Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/undo-ransomware/ransomware_detection.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorMatthias Held <ilovemilk@wusa.io>2018-09-05 20:03:49 +0300
committerMatthias Held <ilovemilk@wusa.io>2018-09-05 20:03:49 +0300
commita345337c85affcb67d5deb03a170048d81a45a58 (patch)
tree0424a2abd9f495674b362ec79addba3b8bfc201e /tests
parente5158d3d1f5c1a9ce02d1ecacb29a50c7f6c23e5 (diff)
Remove file name analysis
Diffstat (limited to 'tests')
-rw-r--r--tests/Integration/Db/FileOperationMapperTest.php36
-rw-r--r--tests/Integration/Fixtures/FileOperationFixture.php3
-rw-r--r--tests/Unit/Analyzer/FileExtensionAnalyzerTest.php105
-rw-r--r--tests/Unit/Analyzer/FileExtensionResultTest.php51
-rw-r--r--tests/Unit/Analyzer/FileNameAnalyzerTest.php127
-rw-r--r--tests/Unit/Analyzer/FileNameResultTest.php70
-rw-r--r--tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php28
-rw-r--r--tests/Unit/ClassifierTest.php102
-rw-r--r--tests/Unit/Controller/ScanControllerTest.php19
-rw-r--r--tests/Unit/Db/FileOperationTest.php9
-rw-r--r--tests/Unit/MonitorTest.php28
11 files changed, 259 insertions, 319 deletions
diff --git a/tests/Integration/Db/FileOperationMapperTest.php b/tests/Integration/Db/FileOperationMapperTest.php
index 90fd933..33f5239 100644
--- a/tests/Integration/Db/FileOperationMapperTest.php
+++ b/tests/Integration/Db/FileOperationMapperTest.php
@@ -101,9 +101,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.04,
- 'fileNameEntropy' => 4.1,
'fileClass' => 2,
- 'fileNameClass' => 3,
+ 'fileExtensionClass' => 1,
],
[
'userId' => 'john',
@@ -119,9 +118,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.05,
- 'fileNameEntropy' => 3.1,
'fileClass' => 2,
- 'fileNameClass' => 1,
+ 'fileExtensionClass' => 1,
],
];
$this->loadFixtures($fileOperations);
@@ -155,9 +153,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.04,
- 'fileNameEntropy' => 4.1,
'fileClass' => 2,
- 'fileNameClass' => 3,
+ 'fileExtensionClass' => 1,
],
[
'userId' => 'john',
@@ -173,9 +170,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.05,
- 'fileNameEntropy' => 3.1,
'fileClass' => 2,
- 'fileNameClass' => 1,
+ 'fileExtensionClass' => 1,
],
];
$this->loadFixtures($fileOperations);
@@ -202,9 +198,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.04,
- 'fileNameEntropy' => 4.1,
'fileClass' => 2,
- 'fileNameClass' => 3,
+ 'fileExtensionClass' => 1,
],
[
'userId' => 'john',
@@ -220,9 +215,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.05,
- 'fileNameEntropy' => 3.1,
'fileClass' => 2,
- 'fileNameClass' => 1,
+ 'fileExtensionClass' => 1,
],
];
$this->loadFixtures($fileOperations);
@@ -255,9 +249,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.04,
- 'fileNameEntropy' => 4.1,
'fileClass' => 2,
- 'fileNameClass' => 3,
+ 'fileExtensionClass' => 1,
],
[
'userId' => 'john',
@@ -273,9 +266,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.05,
- 'fileNameEntropy' => 3.1,
'fileClass' => 2,
- 'fileNameClass' => 1,
+ 'fileExtensionClass' => 1,
],
];
$this->loadFixtures($fileOperations);
@@ -314,9 +306,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.04,
- 'fileNameEntropy' => 4.1,
'fileClass' => 2,
- 'fileNameClass' => 3,
+ 'fileExtensionClass' => 1,
],
[
'userId' => 'john',
@@ -332,9 +323,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.05,
- 'fileNameEntropy' => 3.1,
'fileClass' => 2,
- 'fileNameClass' => 1,
+ 'fileExtensionClass' => 1,
],
];
$this->loadFixtures($fileOperations);
@@ -359,9 +349,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.04,
- 'fileNameEntropy' => 4.1,
'fileClass' => 2,
- 'fileNameClass' => 3,
+ 'fileExtensionClass' => 1,
],
[
'userId' => 'john',
@@ -377,9 +366,8 @@ class FileOperationMapperTest extends AppTest
'sequence' => 2,
'entropy' => 7.9123595,
'standardDeviation' => 0.05,
- 'fileNameEntropy' => 3.1,
'fileClass' => 2,
- 'fileNameClass' => 1,
+ 'fileExtensionClass' => 1,
],
];
$this->loadFixtures($fileOperations);
diff --git a/tests/Integration/Fixtures/FileOperationFixture.php b/tests/Integration/Fixtures/FileOperationFixture.php
