mirror of
https://github.com/mandiant/capa.git
synced 2025-12-22 07:10:29 -08:00
Add tests for description feature
Test if the parsing of feature succeeds with every time of description.
This commit is contained in:
Ana María Martínez Gómez
@@ -4,6 +4,7 @@ import pytest
|
|||||||
|
|
||||||
import capa.rules
|
import capa.rules
|
||||||
from capa.features.insn import Number, Offset
|
from capa.features.insn import Number, Offset
|
||||||
|
from capa.features import String
|
||||||
|
|
||||||
|
|
||||||
def test_rule_ctor():
|
def test_rule_ctor():
|
||||||
@@ -56,6 +57,22 @@ def test_rule_yaml_complex():
|
|||||||
assert r.evaluate({Number(6): {1}, Number(7): {1}, Number(8): {1}}) == False
|
assert r.evaluate({Number(6): {1}, Number(7): {1}, Number(8): {1}}) == False
|
||||||
|
|
||||||
|
|
||||||
|
def test_rule_yaml_descriptions():
|
||||||
|
rule = textwrap.dedent('''
|
||||||
|
rule:
|
||||||
|
meta:
|
||||||
|
name: test rule
|
||||||
|
features:
|
||||||
|
- and:
|
||||||
|
- number: 1 = This is the number 1
|
||||||
|
- string: This program cannot be run in DOS mode.
|
||||||
|
description: MS-DOS stub message
|
||||||
|
- count(number(2 = AF_INET/SOCK_DGRAM)): 2
|
||||||
|
''')
|
||||||
|
r = capa.rules.Rule.from_yaml(rule)
|
||||||
|
assert r.evaluate({Number(1): {1}, Number(2): {2, 3}, String('This program cannot be run in DOS mode.'): {4}}) == True
|
||||||
|
|
||||||
|
|
||||||
def test_rule_yaml_not():
|
def test_rule_yaml_not():
|
||||||
rule = textwrap.dedent('''
|
rule = textwrap.dedent('''
|
||||||
rule:
|
rule:
|
||||||
|
|||||||
Reference in New Issue
Block a user