diff options
author | Matthias Held <ilovemilk@wusa.io> | 2018-09-05 20:03:49 +0300 |
---|---|---|
committer | Matthias Held <ilovemilk@wusa.io> | 2018-09-05 20:03:49 +0300 |
commit | a345337c85affcb67d5deb03a170048d81a45a58 (patch) | |
tree | 0424a2abd9f495674b362ec79addba3b8bfc201e /tests | |
parent | e5158d3d1f5c1a9ce02d1ecacb29a50c7f6c23e5 (diff) |
Remove file name analysis
Diffstat (limited to 'tests')
-rw-r--r-- | tests/Integration/Db/FileOperationMapperTest.php | 36 | ||||
-rw-r--r-- | tests/Integration/Fixtures/FileOperationFixture.php | 3 | ||||
-rw-r--r-- | tests/Unit/Analyzer/FileExtensionAnalyzerTest.php | 105 | ||||
-rw-r--r-- | tests/Unit/Analyzer/FileExtensionResultTest.php | 51 | ||||
-rw-r--r-- | tests/Unit/Analyzer/FileNameAnalyzerTest.php | 127 | ||||
-rw-r--r-- | tests/Unit/Analyzer/FileNameResultTest.php | 70 | ||||
-rw-r--r-- | tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php | 28 | ||||
-rw-r--r-- | tests/Unit/ClassifierTest.php | 102 | ||||
-rw-r--r-- | tests/Unit/Controller/ScanControllerTest.php | 19 | ||||
-rw-r--r-- | tests/Unit/Db/FileOperationTest.php | 9 | ||||
-rw-r--r-- | tests/Unit/MonitorTest.php | 28 |
11 files changed, 259 insertions, 319 deletions
diff --git a/tests/Integration/Db/FileOperationMapperTest.php b/tests/Integration/Db/FileOperationMapperTest.php index 90fd933..33f5239 100644 --- a/tests/Integration/Db/FileOperationMapperTest.php +++ b/tests/Integration/Db/FileOperationMapperTest.php @@ -101,9 +101,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.04, - 'fileNameEntropy' => 4.1, 'fileClass' => 2, - 'fileNameClass' => 3, + 'fileExtensionClass' => 1, ], [ 'userId' => 'john', @@ -119,9 +118,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.05, - 'fileNameEntropy' => 3.1, 'fileClass' => 2, - 'fileNameClass' => 1, + 'fileExtensionClass' => 1, ], ]; $this->loadFixtures($fileOperations); @@ -155,9 +153,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.04, - 'fileNameEntropy' => 4.1, 'fileClass' => 2, - 'fileNameClass' => 3, + 'fileExtensionClass' => 1, ], [ 'userId' => 'john', @@ -173,9 +170,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.05, - 'fileNameEntropy' => 3.1, 'fileClass' => 2, - 'fileNameClass' => 1, + 'fileExtensionClass' => 1, ], ]; $this->loadFixtures($fileOperations); @@ -202,9 +198,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.04, - 'fileNameEntropy' => 4.1, 'fileClass' => 2, - 'fileNameClass' => 3, + 'fileExtensionClass' => 1, ], [ 'userId' => 'john', @@ -220,9 +215,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.05, - 'fileNameEntropy' => 3.1, 'fileClass' => 2, - 'fileNameClass' => 1, + 'fileExtensionClass' => 1, ], ]; $this->loadFixtures($fileOperations); @@ -255,9 +249,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.04, - 'fileNameEntropy' => 4.1, 'fileClass' => 2, - 'fileNameClass' => 3, + 'fileExtensionClass' => 1, ], [ 'userId' => 'john', @@ -273,9 +266,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.05, - 'fileNameEntropy' => 3.1, 'fileClass' => 2, - 'fileNameClass' => 1, + 'fileExtensionClass' => 1, ], ]; $this->loadFixtures($fileOperations); @@ -314,9 +306,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.04, - 'fileNameEntropy' => 4.1, 'fileClass' => 2, - 'fileNameClass' => 3, + 'fileExtensionClass' => 1, ], [ 'userId' => 'john', @@ -332,9 +323,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.05, - 'fileNameEntropy' => 3.1, 'fileClass' => 2, - 'fileNameClass' => 1, + 'fileExtensionClass' => 1, ], ]; $this->loadFixtures($fileOperations); @@ -359,9 +349,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.04, - 'fileNameEntropy' => 4.1, 'fileClass' => 2, - 'fileNameClass' => 3, + 'fileExtensionClass' => 1, ], [ 'userId' => 'john', @@ -377,9 +366,8 @@ class FileOperationMapperTest extends AppTest 'sequence' => 2, 'entropy' => 7.9123595, 'standardDeviation' => 0.05, - 'fileNameEntropy' => 3.1, 'fileClass' => 2, - 'fileNameClass' => 1, + 'fileExtensionClass' => 1, ], ]; $this->loadFixtures($fileOperations); diff --git a/tests/Integration/Fixtures/FileOperationFixture.php b/tests/Integration/Fixtures/FileOperationFixture.php index 1fe02f7..1eb98b5 100644 --- a/tests/Integration/Fixtures/FileOperationFixture.php +++ b/tests/Integration/Fixtures/FileOperationFixture.php @@ -44,9 +44,8 @@ class FileOperationFixture extends FileOperation 'sequence' => 1, 'entropy' => 7.9123595, 'standardDeviation' => 0.04, - 'fileNameEntropy' => 4.1, 'fileClass' => 2, - 'fileNameClass' => 3, + 'fileExtensionClass' => 1, ], $defaults); $this->fillDefaults($defaults); } diff --git a/tests/Unit/Analyzer/FileExtensionAnalyzerTest.php b/tests/Unit/Analyzer/FileExtensionAnalyzerTest.php new file mode 100644 index 0000000..9812ffd --- /dev/null +++ b/tests/Unit/Analyzer/FileExtensionAnalyzerTest.php @@ -0,0 +1,105 @@ +<?php + +/** + * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de> + * @author Matthias Held <matthias.held@uni-konstanz.de> + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\RansomwareDetection\tests\Unit\Analyzer; + +use OCA\RansomwareDetection\Entropy\Entropy; +use OCA\RansomwareDetection\Analyzer\FileExtensionResult; +use OCA\RansomwareDetection\FileSignatureList; +use OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer; +use OCP\ILogger; +use Test\TestCase; + +class FileExtensionAnalyzerTest extends TestCase +{ + /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */ + protected $logger; + + /** @var FileExtensionAnalyzer */ + protected $fileExtensionAnalyzer; + + public function setUp() + { + parent::setUp(); + + $this->logger = $this->createMock(ILogger::class); + + $this->fileExtensionAnalyzer = new FileExtensionAnalyzer($this->logger); + } + + public function dataAnalyze() + { + return [ + ['path' => 'file.jpg', 'class' => FileExtensionResult::NOT_SUSPICIOUS], + ['path' => 'file.unknown', 'class' => FileExtensionResult::SUSPICIOUS], + ['path' => 'file.jpg', 'class' => FileExtensionResult::NOT_SUSPICIOUS], + ['path' => 'file.jpg1', 'class' => FileExtensionResult::SUSPICIOUS], + ]; + } + + /** + * @dataProvider dataAnalyze + * + * @param string $path + * @param int $class + */ + public function testAnalyze($path, $class) + { + $result = $this->fileExtensionAnalyzer->analyze($path); + $this->assertInstanceOf(FileExtensionResult::class, $result); + $this->assertEquals($result->getFileExtensionClass(), $class); + } + + public function dataIsFileExtensionKnown() + { + $signatures = FileSignatureList::getSignatures(); + $extensions = []; + foreach ($signatures as $signature) { + foreach ($signature['extension'] as $extension) { + $extensions[] = $extension; + } + } + $tests = []; + + foreach ($extensions as $extension) { + $tests[] = [$extension, true]; + } + $tests[] = ['WNCRY', false]; + + return $tests; + } + + /** + * @dataProvider dataIsFileExtensionKnown + * + * @param string $extension + * @param bool $return + */ + public function testIsFileExtensionKnown($extension, $return) + { + $this->assertEquals($this->invokePrivate($this->fileExtensionAnalyzer, 'isFileExtensionKnown', [$extension]), $return); + } + + public function testGetFileExtension() + { + $this->assertEquals($this->invokePrivate($this->fileExtensionAnalyzer, 'getFileExtension', ['filename.extension']), 'extension'); + } +} diff --git a/tests/Unit/Analyzer/FileExtensionResultTest.php b/tests/Unit/Analyzer/FileExtensionResultTest.php new file mode 100644 index 0000000..7f6ad0e --- /dev/null +++ b/tests/Unit/Analyzer/FileExtensionResultTest.php @@ -0,0 +1,51 @@ +<?php + +/** + * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de> + * @author Matthias Held <matthias.held@uni-konstanz.de> + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/>. + */ + +namespace OCA\RansomwareDetection\tests\Unit\Analyzer; + +use OCA\RansomwareDetection\Analyzer\FileExtensionResult; +use Test\TestCase; + +class FileExtensionResultTest extends TestCase +{ + /** @var FileExtensionResult */ + protected $fileExtensioneResult; + + public function setUp() + { + parent::setUp(); + + $this->fileExtensioneResult = new FileExtensionResult(FileExtensionResult::NOT_SUSPICIOUS); + } + + public function testConstruct() + { + $this->assertEquals($this->fileExtensioneResult->getFileExtensionClass(), FileExtensionResult::NOT_SUSPICIOUS); + } + + public function