index 1fe02f7..1eb98b5 100644
--- a/tests/Integration/Fixtures/FileOperationFixture.php
+++ b/tests/Integration/Fixtures/FileOperationFixture.php
@@ -44,9 +44,8 @@ class FileOperationFixture extends FileOperation
'sequence' => 1,
'entropy' => 7.9123595,
'standardDeviation' => 0.04,
- 'fileNameEntropy' => 4.1,
'fileClass' => 2,
- 'fileNameClass' => 3,
+ 'fileExtensionClass' => 1,
], $defaults);
$this->fillDefaults($defaults);
}
diff --git a/tests/Unit/Analyzer/FileExtensionAnalyzerTest.php b/tests/Unit/Analyzer/FileExtensionAnalyzerTest.php
new file mode 100644
index 0000000..9812ffd
--- /dev/null
+++ b/tests/Unit/Analyzer/FileExtensionAnalyzerTest.php
@@ -0,0 +1,105 @@
+<?php
+
+/**
+ * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de>
+ * @author Matthias Held <matthias.held@uni-konstanz.de>
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\RansomwareDetection\tests\Unit\Analyzer;
+
+use OCA\RansomwareDetection\Entropy\Entropy;
+use OCA\RansomwareDetection\Analyzer\FileExtensionResult;
+use OCA\RansomwareDetection\FileSignatureList;
+use OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer;
+use OCP\ILogger;
+use Test\TestCase;
+
+class FileExtensionAnalyzerTest extends TestCase
+{
+ /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
+ protected $logger;
+
+ /** @var FileExtensionAnalyzer */
+ protected $fileExtensionAnalyzer;
+
+ public function setUp()
+ {
+ parent::setUp();
+
+ $this->logger = $this->createMock(ILogger::class);
+
+ $this->fileExtensionAnalyzer = new FileExtensionAnalyzer($this->logger);
+ }
+
+ public function dataAnalyze()
+ {
+ return [
+ ['path' => 'file.jpg', 'class' => FileExtensionResult::NOT_SUSPICIOUS],
+ ['path' => 'file.unknown', 'class' => FileExtensionResult::SUSPICIOUS],
+ ['path' => 'file.jpg', 'class' => FileExtensionResult::NOT_SUSPICIOUS],
+ ['path' => 'file.jpg1', 'class' => FileExtensionResult::SUSPICIOUS],
+ ];
+ }
+
+ /**
+ * @dataProvider dataAnalyze
+ *
+ * @param string $path
+ * @param int $class
+ */
+ public function testAnalyze($path, $class)
+ {
+ $result = $this->fileExtensionAnalyzer->analyze($path);
+ $this->assertInstanceOf(FileExtensionResult::class, $result);
+ $this->assertEquals($result->getFileExtensionClass(), $class);
+ }
+
+ public function dataIsFileExtensionKnown()
+ {
+ $signatures = FileSignatureList::getSignatures();
+ $extensions = [];
+ foreach ($signatures as $signature) {
+ foreach ($signature['extension'] as $extension) {
+ $extensions[] = $extension;
+ }
+ }
+ $tests = [];
+
+ foreach ($extensions as $extension) {
+ $tests[] = [$extension, true];
+ }
+ $tests[] = ['WNCRY', false];
+
+ return $tests;
+ }
+
+ /**
+ * @dataProvider dataIsFileExtensionKnown
+ *
+ * @param string $extension
+ * @param bool $return
+ */
+ public function testIsFileExtensionKnown($extension, $return)
+ {
+ $this->assertEquals($this->invokePrivate($this->fileExtensionAnalyzer, 'isFileExtensionKnown', [$extension]), $return);
+ }
+
+ public function testGetFileExtension()
+ {
+ $this->assertEquals($this->invokePrivate($this->fileExtensionAnalyzer, 'getFileExtension', ['filename.extension']), 'extension');
+ }
+}
diff --git a/tests/Unit/Analyzer/FileExtensionResultTest.php b/tests/Unit/Analyzer/FileExtensionResultTest.php
new file mode 100644
index 0000000..7f6ad0e
--- /dev/null
+++ b/tests/Unit/Analyzer/FileExtensionResultTest.php
@@ -0,0 +1,51 @@
+<?php
+
+/**
+ * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de>
+ * @author Matthias Held <matthias.held@uni-konstanz.de>
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\RansomwareDetection\tests\Unit\Analyzer;
+
+use OCA\RansomwareDetection\Analyzer\FileExtensionResult;
+use Test\TestCase;
+
+class FileExtensionResultTest extends TestCase
+{
+ /** @var FileExtensionResult */
+ protected $fileExtensioneResult;
+
+ public function setUp()
+ {
+ parent::setUp();
+
+ $this->fileExtensioneResult = new FileExtensionResult(FileExtensionResult::NOT_SUSPICIOUS);
+ }
+
+ public function testConstruct()
