From 1e3b29de2ef7e9a18f0a34d18112b7c693a34d79 Mon Sep 17 00:00:00 2001 From: Moritz Raabe Date: Wed, 21 Oct 2020 12:16:50 +0200 Subject: [PATCH] add IDA specific test --- tests/fixtures.py | 6 ++++++ tests/test_ida_features.py | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/fixtures.py b/tests/fixtures.py index d0754b2d..322681b0 100644 --- a/tests/fixtures.py +++ b/tests/fixtures.py @@ -421,6 +421,12 @@ FEATURE_PRESENCE_TESTS = [ ("mimikatz", "function=0x4556E5", capa.features.Characteristic("calls to"), False), ] +FEATURE_PRESENCE_TESTS_IDA = [ + # file/imports + # IDA can recover more names of APIs imported by ordinal + ("mimikatz", "file", capa.features.file.Import("cabinet.FCIAddFile"), True), +] + FEATURE_COUNT_TESTS = [ ("mimikatz", "function=0x40E5C2", capa.features.basicblock.BasicBlock(), 7), ("mimikatz", "function=0x4702FD", capa.features.Characteristic("calls from"), 0), diff --git a/tests/test_ida_features.py b/tests/test_ida_features.py index b227775e..51de2139 100644 --- a/tests/test_ida_features.py +++ b/tests/test_ida_features.py @@ -44,7 +44,7 @@ def get_ida_extractor(_path): @pytest.mark.skip(reason="IDA Pro tests must be run within IDA") def test_ida_features(): - for (sample, scope, feature, expected) in FEATURE_PRESENCE_TESTS: + for (sample, scope, feature, expected) in FEATURE_PRESENCE_TESTS + FEATURE_PRESENCE_TESTS_IDA: id = make_test_id((sample, scope, feature, expected)) try: