gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

update changelog

Browse Source
This commit is contained in:
Yacine Elhamer
2023-06-28 01:39:11 +01:00
parent 708cb28ed0
commit 0e01d91cec
4 changed files with 79 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
tests/test_rules.py
View File

@@ -277,6 +277,20 @@ def test_invalid_rule_feature():
)
)
with pytest.raises(capa.rules.InvalidRule):
capa.rules.Rule.from_yaml(
textwrap.dedent(
"""
rule:
meta:
name: test rule
scope: process
features:
- mnemonic: xor
"""
)
)
def test_lib_rules():
rules = capa.rules.RuleSet(
@@ -319,7 +333,7 @@ def test_subscope_rules():
"""
rule:
meta:
name: test rule
name: test function subscope
scope: file
features:
- and:
@@ -330,17 +344,37 @@ def test_subscope_rules():
- characteristic: loop
"""
)
)
),
capa.rules.Rule.from_yaml(
textwrap.dedent(
"""
rule:
meta:
name: test process subscope
scope: file
features:
- and:
- import: WININET.dll.HttpOpenRequestW
- process:
- and:
- substring: "http://"
"""
)
),
]
)
# the file rule scope will have one rules:
# - `test rule`
assert len(rules.file_rules) == 1
# the file rule scope will have two rules:
# - `test function subscope` and `test process subscope`
assert len(rules.file_rules) == 2
# the function rule scope have one rule:
# - the rule on which `test rule` depends
# - the rule on which `test function subscope` depends
assert len(rules.function_rules) == 1
# the process rule scope has one rule:
# - the rule on which `test process subscope` depends
assert len(rules.process_rules) == 1
def test_duplicate_rules():
with pytest.raises(capa.rules.InvalidRule):