+ {
+ $this->assertEquals($this->fileExtensioneResult->getFileExtensionClass(), FileExtensionResult::NOT_SUSPICIOUS);
+ }
+
+ public function testFileNameClass()
+ {
+ $this->fileExtensioneResult->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
+ $this->assertEquals($this->fileExtensioneResult->getFileExtensionClass(), FileExtensionResult::NOT_SUSPICIOUS);
+ $this->fileExtensioneResult->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
+ $this->assertEquals($this->fileExtensioneResult->getFileExtensionClass(), FileExtensionResult::SUSPICIOUS);
+ }
+}
diff --git a/tests/Unit/Analyzer/FileNameAnalyzerTest.php b/tests/Unit/Analyzer/FileNameAnalyzerTest.php
deleted file mode 100644
index c76ce5e..0000000
--- a/tests/Unit/Analyzer/FileNameAnalyzerTest.php
+++ /dev/null
@@ -1,127 +0,0 @@
-<?php
-
-/**
- * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de>
- * @author Matthias Held <matthias.held@uni-konstanz.de>
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-namespace OCA\RansomwareDetection\tests\Unit\Analyzer;
-
-use OCA\RansomwareDetection\Entropy\Entropy;
-use OCA\RansomwareDetection\Analyzer\FileNameResult;
-use OCA\RansomwareDetection\FileSignatureList;
-use OCA\RansomwareDetection\Analyzer\FileNameAnalyzer;
-use OCP\ILogger;
-use Test\TestCase;
-
-class FileNameAnalyzerTest extends TestCase
-{
- /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */
- protected $logger;
-
- /** @var Entropy|\PHPUnit_Framework_MockObject_MockObject */
- protected $entropy;
-
- /** @var FileNameAnalyzer */
- protected $fileNameAnalyzer;
-
- public function setUp()
- {
- parent::setUp();
-
- $this->logger = $this->createMock(ILogger::class);
- $this->entropy = $this->createMock(Entropy::class);
-
- $this->fileNameAnalyzer = new FileNameAnalyzer($this->logger, $this->entropy);
- }
-
- public function dataAnalyze()
- {
- return [
- ['path' => 'file.jpg', 'class' => FileNameResult::NORMAL, 'isFileExtensionKnown' => true, 'entropyOfFileName' => 1.0],
- ['path' => 'file.unknown', 'class' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'isFileExtensionKnown' => false, 'entropyOfFileName' => 1.0],
- ['path' => 'file.jpg', 'class' => FileNameResult::SUSPICIOUS_FILE_NAME, 'isFileExtensionKnown' => true, 'entropyOfFileName' => 6.0],
- ['path' => 'file.unknown', 'class' => FileNameResult::SUSPICIOUS, 'isFileExtensionKnown' => false, 'entropyOfFileName' => 6.0],
- ];
- }
-
- /**
- * @dataProvider dataAnalyze
- *
- * @param string $path
- * @param int $class
- * @param bool $isFileExtensionKnown
- * @param float $entropyOfFileName
- */
- public function testAnalyze($path, $class, $isFileExtensionKnown, $entropyOfFileName)
- {
- $this->entropy->method('calculateEntropy')
- ->willReturn($entropyOfFileName);
- $result = $this->fileNameAnalyzer->analyze($path);
- $this->assertInstanceOf(FileNameResult::class, $result);
- $this->assertEquals($result->getFileNameClass(), $class);
- $this->assertEquals($result->isFileExtensionKnown(), $isFileExtensionKnown);
- $this->assertEquals($result->getEntropyOfFileName(), $entropyOfFileName);
- }
-
- public function dataIsFileExtensionKnown()
- {
- $signatures = FileSignatureList::getSignatures();
- $extensions = [];
- foreach ($signatures as $signature) {
- foreach ($signature['extension'] as $extension) {
- $extensions[] = $extension;
- }
- }
- $tests = [];
-
- foreach ($extensions as $extension) {
- $tests[] = [$extension, true];
- }
- $tests[] = ['WNCRY', false];
-
- return $tests;
- }
-
- /**
- * @dataProvider dataIsFileExtensionKnown
- *
- * @param string $extension
- * @param bool $return
- */
- public function testIsFileExtensionKnown($extension, $return)
- {
- $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'isFileExtensionKnown', [$extension]), $return);
- }
-
- public function testGetFileName()
- {
- $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'getFileName', ['/test/filename.extension']), 'filename.extension');
- }
-
- public function testGetFileExtension()
- {
