File: test_generators.py

package info (click to toggle)
weevely 4.0.2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,336 kB
  • sloc: python: 7,732; php: 1,035; sh: 53; makefile: 2
file content (82 lines) | stat: -rw-r--r-- 2,525 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
from contextlib import redirect_stdout
import hashlib
import os
import random
import subprocess
from contextlib import redirect_stdout
from io import TextIOWrapper, BytesIO
from unittest import TestCase

import utils
from core.channels.channel import Channel
from core.generate import generate, save_generated
from tests.config import base_folder, base_url


def setUpModule():
    subprocess.check_output("""
BASE_FOLDER="{base_folder}/generators/"
rm -rf "$BASE_FOLDER"

mkdir "$BASE_FOLDER"
chown www-data: -R "$BASE_FOLDER/"
""".format(
base_folder = base_folder
), shell=True)

class TestGenerators(TestCase):

    def test_generators(self):
        with TextIOWrapper(buffer=BytesIO()) as buf, redirect_stdout(buf):
            obfuscated = generate('dummy', 'phar')
            save_generated(obfuscated, '-')
            buf.buffer.seek(0)
            output = buf.buffer.read()

        self.assertTrue(output.startswith(b'<?php'))
        self.assertIn(b'__HALT_COMPILER(); ?>', output)

        for i in range(0, 200):
            self._randomize_bd()
            obfuscated = generate(self.password.decode('utf-8'), self.obfuscator)
            save_generated(obfuscated, self.path)

            self.channel = Channel(
                'ObfPost',
                {
                    'url' : self.url,
                    'password' : self.password.decode('utf-8')
                }
            )
            self._incremental_requests(10, 100, 30, 50)

            self._clean_bd()

    def _incremental_requests(
            self,
            size_start,
            size_to,
            step_rand_start,
            step_rand_to):

        for i in range(size_start, size_to, random.randint(step_rand_start, step_rand_to)):
            payload = utils.strings.randstr(i)
            self.assertEqual(
                self.channel.send(
                    'echo("%s");' %
                    payload.decode('utf-8'))[0],
                payload, f'Obfuscator failed: {self.obfuscator}')

    @classmethod
    def _randomize_bd(cls):
        cls.obfuscator = 'obfusc1_php' if random.randint(0, 100) > 50 else 'phar'
        cls.password = utils.strings.randstr(10)
        password_hash = hashlib.md5(cls.password).hexdigest().lower()
        filename = '%s_%s.php' % (
            __name__, cls.password)
        cls.url = os.path.join(base_url, 'generators', filename)
        cls.path = os.path.join(base_folder, 'generators', filename)

    @classmethod
    def _clean_bd(cls):
        os.remove(cls.path)