gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-12 15:49:46 -08:00
Code Issues Packages Projects Releases Wiki Activity

fixtures: add tests demonstrating extraction of features from ELF files

Browse Source
This commit is contained in:
William Ballenthin
2021-08-11 09:29:05 -06:00
parent 753b003107
commit 05f8e2445a
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/fixtures.py
View File

@@ -203,6 +203,8 @@ def get_data_path_by_name(name):
return os.path.join(CD, "data", "773290480d5445f11d3dc1b800728966.exe_")
elif name.startswith("3b13b"):
return os.path.join(CD, "data", "3b13b6f1d7cd14dc4a097a12e2e505c0a4cff495262261e2bfc991df238b9b04.dll_")
elif name == "7351f.elf":
return os.path.join(CD, "data", "7351f8a40c5450557b24622417fc478d.elf_")
else:
raise ValueError("unexpected sample fixture: %s" % name)
@@ -248,6 +250,8 @@ def get_sample_md5_by_name(name):
elif name.startswith("3b13b"):
# file name is SHA256 hash
return "56a6ffe6a02941028cc8235204eef31d"
elif name == "7351f.elf":
return "7351f8a40c5450557b24622417fc478d"
else:
raise ValueError("unexpected sample fixture: %s" % name)
@@ -515,6 +519,11 @@ FEATURE_PRESENCE_TESTS = sorted(
("pma16-01", "file", CHARACTERISTIC_ELF, False),
("pma16-01", "function=0x404356", CHARACTERISTIC_PE, True),
("pma16-01", "function=0x404356,bb=0x4043B9", CHARACTERISTIC_PE, True),
# elf support
("7351f.elf", "file", CHARACTERISTIC_LINUX, True),
("7351f.elf", "file", CHARACTERISTIC_ELF, True),
("7351f.elf", "function=0x408753", capa.features.common.String("/dev/null"), True),
("7351f.elf", "function=0x408753,bb=0x408781", capa.features.insn.API("open"), True),
],
# order tests by (file, item)
# so that our LRU cache is most effective.

7
tests/test_pefile_features.py
View File

@@ -20,9 +20,12 @@ import capa.features.file
)
def test_pefile_features(sample, scope, feature, expected):
if scope.__name__ != "file":
pytest.xfail("pefile only extract file scope features")
pytest.xfail("pefile only extracts file scope features")
if isinstance(feature, capa.features.file.FunctionName):
pytest.xfail("pefile only doesn't extract function names")
pytest.xfail("pefile doesn't extract function names")
if ".elf" in sample:
pytest.xfail("pefile doesn't handle ELF files")
fixtures.do_test_feature_presence(fixtures.get_pefile_extractor, sample, scope, feature, expected)