- $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'getFileExtension', ['filename.extension']), 'extension');
- }
-
- public function testCalculateEntropyOfFileName()
- {
- $this->entropy->method('calculateEntropy')
- ->willReturn('6.00');
- $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'calculateEntropyOfFileName', ['filename.extension']), '6.00');
- }
-}
diff --git a/tests/Unit/Analyzer/FileNameResultTest.php b/tests/Unit/Analyzer/FileNameResultTest.php
deleted file mode 100644
index 5bf5a16..0000000
--- a/tests/Unit/Analyzer/FileNameResultTest.php
+++ /dev/null
@@ -1,70 +0,0 @@
-<?php
-
-/**
- * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de>
- * @author Matthias Held <matthias.held@uni-konstanz.de>
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <https://www.gnu.org/licenses/>.
- */
-
-namespace OCA\RansomwareDetection\tests\Unit\Analyzer;
-
-use OCA\RansomwareDetection\Analyzer\FileNameResult;
-use Test\TestCase;
-
-class FileNameResultTest extends TestCase
-{
- /** @var FileNameResult */
- protected $fileNameResult;
-
- public function setUp()
- {
- parent::setUp();
-
- $this->fileNameResult = new FileNameResult(FileNameResult::NORMAL, true, 3.0);
- }
-
- public function testConstruct()
- {
- $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::NORMAL);
- $this->assertEquals($this->fileNameResult->isFileExtensionKnown(), true);
- $this->assertEquals($this->fileNameResult->getEntropyOfFileName(), 3.0);
- }
-
- public function testFileNameClass()
- {
- $this->fileNameResult->setFileNameClass(FileNameResult::SUSPICIOUS_FILE_EXTENSION);
- $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::SUSPICIOUS_FILE_EXTENSION);
- $this->fileNameResult->setFileNameClass(FileNameResult::SUSPICIOUS_FILE_NAME);
- $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::SUSPICIOUS_FILE_NAME);
- $this->fileNameResult->setFileNameClass(FileNameResult::SUSPICIOUS);
- $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::SUSPICIOUS);
- }
-
- public function testIsFileExtensionKnown()
- {
- $this->fileNameResult->setFileExtensionKnown(true);
- $this->assertEquals($this->fileNameResult->isFileExtensionKnown(), true);
- $this->fileNameResult->setFileExtensionKnown(false);
- $this->assertEquals($this->fileNameResult->isFileExtensionKnown(), false);
- }
-
- public function testEntropyOfFileName()
- {
- $this->assertEquals($this->fileNameResult->getEntropyOfFileName(), 3.0);
- $this->fileNameResult->setEntropyOfFileName(3.1);
- $this->assertEquals($this->fileNameResult->getEntropyOfFileName(), 3.1);
- }
-}
diff --git a/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php b/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php
index 33e4cc0..e2e0bc1 100644
--- a/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php
+++ b/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php
@@ -23,7 +23,7 @@ namespace OCA\RansomwareDetection\tests\Unit\Analyzer;
use OCA\RansomwareDetection\Monitor;
use OCA\RansomwareDetection\Analyzer\FileTypeFunnellingAnalyzer;
-use OCA\RansomwareDetection\Analyzer\FileNameResult;
+use OCA\RansomwareDetection\Analyzer\FileExtensionResult;
use OCA\RansomwareDetection\Db\FileOperation;
use Test\TestCase;
@@ -44,91 +44,91 @@ class FileTypeFunnellingAnalyzerTest extends TestCase
$fileOperation1 = new FileOperation();
$fileOperation1->setCommand(Monitor::WRITE);
$fileOperation1->setOriginalName('file.unknown');
- $fileOperation1->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation1->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation1->setCorrupted(false);
$fileOperation1->setType('file');
$fileOperation11 = new FileOperation();
$fileOperation11->setCommand(Monitor::WRITE);
$fileOperation11->setOriginalName('file.unknown1');
- $fileOperation11->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation11->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation11->setCorrupted(false);
$fileOperation11->setType('file');
$fileOperation12 = new FileOperation();
$fileOperation12->setCommand(Monitor::WRITE);
