diff --git a/.cruft.json b/.cruft.json new file mode 100644 index 0000000..0adb4c3 --- /dev/null +++ b/.cruft.json @@ -0,0 +1,23 @@ +{ + "template": "https://github.com/CybercentreCanada/assemblyline-service-template.git", + "commit": "99becf8ed2990a4063a5bb1f8ce878824a5a1a7b", + "checkout": null, + "context": { + "cookiecutter": { + "service_name": "swiffer", + "__svc_name": "swiffer", + "__repository": "assemblyline-service-swiffer", + "__pkg_name": "swiffer", + "class_name": "Swiffer", + "short_description": "This Assemblyline service uses the Python pyswf library to extract metadata and perform anomaly detection on 'audiovisual/flash' files.", + "short_description_fr": "Ce service Assemblyline utilise la bibliothèque Python pyswf pour extraire des métadonnées et détecter des anomalies dans les fichiers 'audiovisuels/flash'.", + "stage": "EXTRACT", + "category": "Static Analysis", + "org_name_full": "CybercentreCanada", + "org_name_short": "cccs", + "license": "mit", + "_template": "https://github.com/CybercentreCanada/assemblyline-service-template.git" + } + }, + "directory": null +} diff --git a/.dockerignore b/.dockerignore index a764cee..5f78d7b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,15 +1,25 @@ Dockerfile .idea .git +.gitignore +.vscode +.dockerignore pipelines venv +.venv env +.env test tests -exemples +examples docs +build +dist +**/__pycache__ +**/*.pyc + pip-log.txt pip-delete-this-directory.txt .tox @@ -18,5 +28,5 @@ pip-delete-this-directory.txt .cache nosetests.xml coverage.xml -*,cover +*.cover *.log diff --git a/.gitignore b/.gitignore index 9c07ba8..78f6696 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,7 @@ +# Created by https://www.toptal.com/developers/gitignore/api/python,vim,visualstudiocode +# Edit at https://www.toptal.com/developers/gitignore?templates=python,vim,visualstudiocode + +### Python ### # Byte-compiled / optimized / DLL files __pycache__/ *.py[cod] @@ -6,11 +10,6 @@ __pycache__/ # C extensions *.so -# IDE files -.pydevproject -.python-version -.idea - # Distribution / packaging .Python build/ @@ -60,6 +59,22 @@ cover/ *.mo *.pot +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + # PyBuilder .pybuilder/ target/ @@ -71,6 +86,43 @@ target/ profile_default/ ipython_config.py +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +#Pipfile.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +#poetry.lock + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +#pdm.lock +# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it +# in version control. +# https://pdm.fming.dev/#use-with-ide +.pdm.toml + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# SageMath parsed files +*.sage.py + # Environments .env .venv @@ -80,5 +132,85 @@ ENV/ env.bak/ venv.bak/ +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + # Cython debug symbols -cython_debug/ \ No newline at end of file +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +#.idea/ + +### Python Patch ### +# Poetry local configuration file - https://python-poetry.org/docs/configuration/#local-configuration +poetry.toml + +# ruff +.ruff_cache/ + +# LSP config files +pyrightconfig.json + +### Vim ### +# Swap +[._]*.s[a-v][a-z] +!*.svg # comment out if you don't need vector files +[._]*.sw[a-p] +[._]s[a-rt-v][a-z] +[._]ss[a-gi-z] +[._]sw[a-p] + +# Session +Session.vim +Sessionx.vim + +# Temporary +.netrwhist +*~ +# Auto-generated tag files +tags +# Persistent undo +[._]*.un~ + +### VisualStudioCode ### +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +!.vscode/*.code-snippets + +# Local History for Visual Studio Code +.history/ + +# Built Visual Studio Code Extensions +*.vsix + +### VisualStudioCode Patch ### +# Ignore all local history of files +.history +.ionide + +# End of https://www.toptal.com/developers/gitignore/api/python,vim,visualstudiocode diff --git a/.vscode/launch.json b/.vscode/launch.json index b3c8be5..aab4a5c 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -13,7 +13,7 @@ "args": [ "-d", "swiffer.swiffer.Swiffer", - "{file}" + "${file}" ], "justMyCode": false, }, diff --git a/.vscode/settings.json b/.vscode/settings.json index 1d6ab98..54dc624 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,6 +1,6 @@ { "editor.codeActionsOnSave": { - "source.organizeImports": true, + "source.organizeImports": "explicit" }, "editor.formatOnSave": true, "editor.rulers": [ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index e0a60cc..7b78163 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,24 +2,68 @@ This guide covers the basics of