testFileNameClass() + { + $this->fileExtensioneResult->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS); + $this->assertEquals($this->fileExtensioneResult->getFileExtensionClass(), FileExtensionResult::NOT_SUSPICIOUS); + $this->fileExtensioneResult->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); + $this->assertEquals($this->fileExtensioneResult->getFileExtensionClass(), FileExtensionResult::SUSPICIOUS); + } +} diff --git a/tests/Unit/Analyzer/FileNameAnalyzerTest.php b/tests/Unit/Analyzer/FileNameAnalyzerTest.php deleted file mode 100644 index c76ce5e..0000000 --- a/tests/Unit/Analyzer/FileNameAnalyzerTest.php +++ /dev/null @@ -1,127 +0,0 @@ -<?php - -/** - * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de> - * @author Matthias Held <matthias.held@uni-konstanz.de> - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <https://www.gnu.org/licenses/>. - */ - -namespace OCA\RansomwareDetection\tests\Unit\Analyzer; - -use OCA\RansomwareDetection\Entropy\Entropy; -use OCA\RansomwareDetection\Analyzer\FileNameResult; -use OCA\RansomwareDetection\FileSignatureList; -use OCA\RansomwareDetection\Analyzer\FileNameAnalyzer; -use OCP\ILogger; -use Test\TestCase; - -class FileNameAnalyzerTest extends TestCase -{ - /** @var ILogger|\PHPUnit_Framework_MockObject_MockObject */ - protected $logger; - - /** @var Entropy|\PHPUnit_Framework_MockObject_MockObject */ - protected $entropy; - - /** @var FileNameAnalyzer */ - protected $fileNameAnalyzer; - - public function setUp() - { - parent::setUp(); - - $this->logger = $this->createMock(ILogger::class); - $this->entropy = $this->createMock(Entropy::class); - - $this->fileNameAnalyzer = new FileNameAnalyzer($this->logger, $this->entropy); - } - - public function dataAnalyze() - { - return [ - ['path' => 'file.jpg', 'class' => FileNameResult::NORMAL, 'isFileExtensionKnown' => true, 'entropyOfFileName' => 1.0], - ['path' => 'file.unknown', 'class' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'isFileExtensionKnown' => false, 'entropyOfFileName' => 1.0], - ['path' => 'file.jpg', 'class' => FileNameResult::SUSPICIOUS_FILE_NAME, 'isFileExtensionKnown' => true, 'entropyOfFileName' => 6.0], - ['path' => 'file.unknown', 'class' => FileNameResult::SUSPICIOUS, 'isFileExtensionKnown' => false, 'entropyOfFileName' => 6.0], - ]; - } - - /** - * @dataProvider dataAnalyze - * - * @param string $path - * @param int $class - * @param bool $isFileExtensionKnown - * @param float $entropyOfFileName - */ - public function testAnalyze($path, $class, $isFileExtensionKnown, $entropyOfFileName) - { - $this->entropy->method('calculateEntropy') - ->willReturn($entropyOfFileName); - $result = $this->fileNameAnalyzer->analyze($path); - $this->assertInstanceOf(FileNameResult::class, $result); - $this->assertEquals($result->getFileNameClass(), $class); - $this->assertEquals($result->isFileExtensionKnown(), $isFileExtensionKnown); - $this->assertEquals($result->getEntropyOfFileName(), $entropyOfFileName); - } - - public function dataIsFileExtensionKnown() - { - $signatures = FileSignatureList::getSignatures(); - $extensions = []; - foreach ($signatures as $signature) { - foreach ($signature['extension'] as $extension) { - $extensions[] = $extension; - } - } - $tests = []; - - foreach ($extensions as $extension) { - $tests[] = [$extension, true]; - } - $tests[] = ['WNCRY', false]; - - return $tests; - } - - /** - * @dataProvider dataIsFileExtensionKnown - * - * @param string $extension - * @param bool $return - */ - public function testIsFileExtensionKnown($extension, $return) - { - $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'isFileExtensionKnown', [$extension]), $return); - } - - public function testGetFileName() - { - $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'getFileName', ['/test/filename.extension']), 'filename.extension'); - } - - public function testGetFileExtension() - { - $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'getFileExtension', ['filename.extension']), 'extension'); - } - - public function testCalculateEntropyOfFileName() - { - $this->entropy->method('calculateEntropy') - ->willReturn('6.00'); - $this->assertEquals($this->invokePrivate($this->fileNameAnalyzer, 