diff options
| author | Felix Bauer <felix.bauer@atos.net> | 2019-11-13 11:53:29 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-11-13 11:53:29 +0100 |
| commit | 4c5ad195e1c7301e43a5744ec841fc1780a85e34 (patch) | |
| tree | 490efcca18ba61ef12638cdcc1b966c3c448bb8a | |
| parent | 1d1ba965a3cae3d46a76404707de1bfc8cd32d52 (diff) | |
* Adds ignore to smime rule for p7m and p7c
Now also signed and encrypted messages (smime.p7m) and certificates (smime.p7c)
are ignored.
Before only signatures (smime.p7s) were ignored.
* Fix TypeError when comparing regex with none value
TypeError: expected string or buffer in expressions.py line 148 when comparing
regex with unset name_declared.
Now the result of the comparison of regex with None is False.
| -rw-r--r-- | peekaboo/ruleset/expressions.py | 3 | ||||
| -rw-r--r-- | ruleset.conf.sample | 2 | ||||
| -rwxr-xr-x | tests/test.py | 28 |
3 files changed, 28 insertions, 5 deletions
diff --git a/peekaboo/ruleset/expressions.py b/peekaboo/ruleset/expressions.py index c08bb58..373c008 100644 --- a/peekaboo/ruleset/expressions.py +++ b/peekaboo/ruleset/expressions.py @@ -145,6 +145,9 @@ class OperatorRegex(object): return True return False + if other is None: + return False + return function(other) def __eq__(self, other): diff --git a/ruleset.conf.sample b/ruleset.conf.sample index 51057c8..f4e8365 100644 --- a/ruleset.conf.sample +++ b/ruleset.conf.sample @@ -79,7 +79,7 @@ keyword.2 : AutoClose [expressions] expression.1 : sample.mimetypes <= {'text/plain', 'inode/x-empty'} -> ignore -expression.2 : sample.meta_info_name_declared == 'smime.p7s' +expression.2 : sample.meta_info_name_declared == /smime.p7[mcs]/ and sample.meta_info_type_declared in { 'application/pkcs7-signature', 'application/x-pkcs7-signature', diff --git a/tests/test.py b/tests/test.py index 1300cae..a78157d 100755 --- a/tests/test.py +++ b/tests/test.py @@ -858,7 +858,7 @@ unknown : baz''' def test_rule_ignore_mail_signatures(self): """ Test rule to ignore cryptographic mail signatures. """ config = '''[expressions] - expression.1 : sample.meta_info_name_declared == 'smime.p7s' + expression.1 : sample.meta_info_name_declared == /smime.p7[mcs]/ and sample.meta_info_type_declared in { 'application/pkcs7-signature', 'application/x-pkcs7-signature', @@ -868,7 +868,9 @@ unknown : baz''' expression.2 : sample.meta_info_name_declared == 'signature.asc' and sample.meta_info_type_declared in { 'application/pgp-signature' - } -> ignore''' + } -> ignore + ''' + rule = ExpressionRule(CreatingConfigParser(config)) part = {"full_name": "p001", "name_declared": "smime.p7s", @@ -879,14 +881,32 @@ unknown : baz''' cuckoo=None, base_dir=None, job_hash_regex=None, keep_mail_data=False, processing_info_dir=None) + sample = factory.make_sample('file.1') + result = rule.evaluate(sample) + self.assertEqual(result.result, Result.unknown) + # test smime signatures sample = factory.make_sample('', metainfo=part) - rule = ExpressionRule(CreatingConfigParser(config)) result = rule.evaluate(sample) self.assertEqual(result.result, Result.ignored) + sample.meta_info_name_declared = "asmime.p7m" + result = rule.evaluate(sample) + self.assertEqual(result.result, Result.unknown) + + sample.meta_info_name_declared = "smime.p7m" + result = rule.evaluate(sample) + self.assertEqual(result.result, Result.ignored) + + sample.meta_info_name_declared = "smime.p7o" + result = rule.evaluate(sample) + self.assertEqual(result.result, Result.unknown) + + sample.meta_info_name_declared = "smime.p7" + result = rule.evaluate(sample) + self.assertEqual(result.result, Result.unknown) + sample.meta_info_name_declared = "file" - rule = ExpressionRule(CreatingConfigParser(config)) result = rule.evaluate(sample) self.assertEqual(result.result, Result.unknown) |