$fileOperation12->setOriginalName('file.unknown2');
- $fileOperation12->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation12->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation12->setCorrupted(false);
$fileOperation12->setType('file');
$fileOperation13 = new FileOperation();
$fileOperation13->setCommand(Monitor::WRITE);
$fileOperation13->setOriginalName('file.unknown3');
- $fileOperation13->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation13->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation13->setCorrupted(false);
$fileOperation13->setType('file');
$fileOperation14 = new FileOperation();
$fileOperation14->setCommand(Monitor::WRITE);
$fileOperation14->setOriginalName('file.unknown4');
- $fileOperation14->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation14->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation14->setCorrupted(false);
$fileOperation14->setType('file');
$fileOperation15 = new FileOperation();
$fileOperation15->setCommand(Monitor::WRITE);
$fileOperation15->setOriginalName('file.unknown5');
- $fileOperation15->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation15->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation15->setCorrupted(false);
$fileOperation15->setType('file');
$fileOperation16 = new FileOperation();
$fileOperation16->setCommand(Monitor::WRITE);
$fileOperation16->setOriginalName('file.unknown6');
- $fileOperation16->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation16->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation16->setCorrupted(false);
$fileOperation16->setType('file');
$fileOperation2 = new FileOperation();
$fileOperation2->setCommand(Monitor::WRITE);
$fileOperation2->setOriginalName('file.csv');
- $fileOperation2->setFileNameClass(FileNameResult::NORMAL);
+ $fileOperation2->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
$fileOperation2->setCorrupted(false);
$fileOperation2->setType('file');
$fileOperation3 = new FileOperation();
$fileOperation3->setCommand(Monitor::WRITE);
$fileOperation3->setOriginalName('file.csv');
- $fileOperation3->setFileNameClass(FileNameResult::NORMAL);
+ $fileOperation3->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
$fileOperation3->setCorrupted(true);
$fileOperation3->setType('file');
$fileOperation4 = new FileOperation();
$fileOperation4->setCommand(Monitor::RENAME);
$fileOperation4->setOriginalName('file.csv');
- $fileOperation4->setFileNameClass(FileNameResult::NORMAL);
+ $fileOperation4->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
$fileOperation4->setCorrupted(true);
$fileOperation4->setType('file');
$fileOperation5 = new FileOperation();
$fileOperation5->setCommand(Monitor::DELETE);
$fileOperation5->setOriginalName('file.csv');
- $fileOperation5->setFileNameClass(FileNameResult::NORMAL);
+ $fileOperation5->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
$fileOperation5->setCorrupted(true);
$fileOperation5->setType('file');
$fileOperation6 = new FileOperation();
$fileOperation6->setCommand(100);
$fileOperation6->setOriginalName('file.csv');
- $fileOperation6->setFileNameClass(FileNameResult::NORMAL);
+ $fileOperation6->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
$fileOperation6->setCorrupted(true);
$fileOperation6->setType('file');
$fileOperation7 = new FileOperation();
$fileOperation7->setCommand(Monitor::READ);
$fileOperation7->setOriginalName('file.unknown');
- $fileOperation7->setFileNameClass(FileNameResult::SUSPICIOUS);
+ $fileOperation7->setFileExtensionClass(FileExtensionResult::SUSPICIOUS);
$fileOperation7->setCorrupted(false);
$fileOperation7->setType('file');
// not a sequence
diff --git a/tests/Unit/ClassifierTest.php b/tests/Unit/ClassifierTest.php
index e9b7f38..43b9dcd 100644
--- a/tests/Unit/ClassifierTest.php
+++ b/tests/Unit/ClassifierTest.php
@@ -23,7 +23,7 @@ namespace OCA\RansomwareDetection\tests\Unit;
use OCA\RansomwareDetection\Monitor;
use OCA\RansomwareDetection\Analyzer\EntropyResult;
-use OCA\RansomwareDetection\Analyzer\FileNameResult;