'calculateEntropyOfFileName', ['filename.extension']), '6.00'); - } -} diff --git a/tests/Unit/Analyzer/FileNameResultTest.php b/tests/Unit/Analyzer/FileNameResultTest.php deleted file mode 100644 index 5bf5a16..0000000 --- a/tests/Unit/Analyzer/FileNameResultTest.php +++ /dev/null @@ -1,70 +0,0 @@ -<?php - -/** - * @copyright Copyright (c) 2017 Matthias Held <matthias.held@uni-konstanz.de> - * @author Matthias Held <matthias.held@uni-konstanz.de> - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <https://www.gnu.org/licenses/>. - */ - -namespace OCA\RansomwareDetection\tests\Unit\Analyzer; - -use OCA\RansomwareDetection\Analyzer\FileNameResult; -use Test\TestCase; - -class FileNameResultTest extends TestCase -{ - /** @var FileNameResult */ - protected $fileNameResult; - - public function setUp() - { - parent::setUp(); - - $this->fileNameResult = new FileNameResult(FileNameResult::NORMAL, true, 3.0); - } - - public function testConstruct() - { - $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::NORMAL); - $this->assertEquals($this->fileNameResult->isFileExtensionKnown(), true); - $this->assertEquals($this->fileNameResult->getEntropyOfFileName(), 3.0); - } - - public function testFileNameClass() - { - $this->fileNameResult->setFileNameClass(FileNameResult::SUSPICIOUS_FILE_EXTENSION); - $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::SUSPICIOUS_FILE_EXTENSION); - $this->fileNameResult->setFileNameClass(FileNameResult::SUSPICIOUS_FILE_NAME); - $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::SUSPICIOUS_FILE_NAME); - $this->fileNameResult->setFileNameClass(FileNameResult::SUSPICIOUS); - $this->assertEquals($this->fileNameResult->getFileNameClass(), FileNameResult::SUSPICIOUS); - } - - public function testIsFileExtensionKnown() - { - $this->fileNameResult->setFileExtensionKnown(true); - $this->assertEquals($this->fileNameResult->isFileExtensionKnown(), true); - $this->fileNameResult->setFileExtensionKnown(false); - $this->assertEquals($this->fileNameResult->isFileExtensionKnown(), false); - } - - public function testEntropyOfFileName() - { - $this->assertEquals($this->fileNameResult->getEntropyOfFileName(), 3.0); - $this->fileNameResult->setEntropyOfFileName(3.1); - $this->assertEquals($this->fileNameResult->getEntropyOfFileName(), 3.1); - } -} diff --git a/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php b/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php index 33e4cc0..e2e0bc1 100644 --- a/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php +++ b/tests/Unit/Analyzer/FileTypeFunnellingAnalyzerTest.php @@ -23,7 +23,7 @@ namespace OCA\RansomwareDetection\tests\Unit\Analyzer; use OCA\RansomwareDetection\Monitor; use OCA\RansomwareDetection\Analyzer\FileTypeFunnellingAnalyzer; -use OCA\RansomwareDetection\Analyzer\FileNameResult; +use OCA\RansomwareDetection\Analyzer\FileExtensionResult; use OCA\RansomwareDetection\Db\FileOperation; use Test\TestCase; @@ -44,91 +44,91 @@ class FileTypeFunnellingAnalyzerTest extends TestCase $fileOperation1 = new FileOperation(); $fileOperation1->setCommand(Monitor::WRITE); $fileOperation1->setOriginalName('file.unknown'); - $fileOperation1->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation1->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation1->setCorrupted(false); $fileOperation1->setType('file'); $fileOperation11 = new FileOperation(); $fileOperation11->setCommand(Monitor::WRITE); $fileOperation11->setOriginalName('file.unknown1'); - $fileOperation11->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation11->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation11->setCorrupted(false); $fileOperation11->setType('file'); $fileOperation12 = new FileOperation(); $fileOperation12->setCommand(Monitor::WRITE); $fileOperation12->setOriginalName('file.unknown2'); - $fileOperation12->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation12->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation12->setCorrupted(false); $fileOperation12->setType('file'); $fileOperation13 = new