how to contribute to the Assemblyline project. -Python code should follow the PEP8 guidelines defined here: [PEP8 Guidelines](https://www.python.org/dev/peps/pep-0008/). +Python code should follow the PEP8 guidelines defined here: +[PEP8 Guidelines](https://www.python.org/dev/peps/pep-0008/). ## Tell us want you want to build/fix -Before you start coding anything you should connect with the Assemblyline community via the [Assemblyline Discord server](https://discord.gg/GUAy9wErNu) and/or the [central Assemblyline GitHub project](https://github.com/CybercentreCanada/assemblyline/issues) to make sure no one else is working on the same thing and that whatever you are going to build still fits with the vision of the system. + +Before you start coding anything you should connect with the Assemblyline community via the +[Assemblyline Discord server](https://discord.gg/GUAy9wErNu) and/or the +[central Assemblyline GitHub project](https://github.com/CybercentreCanada/assemblyline/issues) to make sure no one +else is working on the same thing and that whatever you are going to build still fits with the vision of the system. ## Git workflow - Clone the repo to your own account - Checkout and pull the latest commits from the master branch - Make a branch -- Work in any way you like and make sure your changes actually work -- When you're satisfied with your changes, create a pull requests to the main assemblyline repo +- Work on your modifications and make sure your changes work as expected +- When you're satisfied with your changes, create a pull requests to the Assemblyline repo #### Transfer your service repo -If you've worked on a new service that you want to be included in the default service selection you'll have to transfer the repo into our control. + +If you've worked on a new service that you want to be included in the default service selection you'll have to transfer +the associated repo into our control. #### You are not allow to merge: -Even if you try to merge in your pull request, you will be denied. Only a few people in our team are allowed to merge code into our repositories. +Even if you try to merge in your pull request, you will be denied. Only a few people in our team are allowed to merge +code into our repositories. We check for new pull requests every day and will merge them in once they have been approved by someone in our team. + +# Guide de contribution d'Assemblyline + +Ce guide couvre les bases afin de contribuer au projet Assemblyline. + +Le code Python doit suivre les directives PEP8 définies ici: +[Directives PEP8](https://www.python.org/dev/peps/pep-0008/). + +## Dites-nous que vous voulez construire / réparer + +Avant de commencer à coder quoi que ce soit, vous devriez vous connecter à la communauté Assemblyline via le +[Serveur Discord Assemblyline](https://discord.gg/GUAy9wErNu) et/ou le +[projet GitHub central Assemblyline](https://github.com/CybercentreCanada/assemblyline/issues) pour vous assurer que +personne d'autre ne travaille sur la même chose et que tout ce que vous allez construire correspond toujours à la vision +du système. + +## Flux de travail avec Git + +- Clonez le référentiel sur votre propre compte +- Changez de branche pour la branche principale et la synchroniser avec le serveur de référence +- Faire une nouvelle branche +- Travaillez sur ce que vous souhaitez et assurez-vous que vos modifications fonctionnent comme prévu +- Lorsque vous êtes satisfait de vos modifications, créez une demande de fusion sur le référentiel d'Assemblyline + +#### Transférer votre référentiel de service + +Si vous avez travaillé sur un nouveau service que vous souhaitez inclure dans la sélection de service par défaut, vous +devrez transférer le référentiel associé sous notre contrôle. + +#### Vous n'êtes pas autorisé à compléter une fusion: + +Même si vous tentez de compléter une demande de fusion, vous serez refusé. Seules quelques personnes de notre équipe +sont autorisées à fusionner dans nos référentiels. + +Nous vérifions les nouvelles demande de fusion tous les jours et les fusionnerons une fois qu'elles auront été approuvées +par quelqu'un de notre équipe. diff --git a/Dockerfile b/Dockerfile index 8b6f5b1..1575222 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,61 +1,35 @@ ARG branch=latest -FROM cccs/assemblyline-v4-service-base:$branch AS base +FROM cccs/assemblyline-v4-service-base:$branch +# Python path to the service class from your service directory ENV SERVICE_PATH swiffer.swiffer.Swiffer +# Install apt dependencies USER root - -# Install APT dependancies -RUN apt-get update && apt-get install -y \ - libjpeg-dev \ - && rm -rf /var/lib/apt/lists/* - -###################################################### -# Execute a builder step -FROM base AS builder - -# Install builder dependancies -RUN apt-get update && apt-get install -y \ - build-essential \ - && rm -rf /var/lib/apt/lists/* - -# Set a marker to copy pip files -RUN touch /tmp/before-pip - -# Install dependancies as Assemblyline +COPY pkglist.txt /tmp/setup/ +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y --no-install-recommends \ + $(grep -vE "^\s*(#|$)" /tmp/setup/pkglist.txt | tr "\n" " ") && \ + rm -rf /tmp/setup/pkglist.txt /var/lib/apt/lists/* + +# Install python dependencies USER assemblyline - -# Install dependencies for local pyswf library -RUN pip install --no-cache-dir --user lxml>=3.3.0 Pillow>=2.3.0 pylzma>=0.4.6 six && rm -rf ~/.cache/pip - -# Delete files that are not to be kept -RUN find /var/lib/assemblyline/.local -type f ! -newer /tmp/before-pip -delete - -# Set owner to be root for COPY from builder to work properly -USER root -RUN chown root:root -R /var/lib/assemblyline/.local - -##################################################### -# Restart from base -FROM base - -# Copy pip packages from the builder step -COPY --chown=assemblyline:assemblyline --from=builder /var/lib/assemblyline/.local /var/lib/assemblyline/.local - -# Copy service and dependancy code from source -COPY ./remnux-rabcdasm/* /opt/al_support/swiffer/rabcdasm/ -COPY ./swiffer /opt/al_service/swiffer -COPY service_manifest.yml /opt/al_service - -# Switch to assemblyline user +COPY requirements.txt requirements.txt +RUN pip install \ + --no-cache-dir \ + --user \ + --requirement requirements.txt && \ + rm -rf ~/.cache/pip + +# Copy service code WORKDIR /opt/al_service -USER assemblyline +COPY . . # Patch version in manifest -ARG version=4.0.0.dev1 +ARG version=1.0.0.dev1 USER root RUN sed -i -e "s/\$SERVICE_TAG/$version/g" service_manifest.yml # Switch to assemblyline user USER assemblyline - diff --git a/LICENCE.md b/LICENCE.md deleted file mode 100644 index fd4ad66..0000000 --- a/LICENCE.md +++ /dev/null @@ -1,11 +0,0 @@ -MIT License - -Copyright (c) 2020 Crown Copyright, Government of Canada (Canadian Centre for Cyber Security / Communications Security Establishment) - -Copyright title to all 3rd party software distributed with Assemblyline (AL) is held by the respective copyright holders as noted in those files. Users are asked to read the 3rd Party Licenses referenced with those assets. - -Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..22d1fa7 --- /dev/null +++ b/LICENSE @@ -0,0 +1,26 @@ +MIT License + +Copyright (c) 2020 Crown Copyright, Government of Canada +(Canadian Centre for Cyber Security / Communications Security Establishment) + +Copyright title to all 3rd party software distributed with Assemblyline (AL) +is held by the respective copyright holders as noted in those files. Users +are asked to read the 3rd Party Licenses referenced with those assets. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c96f539 --- /dev/null +++ b/Makefile @@ -0,0 +1,26 @@ +ifndef VERSION +$(error VERSION is undefined) +endif + +TAG?=latest +ORG?=cccs + +ifneq ($(ORG)x, x) +ORG:=$(ORG)/ +endif +ifneq ($(REGISTRY)x, x) +ORG:=$(REGISTRY)/ +endif + +.PHONY: default +default: build + +.PHONY: build +build: + docker build \ + --pull \ + --build-arg version=$(VERSION) \ + --build-arg branch=stable \ + -t $(REGISTRY)$(ORG)assemblyline-service-swiffer:$(TAG)\ + -f ./Dockerfile \ + . diff --git a/README.md b/README.md index 0cd8f81..837e94b 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,116 @@ +[![Discord](https://img.shields.io/badge/chat-on%20discord-7289da.svg?sanitize=true)](https://discord.gg/GUAy9wErNu) +[![](https://img.shields.io/discord/908084610158714900)](https://discord.gg/GUAy9wErNu) +[![Static Badge](https://img.shields.io/badge/github-assemblyline-blue?logo=github)](https://github.com/CybercentreCanada/assemblyline) +[![Static Badge](https://img.shields.io/badge/github-assemblyline_service_swiffer-blue?logo=github)](https://github.com/CybercentreCanada/assemblyline-service-swiffer) +[![GitHub Issues or Pull Requests by label](https://img.shields.io/github/issues/CybercentreCanada/assemblyline/service-swiffer)](https://github.com/CybercentreCanada/assemblyline/issues?q=is:issue+is:open+label:service-swiffer) +[![License](https://img.shields.io/github/license/CybercentreCanada/assemblyline-service-swiffer)](./LICENSE) + # Swiffer