Creating tests¶
This part of the documentation will explain the required fields and the tests that are possible.
Each test file needs to have exactly two keys at its root; the ‘test_info’ and the ‘tests’ key.
The ‘test_info’ key contains a dictionary of information about this test and information needed to run this test. The ‘tests’ key is a dictionary that contains the actual tests.
Ok! Let’s get started:
- Open a new file.
- Add the JSON dictionaries stated in the example.
- Think of a name for your test. For what malware sample is this test? Use that as a name for the test.
- Save your new file in the tests directory of Cuckoo-unittest with a .json extension.
- Example: the filename is Cryptolocker-test.json
1 2 3 4 5 6
{ "test_info": { }, "tests": { } }
- test_info keys
- Adding tests
- tests
- check_md5
- check_sha1
- check_sha256
- check_sha512
- check_expected_api_calls
- check_expected_regkeys_opened
- check_expected_regkeys_read
- check_expected_regkeys_written
- check_expected_regkeys_deleted
- check_expected_mutexes_created
- check_expected_ips_connected
- check_expected_hosts_connected
- check_expected_processes
- check_expected_dll_loaded
- check_expected_monitor_log_lines
- tests