMR.", "How 00! PAY, WHERE DO | GET BITCOIN OR XMR?", "YOURSELF ' \
631
- 'TO FIND OUT HOW TO BUY BITCOIN OR XMR.", "PAYMENT INFORMATION: SEND $15, ' \
632
- 'TO ONE OF OUR CRYPTO ADDRESSES, THEN SEND US EMAIL WITH PAYMENT", ' \
633
- '"CONFIRMATION AND YOU\'LL GET THE DECRYPTION SOFTWARE IN EMAIL.", ' \
634
- '"BTC ADDRESS : bciqsht77cpgw7kv420r4secmu88g34wvn96dsyc5s"]}'
659
+ ocr_io).body == '{"ransomware": ["YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS SOFTWARE WILL ALLOW YOU TO RECOVER ALL OF YOUR DATA AND", "CONFIRMATION AND YOU\'LL GET THE DECRYPTION KEY IN EMAIL."]}'
635
660
  assert isb._data == [
636
661
  {'img': {
637
662
  'name': 'image_name',
638
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
663
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f',
639
664
  'description': 'description of image'},
640
665
  'thumb': {
641
666
  'name': 'image_name.thumb',
642
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
667
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8',
643
668
  'description': 'description of image (thumbnail)'}}]
644
669
 
645
670
 
@@ -1281,18 +1306,18 @@ def test_resultimagesection_add_image(service_request):
1281
1306
  ris = ResultImageSection(service_request, "title_text_as_str")
1282
1307
 
1283
1308
  image_path = os.path.join(os.path.dirname(__file__),
1284
- "b32969aa664e3905c20f865cdd7b921f922678f5c3850c78e4c803fbc1757a8e")
1309
+ "094177fc6c4642f12fbf6dce18f272227ace95576ff1765384902d2abebf09bf")
1285
1310
 
1286
1311
  # Basic
1287
1312
  assert ris.add_image(image_path, "image_name", "description of image") is None
1288
1313
  assert ris.section_body._data == [{
1289
1314
  'img':
1290
1315
  {'name': 'image_name',
1291
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
1316
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f',
1292
1317
  'description': 'description of image'},
1293
1318
  'thumb':
1294
1319
  {'name': 'image_name.thumb',
1295
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
1320
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8',
1296
1321
  'description': 'description of image (thumbnail)'}}]
1297
1322
 
1298
1323
  ris = ResultImageSection(service_request, "title_text_as_str")
@@ -1305,11 +1330,11 @@ def test_resultimagesection_add_image(service_request):
1305
1330
  assert ris.section_body._data == [{
1306
1331
  'img':
1307
1332
  {'name': 'image_name',
1308
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
1333
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f',
1309
1334
  'description': 'description of image'},
1310
1335
  'thumb':
1311
1336
  {'name': 'image_name.thumb',
1312
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
1337
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8',
1313
1338
  'description': 'description of image (thumbnail)'}}]
1314
1339
 
1315
1340
  ris = ResultImageSection(service_request, "title_text_as_str")
@@ -1319,26 +1344,15 @@ def test_resultimagesection_add_image(service_request):
1319
1344
  _, path = tempfile.mkstemp()
1320
1345
  ocr_io = open(path, "w")
1321
1346
  assert ris.add_image(image_path, "image_name", "description of image", "TLP:A", ocr_heuristic_id, ocr_io,
1322
- auto_add_ocr_section=False).body == '{"ransomware": ["YOUR FILES HAVE BEEN ENCRYPTED AND ' \
1323
- 'YOU WON\'T BE ABLE TO DECRYPT THEM.", "YOU CAN BUY ' \
1324
- 'DECRYPTION SOFTWARE FROM US, THIS SOFTWARE WILL ALLOW ' \
1325
- 'YOU TO RECOVER ALL OF YOUR DATA AND", "RANSOMWARE FROM ' \
1326
- 'YOUR COMPUTER. THE PRICE OF THE SOFTWARE IS $.2..%.. ' \
1327
- 'PAYMENT CAN BE MADE IN BITCOIN OR XMR.", "How 00! PAY, ' \
1328
- 'WHERE DO | GET BITCOIN OR XMR?", "YOURSELF TO FIND OUT ' \
1329
- 'HOW TO BUY BITCOIN OR XMR.", "PAYMENT INFORMATION: ' \
1330
- 'SEND $15, TO ONE OF OUR CRYPTO ADDRESSES, THEN SEND ' \
1331
- 'US EMAIL WITH PAYMENT", "CONFIRMATION AND YOU\'LL GET ' \
1332
- 'THE DECRYPTION SOFTWARE IN EMAIL.", "BTC ADDRESS : ' \
1333
- 'bciqsht77cpgw7kv420r4secmu88g34wvn96dsyc5s"]}'
1347
+ auto_add_ocr_section=False).body == '{"ransomware": ["YOU CAN BUY DECRYPTION SOFTWARE FROM US, THIS SOFTWARE WILL ALLOW YOU TO RECOVER ALL OF YOUR DATA AND", "CONFIRMATION AND YOU\'LL GET THE DECRYPTION KEY IN EMAIL."]}'
1334
1348
  assert ris.section_body._data == [{
1335
1349
  'img': {
1336
1350
  'name': 'image_name',
1337
- 'sha256': '09bf99ab5431af13b701a06dc2b04520aea9fd346584fa2a034d6d4af0c57329',
1351
+ 'sha256': 'f52a9f1cf33e800e804c100908206525d794f15a92d9637dc03226a84e26810f',
1338
1352
  'description': 'description of image'},
1339
1353
  'thumb': {
1340
1354
  'name': 'image_name.thumb',
1341
- 'sha256': '1af0e0d99845493b64cf402b3704170f17ecf15001714016e48f9d4854218901',
1355
+ 'sha256': '00b5239a2d010b64e2a35fae38671bdda44c60cc4008af361d98bb1d12a845e8',
1342
1356
  'description': 'description of image (thumbnail)'}}]
1343
1357
 
1344
1358
  # Ensure that the image files added are marked as `is_image_section`