[Forensics-changes] [yara] 312/415: Add tests for unbounded jumps
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:18 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit dd58af1dc00d2272919777961a92aaaf7b01d743
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Wed Dec 18 10:02:18 2013 +0100
Add tests for unbounded jumps
---
yara-python/tests.py | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/yara-python/tests.py b/yara-python/tests.py
index 0a422e5..63ae27e 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -358,6 +358,16 @@ class TestYara(unittest.TestCase):
'rule test { strings: $a = { 64 01 [1-3] (60|61) 01 } condition: $a }',
], PE32_FILE)
+ self.assertTrueRules([
+ 'rule test { strings: $a = { 31 32 [..] 38 39 } condition: $a }',
+ 'rule test { strings: $a = { 31 32 [..] 33 34 [..] 38 39 } condition: $a }',
+ ], '123456789')
+
+ self.assertFalseRules([
+ 'rule test { strings: $a = { 31 32 [..] 32 33 } condition: $a }',
+ 'rule test { strings: $a = { 35 36 [..] 31 32 } condition: $a }',
+ ], '123456789')
+
rules = yara.compile(source='rule test { strings: $a = { 61 [0-3] (62|63) } condition: $a }')
matches = rules.match(data='abbb')
self.assertTrue(matches[0].strings == [(0L, '$a', 'ab')])
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list