Add Nextcloud application

1 files changed, 191 insertions, 0 deletions

diff --git a/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php b/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php
new file mode 100644
index 0000000..33e4cc0
--- /dev/null
+++ b/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php
@@ -0,0 +1,191 @@
+<?php
+
+/**
+ * @copyright Copyright (c) 2018 Matthias Held <matthias.held@uni-konstanz.de>
+ * @author Matthias Held <matthias.held@uni-konstanz.de>
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\RansomwareDetection\tests\Unit\Analyzer;
+
+use OCA\RansomwareDetection\Monitor;
+use OCA\RansomwareDetection\Analyzer\FileTypeFunnellingAnalyzer;
+use OCA\RansomwareDetection\Analyzer\FileNameResult;
+use OCA\RansomwareDetection\Db\FileOperation;
+use Test\TestCase;
+
+class FileTypeFunnellingAnalyzerTest extends TestCase
+{
+    /** @var FileTypeFunnellingAnalyzer */
+    protected $fileTypeFunnellingAnalyzer;
+
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->fileTypeFunnellingAnalyzer = new FileTypeFunnellingAnalyzer();
+    }
+
+    public function dataAnalyze()
+    {
+        $fileOperation1 = new FileOperation();
+        $fileOperation1->setCommand(Monitor::WRITE);
+        $fileOperation1->setOriginalName('file.unknown');
+        $fileOperation1->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation1->setCorrupted(false);
+        $fileOperation1->setType('file');
+
+        $fileOperation11 = new FileOperation();
+        $fileOperation11->setCommand(Monitor::WRITE);
+        $fileOperation11->setOriginalName('file.unknown1');
+        $fileOperation11->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation11->setCorrupted(false);
+        $fileOperation11->setType('file');
+
+        $fileOperation12 = new FileOperation();
+        $fileOperation12->setCommand(Monitor::WRITE);
+        $fileOperation12->setOriginalName('file.unknown2');
+        $fileOperation12->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation12->setCorrupted(false);
+        $fileOperation12->setType('file');
+
+        $fileOperation13 = new FileOperation();
+        $fileOperation13->setCommand(Monitor::WRITE);
+        $fileOperation13->setOriginalName('file.unknown3');
+        $fileOperation13->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation13->setCorrupted(false);
+        $fileOperation13->setType('file');
+
+        $fileOperation14 = new FileOperation();
+        $fileOperation14->setCommand(Monitor::WRITE);
+        $fileOperation14->setOriginalName('file.unknown4');
+        $fileOperation14->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation14->setCorrupted(false);
+        $fileOperation14->setType('file');
+
+        $fileOperation15 = new FileOperation();
+        $fileOperation15->setCommand(Monitor::WRITE);
+        $fileOperation15->setOriginalName('file.unknown5');
+        $fileOperation15->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation15->setCorrupted(false);
+        $fileOperation15->setType('file');
+
+        $fileOperation16 = new FileOperation();
+        $fileOperation16->setCommand(Monitor::WRITE);
+        $fileOperation16->setOriginalName('file.unknown6');
+        $fileOperation16->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation16->setCorrupted(false);
+        $fileOperation16->setType('file');
+
+        $fileOperation2 = new FileOperation();
+        $fileOperation2->setCommand(Monitor::WRITE);
+        $fileOperation2->setOriginalName('file.csv');
+        $fileOperation2->setFileNameClass(FileNameResult::NORMAL);
+        $fileOperation2->setCorrupted(false);
+        $fileOperation2->setType('file');
+
+        $fileOperation3 = new FileOperation();
+        $fileOperation3->setCommand(Monitor::WRITE);
+        $fileOperation3->setOriginalName('file.csv');
+        $fileOperation3->setFileNameClass(FileNameResult::NORMAL);
+        $fileOperation3->setCorrupted(true);
+        $fileOperation3->setType('file');
+
+        $fileOperation4 = new FileOperation();
+        $fileOperation4->setCommand(Monitor::RENAME);
+        $fileOperation4->setOriginalName('file.csv');
+        $fileOperation4->setFileNameClass(FileNameResult::NORMAL);
+        $fileOperation4->setCorrupted(true);
+        $fileOperation4->setType('file');
+
+        $fileOperation5 = new FileOperation();
+        $fileOperation5->setCommand(Monitor::DELETE);
+        $fileOperation5->setOriginalName('file.csv');
