def main()

in cortado/rtas/winrar_encrypted.py [0:0]

• 33 lines of code
• 3 McCabe index (conditional complexity)

def main():
    password = "s0l33t"

    my_app_exe = _common.get_resource_path(MY_APP_EXE)
    winrar_exe = _common.get_resource_path(WINRAR_EXE)

    # Copies of the rar.exe for various tests
    winrar_bin_modsig = _common.get_resource_path("bin/rar_broken-sig.exe")
    _common.patch_file_with_bytes(winrar_exe, b"win.rar GmbH", b"bad.bad GmbH", winrar_bin_modsig)

    # Renamed copies of executables
    winrar_bin_modsig_a = Path("a.exe").resolve()
    winrar_bin_b = Path("b.exe").resolve()

    _common.copy_file(winrar_bin_modsig, winrar_bin_modsig_a)
    _common.copy_file(winrar_exe, winrar_bin_b)

    # Output options for various tests
    rar_file = Path("out.rar").resolve()
    rar_file_jpg = Path("out.jpg").resolve()
    _common.remove_files([rar_file, rar_file_jpg])

    # use case: rar with -hp to generate new rar file w/ .rar

    log.info("Test case 1: Basic use new rar out")
    exfil = create_exfil()
    _ = _common.execute_command([str(winrar_exe), "a", str(rar_file), "-hp" + password, str(exfil)])

    # use case: rar with -hp to add to existing rar file
    # didn't delete rar from previous case
    log.info("Test case 2: Basic use add to existing rar")
    exfil2 = create_exfil(Path("more_stuff.txt"))
    _ = _common.execute_command([str(winrar_exe), "a", str(rar_file), "-hp" + password, str(exfil2)])
    _common.remove_files([exfil2, rar_file])

    #  use case: process_name == "*rar*" - yes
    #            original_file_name == "*rar*" - no
    #            signature_signer == "*win.rar*" - no
    #            output filename == "*.rar" - no
    log.info("Test case 3: *rar* in process name")
    _ = _common.execute_command([str(winrar_bin_modsig), "a", str(rar_file_jpg), "-hp" + password, str(exfil)])
    _common.remove_files([rar_file_jpg])

    #  use case: process_name == "*rar*" - no
    #            original_file_name == "*rar*" - no
    #            signature_signer == "*win.rar*" - yes
    #            output filename == "*.rar" - no
    log.info("Test case 4: Expected WinRar signature")
    _ = _common.execute_command([str(winrar_bin_b), "a", str(rar_file_jpg), "-hp" + password, str(exfil)])
    _common.remove_files([rar_file_jpg])

    #  use case: process_name == "*rar*" - no
    #            original_file_name == "*rar*" - no
    #            signature_signer == "*win.rar*" -no
    #            output filename == "*.rar" - yes
    log.info("Test case 5: *.rar in output filename")
    _ = _common.execute_command([str(winrar_bin_modsig_a), "a", str(rar_file), "-hp" + password, str(exfil)])

    _common.remove_files([rar_file, winrar_bin_modsig_a, winrar_bin_b, exfil])

    #   false positive - should not match signature
    #   use case: process_name == "*rar*" - no
    #            original_file_name == "*rar*" - no
    #            signature_signer == "*win.rar*" -no
    #            output filename == "*.rar" - no
    log.info("Test case 6: FP, shouldn't alert, run with myapp.exe")
    _ = _common.execute_command([str(my_app_exe), "-hpbadargument"])

    log.warning("Cleanup")
    _common.remove_files([winrar_bin_modsig, winrar_bin_modsig_a, winrar_bin_b])