+use OCA\RansomwareDetection\Analyzer\FileExtensionResult;
use OCA\RansomwareDetection\Classifier;
use OCA\RansomwareDetection\Db\FileOperationMapper;
use OCA\RansomwareDetection\Service\FileOperationService;
@@ -59,54 +59,52 @@ class ClassifierTest extends TestCase
public function dataClassifyFile()
{
return [
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
- ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
+ ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS],
];
}
@@ -115,15 +113,15 @@ class ClassifierTest extends TestCase
*
* @param int $command
* @param int $fileClass
- * @param int $fileNameClass
+ * @param int $fileExtensionClass
* @param int $suspicionClass
*/
- public function testClassifyFile($command, $fileClass, $fileNameClass, $suspicionClass)
+ public function testClassifyFile($command, $fileClass, $fileExtensionClass, $suspicionClass)
{
$fileOperation = new FileOperation();
$fileOperation->setCommand($command);
$fileOperation->setFileClass($fileClass);
- $fileOperation->setFileNameClass($fileNameClass);
+ $fileOperation->setFileExtensionClass($fileExtensionClass);
$result = $this->classifier->classifyFile($fileOperation);
$this->assertEquals($result->getSuspicionClass(), $suspicionClass);
diff --git a/tests/Unit/Controller/ScanControllerTest.php b/tests/Unit/Controller/ScanControllerTest.php
index 30a6e62..6c971c3 100644
--- a/tests/Unit/Controller/ScanControllerTest.php
+++ b/tests/Unit/Controller/ScanControllerTest.php
@@ -31,8 +31,8 @@ use OCA\RansomwareDetection\Analyzer\EntropyFunnellingAnalyzer;
use OCA\RansomwareDetection\Analyzer\EntropyAnalyzer;
use OCA\RansomwareDetection\Analyzer\EntropyResult;
use OCA\RansomwareDetection\Analyzer\FileCorruptionAnalyzer;
-use OCA\RansomwareDetection\Analyzer\FileNameAnalyzer;
-use OCA\RansomwareDetection\Analyzer\FileNameResult;
+use OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer;
+use OCA\RansomwareDetection\Analyzer\FileExtensionResult;
use OCA\RansomwareDetection\AppInfo\Application;
use OCA\RansomwareDetection\Controller\ScanController;
use OCA\RansomwareDetection\Db\FileOperation;
@@ -86,8 +86,8 @@ class ScanControllerTest extends TestCase
/** @var FileCorruptionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */
protected $fileCorruptionAnalyzer;
- /** @var FileNameAnalyzer|\PHPUnit_Framework_MockObject_MockObject */
- protected $fileNameAnalyzer;
+ /** @var FileExtensionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */
+ protected $fileExtensionAnalyzer;
/** @var IDBConnection|\PHPUnit_Framework_MockObject_MockObject */
protected $connection;
@@ -139,7 +139,7 @@ class ScanControllerTest extends TestCase
$this->fileCorruptionAnalyzer = $this->getMockBuilder('OCA\RansomwareDetection\Analyzer\FileCorruptionAnalyzer')
->setConstructorArgs([$this->logger, $rootFolder, $this->userId])
->getMock();
- $this->fileNameAnalyzer = $this->getMockBuilder('OCA\RansomwareDetection\Analyzer\FileNameAnalyzer')
+ $this->fileExtensionAnalyzer = $this->getMockBuilder('OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer')
->setConstructorArgs([$this->logger, $entropy])
->getMock();
}
@@ -173,7 +173,7 @@ class ScanControllerTest extends TestCase
$controller = $this->getMockBuilder(ScanController::class)
->setConstructorArgs(['ransomware_detection', $this->request, $this->userSession, $this->config, $this->classifier,
$this->logger, $this->folder, $this->service, $this->sequenceAnalyzer, $this->entropyAnalyzer,
- $this->fileCorruptionAnalyzer, $this->fileNameAnalyzer, $this->connection, $this->userId])
+ $this->fileCorruptionAnalyzer, $this->fileExtensionAnalyzer, $this->connection, $this->userId])
->setMethods(['deleteFromStorage', 'restoreFromTrashbin'])
->getMock();
@@ -195,7 +195,7 @@ class ScanControllerTest extends TestCase
$controller = $this->getMockBuilder(ScanController::class)
->setConstructorArgs(['ransomware_detection', $this->request, $this->userSession, $this->config, $this->classifier,
$this->logger, $this->folder, $this->service, $this->sequenceAnalyzer, $this->entropyAnalyzer,
