mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4010 from wschaeferB/3964-testZipBomb-Rev2

Browse Source 
3964 test zip bomb rev2
This commit is contained in:
Richard Cordovano 2018-08-07 10:24:19 -04:00 committed by GitHub
commit c814e2622d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/build.xml
View File

@ -86,7 +86,7 @@
<target name="getTestDataFiles">
<mkdir dir="${basedir}/test/qa-functional/data"/>
<get src="https://drive.google.com/uc?id=1_xPSnp0UDOO9sIPpvdtW_dRtD5SW9EID" dest="${test-input}/EmbeddedIM_img2_v1.vhd" skipexisting="true"/>
<get src="https://drive.google.com/uc?id=1FkinvA7EFqP4nOSOyTAOli5KefM67ufA" dest="${test-input}/EmbeddedIM_img1_v2.vhd" skipexisting="true"/>
<get src="https://drive.google.com/uc?id=1JACMDyH4y54ypGzFWl82ZzMQf3qbrioP" dest="${test-input}/BitlockerDetection_img1_v1.vhd" skipexisting="true"/>
<get src="https://drive.google.com/uc?id=17sGybvmBGsWWJYo1IWKmO04oG9hKpPi3" dest="${test-input}/SqlCipherDetection_img1_v1.vhd" skipexisting="true"/>
<get src="https://drive.google.com/uc?id=0BxdBkzm5VKGNT0dGY0dqcHVsU3M" dest="${test-input}/IngestFilters_img1_v1.img" skipexisting="true"/>

34
Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/EmbeddedFileTest.java
View File

@ -47,7 +47,7 @@ import org.sleuthkit.datamodel.TskCoreException;
public class EmbeddedFileTest extends NbTestCase {
private static final String CASE_NAME = "EmbeddedFileTest";
private final Path IMAGE_PATH = Paths.get(this.getDataDir().toString(), "EmbeddedIM_img2_v1.vhd");
private final Path IMAGE_PATH = Paths.get(this.getDataDir().toString(), "EmbeddedIM_img1_v2.vhd");
public static final String HASH_VALUE = "098f6bcd4621d373cade4e832627b4f6";
private static final int DEEP_FOLDER_COUNT = 25;
private Case openCase;
@ -96,43 +96,45 @@ public class EmbeddedFileTest extends NbTestCase {
public void testEncryptionAndZipBomb() {
try {
List<AbstractFile> results = openCase.getSleuthkitCase().findAllFilesWhere("name LIKE '%%'");
String protectedName1 = "password_protected.zip";
String protectedName2 = "level1_protected.zip";
String protectedName3 = "42.zip";
String depthZipBomb = "DepthTriggerZipBomb.zip";
String ratioZipBomb = "RatioTriggerZipBomb.zip";
List<AbstractFile> results = openCase.getSleuthkitCase().findAllFilesWhere("name LIKE '%%'");
final String zipBombSetName = "Possible Zip Bomb";
final String protectedName1 = "password_protected.zip";
final String protectedName2 = "level1_protected.zip";
final String protectedName3 = "42.zip";
final String depthZipBomb = "DepthTriggerZipBomb.zip";
final String ratioZipBomb = "RatioTriggerZipBomb.zip";
int zipBombs = 0;
assertEquals(2221, results.size());
assertEquals("The number of files in the test image has changed", 2221, results.size());
int passwdProtectedZips = 0;
for (AbstractFile file : results) {
//.zip file has artifact TSK_ENCRYPTION_DETECTED
if (file.getName().equalsIgnoreCase(protectedName1) || file.getName().equalsIgnoreCase(protectedName2) || file.getName().equalsIgnoreCase(protectedName3)){
ArrayList<BlackboardArtifact> artifacts = file.getAllArtifacts();
assertEquals(1, artifacts.size());
assertEquals("Password protected zip file " + file.getName() + " has incorrect number of artifacts", 1, artifacts.size());
for (BlackboardArtifact artifact : artifacts) {
assertEquals(artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID());
assertEquals("Artifact for password protected zip file " + file.getName() + " has incorrect type ID", artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID());
passwdProtectedZips++;
}
} else if (file.getName().equalsIgnoreCase(depthZipBomb) || file.getName().equalsIgnoreCase(ratioZipBomb)){
ArrayList<BlackboardArtifact> artifacts = file.getAllArtifacts();
assertEquals(1, artifacts.size());
assertEquals("Zip bomb " + file.getName() + " has incorrect number of artifacts", 1, artifacts.size());
for (BlackboardArtifact artifact : artifacts) {
assertEquals(artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID());
assertEquals("Artifact for Zip bomb " + file.getName() + " has incorrect type ID", artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID());
BlackboardAttribute attribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME));
assertNotNull("Possible Zip Bomb", attribute);
assertNotNull("No attribute found for artifact on zip bomb " + file.getName(), attribute);
assertEquals("Interesting artifact on file, " + file.getName() + ", does not reflect it being a zip bomb", zipBombSetName, attribute.getDisplayString());
zipBombs++;
}
} else {//No other files have artifact defined
assertEquals(0, file.getAllArtifacts().size());
assertEquals("Unexpected file, " + file.getName() + ", has artifacts", 0, file.getAllArtifacts().size());
}
}
//Make sure 3 password protected zip files have been tested: password_protected.zip, level1_protected.zip and 42.zip that we download for bomb testing.
assertEquals(3, passwdProtectedZips);
assertEquals("Unexpected number of artifacts reflecting password protected zip files found", 3, passwdProtectedZips);
//Make sure 2 zip bomb files have been tested: DepthTriggerZipBomb.zip and RatioTriggerZipBomb.zip.
assertEquals(2, zipBombs);
assertEquals("Unexpected number of artifacts reflecting zip bombs found", 2, zipBombs);
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex);