-
Notifications
You must be signed in to change notification settings - Fork 411
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
43 changed files
with
1,010 additions
and
411 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# Nektos act runs tests as root. Without this environment variable | ||
# being set, CAPE exits at line 10 of web/web/settings.py, | ||
# and no tests are run. | ||
|
||
--env CAPE_AS_ROOT=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
name: 'Python setup steps that can be reused' | ||
description: 'Install dependencies, poetry, requirements' | ||
inputs: | ||
python-version: | ||
required: true | ||
description: The python version | ||
|
||
runs: | ||
using: "composite" | ||
steps: | ||
- name: Install dependencies | ||
if: ${{ runner.os == 'Linux' }} | ||
shell: bash | ||
run: | | ||
sudo apt update && sudo apt-get install -y --no-install-recommends libxml2-dev libxslt-dev python3-dev libgeoip-dev ssdeep libfuzzy-dev p7zip-full innoextract unrar upx | ||
- name: Install poetry | ||
shell: bash | ||
run: pip install poetry | ||
|
||
- name: Set up Python ${{ inputs.python-version }} | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ inputs.python-version }} | ||
cache: 'poetry' | ||
|
||
- name: Install requirements | ||
shell: bash | ||
run: | | ||
poetry install --no-interaction --no-root |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,6 +9,7 @@ on: | |
|
||
jobs: | ||
update: | ||
if: ${{ !github.event.act }} # skip during local actions testing | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 5 | ||
strategy: | ||
|
@@ -17,13 +18,13 @@ jobs: | |
|
||
steps: | ||
- name: Check out repository code | ||
uses: actions/checkout@v3 | ||
uses: actions/checkout@v4 | ||
|
||
- name: Install poetry | ||
run: pip install poetry | ||
|
||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v4 | ||
uses: actions/setup-python@v5 | ||
with: | ||
# check-latest: true | ||
python-version: ${{ matrix.python-version }} | ||
|
@@ -33,6 +34,8 @@ jobs: | |
run: poetry export --format requirements.txt --output requirements.txt | ||
|
||
- name: Commit changes if any | ||
# Skip this step if being run by nektos/act | ||
if: ${{ !env.ACT }} | ||
run: | | ||
git config user.name "GitHub Actions" | ||
git config user.email "[email protected]" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,8 +14,8 @@ jobs: | |
|
||
steps: | ||
- name: Check out repository code | ||
uses: actions/checkout@v3 | ||
uses: actions/checkout@v4 | ||
|
||
- uses: pypa/[email protected] | ||
with: | ||
inputs: . | ||
inputs: requirements.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Python tests on windows | ||
|
||
env: | ||
COLUMNS: 120 | ||
|
||
on: | ||
push: | ||
branches: [ master, staging ] | ||
pull_request: | ||
branches: [ master, staging ] | ||
|
||
jobs: | ||
test: | ||
runs-on: windows-latest | ||
timeout-minutes: 20 | ||
strategy: | ||
matrix: | ||
python-version: ["3.10", "3.11"] | ||
|
||
steps: | ||
- name: Check out repository code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
cache: 'pip' | ||
|
||
- name: Install pytest | ||
run: pip install pytest | ||
|
||
- name: Run unit tests | ||
run: | | ||
cd analyzer/windows | ||
pytest -v . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,37 +16,21 @@ jobs: | |
strategy: | ||
matrix: | ||
python-version: ["3.10", "3.11"] | ||
|
||
steps: | ||
- name: Check out repository code | ||
uses: actions/checkout@v3 | ||
uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
|
||
- name: Checkout test files repo | ||
uses: actions/checkout@v3 | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: CAPESandbox/CAPE-TestFiles | ||
path: tests/data/ | ||
|
||
- name: Install dependencies | ||
run: | | ||
sudo apt update && sudo apt-get install libxml2-dev libxslt-dev python3-dev libgeoip-dev ssdeep libfuzzy-dev p7zip-full innoextract unrar upx | ||
- name: Install poetry | ||
run: pip install poetry | ||
|
||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v4 | ||
- uses: ./.github/actions/python-setup/ | ||
with: | ||
# check-latest: true | ||
python-version: ${{ matrix.python-version }} | ||
cache: 'poetry' | ||
|
||
- name: Install requirements | ||
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' | ||
run: | | ||
poetry install --no-interaction --no-root | ||
|
||
- name: Install pyattck | ||
run: | | ||
|
@@ -58,18 +42,18 @@ jobs: | |
- name: Run unit tests | ||
run: poetry run python -m pytest --import-mode=append | ||
|
||
# Test parsers only if any parser changed | ||
- uses: dorny/paths-filter@v2 | ||
- name: See if any parser changed | ||
uses: dorny/paths-filter@v3 | ||
id: changes | ||
with: | ||
filters: | | ||
src: | ||
- 'modules/processing/parsers/CAPE/*.py' | ||
- if: steps.changes.outputs.src == 'true' | ||
- name: Test parsers only if any parser changed | ||
if: steps.changes.outputs.src == 'true' | ||
run: poetry run python -m pytest tests_parsers -s --import-mode=append | ||
|
||
# Todo unify in future | ||
format: | ||
runs-on: ubuntu-latest | ||
timeout-minutes: 20 | ||
|
@@ -80,25 +64,12 @@ jobs: | |
|
||
steps: | ||
- name: Check out repository code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Install dependencies | ||
run: | | ||
sudo apt-get install libxml2-dev libxslt-dev python3-dev libgeoip-dev ssdeep libfuzzy-dev | ||
uses: actions/checkout@v4 | ||
|
||
- name: Install poetry | ||
run: pip install poetry | ||
|
||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v4 | ||
- name: Set up python | ||
uses: ./.github/actions/python-setup | ||
with: | ||
check-latest: true | ||
python-version: ${{ matrix.python-version }} | ||
cache: 'poetry' | ||
- name: Install requirements | ||
if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true' | ||
run: | | ||
poetry install --no-interaction --no-root | ||
|
||
- name: Format with black | ||
run: poetry run black . | ||
|
@@ -108,6 +79,8 @@ jobs: | |
run: poetry run isort . | ||
|
||
- name: Commit changes if any | ||
# Skip this step if being run by nektos/act | ||
if: ${{ !env.ACT }} | ||
run: | | ||
git config user.name "GitHub Actions" | ||
git config user.email "[email protected]" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
rule DarkGate | ||
{ | ||
meta: | ||
author = "enzok" | ||
description = "DarkGate config" | ||
cape_options = "bp0=$config2+3,action0=dump:edx::1025,count=0,typestring=DarkGate Config" | ||
hash = "c1d35921f4fc3bac681a3d5148f517dc0ec90ab8c51e267c8c6cd5b1ca3dc085" | ||
strings: | ||
$part1 = {8B 55 ?? 8A 4D ?? 80 E1 3F C1 E1 02 8A 5D ?? 80 E3 30 81 E3 FF [3] C1 EB 04 02 CB 88 4C 10 FF FF 45 ?? 80 7D ?? 40} | ||
$part2 = {8B 55 ?? 8A 4D ?? 80 E1 0F C1 E1 04 8A 5D ?? 80 E3 3C 81 E3 FF [3] C1 EB 02 02 CB 88 4C 10 FF FF 45 ?? 80 7D ?? 40} | ||
$part3 = {8B 55 ?? 8A 4D ?? 80 E1 03 C1 E1 06 8A 5D ?? 80 E3 3F 02 CB 88 4C 10 FF FF 45} | ||
$alphabet = "zLAxuU0kQKf3sWE7ePRO2imyg9GSpVoYC6rhlX48ZHnvjJDBNFtMd1I5acwbqT+=" | ||
$config1 = {B9 01 04 00 00 E8 [4] 8D 45} | ||
$config2 = {8B 55 ?? 8D 45 ?? E8 [4] 8D 45 ?? 5? B? 06 00 00 00 B? 01 00 00 00 8B 45 ?? E8 [4] 8B 45 ?? B? [4] E8 [4] 75} | ||
condition: | ||
($alphabet) and (any of ($part*) or all of ($config*)) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
rule Latrodectus | ||
{ | ||
meta: | ||
author = "kevoreilly" | ||
description = "Latrodectus export selection" | ||
cape_options = "export=$export" | ||
hash = "378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05" | ||
strings: | ||
$export = {48 8B C4 48 89 58 08 48 89 68 10 48 89 70 18 48 89 78 20 41 56 48 83 EC 30 4C 8B 05 [4] 33 D2 C7 40 [5] 88 50 ?? 49 63 40 3C 42 8B 8C 00 88 00 00 00 85 C9 0F 84} | ||
condition: | ||
uint16(0) == 0x5A4D and all of them | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[pytest] | ||
pythonpath = . |
Oops, something went wrong.