test_capabilities.py: add missing test_com_feature_matching() test

2025-12-05 20:40:05 -08:00 · 2023-10-20 20:11:08 +02:00
parent ab06c94d80
commit 3572b512d9
1 changed files with 26 additions and 0 deletions
--- a/tests/test_capabilities.py
+++ b/tests/test_capabilities.py
@@ -198,6 +198,32 @@ def test_byte_matching(z9324d_extractor):
    assert "byte match test" in capabilities


+def test_com_feature_matching(z395eb_extractor):
+    rules = capa.rules.RuleSet(
+        [
+            capa.rules.Rule.from_yaml(
+                textwrap.dedent(
+                    """
+                    rule:
+                        meta:
+                            name: initialize IWebBrowser2
+                            scopes:
+                              static: basic block
+                              dynamic: unsupported
+                        features:
+                            - and:
+                                - api: ole32.CoCreateInstance
+                                - com/class: InternetExplorer #bytes: 01 DF 02 00 00 00 00 00 C0 00 00 00 00 00 00 46 = CLSID_InternetExplorer
+                                - com/interface: IWebBrowser2 #bytes: 61 16 0C D3 AF CD D0 11 8A 3E 00 C0 4F C9 E2 6E = IID_IWebBrowser2
+                    """
+                )
+            )
+        ]
+    )
+    capabilities, meta = capa.main.find_capabilities(rules, z395eb_extractor)
+    assert "initialize IWebBrowser2" in capabilities
+
+
 def test_count_bb(z9324d_extractor):
    rules = capa.rules.RuleSet(
        [