mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-09 06:39:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4447 from dgrove727/4579_ZipBombTestFix

Browse Source 
Tweaked SevenZipExtractor; uncommented test.
This commit is contained in:
Richard Cordovano 2019-01-10 13:10:54 -05:00 committed by GitHub
commit f3785cc1c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 47 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013-2018 Basis Technology Corp.
* Copyright 2013-2019 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -258,7 +258,7 @@ class SevenZipExtractor {
org.sleuthkit.datamodel.Blackboard tskBlackboard = tskCase.getBlackboard();
// Create artifact if it doesn't already exist.
if (!tskBlackboard.artifactExists(archiveFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
BlackboardArtifact artifact = archiveFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
BlackboardArtifact artifact = rootArchive.getArchiveFile().newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
artifact.addAttributes(attributes);
try {

90
Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/EmbeddedFileTest.java
View File

@ -90,51 +90,51 @@ public class EmbeddedFileTest extends NbTestCase {
CaseUtils.closeCurrentCase();
}
// public void testEncryptionAndZipBomb() {
// try {
// List<AbstractFile> results = openCase.getSleuthkitCase().findAllFilesWhere("name LIKE '%%'");
// final String zipBombSetName = "Possible Zip Bomb";
// final String protectedName1 = "password_protected.zip";
// final String protectedName2 = "level1_protected.zip";
// final String protectedName3 = "42.zip";
// final String depthZipBomb = "DepthTriggerZipBomb.zip";
// final String ratioZipBomb = "RatioTriggerZipBomb.zip";
// int zipBombs = 0;
// assertEquals("The number of files in the test image has changed", 2221, results.size());
// int passwdProtectedZips = 0;
// for (AbstractFile file : results) {
// //.zip file has artifact TSK_ENCRYPTION_DETECTED
// if (file.getName().equalsIgnoreCase(protectedName1) || file.getName().equalsIgnoreCase(protectedName2) || file.getName().equalsIgnoreCase(protectedName3)) {
// ArrayList<BlackboardArtifact> artifacts = file.getAllArtifacts();
// assertEquals("Password protected zip file " + file.getName() + " has incorrect number of artifacts", 1, artifacts.size());
// for (BlackboardArtifact artifact : artifacts) {
// assertEquals("Artifact for password protected zip file " + file.getName() + " has incorrect type ID", artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID());
// passwdProtectedZips++;
// }
// } else if (file.getName().equalsIgnoreCase(depthZipBomb) || file.getName().equalsIgnoreCase(ratioZipBomb)) {
// ArrayList<BlackboardArtifact> artifacts = file.getAllArtifacts();
// assertEquals("Zip bomb " + file.getName() + " has incorrect number of artifacts", 1, artifacts.size());
// for (BlackboardArtifact artifact : artifacts) {
// assertEquals("Artifact for Zip bomb " + file.getName() + " has incorrect type ID", artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID());
// BlackboardAttribute attribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME));
// assertNotNull("No attribute found for artifact on zip bomb " + file.getName(), attribute);
// assertEquals("Interesting artifact on file, " + file.getName() + ", does not reflect it being a zip bomb", zipBombSetName, attribute.getDisplayString());
// zipBombs++;
// }
// } else {//No other files have artifact defined
// assertEquals("Unexpected file, " + file.getName() + ", has artifacts", 0, file.getAllArtifacts().size());
// }
//
// }
// //Make sure 3 password protected zip files have been tested: password_protected.zip, level1_protected.zip and 42.zip that we download for bomb testing.
// assertEquals("Unexpected number of artifacts reflecting password protected zip files found", 3, passwdProtectedZips);
// //Make sure 2 zip bomb files have been tested: DepthTriggerZipBomb.zip and RatioTriggerZipBomb.zip.
// assertEquals("Unexpected number of artifacts reflecting zip bombs found", 2, zipBombs);
// } catch (TskCoreException ex) {
// Exceptions.printStackTrace(ex);
// Assert.fail(ex.getMessage());
// }
// }
public void testEncryptionAndZipBomb() {
try {
List<AbstractFile> results = openCase.getSleuthkitCase().findAllFilesWhere("name LIKE '%%'");
final String zipBombSetName = "Possible Zip Bomb";
final String protectedName1 = "password_protected.zip";
final String protectedName2 = "level1_protected.zip";
final String protectedName3 = "42.zip";
final String depthZipBomb = "DepthTriggerZipBomb.zip";
final String ratioZipBomb = "RatioTriggerZipBomb.zip";
int zipBombs = 0;
assertEquals("The number of files in the test image has changed", 2221, results.size());
int passwdProtectedZips = 0;
for (AbstractFile file : results) {
//.zip file has artifact TSK_ENCRYPTION_DETECTED
if (file.getName().equalsIgnoreCase(protectedName1) || file.getName().equalsIgnoreCase(protectedName2) || file.getName().equalsIgnoreCase(protectedName3)) {
ArrayList<BlackboardArtifact> artifacts = file.getAllArtifacts();
assertEquals("Password protected zip file " + file.getName() + " has incorrect number of artifacts", 1, artifacts.size());
for (BlackboardArtifact artifact : artifacts) {
assertEquals("Artifact for password protected zip file " + file.getName() + " has incorrect type ID", artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID());
passwdProtectedZips++;
}
} else if (file.getName().equalsIgnoreCase(depthZipBomb) || file.getName().equalsIgnoreCase(ratioZipBomb)) {
ArrayList<BlackboardArtifact> artifacts = file.getAllArtifacts();
assertEquals("Zip bomb " + file.getName() + " has incorrect number of artifacts", 1, artifacts.size());
for (BlackboardArtifact artifact : artifacts) {
assertEquals("Artifact for Zip bomb " + file.getName() + " has incorrect type ID", artifact.getArtifactTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID());
BlackboardAttribute attribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME));
assertNotNull("No attribute found for artifact on zip bomb " + file.getName(), attribute);
assertEquals("Interesting artifact on file, " + file.getName() + ", does not reflect it being a zip bomb", zipBombSetName, attribute.getDisplayString());
zipBombs++;
}
} else {//No other files have artifact defined
assertEquals("Unexpected file, " + file.getName() + ", has artifacts", 0, file.getAllArtifacts().size());
}
}
//Make sure 3 password protected zip files have been tested: password_protected.zip, level1_protected.zip and 42.zip that we download for bomb testing.
assertEquals("Unexpected number of artifacts reflecting password protected zip files found", 3, passwdProtectedZips);
//Make sure 2 zip bomb files have been tested: DepthTriggerZipBomb.zip and RatioTriggerZipBomb.zip.
assertEquals("Unexpected number of artifacts reflecting zip bombs found", 2, zipBombs);
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex.getMessage());
}
}
public void testBigFolder() {
final int numOfFilesToTest = 1000;