[Forensics-changes] [yara] 153/415: Include some tests for comments
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:58 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 2eab4f123ba9687f929a850771fce0bd57871bcd
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Tue Apr 9 21:41:58 2013 +0000
Include some tests for comments
---
yara-python/tests.py | 191 +++++++++++++++++++++++++++------------------------
1 file changed, 102 insertions(+), 89 deletions(-)
diff --git a/yara-python/tests.py b/yara-python/tests.py
index 3435898..e7b682f 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -50,70 +50,69 @@ ab000000000000001a0000000000000000000000000000000100000000000000\
0000000000000000')
-
class TestYara(unittest.TestCase):
-
+
def assertTrueRules(self, rules, data='dummy'):
-
+
for r in rules:
r = yara.compile(source=r)
self.assertTrue(r.match(data=data))
-
+
def assertFalseRules(self, rules, data='dummy'):
for r in rules:
r = yara.compile(source=r)
self.assertFalse(r.match(data=data))
-
+
def testBooleanOperators(self):
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { condition: true }',
'rule test { condition: true or false }',
'rule test { condition: true and true }'
])
-
- self.assertFalseRules([
+
+ self.assertFalseRules([
'rule test { condition: false }',
'rule test { condition: true and false }',
'rule test { condition: false or false }'
])
-
+
def testComparisonOperators(self):
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { condition: 2 > 1 }',
'rule test { condition: 1 < 2 }',
'rule test { condition: 2 >= 1 }',
'rule test { condition: 1 <= 1 }',
'rule test { condition: 1 == 1 }'
])
-
+
self.assertFalseRules([
'rule test { condition: 1 != 1}',
'rule test { condition: 2 > 3}',
])
-
- def testArithmeticOperators(self):
-
- self.assertTrueRules([
+
+ def testArithmeticOperators(self):
+
+ self.assertTrueRules([
'rule test { condition: (1 + 1) * 2 == (9 - 1) \ 2 }',
'rule test { condition: 5 % 2 == 1 }'
])
-
+
def testBitwiseOperators(self):
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { condition: 0x55 | 0xAA == 0xFF }',
'rule test { condition: ~0xAA ^ 0x5A & 0xFF == 0x0F }',
'rule test { condition: ~0x55 & 0xFF == 0xAA }',
'rule test { condition: 8 >> 2 == 2 }',
'rule test { condition: 1 << 3 == 8 }'
])
-
+
def testStrings(self):
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { strings: $a = "a" condition: $a }',
'rule test { strings: $a = "abc" condition: $a }',
'rule test { strings: $a = "xyz" condition: $a }',
@@ -121,10 +120,10 @@ class TestYara(unittest.TestCase):
'rule test { strings: $a = "aBc" nocase condition: $a }',
'rule test { strings: $a = "abc" fullword condition: $a }',
], "---- abc ---- A\x00B\x00C\x00 ---- xyz")
-
+
def testWildcardStrings(self):
- self.assertTrueRules([
+ self.assertTrueRules([
'rule test {\
strings:\
$s1 = "abc"\
@@ -132,49 +131,49 @@ class TestYara(unittest.TestCase):
condition:\
for all of ($*) : ($)\
}'
- ], "---- abc ---- A\x00B\x00C\x00 ---- xyz")
-
+ ], "---- abc ---- A\x00B\x00C\x00 ---- xyz")
+
def testHexStrings(self):
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { strings: $a = { 64 01 00 00 60 01 } condition: $a }',
'rule test { strings: $a = { 64 0? 00 00 ?0 01 } condition: $a }',
'rule test { strings: $a = { 64 01 [1-3] 60 01 } condition: $a }',
'rule test { strings: $a = { 64 01 [1-3] (60|61) 01 } condition: $a }',
], PE32_FILE)
-
+
def testCount(self):
-
+
self.assertTrueRules([
'rule test { strings: $a = "ssi" condition: #a == 2 }',
], 'mississippi')
-
+
def testAt(self):
self.assertTrueRules([
'rule test { strings: $a = "ssi" condition: $a at 2 and $a at 5 }',
], 'mississippi')
-
+
def testOf(self):
-
+
self.assertTrueRules([
'rule test { strings: $a = "ssi" $b = "mis" $c = "oops" condition: any of them }',
'rule test { strings: $a = "ssi" $b = "mis" $c = "oops" condition: 1 of them }',
'rule test { strings: $a = "ssi" $b = "mis" $c = "oops" condition: 2 of them }'
], 'mississipi')
-
+
self.assertFalseRules([
'rule test { strings: $a = "ssi" $b = "mis" $c = "oops" condition: all of them }'
], 'mississipi')
-
+
def testForAll(self):
-
+
self.assertTrueRules([
'rule test { strings: $a = "ssi" condition: for all i in (1..#a) : (@a[i] >= 2 and @a[i] <= 5) }'
], 'mississipi')
-
+
def testRE(self):
-
+
self.assertTrueRules([
'rule test { strings: $a = /ssi/ condition: $a }',
'rule test { strings: $a = /ssi(s|p)/ condition: $a }',
@@ -185,86 +184,86 @@ class TestYara(unittest.TestCase):