- $this->fileCorruptionAnalyzer, $this->fileNameAnalyzer, $this->connection, $this->userId])
+ $this->fileCorruptionAnalyzer, $this->fileExtensionAnalyzer, $this->connection, $this->userId])
->setMethods(['getStorageStructure', 'getTrashStorageStructure', 'getLastActivity'])
->getMock();
@@ -231,9 +231,8 @@ class ScanControllerTest extends TestCase
$fileOperation1->setSequence(1);
$fileOperation1->setEntropy(7.9);
$fileOperation1->setStandardDeviation(0.1);
- $fileOperation1->setFileNameEntropy(4.0);
$fileOperation1->setFileClass(EntropyResult::NORMAL);
- $fileOperation1->setFileNameClass(FileNameResult::NORMAL);
+ $fileOperation1->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS);
$fileOperation1->setSuspicionClass(Classifier::HIGH_LEVEL_OF_SUSPICION);
$sequenceResult = new SequenceResult(1, 0.0, 1.1, 2.2, 4.5, []);
@@ -257,7 +256,7 @@ class ScanControllerTest extends TestCase
$controller = $this->getMockBuilder(ScanController::class)
->setConstructorArgs(['ransomware_detection', $this->request, $this->userSession, $this->config, $this->classifier,
$this->logger, $this->folder, $this->service, $this->sequenceAnalyzer, $this->entropyAnalyzer,
- $this->fileCorruptionAnalyzer, $this->fileNameAnalyzer, $this->connection, $this->userId])
+ $this->fileCorruptionAnalyzer, $this->fileExtensionAnalyzer, $this->connection, $this->userId])
->setMethods(['getLastActivity', 'buildFileOperation'])
->getMock();
diff --git a/tests/Unit/Db/FileOperationTest.php b/tests/Unit/Db/FileOperationTest.php
index 9a86ea9..d5581cb 100644
--- a/tests/Unit/Db/FileOperationTest.php
+++ b/tests/Unit/Db/FileOperationTest.php
@@ -23,7 +23,7 @@ namespace OCA\RansomwareDetection\tests\Unit\Db;
use OCA\RansomwareDetection\Monitor;
use OCA\RansomwareDetection\Analyzer\EntropyResult;
-use OCA\RansomwareDetection\Analyzer\FileNameResult;
+use OCA\RansomwareDetection\Analyzer\FileExtensionResult;
use OCA\RansomwareDetection\Classifier;
use OCA\RansomwareDetection\Db\FileOperation;
use Test\TestCase;
@@ -59,14 +59,11 @@ class FileOperationTest extends TestCase
['field' => 'sequence', 'value' => 1],
['field' => 'entropy', 'value' => 7.99],
['field' => 'standardDeviation', 'value' => 0.004],
- ['field' => 'fileNameEntropy', 'value' => 4.0],
['field' => 'fileClass', 'value' => EntropyResult::NORMAL],
['field' => 'fileClass', 'value' => EntropyResult::ENCRYPTED],
['field' => 'fileClass', 'value' => EntropyResult::COMPRESSED],
- ['field' => 'fileNameClass', 'value' => FileNameResult::NORMAL],
- ['field' => 'fileNameClass', 'value' => FileNameResult::SUSPICIOUS_FILE_EXTENSION],
- ['field' => 'fileNameClass', 'value' => FileNameResult::SUSPICIOUS_FILE_NAME],
- ['field' => 'fileNameClass', 'value' => FileNameResult::SUSPICIOUS],
+ ['field' => 'fileExtensionClass', 'value' => FileExtensionResult::NOT_SUSPICIOUS],
+ ['field' => 'fileExtensionClass', 'value' => FileExtensionResult::SUSPICIOUS],
['field' => 'suspicionClass', 'value' => Classifier::NO_INFORMATION],
['field' => 'suspicionClass', 'value' => Classifier::NOT_SUSPICIOUS],
['field' => 'suspicionClass', 'value' => Classifier::MIDDLE_LEVEL_OF_SUSPICION],
diff --git a/tests/Unit/MonitorTest.php b/tests/Unit/MonitorTest.php
index 6047729..50daee7 100644
--- a/tests/Unit/MonitorTest.php
+++ b/tests/Unit/MonitorTest.php
@@ -23,8 +23,8 @@ namespace OCA\RansomwareDetection\tests\Unit;
use OCA\RansomwareDetection\Monitor;
use OCA\RansomwareDetection\Analyzer\EntropyAnalyzer;
-use OCA\RansomwareDetection\Analyzer\FileNameAnalyzer;
-use OCA\RansomwareDetection\Analyzer\FileNameResult;
+use OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer;
+use OCA\RansomwareDetection\Analyzer\FileExtensionResult;
use OCA\RansomwareDetection\Analyzer\FileCorruptionAnalyzer;
use OCA\RansomwareDetection\Analyzer\FileCorruptionResult;
use OCA\RansomwareDetection\Analyzer\EntropyResult;
@@ -69,8 +69,8 @@ class MonitorTest extends TestCase
/** @var FileOperationMapper|\PHPUnit_Framework_MockObject_MockObject */
protected $mapper;
