2026-03-30 14:00:16 +02:00 · 2024-06-07 14:30:33 +02:00
parent 3782ae4a6f
commit d61e1939f6
5 changed files with 3118 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -459,3 +459,4 @@ Each Snake class will be a child of the previous one and infinitely "eat itself"
 * Consider moving methods like `removeNullBytesAlignment`, `calcTwoComplement64` etc. to `Utils` class.
 * Move `--mig` option to Snake & Apple chapter about Mach Kernel when ready.
 * Make Thread manager class and improve the Threading.thread with tracing methods and `kill()`.
+* Reconsider moving --xattr like args to another Snake class related to filesystem.
--- a/Antivirus/python/CrimsonUroboros.py
+++ b/Antivirus/python/CrimsonUroboros.py
--- a/NU/mac/KDK.pdf
+++ b/NU/mac/KDK.pdf
--- a/tests/CrimsonUroboros.py
+++ b/tests/CrimsonUroboros.py
@@ -1 +1 @@
-../VI. AMFI/python/CrimsonUroboros.py
+../VII. Antivirus/python/CrimsonUroboros.py
--- a/tests/test_CrimsonUroboros.py
+++ b/tests/test_CrimsonUroboros.py
@@ -1878,4 +1878,93 @@ class TestSnakeVI():
        expected_output = 'DYLD_SHARED_CACHE_DIR allowed: True'
        assert expected_output in uroboros_output

+class TestSnakeVII():
+    '''Testing VII. Antivirus'''
+    @classmethod
+    def setup_class(cls):
+        # Set up the compilation process
+        cls.compiler = Compiler()
+        cls.compiler.compileIt("../I.\ Mach-O/custom/hello.c", "hello_7", ["-arch", "arm64"])
+        assert os.path.exists("hello_7")
+        os.system("xattr -w com.apple.quarantine '0083;00000000;Safari' hello_7")
+
+        # Decompress KernelCache
+        #result = decompressKernelcache()
+        #assert result == 0
+        #assert os.path.exists("kernelcache")
+        #cls.kernelcache_path = run_and_get_stdout('ls kernelcache/System/Volumes/Preboot/*/boot/*/System/Library/Caches/com.apple.kernelcaches/kernelcache.decompressed')
+
+    @classmethod
+    def teardown_class(cls):
+        # Purge the compiled files
+        cls.compiler.purgeCompiledFiles()
+        assert not os.path.exists("hello_6")
+
+        # Purge kernelcache directory
+        #os.system("rm -rf kernelcache")
+        #assert not os.path.exists("kernelcache")
+    
+    def test_xattr(self):
+        '''Test the --xattr flag of SnakeVII.'''
+        args_list = ['-p', "hello_7", '--xattr']
+        args, file_path = argumentWrapper(args_list)
+        
+        def code_block():
+            macho_processor = MachOProcessor(file_path)
+            macho_processor.process(args)
+            antivirus_processor = AntivirusProcessor()
+            antivirus_processor.process(args)
+
+        uroboros_output = executeCodeBlock(code_block)
+        expected_output = 'com.apple.quarantine'
+
+        assert expected_output in uroboros_output
+
+    def test_xattr_value(self):
+        '''Test the --xattr_value flag of SnakeVII.'''
+        args_list = ['-p', "hello_7", '--xattr_value', 'com.apple.quarantine']
+        args, file_path = argumentWrapper(args_list)
+        
+        def code_block():
+            macho_processor = MachOProcessor(file_path)
+            macho_processor.process(args)
+            antivirus_processor = AntivirusProcessor()
+            antivirus_processor.process(args)
+
+        uroboros_output = executeCodeBlock(code_block)
+        expected_output = '30 30 38 33 3b 30 30 30  30 30 30 30 30 3b 53 61'
+
+        assert expected_output in uroboros_output
+
+    def test_xattr_all(self):
+        '''Test the --xattr_all flag of SnakeVII.'''
+        args_list = ['-p', "hello_7", '--xattr_all']
+        args, file_path = argumentWrapper(args_list)
+        
+        def code_block():
+            macho_processor = MachOProcessor(file_path)
+            macho_processor.process(args)
+            antivirus_processor = AntivirusProcessor()
+            antivirus_processor.process(args)
+
+        uroboros_output = executeCodeBlock(code_block)
+        expected_output = '30 30 38 33 3b 30 30 30  30 30 30 30 30 3b 53 61'
+
+        assert expected_output in uroboros_output
+        
+    def test_has_quarantine(self):
+        '''Test the --has_quarantine flag of SnakeVII.'''
+        args_list = ['-p', "hello_7", '--has_quarantine']
+        args, file_path = argumentWrapper(args_list)
+        
+        def code_block():
+            macho_processor = MachOProcessor(file_path)
+            macho_processor.process(args)
+            antivirus_processor = AntivirusProcessor()
+            antivirus_processor.process(args)
+
+        uroboros_output = executeCodeBlock(code_block)
+        expected_output = 'QUARANTINE: True'
+
+        assert expected_output in uroboros_output