Merge pull request #291 from ryanohoro/test_tastes

Master Merge and Fixes for Taste Tests / ScanSevenZip

src/python/strelka/scanners/common/password_cracking.py

@@ -128,6 +128,8 @@ def crack_john(
                     if match := re_password.match(line):
                         self.flags.append("cracked_by_wordlist")
                         return match.group("password")
+            else:
+                self.flags.append("wordlist_file_missing")
 
             if brute:
                 self.flags.append("incremental")

src/python/strelka/tests/test_scan_seven_zip.py

@@ -95,7 +95,7 @@ def test_scan_sevenzip_wordlist(mocker):
         options={
             "log_pws": True,
             "password_file": str(
-                Path(Path(__file__).parent / "fixtures/test_passwords.dat")
+                Path(Path(__file__).parent / "helpers/test_passwords.dat")
             ),
         },
     )
@@ -148,7 +148,7 @@ def test_scan_sevenzip_wordlist_filenames(mocker):
         options={
             "log_pws": True,
             "password_file": str(
-                Path(Path(__file__).parent / "fixtures/test_passwords.dat")
+                Path(Path(__file__).parent / "helpers/test_passwords.dat")
             ),
         },
     )

src/python/strelka/tests_configuration/test_scanner_assignment.py

@@ -8,8 +8,8 @@
 from strelka import strelka
 
 # Scanners that apply to all files (*) are not included
-test_assignments_expected = {
-    "test.7z": ["ScanLibarchive"],
+test_assignments_expected: dict = {
+    "test.7z": ["ScanSevenZip"],
     "test.b64": ["ScanUrl"],
     "test.bat": ["ScanBatch"],
     "test.bz2": ["ScanBzip2"],
@@ -96,13 +96,15 @@
     ],
     "test_lzx.cab": ["ScanLibarchive"],
     "test_manifest.json": ["ScanJson", "ScanManifest"],
+    "test_password.7z": ["ScanSevenZip"],
     "test_password.doc": ["ScanEncryptedZip", "ScanExiftool", "ScanOle", "ScanVba"],
     "test_password.docx": [
         "ScanEncryptedDoc",
         "ScanExiftool",
         "ScanOle",
         "ScanVba",
     ],
+    "test_password_brute.7z": ["ScanSevenZip"],
     "test_password_brute.doc": [
         "ScanEncryptedZip",
         "ScanExiftool",
@@ -115,6 +117,7 @@
         "ScanOle",
         "ScanVba",
     ],
+    "test_password_filenames.7z": ["ScanSevenZip"],
     "test_pe.b64": ["ScanBase64PE", "ScanUrl"],
     "test_pe_object.doc": [
         "ScanEncryptedZip",

src/python/strelka/tests_configuration/test_taste.py

@@ -82,16 +82,19 @@
         "mime": ["application/json"],
         "yara": ["browser_manifest", "json_file"],
     },
+    "test_password.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]},
     "test_password.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]},
     "test_password.docx": {
         "mime": ["application/encrypted"],
         "yara": ["encrypted_word_document", "olecf_file"],
     },
+    "test_password_brute.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]},
     "test_password_brute.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]},
     "test_password_brute.docx": {
         "mime": ["application/encrypted"],
         "yara": ["encrypted_word_document", "olecf_file"],
     },
+    "test_password_filenames.7z": {"mime": ["application/x-7z-compressed"], "yara": ["_7zip_file"]},
     "test_pe.b64": {"mime": ["text/plain"], "yara": ["base64_pe"]},
     "test_pe_object.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]},
     "test_pe_object_classic.doc": {"mime": ["application/msword"], "yara": ["olecf_file"]},