Service This Assemblyline service uses the Python pyswf library to extract metadata and perform anomaly detection on 'audiovisual/flash' files. -**NOTE**: This service does not require you to buy any licence and is preinstalled and working after a default installation - -## Execution +## Service Details Swiffer will report the following information on each file when present: -#### MetaData Extraction - SWF Header: -- Version -- FileLength -- FrameSize -- FrameRate -- FrameCount + +- `Version` +- `FileLength` +- `FrameSize` +- `FrameRate` +- `FrameCount` Symbol Summary: + - Main Timeline - TagIds - Names + +## Image variants and tags + +Assemblyline services are built from the [Assemblyline service base image](https://hub.docker.com/r/cccs/assemblyline-v4-service-base), +which is based on Debian 11 with Python 3.11. + +Assemblyline services use the following tag definitions: + +| **Tag Type** | **Description** | **Example Tag** | +| :----------: | :----------------------------------------------------------------------------------------------- | :------------------------: | +| latest | The most recent build (can be unstable). | `latest` | +| build_type | The type of build used. `dev` is the latest unstable build. `stable` is the latest stable build. | `stable` or `dev` | +| series | Complete build details, including version and build type: `version.buildType`. | `4.5.stable`, `4.5.1.dev3` | + +## Running this service + +This is an Assemblyline service. It is designed to run as part of the Assemblyline framework. + +If you would like to test this service locally, you can run the Docker image directly from the a shell: + + docker run \ + --name Swiffer \ + --env SERVICE_API_HOST=http://`ip addr show docker0 | grep "inet " | awk '{print $2}' | cut -f1 -d"/"`:5003 \ + --network=host \ + cccs/assemblyline-service-swiffer + +To add this service to your Assemblyline deployment, follow this +[guide](https://cybercentrecanada.github.io/assemblyline4_docs/developer_manual/services/run_your_service/#add-the-container-to-your-deployment). + +## Documentation + +General Assemblyline documentation can be found at: https://cybercentrecanada.github.io/assemblyline4_docs/ + +# Service Swiffer + +Ce service Assemblyline utilise la bibliothèque Python pyswf pour extraire des métadonnées et détecter des anomalies dans les fichiers 'audiovisuels/flash'. + +## Détails du service + +Swiffer rapportera les informations suivantes sur chaque fichier lorsqu'elles sont présentes : + +En-tête SWF : + +- `Version` +- `FileLength` +- `FrameSize` +- `FrameRate` +- `FrameCount` + +Résumé du symbole : + +- Ligne de temps principale +- TagIds +- NamesCe service de la ligne d'assemblage rend les fichiers de documents et effectue une analyse OCR pour détecter les contenus malveillants. + +Traduit avec DeepL.com (version gratuite) + +## Variantes et étiquettes d'image + +Les services d'Assemblyline sont construits à partir de l'image de base [Assemblyline service](https://hub.docker.com/r/cccs/assemblyline-v4-service-base), +qui est basée sur Debian 11 avec Python 3.11. + +Les services d'Assemblyline utilisent les définitions d'étiquettes suivantes: + +| **Type d'étiquette** | **Description** | **Exemple d'étiquette** | +| :------------------: | :------------------------------------------------------------------------------------------------------------- | :------------------------: | +| dernière version | La version la plus récente (peut être instable). | `latest` | +| build_type | Type de construction utilisé. `dev` est la dernière version instable. `stable` est la dernière version stable. | `stable` ou `dev` | +| série | Détails de construction complets, comprenant la version et le type de build: `version.buildType`. | `4.5.stable`, `4.5.1.dev3` | + +## Exécution de ce service + +Ce service est spécialement optimisé pour fonctionner dans le cadre d'un déploiement d'Assemblyline. + +Si vous souhaitez tester ce service localement, vous pouvez exécuter l'image Docker directement à partir d'un terminal: + + docker run \ + --name Swiffer \ + --env SERVICE_API_HOST=http://`ip addr show docker0 | grep "inet " | awk '{print $2}' | cut -f1 -d"/"`:5003 \ + --network=host \ + cccs/assemblyline-service-swiffer + +Pour ajouter ce service à votre déploiement d'Assemblyline, suivez ceci +[guide](https://cybercentrecanada.github.io/assemblyline4_docs/fr/developer_manual/services/run_your_service/#add-the-container-to-your-deployment). + +## Documentation + +La documentation générale sur Assemblyline peut être