FileOperation(); $fileOperation13->setCommand(Monitor::WRITE); $fileOperation13->setOriginalName('file.unknown3'); - $fileOperation13->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation13->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation13->setCorrupted(false); $fileOperation13->setType('file'); $fileOperation14 = new FileOperation(); $fileOperation14->setCommand(Monitor::WRITE); $fileOperation14->setOriginalName('file.unknown4'); - $fileOperation14->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation14->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation14->setCorrupted(false); $fileOperation14->setType('file'); $fileOperation15 = new FileOperation(); $fileOperation15->setCommand(Monitor::WRITE); $fileOperation15->setOriginalName('file.unknown5'); - $fileOperation15->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation15->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation15->setCorrupted(false); $fileOperation15->setType('file'); $fileOperation16 = new FileOperation(); $fileOperation16->setCommand(Monitor::WRITE); $fileOperation16->setOriginalName('file.unknown6'); - $fileOperation16->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation16->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation16->setCorrupted(false); $fileOperation16->setType('file'); $fileOperation2 = new FileOperation(); $fileOperation2->setCommand(Monitor::WRITE); $fileOperation2->setOriginalName('file.csv'); - $fileOperation2->setFileNameClass(FileNameResult::NORMAL); + $fileOperation2->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS); $fileOperation2->setCorrupted(false); $fileOperation2->setType('file'); $fileOperation3 = new FileOperation(); $fileOperation3->setCommand(Monitor::WRITE); $fileOperation3->setOriginalName('file.csv'); - $fileOperation3->setFileNameClass(FileNameResult::NORMAL); + $fileOperation3->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS); $fileOperation3->setCorrupted(true); $fileOperation3->setType('file'); $fileOperation4 = new FileOperation(); $fileOperation4->setCommand(Monitor::RENAME); $fileOperation4->setOriginalName('file.csv'); - $fileOperation4->setFileNameClass(FileNameResult::NORMAL); + $fileOperation4->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS); $fileOperation4->setCorrupted(true); $fileOperation4->setType('file'); $fileOperation5 = new FileOperation(); $fileOperation5->setCommand(Monitor::DELETE); $fileOperation5->setOriginalName('file.csv'); - $fileOperation5->setFileNameClass(FileNameResult::NORMAL); + $fileOperation5->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS); $fileOperation5->setCorrupted(true); $fileOperation5->setType('file'); $fileOperation6 = new FileOperation(); $fileOperation6->setCommand(100); $fileOperation6->setOriginalName('file.csv'); - $fileOperation6->setFileNameClass(FileNameResult::NORMAL); + $fileOperation6->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS); $fileOperation6->setCorrupted(true); $fileOperation6->setType('file'); $fileOperation7 = new FileOperation(); $fileOperation7->setCommand(Monitor::READ); $fileOperation7->setOriginalName('file.unknown'); - $fileOperation7->setFileNameClass(FileNameResult::SUSPICIOUS); + $fileOperation7->setFileExtensionClass(FileExtensionResult::SUSPICIOUS); $fileOperation7->setCorrupted(false); $fileOperation7->setType('file'); // not a sequence diff --git a/tests/Unit/ClassifierTest.php b/tests/Unit/ClassifierTest.php index e9b7f38..43b9dcd 100644 --- a/tests/Unit/ClassifierTest.php +++ b/tests/Unit/ClassifierTest.php @@ -23,7 +23,7 @@ namespace OCA\RansomwareDetection\tests\Unit; use OCA\RansomwareDetection\Monitor; use OCA\RansomwareDetection\Analyzer\EntropyResult; -use OCA\RansomwareDetection\Analyzer\FileNameResult; +use OCA\RansomwareDetection\Analyzer\FileExtensionResult; use OCA\RansomwareDetection\Classifier; use OCA\RansomwareDetection\Db\FileOperationMapper; use OCA\RansomwareDetection\Service\FileOperationService; @@ -59,54 +59,52 @@ class ClassifierTest extends TestCase public function dataClassifyFile() { return [ - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::LOW_LEVEL_OF_SUSPICION], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::NORMAL, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_EXTENSION, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS_FILE_NAME, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], - ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileNameClass' => FileNameResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::WRITE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::READ, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NO_INFORMATION], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::DELETE, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::ENCRYPTED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::HIGH_LEVEL_OF_SUSPICION], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::COMPRESSED, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::NOT_SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], + ['command' => Monitor::RENAME, 'fileClass' => EntropyResult::NORMAL, 'fileExtensionClass' => FileExtensionResult::SUSPICIOUS, 'suspicionClass' => Classifier::NOT_SUSPICIOUS], ]; } @@ -115,15 +113,15 @@ class ClassifierTest extends TestCase * * @param int $command * @param int $fileClass - * @param int $fileNameClass + * @param int $fileExtensionClass * @param int $suspicionClass */ - public function testClassifyFile($command, $fileClass, $fileNameClass, $suspicionClass) + public function testClassifyFile($command, $fileClass, $fileExtensionClass, $suspicionClass) { $fileOperation = new FileOperation(); $fileOperation->setCommand($command); $fileOperation->setFileClass($fileClass); - $fileOperation->setFileNameClass($fileNameClass); + $fileOperation->setFileExtensionClass($fileExtensionClass); $result = $this->classifier->classifyFile($fileOperation); $this->assertEquals($result->getSuspicionClass(), $suspicionClass); diff --git a/tests/Unit/Controller/ScanControllerTest.php b/tests/Unit/Controller/ScanControllerTest.php index 30a6e62..6c971c3 100644 --- a/tests/Unit/Controller/ScanControllerTest.php +++ b/tests/Unit/Controller/ScanControllerTest.php @@ -31,8 +31,8 @@ use OCA\RansomwareDetection\Analyzer\EntropyFunnellingAnalyzer; use OCA\RansomwareDetection\Analyzer\EntropyAnalyzer; use OCA\RansomwareDetection\Analyzer\EntropyResult; use OCA\RansomwareDetection\Analyzer\FileCorruptionAnalyzer; -use OCA\RansomwareDetection\Analyzer\FileNameAnalyzer; -use OCA\RansomwareDetection\Analyzer\FileNameResult; +use OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer; +use OCA\RansomwareDetection\Analyzer\FileExtensionResult; use OCA\RansomwareDetection\AppInfo\Application; use OCA\RansomwareDetection\Controller\ScanController; use OCA\RansomwareDetection\Db\FileOperation; @@ -86,8 +86,8 @@ class ScanControllerTest extends TestCase /** @var FileCorruptionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */ protected $fileCorruptionAnalyzer; - /** @var FileNameAnalyzer|\PHPUnit_Framework_MockObject_MockObject */ - protected $fileNameAnalyzer; + /** @var FileExtensionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */ + protected $fileExtensionAnalyzer; /** @var IDBConnection|\PHPUnit_Framework_MockObject_MockObject */ protected $connection; @@ -139,7 +139,7 @@ class ScanControllerTest extends TestCase $this->fileCorruptionAnalyzer = $this->getMockBuilder('OCA\RansomwareDetection\Analyzer\FileCorruptionAnalyzer') ->setConstructorArgs([$this->logger, $rootFolder, $this->userId]) ->getMock(); - $this->fileNameAnalyzer = $this->getMockBuilder('OCA\RansomwareDetection\Analyzer\FileNameAnalyzer') + $this->fileExtensionAnalyzer = $this->getMockBuilder('OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer') ->setConstructorArgs([$this->logger, $entropy]) ->getMock(); } @@ -173,7 +173,7 @@ class ScanControllerTest extends TestCase $controller = $this->getMockBuilder(ScanController::class) ->setConstructorArgs(['ransomware_detection', $this->request, $this->userSession, $this->config, $this->classifier, $this->logger, $this->folder, $this->service, $this->sequenceAnalyzer, $this->entropyAnalyzer, - $this->fileCorruptionAnalyzer, $this->fileNameAnalyzer, $this->connection, $this->userId]) + $this->fileCorruptionAnalyzer, $this->fileExtensionAnalyzer, $this->connection, $this->userId]) ->setMethods(['deleteFromStorage', 