+        $fileOperation5->setFileNameClass(FileNameResult::NORMAL);
+        $fileOperation5->setCorrupted(true);
+        $fileOperation5->setType('file');
+
+        $fileOperation6 = new FileOperation();
+        $fileOperation6->setCommand(100);
+        $fileOperation6->setOriginalName('file.csv');
+        $fileOperation6->setFileNameClass(FileNameResult::NORMAL);
+        $fileOperation6->setCorrupted(true);
+        $fileOperation6->setType('file');
+
+        $fileOperation7 = new FileOperation();
+        $fileOperation7->setCommand(Monitor::READ);
+        $fileOperation7->setOriginalName('file.unknown');
+        $fileOperation7->setFileNameClass(FileNameResult::SUSPICIOUS);
+        $fileOperation7->setCorrupted(false);
+        $fileOperation7->setType('file');
+        // not a sequence
+        $sequence1 = [$fileOperation1];
+        $sequence2 = [$fileOperation1, $fileOperation1];
+        // a sequence
+        $sequence3 = [$fileOperation1, $fileOperation1, $fileOperation1];
+        $sequence4 = [$fileOperation1, $fileOperation1, $fileOperation1, $fileOperation1];
+        $sequence5 = [$fileOperation1, $fileOperation1, $fileOperation1, $fileOperation1, $fileOperation1];
+        // written files which have all the same unknown file extensions => file type funneling
+        $sequence6 = [$fileOperation1, $fileOperation1, $fileOperation1, $fileOperation1, $fileOperation1, $fileOperation1];
+        // written files which have a distinct unknown file extensions => file type funneling
+        $sequence7 = [$fileOperation11, $fileOperation12, $fileOperation13, $fileOperation14, $fileOperation15, $fileOperation16];
+        // written files have a unknown file extensions => file type funneling
+        $sequence8 = [$fileOperation1, $fileOperation1, $fileOperation1, $fileOperation1, $fileOperation12, $fileOperation13];
+        // all written files have known extensions
+        $sequence9 = [$fileOperation2, $fileOperation2, $fileOperation2, $fileOperation2, $fileOperation2, $fileOperation2];
+        // Only delete and rename => no file type funneling
+        $sequence10 = [$fileOperation4, $fileOperation4, $fileOperation5, $fileOperation5, $fileOperation4, $fileOperation5];
+        // unkown command => no file type funneling
+        $sequence11 = [$fileOperation6, $fileOperation6, $fileOperation6, $fileOperation6, $fileOperation6, $fileOperation6];
+        // some files are known
+        $sequence12 = [$fileOperation1, $fileOperation2, $fileOperation1, $fileOperation1, $fileOperation1, $fileOperation2, $fileOperation1];
+        // all written files have known extensions but are corrupted
+        $sequence13 = [$fileOperation3, $fileOperation3, $fileOperation3, $fileOperation3, $fileOperation3, $fileOperation3, $fileOperation3];
+        // only read access
+        $sequence14 = [$fileOperation7, $fileOperation7, $fileOperation7, $fileOperation7, $fileOperation7, $fileOperation7, $fileOperation7];
+
+        return [
+            ['sequence' => [], 'fileTypeFunnelingClass' => 0],
+            ['sequence' => $sequence1, 'fileTypeFunnelingClass' => 0],
+            ['sequence' => $sequence2, 'fileTypeFunnelingClass' => 0],
+            ['sequence' => $sequence3, 'fileTypeFunnelingClass' => 2],
+            ['sequence' => $sequence4, 'fileTypeFunnelingClass' => 2],
+            ['sequence' => $sequence5, 'fileTypeFunnelingClass' => 2],
+            ['sequence' => $sequence6, 'fileTypeFunnelingClass' => 2],
+            ['sequence' => $sequence7, 'fileTypeFunnelingClass' => 2],
+            ['sequence' => $sequence8, 'fileTypeFunnelingClass' => 1],
+            ['sequence' => $sequence9, 'fileTypeFunnelingClass' => 0],
+            ['sequence' => $sequence10, 'fileTypeFunnelingClass' => 0],
+            ['sequence' => $sequence11, 'fileTypeFunnelingClass' => 0],
+            ['sequence' => $sequence12, 'fileTypeFunnelingClass' => 0],
+            ['sequence' => $sequence13, 'fileTypeFunnelingClass' => 2],
+            ['sequence' => $sequence14, 'fileTypeFunnelingClass' => 0],
+        ];
+    }
+
+    /**
+     * @dataProvider dataAnalyze
+     *
+     * @param array $sequence
+     * @param int   $fileTypeFunnelingClass
+     */
+    public function testAnalyze($sequence, $fileTypeFunnelingClass)
+    {
+        $result = $this->fileTypeFunnellingAnalyzer->analyze($sequence);
+
+        $this->assertEquals($result, $fileTypeFunnelingClass);
+    }
+}