consultée à l'adresse suivante: https://cybercentrecanada.github.io/assemblyline4_docs/ diff --git a/pipelines/.cruft.json b/pipelines/.cruft.json new file mode 100644 index 0000000..12eab21 --- /dev/null +++ b/pipelines/.cruft.json @@ -0,0 +1,21 @@ +{ + "template": "https://github.com/CybercentreCanada/assemblyline-service-pipeline-generator.git", + "commit": "eb41868283c10b1a31746ebfd29b2c0e32c26025", + "checkout": null, + "context": { + "cookiecutter": { + "__directory_name": "pipelines", + "classification": "UNCLASSIFIED", + "is_public": true, + "test_in_container": true, + "test_versions": "default", + "timeout": "default", + "__setupscript": "setup.bash", + "_extensions": [ + "local_extensions.extract_versions" + ], + "_template": "https://github.com/CybercentreCanada/assemblyline-service-pipeline-generator.git" + } + }, + "directory": null +} diff --git a/pipelines/.gitignore b/pipelines/.gitignore new file mode 100644 index 0000000..21a119d --- /dev/null +++ b/pipelines/.gitignore @@ -0,0 +1 @@ +setup.bash diff --git a/pipelines/azure-build.yaml b/pipelines/azure-build.yaml index bbbc6c0..a56c6eb 100644 --- a/pipelines/azure-build.yaml +++ b/pipelines/azure-build.yaml @@ -2,23 +2,6 @@ name: build variables: - group: unittest-samples - - name: self_location - value: "self_location" - - name: full_self_location - value: "$(Agent.BuildDirectory)/$(self_location)" - - name: samples_location - value: "samples_location" - - name: full_samples_location - value: "$(Agent.BuildDirectory)/$(samples_location)" - -resources: - repositories: - - repository: unittest-samples - type: github - name: $(unittest_samples_repository) - ref: main - endpoint: github-repo-sa - trigger: none trigger: tags: @@ -28,54 +11,26 @@ pr: none pool: vmImage: "ubuntu-20.04" -stages: - - stage: deploy - jobs: - - job: deploy - displayName: Deploy containers to dockerhub - variables: - - group: deployment-information - steps: - - task: Docker@2 - displayName: Login to docker hub - inputs: - command: login - containerRegistry: dockerhub - - task: Docker@2 - displayName: Login to chimera - inputs: - command: login - containerRegistry: CHIMERA-U-ACR - - checkout: self - fetchDepth: 1 - path: $(self_location) - - checkout: unittest-samples - fetchDepth: 1 - path: $(samples_location) - - script: | - export TAG=${BUILD_SOURCEBRANCH#"refs/tags/v"} - if [[ "$TAG" == *stable* ]]; then export BUILD_TYPE=stable; else export BUILD_TYPE=latest; fi - docker build --build-arg version=$TAG --build-arg branch=$BUILD_TYPE -t cccs/${BUILD_REPOSITORY_NAME##*/}:$TAG -t cccs/${BUILD_REPOSITORY_NAME##*/}:$BUILD_TYPE -f ./Dockerfile . - workingDirectory: $(full_self_location) - displayName: Build containers - - script: | - [ ! -d "$(pwd)/tests" ] && echo "No tests found" && exit - export TAG=${BUILD_SOURCEBRANCH#"refs/tags/v"} - if [[ "$TAG" == *stable* ]]; then export BUILD_TYPE=stable; else export BUILD_TYPE=latest; fi - [ -f "$(pwd)/tests/requirements.txt" ] && docker run -e FULL_SELF_LOCATION=/opt/al_service -e FULL_SAMPLES_LOCATION=/opt/samples -v /usr/share/ca-certificates/mozilla:/usr/share/ca-certificates/mozilla -v $(pwd)/tests/:/opt/al_service/tests/ -v ${FULL_SAMPLES_LOCATION}:/opt/samples cccs/${BUILD_REPOSITORY_NAME##*/}:$BUILD_TYPE bash -c 'pip install -U -r tests/requirements.txt; pytest -p no:cacheprovider -vv' && exit - docker run -e FULL_SELF_LOCATION=/opt/al_service -e FULL_SAMPLES_LOCATION=/opt/samples -v /usr/share/ca-certificates/mozilla:/usr/share/ca-certificates/mozilla -v $(pwd)/tests/:/opt/al_service/tests/ -v ${FULL_SAMPLES_LOCATION}:/opt/samples cccs/${BUILD_REPOSITORY_NAME##*/}:$BUILD_TYPE bash -c 'pytest -p no:cacheprovider -vv' - workingDirectory: $(full_self_location) - displayName: Test containers - - script: | - export TAG=${BUILD_SOURCEBRANCH#"refs/tags/v"} - if [[ "$TAG" == *stable* ]]; then export BUILD_TYPE=stable; else export BUILD_TYPE=latest; fi - export SERIES="`expr $TAG : '\([0-9]\+\.[0-9]\+\.