'restoreFromTrashbin']) ->getMock(); @@ -195,7 +195,7 @@ class ScanControllerTest extends TestCase $controller = $this->getMockBuilder(ScanController::class) ->setConstructorArgs(['ransomware_detection', $this->request, $this->userSession, $this->config, $this->classifier, $this->logger, $this->folder, $this->service, $this->sequenceAnalyzer, $this->entropyAnalyzer, - $this->fileCorruptionAnalyzer, $this->fileNameAnalyzer, $this->connection, $this->userId]) + $this->fileCorruptionAnalyzer, $this->fileExtensionAnalyzer, $this->connection, $this->userId]) ->setMethods(['getStorageStructure', 'getTrashStorageStructure', 'getLastActivity']) ->getMock(); @@ -231,9 +231,8 @@ class ScanControllerTest extends TestCase $fileOperation1->setSequence(1); $fileOperation1->setEntropy(7.9); $fileOperation1->setStandardDeviation(0.1); - $fileOperation1->setFileNameEntropy(4.0); $fileOperation1->setFileClass(EntropyResult::NORMAL); - $fileOperation1->setFileNameClass(FileNameResult::NORMAL); + $fileOperation1->setFileExtensionClass(FileExtensionResult::NOT_SUSPICIOUS); $fileOperation1->setSuspicionClass(Classifier::HIGH_LEVEL_OF_SUSPICION); $sequenceResult = new SequenceResult(1, 0.0, 1.1, 2.2, 4.5, []); @@ -257,7 +256,7 @@ class ScanControllerTest extends TestCase $controller = $this->getMockBuilder(ScanController::class) ->setConstructorArgs(['ransomware_detection', $this->request, $this->userSession, $this->config, $this->classifier, $this->logger, $this->folder, $this->service, $this->sequenceAnalyzer, $this->entropyAnalyzer, - $this->fileCorruptionAnalyzer, $this->fileNameAnalyzer, $this->connection, $this->userId]) + $this->fileCorruptionAnalyzer, $this->fileExtensionAnalyzer, $this->connection, $this->userId]) ->setMethods(['getLastActivity', 'buildFileOperation']) ->getMock(); diff --git a/tests/Unit/Db/FileOperationTest.php b/tests/Unit/Db/FileOperationTest.php index 9a86ea9..d5581cb 100644 --- a/tests/Unit/Db/FileOperationTest.php +++ b/tests/Unit/Db/FileOperationTest.php @@ -23,7 +23,7 @@ namespace OCA\RansomwareDetection\tests\Unit\Db; use OCA\RansomwareDetection\Monitor; use OCA\RansomwareDetection\Analyzer\EntropyResult; -use OCA\RansomwareDetection\Analyzer\FileNameResult; +use OCA\RansomwareDetection\Analyzer\FileExtensionResult; use OCA\RansomwareDetection\Classifier; use OCA\RansomwareDetection\Db\FileOperation; use Test\TestCase; @@ -59,14 +59,11 @@ class FileOperationTest extends TestCase ['field' => 'sequence', 'value' => 1], ['field' => 'entropy', 'value' => 7.99], ['field' => 'standardDeviation', 'value' => 0.004], - ['field' => 'fileNameEntropy', 'value' => 4.0], ['field' => 'fileClass', 'value' => EntropyResult::NORMAL], ['field' => 'fileClass', 'value' => EntropyResult::ENCRYPTED], ['field' => 'fileClass', 'value' => EntropyResult::COMPRESSED], - ['field' => 'fileNameClass', 'value' => FileNameResult::NORMAL], - ['field' => 'fileNameClass', 'value' => FileNameResult::SUSPICIOUS_FILE_EXTENSION], - ['field' => 'fileNameClass', 'value' => FileNameResult::SUSPICIOUS_FILE_NAME], - ['field' => 'fileNameClass', 'value' => FileNameResult::SUSPICIOUS], + ['field' => 'fileExtensionClass', 'value' => FileExtensionResult::NOT_SUSPICIOUS], + ['field' => 'fileExtensionClass', 'value' => FileExtensionResult::SUSPICIOUS], ['field' => 'suspicionClass', 'value' => Classifier::NO_INFORMATION], ['field' => 'suspicionClass', 'value' => Classifier::NOT_SUSPICIOUS], ['field' => 'suspicionClass', 'value' => Classifier::MIDDLE_LEVEL_OF_SUSPICION], diff --git a/tests/Unit/MonitorTest.php b/tests/Unit/MonitorTest.php index 6047729..50daee7 100644 --- a/tests/Unit/MonitorTest.php +++ b/tests/Unit/MonitorTest.php @@ -23,8 +23,8 @@ namespace OCA\RansomwareDetection\tests\Unit; use OCA\RansomwareDetection\Monitor; use OCA\RansomwareDetection\Analyzer\EntropyAnalyzer; -use OCA\RansomwareDetection\Analyzer\FileNameAnalyzer; -use OCA\RansomwareDetection\Analyzer\FileNameResult; +use OCA\RansomwareDetection\Analyzer\FileExtensionAnalyzer; +use OCA\RansomwareDetection\Analyzer\FileExtensionResult; use OCA\RansomwareDetection\Analyzer\FileCorruptionAnalyzer; use OCA\RansomwareDetection\Analyzer\FileCorruptionResult; use