gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2026-01-09 03:41:20 -08:00
Code Issues Packages Projects Releases Wiki Activity

features: add format/pe and format/elf characteristics

Browse Source
This commit is contained in:
William Ballenthin
2021-08-11 09:10:04 -06:00
parent e797a67e97
commit 06f8943bc4
3 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/test_rules.py
View File

@@ -15,7 +15,7 @@ import capa.engine
import capa.features.common
from capa.features.file import FunctionName
from capa.features.insn import Number, Offset
from capa.features.common import ARCH_X32, ARCH_X64, OS_WINDOWS, String, Characteristic
from capa.features.common import ARCH_X32, ARCH_X64, OS_WINDOWS, FORMAT_PE, String, Characteristic
def test_rule_ctor():
@@ -961,3 +961,20 @@ def test_os_features():
r = capa.rules.Rule.from_yaml(rule)
children = list(r.statement.get_children())
assert (Characteristic(OS_WINDOWS) in children) == True
def test_format_features():
rule = textwrap.dedent(
"""
rule:
meta:
name: test rule
scope: file
features:
- and:
- characteristic: format/pe
"""
)
r = capa.rules.Rule.from_yaml(rule)
children = list(r.statement.get_children())
assert (Characteristic(FORMAT_PE) in children) == True