\)'`${BUILD_TYPE}" +resources: + repositories: + - repository: PipelineTemplates + type: github + name: CybercentreCanada/assemblyline-pipeline-templates + ref: refs/heads/main + endpoint: github-repo-sa + trigger: none + - repository: unittest-samples + type: github + name: $(unittest_samples_repository) + ref: main + endpoint: github-repo-sa + trigger: none - for IMAGE in "cccs/" "uchimera.azurecr.io/cccs/" - do - docker tag cccs/${BUILD_REPOSITORY_NAME##*/}:$BUILD_TYPE ${IMAGE}${BUILD_REPOSITORY_NAME##*/}:$TAG - docker tag cccs/${BUILD_REPOSITORY_NAME##*/}:$BUILD_TYPE ${IMAGE}${BUILD_REPOSITORY_NAME##*/}:$BUILD_TYPE - docker tag cccs/${BUILD_REPOSITORY_NAME##*/}:$BUILD_TYPE ${IMAGE}${BUILD_REPOSITORY_NAME##*/}:$SERIES - docker push ${IMAGE}${BUILD_REPOSITORY_NAME##*/} --all-tags - done - displayName: Deploy to container repositories +extends: + template: stages/deploy-service.yaml@PipelineTemplates + parameters: + is_public: "true" + samples_repo: unittest-samples + labels: + classification: "UNCLASSIFIED" + \ No newline at end of file diff --git a/pipelines/azure-tests.yaml b/pipelines/azure-tests.yaml new file mode 100644 index 0000000..d984083 --- /dev/null +++ b/pipelines/azure-tests.yaml @@ -0,0 +1,32 @@ +name: tests + +variables: + - group: unittest-samples + +trigger: ["*"] +pr: ["*"] + +pool: + vmImage: "ubuntu-20.04" + +resources: + repositories: + - repository: PipelineTemplates + type: github + name: CybercentreCanada/assemblyline-pipeline-templates + ref: refs/heads/main + endpoint: github-repo-sa + trigger: none + - repository: unittest-samples + type: github + name: $(unittest_samples_repository) + ref: main + endpoint: github-repo-sa + trigger: none + +extends: + template: stages/test-service.yaml@PipelineTemplates + parameters: + samples_repo: unittest-samples + test_container: "true" + \ No newline at end of file diff --git a/pkglist.txt b/pkglist.txt new file mode 100644 index 0000000..c325ddf --- /dev/null +++ b/pkglist.txt @@ -0,0 +1,2 @@ +libjpeg-dev +build-essential diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..285b9f6 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,2 @@ +[tool.cruft] +skip = ["pkglist.txt", "README.md", "swiffer", "tests"] diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..5080cb3 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,6 @@ +assemblyline +assemblyline-v4-service +lxml>=3.3.0 +Pillow>=2.3.0 +pylzma>=0.4.6 +six diff --git a/service_manifest.yml b/service_manifest.yml index ba31960..64a5521 100644 --- a/service_manifest.yml +++ b/service_manifest.yml @@ -1,26 +1,29 @@ name: Swiffer version: $SERVICE_TAG -description: >- - This service extracts metadata and performs anomaly detection on SWF files. +description: This Assemblyline service uses the Python pyswf library to extract metadata and perform anomaly detection on 'audiovisual/flash' files. accepts: audiovisual/flash|archive/audiovisual/flash rejects: empty|metadata/.* +# At which stage the service should run (one of FILTER, EXTRACT, CORE, SECONDARY, POST, REVIEW) +# NOTE: Stages are executed in the order defined in the list stage: EXTRACT +# Which category the service is part of (one of Antivirus, Dynamic Analysis, External, Extraction, Filtering, Internet Connected, Networking, Static Analysis) category: Static Analysis +# Does the service require access to the file to perform its task +# If set to false, the service will only have access to the file metadata (e.g. Hashes, size, type, ...) file_required: true +# Maximum execution time the service has before it's considered to be timed out timeout: 60 disable_cache: false +# is the service enabled by default enabled: true is_external: false licence_count: 0 privileged: true -config: - RABCDASM: '/opt/al_support/swiffer/rabcdasm/rabcdasm' - heuristics: - description: Checks for printable character buffers larger than 512 bytes filetype: "audiovisual/flash|archive/audiovisual/flash" diff --git a/swiffer/swiffer.py b/swiffer/swiffer.py index 071d6e7..9ae60e9 100644 --- a/swiffer/swiffer.py +++ b/swiffer/swiffer.py @@ -42,7 +42,7 @@ def __init__(self, config=None): self.binary_data = None self.exported_assets = None self.big_buffers = None - self.rabcdasm = self.config.get('RABCDASM') + self.rabcdasm = os.path.realpath('./remnux-rabcdasm/rabcdasm') self.has_product_info = False self.anti_decompilation = False self.recent_compile = False diff --git a/tests/gentests.py b/tests/gentests.py new file mode 100755 index 0000000..7ae6dde --- /dev/null +++ b/tests/gentests.py @@ -0,0 +1,30 @@ +#!/bin/env python +import os + +from assemblyline.common.importing import load_module_by_path +from assemblyline_service_utilities.testing.helper import TestHelper + +cwd = os.getcwd() +# Force manifest location +os.environ["SERVICE_MANIFEST_PATH"] = os.path.join(cwd, "service_manifest.yml") + +# Setup folder locations +RESULTS_FOLDER = os.path.join(cwd, "tests", "results") +SAMPLES_FOLDER = os.path.join(cwd, "tests", "samples") + +# Find which module we're working on +module = os.environ.get("SERVICE_PATH") +if not module: + for line in open("Dockerfile", "r").readlines(): + if line.startswith("ENV SERVICE_PATH"): + module = line[17:].strip() + break + +# Initialize test helper +service_class = load_module_by_path(module, cwd) +if os.path.exists(SAMPLES_FOLDER): + th = TestHelper(service_class, RESULTS_FOLDER, SAMPLES_FOLDER) +else: + th = TestHelper(service_class, RESULTS_FOLDER) + +th.regenerate_results(save_files=False) diff --git a/tests/gentests.sh b/tests/gentests.sh new file mode 100755 index 0000000..2c9bb3c --- /dev/null +++ b/tests/gentests.