gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 15:16:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

tests: demonstrate a bit more depth to namespace matching

Browse Source
This commit is contained in:
William Ballenthin
2020-06-30 00:20:40 -06:00
parent e2296f0f40
commit 970977ade5
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/test_engine.py
View File

@@ -226,7 +226,7 @@ def test_match_namespace():
rule: rule:
meta: meta:
name: CreateFile API name: CreateFile API
namespace: file/create namespace: file/create/CreateFile
features: features:
- api: CreateFile - api: CreateFile
''')), ''')),
@@ -260,6 +260,9 @@ def test_match_namespace():
assert 'CreateFile API' in matches assert 'CreateFile API' in matches
assert 'file-create' in matches assert 'file-create' in matches
assert 'filesystem-any' in matches assert 'filesystem-any' in matches
assert capa.features.MatchedRule('file') in features
assert capa.features.MatchedRule('file/create') in features
assert capa.features.MatchedRule('file/create/CreateFile') in features
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.insn.API('WriteFile'): {1}}, {capa.features.insn.API('WriteFile'): {1}},