'rule test { strings: $a = /ppi\.mi/ condition: $a }',
'rule test { strings: $a = /^mississippi/ fullword condition: $a }',
], 'mississippi\tmississippi.mississippi')
-
+
self.assertFalseRules([
'rule test { strings: $a = /^ssi/ condition: $a }',
'rule test { strings: $a = /ssi$/ condition: $a }',
'rule test { strings: $a = /ssissi$/ fullword condition: $a }'
], 'mississippi')
-
+
def testEntrypoint(self):
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { strings: $a = { 6a 2a 58 c3 } condition: $a at entrypoint }',
], PE32_FILE)
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { strings: $a = { b8 01 00 00 00 bb 2a } condition: $a at entrypoint }',
], ELF32_FILE)
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { strings: $a = { b8 01 00 00 00 bb 2a } condition: $a at entrypoint }',
], ELF64_FILE)
-
- self.assertFalseRules([
+
+ self.assertFalseRules([
'rule test { condition: true or entrypoint >= 0 }',
])
-
+
def testFilesize(self):
-
- self.assertTrueRules([
+
+ self.assertTrueRules([
'rule test { condition: filesize == %d }' % len(PE32_FILE),
], PE32_FILE)
-
+
def testCompileFile(self):
-
+
f = tempfile.TemporaryFile('wt')
-
+
f.write('rule test { condition: true }')
f.flush()
f.seek(0)
-
+
r = yara.compile(file=f)
self.assertTrue(r.match(data=PE32_FILE))
-
+
def testCompileFiles(self):
-
+
tmpdir = tempfile.gettempdir()
-
- p1 = os.path.join(tmpdir,'test1')
+
+ p1 = os.path.join(tmpdir, 'test1')
f1 = open(p1, 'wt')
f1.write('rule test1 { condition: true }')
f1.close()
-
- p2 = os.path.join(tmpdir,'test2')
+
+ p2 = os.path.join(tmpdir, 'test2')
t2 = open(p2, 'wt')
t2.write('rule test2 { condition: true }')
t2.close()
-
+
r = yara.compile(filepaths={
- 'test1': p1,
- 'test2': p2
+ 'test1': p1,
+ 'test2': p2
})
-
+
self.assertTrue(len(r.match(data='dummy')) == 2)
-
+
for m in r.match(data='dummy'):
self.assertTrue(m.rule in ('test1', 'test2'))
self.assertTrue(m.namespace == m.rule)
-
+
os.remove(p1)
os.remove(p2)
-
+
def testIncludeFiles(self):
tmpdir = tempfile.gettempdir()
- p1 = os.path.join(tmpdir,'test1')
+ p1 = os.path.join(tmpdir, 'test1')
f1 = open(p1, 'wt')
f1.write('rule test1 { condition: true }')
f1.close()
- p2 = os.path.join(tmpdir,'test2')
+ p2 = os.path.join(tmpdir, 'test2')
f2 = open(p2, 'wt')
f2.write('include "%s" rule test2 { condition: test1 }' % p1)
f2.close()
@@ -272,45 +271,44 @@ class TestYara(unittest.TestCase):
r = yara.compile(p2)
self.assertTrue(len(r.match(data='dummy')) == 2)
-
def testExternals(self):
-
+
r = yara.compile(source='rule test { condition: ext_int == 15 }', externals={'ext_int': 15})
self.assertTrue(r.match(data=PE32_FILE))
-
+
r = yara.compile(source='rule test { condition: ext_bool }', externals={'ext_bool': True})
self.assertTrue(r.match(data=PE32_FILE))
-
+
r = yara.compile(source='rule test { condition: ext_bool }', externals={'ext_bool': False})
self.assertFalse(r.match(data=PE32_FILE))
-
+
r = yara.compile(source='rule test { condition: ext_str contains "ssi" }', externals={'ext_str': 'mississippi'})
- self.assertTrue(r.match(data=PE32_FILE))
+ self.assertTrue(r.match(data=PE32_FILE))
r = yara.compile(source='rule test { condition: ext_str matches /ssi(s|p)/ }', externals={'ext_str': 'mississippi'})
self.assertTrue(r.match(data=PE32_FILE))
-
+
def testCallback(self):
-
- global rule_data
- rule_data = None
-
+
+ global rule_data
+ rule_data = None
+
def callback(data):
global rule_data
rule_data = data
return yara.CALLBACK_CONTINUE
-
+
r = yara.compile(source='rule test { strings: $a = { 50 45 00 00 4c 01 } condition: $a }')
r.match(data=PE32_FILE, callback=callback)
-
+
self.assertTrue(rule_data['matches'])
self.assertTrue(rule_data['rule'] == 'test')
def testCompare(self):
r = yara.compile(sources={
- 'test1': 'rule test { condition: true}',
- 'test2': 'rule test { condition: true}'
+ 'test1': 'rule test { condition: true}',
+ 'test2': 'rule test { condition: true}'
})
m = r.match(data="dummy")
@@ -320,8 +318,23 @@ class TestYara(unittest.TestCase):
self.assertTrue(m[0] != m[1])
self.assertFalse(m[0] > m[1])
self.assertFalse(m[0] == m[1])
-
-
-if __name__ == "__main__":
+ def testComments(self):
+
+ self.assertTrueRules([
+ """
+ rule test {
+ condition:
+ // this is a comment
+ /*** this is a comment ***/
+ /* /* /*
+ this is a comment
+ */
+ true
+ }
+ """,
+ ])
+
+
+if __name__ == "__main__":
unittest.main()
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list