Merge pull request #329 from CybercentreCanada/debian_pcap

Debian Buster patch for correctly identifying pcaps

assemblyline/common/identify.py

@@ -297,7 +297,7 @@
     ['ar', r'ar archive'],
     ['xz', r'^XZ compressed data'],
     ['zip', r'^zip archive data'],
-    ['tcpdump', r'^tcpdump'],
+    ['tcpdump', r'^(tcpdump|pcap)'],
     ['pdf', r'^pdf document'],
     ['bmp', r'^pc bitmap'],
     ['gif', r'^gif image data'],
@@ -372,7 +372,7 @@
     ['java', r'jar |java'],
     ['code',
      r'Autorun|HTML |KML |LLVM |SGML |Visual C|XML |awk|batch |bytecode|perl|php|program|python'
-     r'|ruby|scheme|script text exe|shell script|tcl'],
+     r'|ruby|color scheme|script text exe|shell script|tcl'],
     ['network', r'capture'],
     ['unknown', r'CoreFoundation|Dreamcast|KEYBoard|OSF/Rose|Zope|quota|uImage'],
     ['unknown', r'disk|file[ ]*system|floppy|tape'],

test/test_identify.py

@@ -581,7 +581,7 @@ def test_tag_to_extension(tag, ext):
         ('ar', r'ar archive'),
         ('xz', r'^XZ compressed data'),
         ('zip', r'^zip archive data'),
-        ('tcpdump', r'^tcpdump'),
+        ('tcpdump', r'^(tcpdump|pcap)'),
         ('pdf', r'^pdf document'),
         ('bmp', r'^pc bitmap'),
         ('gif', r'^gif image data'),
@@ -664,7 +664,7 @@ def test_sl_to_tl(sl, tl):
      ('java', r'jar |java'),
      ('code',
       r'Autorun|HTML |KML |LLVM |SGML |Visual C|XML |awk|batch |bytecode|perl|php|program|python'
-      r'|ruby|scheme|script text exe|shell script|tcl'),
+      r'|ruby|color scheme|script text exe|shell script|tcl'),
      ('network', r'capture'),
      ('unknown', r'CoreFoundation|Dreamcast|KEYBoard|OSF/Rose|Zope|quota|uImage'),
      ('unknown', r'disk|file[ ]*system|floppy|tape'),