Merge pull request #142 from fkie-cad/sasquatch-update

Sasquatch update

fact_extractor/install/unpacker.py

@@ -156,7 +156,6 @@
             'yasm',
         ],
         'github': [
-            ('threadexio/sasquatch', ['./build.sh']),
             (
                 'rampageX/firmware-mod-kit',
                 [
@@ -168,6 +167,20 @@
     },
 }
 PIP_DEPENDENCY_FILE = Path(__file__).parent.parent.parent / 'requirements-unpackers.txt'
+EXTERNAL_DEB_DEPS = [
+    # zoo
+    (
+        'zoo_2.10-28_amd64.deb',
+        'http://launchpadlibrarian.net/230277773',
+        '953f4f94095ef3813dfd30c8977475c834363aaabce15ab85ac5195e52fd816a',
+    ),
+    # sasquatch
+    (
+        'sasquatch_1.0_amd64.deb',
+        'https://github.com/onekey-sec/sasquatch/releases/download/sasquatch-v4.5.1-4',
+        'bb211daf90069a43b7d5e76f136766a8542a5328015773e9b8be87541b307b60',
+    ),
+]
 
 
 def install_dependencies(dependencies):
@@ -195,7 +208,7 @@ def main(distribution):
 
     # install plug-in dependencies
     _install_plugins()
-    _install_patool_deps()
+    _install_external_deb_deps()
 
     # configure environment
     _edit_sudoers()
@@ -215,7 +228,7 @@ def _edit_sudoers():
                 '/bin/mount',
                 '/bin/umount',
                 '/bin/mknod',
-                '/usr/local/bin/sasquatch',
+                '/usr/bin/sasquatch',
                 '/bin/rm',
                 '/bin/cp',
                 '/bin/dd',
@@ -230,19 +243,20 @@ def _edit_sudoers():
         raise InstallationError('Editing sudoers file did not succeed\n{chown_output}\n{mv_output}')
 
 
-def _install_patool_deps():
-    '''install additional dependencies of patool'''
+def _install_external_deb_deps():
+    '''
+    install deb packages that aren't available through Debian/Ubuntu package sources
+    '''
     with TemporaryDirectory(prefix='patool') as build_directory:
         with OperateInDirectory(build_directory):
-            # install zoo unpacker
-            file_name = 'zoo_2.10-28_amd64.deb'
-            try:
-                run(split(f'wget http://launchpadlibrarian.net/230277773/{file_name}'), check=True, env=os.environ)
-                expected_sha = '953f4f94095ef3813dfd30c8977475c834363aaabce15ab85ac5195e52fd816a'
-                assert _sha256_hash_file(Path(file_name)) == expected_sha
-                run(split(f'sudo dpkg -i {file_name}'), capture_output=True, check=True)
-            except (AssertionError, CalledProcessError) as error:
-                raise InstallationError('Error during zoo unpacker installation') from error
+            for file_name, url, sha256 in EXTERNAL_DEB_DEPS:
+                try:
+                    run(split(f'wget {url}/{file_name}'), check=True, env=os.environ)
+                    if not _sha256_hash_file(Path(file_name)) == sha256:
+                        raise InstallationError(f'Wrong file hash: {file_name}')
+                    run(split(f'sudo dpkg -i {file_name}'), capture_output=True, check=True)
+                except CalledProcessError as error:
+                    raise InstallationError(f'Error during {file_name} unpacker installation') from error
 
 
 def _sha256_hash_file(file_path: Path) -> str:

fact_extractor/plugins/unpacking/squashFS/code/squash_fs.py

@@ -7,16 +7,18 @@
 
 from helperFunctions.file_system import get_fact_bin_dir
 
-SASQUATCH = Path('/usr/local/bin/sasquatch')
+SASQUATCH = Path('/usr/bin/sasquatch')
+SASQUATCH_BE = Path('/usr/bin/sasquatch-v4be')
 UNSQUASHFS4_AVM_BE = Path(get_fact_bin_dir()) / 'unsquashfs4-avm-be'
 UNSQUASHFS4_AVM_LE = Path(get_fact_bin_dir()) / 'unsquashfs4-avm-le'
 UNSQUASHFS3_MULTI = Path(get_fact_bin_dir()) / 'unsquashfs3-multi'
 
 NAME = 'SquashFS'
 MIME_PATTERNS = ['filesystem/squashfs']
-VERSION = '0.10'
+VERSION = '0.11.0'
 SQUASH_UNPACKER = [
-    (SASQUATCH, '-c lzma-adaptive'),
+    (SASQUATCH, ''),
+    (SASQUATCH_BE, ''),
     (UNSQUASHFS4_AVM_BE, '-scan'),
     (UNSQUASHFS4_AVM_LE, '-scan'),
     (UNSQUASHFS3_MULTI, '-scan'),

fact_extractor/plugins/unpacking/squashFS/test/test_plugin_squashfs.py

@@ -1,4 +1,5 @@
 from pathlib import Path
+
 import pytest
 from tempfile import TemporaryDirectory
 
@@ -37,7 +38,23 @@ class TestSquashUnpacker(TestUnpackerBase):
     def test_unpacker_selection_generic(self):
         self.check_unpacker_selection('filesystem/squashfs', 'SquashFS')
 
-    def test_extraction_sqfs(self):
-        self.check_unpacking_of_standard_unpack_set(
-            TEST_DATA_DIR / 'sqfs.img',
-        )
+    @pytest.mark.parametrize(('file', 'expected'), [
+        ('avm_be.sqfs4', 'sasquatch-v4be'),
+        ('avm_le.sqfs4', 'sasquatch'),
+        ('gzip.sqfs', 'sasquatch'),
+        ('lz4.sqfs', 'sasquatch'),
+        ('lzma.sqfs', 'sasquatch'),
+        ('lzma1_be.sqfs3', 'sasquatch'),
+        ('lzma1_le.sqfs3', 'sasquatch'),
+        ('lzma_be.sqfs2', 'unsquashfs4-avm-be'),
+        ('lzma_le.sqfs2', 'unsquashfs4-avm-be'),
+        ('lzo.sqfs', 'sasquatch'),
+        ('xz.sqfs', 'sasquatch'),
+        ('zlib_be.sqfs3', 'sasquatch'),
+        ('zlib_le.sqfs3', 'sasquatch'),
+        ('zstd.sqfs', 'sasquatch'),
+    ])
+    def test_extraction_sqfs(self, file, expected):
+        meta_data = self.check_unpacking_of_standard_unpack_set(TEST_DATA_DIR / file)
+        assert meta_data['plugin_used'] == 'SquashFS'
+        assert meta_data['unpacking_tool'] == expected