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -euo pipefail + +docker build \ + --pull \ + --build-arg branch=stable \ + -t ${PWD##*/}:gentests \ + -f ./Dockerfile \ + . + +if [[ -n "$FULL_SAMPLES_LOCATION" ]]; then + MOUNT_SAMPLES="-v ${FULL_SAMPLES_LOCATION}:/opt/samples" + ENV_SAMPLES="-e FULL_SAMPLES_LOCATION=/opt/samples" +fi +docker run \ + -t\ + --rm \ + -e FULL_SELF_LOCATION=/opt/al_service \ + $ENV_SAMPLES \ + -v /usr/share/ca-certificates/mozilla:/usr/share/ca-certificates/mozilla \ + -v $(pwd)/tests/:/opt/al_service/tests/ \ + $MOUNT_SAMPLES \ + ${PWD##*/}:gentests \ + bash -c "pip install -U -r tests/requirements.txt; python /opt/al_service/tests/gentests.py" diff --git a/tests/pytest.sh b/tests/pytest.sh new file mode 100755 index 0000000..3c84ae3 --- /dev/null +++ b/tests/pytest.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -euo pipefail + +docker build \ + --pull \ + --build-arg branch=stable \ + -t ${PWD##*/}:pytest \ + -f ./Dockerfile \ + . + +if [[ -n "$FULL_SAMPLES_LOCATION"]]; then + MOUNT_SAMPLES = "-v ${FULL_SAMPLES_LOCATION}:/opt/samples" + ENV_SAMPLES = "-e FULL_SAMPLES_LOCATION=/opt/samples" +fi +docker run \ + -t \ + --rm \ + -e FULL_SELF_LOCATION=/opt/al_service \ + $ENV_SAMPLES \ + -v /usr/share/ca-certificates/mozilla:/usr/share/ca-certificates/mozilla \ + -v $(pwd)/tests/:/opt/al_service/tests/ \ + $MOUNT_SAMPLES \ + ${PWD##*/}:pytest \ + bash -c "pip install -U -r tests/requirements.txt; pytest -p no:cacheprovider --durations=10 -rsx -vv -x" diff --git a/tests/requirements.txt b/tests/requirements.txt new file mode 100644 index 0000000..6e3d947 --- /dev/null +++ b/tests/requirements.txt @@ -0,0 +1,3 @@ +assemblyline +assemblyline-service-utilities +pytest diff --git a/tests/results/027eb2856180caa43fcd84069855ca128e232401bb0ee7b5da13a2d6a271cbfe/result.json b/tests/results/027eb2856180caa43fcd84069855ca128e232401bb0ee7b5da13a2d6a271cbfe/result.json new file mode 100644 index 0000000..b60ef77 --- /dev/null +++ b/tests/results/027eb2856180caa43fcd84069855ca128e232401bb0ee7b5da13a2d6a271cbfe/result.json @@ -0,0 +1,134 @@ +{ + "extra": { + "drop_file": false, + "score": 10, + "sections": [ + { + "auto_collapse": false, + "body": "Version: 6\nFile length: 1040\nFrame size: [xmin: 0 xmax: 100 ymin: 0 ymax: 100]\nFrame rate: 12\nFrame count: 1", + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 0, + "heuristic": null, + "promote_to": null, + "tags": { + "file": { + "swf": { + "header": { + "frame": { + "count": [ + "1" + ], + "rate": [ + "12.0" + ], + "size": [ + "[xmin: 0 xmax: 100 ymin: 0 ymax: 100]" + ] + }, + "version": [ + "6" + ] + } + } + } + }, + "title_text": "SWF Header", + "zeroize_on_tag_safe": false + }, + { + "auto_collapse": false, + "body": null, + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 0, + "heuristic": null, + "promote_to": null, + "tags": { + "file": { + "swf": { + "tags_ssdeep": [ + "3:4pZbmV4tJQV:4ltJQV" + ] + } + } + }, + "title_text": "SWF Tags", + "zeroize_on_tag_safe": false + }, + { + "auto_collapse": false, + "body": "This SWF doesn't specify information about the product that created it.", + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 0, + "heuristic": { + "attack_ids": [], + "frequency": 1, + "heur_id": 5, + "score": 10, + "score_map": {}, + "signatures": {} + }, + "promote_to": null, + "tags": {}, + "title_text": "Missing Product Information", + "zeroize_on_tag_safe": false + } + ] + }, + "files": { + "extracted": [], + "supplementary": [] + }, + "results": { + "heuristics": [ + { + "attack_ids": [], + "heur_id": 5, + "signatures": [] + } + ], + "tags": { + "file.swf.header.frame.count": [ + { + "heur_id": null, + "signatures": [], + "value": "1" + } + ], + "file.swf.header.frame.rate": [ + { + "heur_id": null, + "signatures": [], + "value": "12.0" + } + ], + "file.swf.header.frame.size": [ + { + "heur_id": null, + "signatures": [], + "value": "[xmin: 0 xmax: 100 ymin: 0 ymax: 100]" + } + ], + "file.swf.header.version": [ + { + "heur_id": null, + "signatures": [], + "value": "6" + } + ], + "file.swf.tags_ssdeep": [ + { + "heur_id": null, + "signatures": [], + "value": "3:4pZbmV4tJQV:4ltJQV" + } + ] + }, + "temp_submission_data": {} + } +} \ No newline at end of file diff --git a/tests/results/7f9dce605c2e9556460b22fb936b08dc6bdf0aaa046d453de0eefbcb659e64ca/result.json b/tests/results/7f9dce605c2e9556460b22fb936b08dc6bdf0aaa046d453de0eefbcb659e64ca/result.json new file mode 100644 index 0000000..cfd9d4b --- /dev/null +++ b/tests/results/7f9dce605c2e9556460b22fb936b08dc6bdf0aaa046d453de0eefbcb659e64ca/result.json @@ -0,0 +1,160 @@ +{ + "extra": { + "drop_file": false, + "score": 0, + "sections": [ + { + "auto_collapse": false, + "body": "Version: 13\nFile length: 3632\nFrame size: [xmin: 0 xmax: 500 ymin: 0 ymax: 375]\nFrame rate: 24\nFrame count: 1", + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 0, + "heuristic": null, + "promote_to": null, + "tags": { + "file": { + "swf": { + "header": { + "frame": { + "count": [ + "1" + ], + "rate": [ + "24.0" + ], + "size": [ + "[xmin: 0 xmax: 500 ymin: 0 ymax: 375]" + ] + }, + "version": [ + "13" + ] + } + } + } + }, + "title_text": "SWF Header", + "zeroize_on_tag_safe": false + }, + { + "auto_collapse": false, + "body": null, + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 0, + "heuristic": null, + "promote_to": null, + "tags": { + "file": { + "swf": { + "tags_ssdeep": [ + "3:cVymyCV:cVXyCV" + ] + } + } + }, + "title_text": "SWF Tags", + "zeroize_on_tag_safe": false + }, + { + "auto_collapse": false, + "body": "Main: _6cfeede5026c34903238123cc66109c4703d668be5bf90a3ca858904fea8c586_flash_display_Sprite", + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 0, + "heuristic": null, + "promote_to": null, + "tags": {}, + "title_text": "Symbol Summary", + "zeroize_on_tag_safe": false + }, + { + "auto_collapse": false, + "body": null, + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 0, + "heuristic": null, + "promote_to": null, + "tags": {}, + "title_text": "Tags of Interest", + "zeroize_on_tag_safe": false + }, + { + "auto_collapse": false, + "body": "Name: _6cfeede5026c34903238123cc66109c4703d668be5bf90a3ca858904fea8c586_flash_display_Sprite\tLength: 1095\nName: com/hhsj/diwei/DiWeiSheBaoClass\tLength: 1706", + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 1, + "heuristic": null, + "promote_to": null, + "tags": {}, + "title_text": "DoABC", + "zeroize_on_tag_safe": false + }, + { + "auto_collapse": false, + "body": "Product: Adobe Flex\tEdition: None\tVersion (Major.Minor.Build): 4.16.20171115\tCompile Time: Fri Jun 18 06:53:09 2021", + "body_config": {}, + "body_format": "TEXT", + "classification": "TLP:C", + "depth": 1, + "heuristic": null, + "promote_to": null, + "tags": {}, + "title_text": "ProductInfo", + "zeroize_on_tag_safe": false + } + ] + }, + "files": { + "extracted": [], + "supplementary": [] + }, + "results": { + "heuristics": [], + "tags": { + "file.swf.header.frame.count": [ + { + "heur_id": null, + "signatures": [], + "value": "1" + } + ], + "file.swf.header.frame.rate": [ + { + "heur_id": null, + "signatures": [], + "value": "24.0" + } + ], + "file.swf.header.frame.size": [ + { + "heur_id": null, + "signatures": [], + "value": "[xmin: 0 xmax: 500 ymin: 0 ymax: 375]" + } + ], + "file.swf.header.version": [ + { + "heur_id": null, + "signatures": [], + "value": "13" + } + ], + "file.swf.tags_ssdeep": [ + { + "heur_id": null, + "signatures": [], + "value": "3:cVymyCV:cVXyCV" + } + ] + }, + "temp_submission_data": {} + } +} \ No newline at end of file diff --git a/tests/test_swiffer.py b/tests/test_swiffer.py new file mode 100644 index 0000000..93b4a99 --- /dev/null +++ b/tests/test_swiffer.py @@ -0,0 +1,24 @@ +import os +import time + +import pytest +from assemblyline.common.importing import load_module_by_path +from assemblyline_service_utilities.testing.helper import TestHelper + +# Force manifest location +os.environ["SERVICE_MANIFEST_PATH"] = os.path.join(os.path.dirname(__file__), "..", "service_manifest.yml") + +# Setup folder locations +RESULTS_FOLDER = os.path.join(os.path.dirname(__file__), "results") +SAMPLES_FOLDER = os.path.join(os.path.dirname(__file__), "samples") + +# Initialize test helper +service_class = load_module_by_path("swiffer.swiffer.Swiffer", os.path.join(os.path.dirname(__file__), "..")) +th = TestHelper(service_class, RESULTS_FOLDER, SAMPLES_FOLDER) + + +@pytest.mark.parametrize("sample", th.result_list()) +def test_sample(sample): + start_time = time.time() + th.run_test_comparison(sample) + print(f"Time elapsed for {sample}: {round(time.time() - start_time)}s")