- /** @var FileNameAnalyzer|\PHPUnit_Framework_MockObject_MockObject */
- protected $fileNameAnalyzer;
+ /** @var FileExtensionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */
+ protected $fileExtensionAnalyzer;
/** @var FileCorruptionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */
protected $fileCorruptionAnalyzer;
@@ -90,7 +90,7 @@ class MonitorTest extends TestCase
$this->rootFolder = $this->createMock(IRootFolder::class);
$this->entropyAnalyzer = $this->createMock(EntropyAnalyzer::class);
$this->mapper = $this->createMock(FileOperationMapper::class);
- $this->fileNameAnalyzer = $this->createMock(FileNameAnalyzer::class);
+ $this->fileExtensionAnalyzer = $this->createMock(FileExtensionAnalyzer::class);
$this->fileCorruptionAnalyzer = $this->createMock(FileCorruptionAnalyzer::class);
}
@@ -120,7 +120,7 @@ class MonitorTest extends TestCase
$monitor = $this->getMockBuilder(Monitor::class)
->setConstructorArgs([$this->request, $this->config, $this->time,
$this->appManager, $this->logger, $this->rootFolder,
- $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer,
+ $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer,
$this->fileCorruptionAnalyzer, $this->userId])
->setMethods(['isUploadedFile', 'isCreatingSkeletonFiles', 'classifySequence', 'resetProfindCount', 'triggerAsyncAnalysis'])
->getMock();
@@ -150,10 +150,10 @@ class MonitorTest extends TestCase
$this->entropyAnalyzer->method('analyze')
->willReturn($entropyResult);
- $fileNameResult = new FileNameResult(FileNameResult::NORMAL, true, 4.0);
+ $fileExtensionResult = new FileExtensionResult(FileExtensionResult::NOT_SUSPICIOUS, true, 4.0);
- $this->fileNameAnalyzer->method('analyze')
- ->willReturn($fileNameResult);
+ $this->fileExtensionAnalyzer->method('analyze')
+ ->willReturn($fileExtensionResult);
$this->request->method('isUserAgent')
->willReturn($userAgent);
@@ -203,7 +203,7 @@ class MonitorTest extends TestCase
$monitor = $this->getMockBuilder(Monitor::class)
->setConstructorArgs([$this->request, $this->config, $this->time,
$this->appManager, $this->logger, $this->rootFolder,
- $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer,
+ $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer,
$this->fileCorruptionAnalyzer, $this->userId])
->setMethods(['isUploadedFile', 'isCreatingSkeletonFiles', 'triggerAsyncAnalysis', 'resetProfindCount'])
->getMock();
@@ -280,7 +280,7 @@ class MonitorTest extends TestCase
$monitor = new Monitor($this->request, $this->config, $this->time,
$this->appManager, $this->logger, $this->rootFolder,
- $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer,
+ $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer,
$this->fileCorruptionAnalyzer, $this->userId);
$node = $this->createMock(File::class);
@@ -324,7 +324,7 @@ class MonitorTest extends TestCase
$monitor = new Monitor($this->request, $this->config, $this->time,
$this->appManager, $this->logger, $this->rootFolder,
- $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer,
+ $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer,
$this->fileCorruptionAnalyzer, $this->userId);
$node = $this->createMock(Folder::class);
@@ -367,7 +367,7 @@ class MonitorTest extends TestCase
{
$monitor = new Monitor($this->request, $this->config, $this->time,
$this->appManager, $this->logger, $this->rootFolder,
- $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer,
+ $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer,
$this->fileCorruptionAnalyzer, $this->userId);
$isUploadedFile = self::getMethod('isUploadedFile');
@@ -379,7 +379,7 @@ class MonitorTest extends TestCase
{
$monitor = new Monitor($this->request, $this->config, $this->time,
$this->appManager, $this->logger, $this->rootFolder,
- $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer,
+ $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer,
$this->fileCorruptionAnalyzer, $this->userId);
$isCreateingSkeletonFiles = self::getMethod('isCreatingSkeletonFiles');
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-14 08:06:12 +0300