Add EICAR archive to live_test

austinbyers commented 6 years ago

to: @chunyong-lin cc: @airbnb/binaryalert-maintainers size: medium

Background

The live_test has proven to be an extremely useful feature - it uploads a test file and checks whether BinaryAlert processed a YARA match for it or not (it's an end-to-end test).

Since the archive analysis is achieved through a different path (yextend), we want to include archives in the live test to make sure those are being matched correctly.

Changes

Moves the live_test functionality into its own file
Adds eicar.txt and eicar.tar.gz.bz2 test files, both of which should match the EICAR YARA rule
Minor S3 terraform change to delete expired object markers

Testing

Deploy to test account, and then running live_test over and over

The test coverage dropped about 3% just due to moving the live_test into its own file. We can add unit tests for it later if we want, but it's not a high priority because it's just testing logic

coveralls commented 6 years ago

Coverage decreased (-2.9%) to 92.941% when pulling cd7dd18d7d7eafbdabb3089d7a4d0d9a0cf3634f on austin-delete-expired into cebb706fa1736888accf1467528b9f860c683530 on master.

chunyong-lin commented 6 years ago

@austinbyers I have stamped on this PR, but the branch has conflicts.

coveralls commented 6 years ago

Coverage decreased (-2.9%) to 92.99% when pulling 80db1971a94a66eba34978f06dedff2d3622bfc1 on austin-delete-expired into d4439134edf80d7e6461228c55b8613f91ac07c2 on master.

airbnb / binaryalert