OCA\RansomwareDetection\Analyzer\EntropyResult; @@ -69,8 +69,8 @@ class MonitorTest extends TestCase /** @var FileOperationMapper|\PHPUnit_Framework_MockObject_MockObject */ protected $mapper; - /** @var FileNameAnalyzer|\PHPUnit_Framework_MockObject_MockObject */ - protected $fileNameAnalyzer; + /** @var FileExtensionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */ + protected $fileExtensionAnalyzer; /** @var FileCorruptionAnalyzer|\PHPUnit_Framework_MockObject_MockObject */ protected $fileCorruptionAnalyzer; @@ -90,7 +90,7 @@ class MonitorTest extends TestCase $this->rootFolder = $this->createMock(IRootFolder::class); $this->entropyAnalyzer = $this->createMock(EntropyAnalyzer::class); $this->mapper = $this->createMock(FileOperationMapper::class); - $this->fileNameAnalyzer = $this->createMock(FileNameAnalyzer::class); + $this->fileExtensionAnalyzer = $this->createMock(FileExtensionAnalyzer::class); $this->fileCorruptionAnalyzer = $this->createMock(FileCorruptionAnalyzer::class); } @@ -120,7 +120,7 @@ class MonitorTest extends TestCase $monitor = $this->getMockBuilder(Monitor::class) ->setConstructorArgs([$this->request, $this->config, $this->time, $this->appManager, $this->logger, $this->rootFolder, - $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer, + $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer, $this->fileCorruptionAnalyzer, $this->userId]) ->setMethods(['isUploadedFile', 'isCreatingSkeletonFiles', 'classifySequence', 'resetProfindCount', 'triggerAsyncAnalysis']) ->getMock(); @@ -150,10 +150,10 @@ class MonitorTest extends TestCase $this->entropyAnalyzer->method('analyze') ->willReturn($entropyResult); - $fileNameResult = new FileNameResult(FileNameResult::NORMAL, true, 4.0); + $fileExtensionResult = new FileExtensionResult(FileExtensionResult::NOT_SUSPICIOUS, true, 4.0); - $this->fileNameAnalyzer->method('analyze') - ->willReturn($fileNameResult); + $this->fileExtensionAnalyzer->method('analyze') + ->willReturn($fileExtensionResult); $this->request->method('isUserAgent') ->willReturn($userAgent); @@ -203,7 +203,7 @@ class MonitorTest extends TestCase $monitor = $this->getMockBuilder(Monitor::class) ->setConstructorArgs([$this->request, $this->config, $this->time, $this->appManager, $this->logger, $this->rootFolder, - $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer, + $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer, $this->fileCorruptionAnalyzer, $this->userId]) ->setMethods(['isUploadedFile', 'isCreatingSkeletonFiles', 'triggerAsyncAnalysis', 'resetProfindCount']) ->getMock(); @@ -280,7 +280,7 @@ class MonitorTest extends TestCase $monitor = new Monitor($this->request, $this->config, $this->time, $this->appManager, $this->logger, $this->rootFolder, - $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer, + $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer, $this->fileCorruptionAnalyzer, $this->userId); $node = $this->createMock(File::class); @@ -324,7 +324,7 @@ class MonitorTest extends TestCase $monitor = new Monitor($this->request, $this->config, $this->time, $this->appManager, $this->logger, $this->rootFolder, - $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer, + $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer, $this->fileCorruptionAnalyzer, $this->userId); $node = $this->createMock(Folder::class); @@ -367,7 +367,7 @@ class MonitorTest extends TestCase { $monitor = new Monitor($this->request, $this->config, $this->time, $this->appManager, $this->logger, $this->rootFolder, - $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer, + $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer, $this->fileCorruptionAnalyzer, $this->userId); $isUploadedFile = self::getMethod('isUploadedFile'); @@ -379,7 +379,7 @@ class MonitorTest extends TestCase { $monitor = new Monitor($this->request, $this->config, $this->time, $this->appManager, $this->logger, $this->rootFolder, - $this->entropyAnalyzer, $this->mapper, $this->fileNameAnalyzer, + $this->entropyAnalyzer, $this->mapper, $this->fileExtensionAnalyzer, $this->fileCorruptionAnalyzer, $this->userId); $isCreateingSkeletonFiles = self::getMethod('isCreatingSkeletonFiles'); |