gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

pep8

Browse Source
This commit is contained in:
William Ballenthin
2020-06-29 05:57:46 -06:00
parent 3d0bd64e1b
commit 990c2010e9
1 changed files with 29 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
tests/test_engine.py
View File

@@ -43,8 +43,10 @@ def test_some():
assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}}) == False assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}}) == False
assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}, Number(1): {1}}) == False assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}, Number(1): {1}}) == False
assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}, Number(1): {1}, Number(2): {1}}) == True assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}, Number(1): {1}, Number(2): {1}}) == True
assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}, Number(1): {1}, Number(2): {1}, Number(3): {1}}) == True assert Some(2, Number(1), Number(2), Number(3)).evaluate(
assert Some(2, Number(1), Number(2), Number(3)).evaluate({Number(0): {1}, Number(1): {1}, Number(2): {1}, Number(3): {1}, Number(4): {1}}) == True {Number(0): {1}, Number(1): {1}, Number(2): {1}, Number(3): {1}}) == True
assert Some(2, Number(1), Number(2), Number(3)).evaluate(
{Number(0): {1}, Number(1): {1}, Number(2): {1}, Number(3): {1}, Number(4): {1}}) == True
def test_complex(): def test_complex():
@@ -118,7 +120,7 @@ def test_match_matched_rules():
features: features:
- number: 100 - number: 100
''')), ''')),
capa.rules.Rule.from_yaml(textwrap.dedent(''' capa.rules.Rule.from_yaml(textwrap.dedent('''
rule: rule:
meta: meta:
name: test rule2 name: test rule2
@@ -128,14 +130,14 @@ def test_match_matched_rules():
] ]
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.insn.Number(100): {1}}, 0x0) {capa.features.insn.Number(100): {1}}, 0x0)
assert capa.features.MatchedRule('test rule1') in features assert capa.features.MatchedRule('test rule1') in features
assert capa.features.MatchedRule('test rule2') in features assert capa.features.MatchedRule('test rule2') in features
# the ordering of the rules must not matter, # the ordering of the rules must not matter,
# the engine should match rules in an appropriate order. # the engine should match rules in an appropriate order.
features, matches = capa.engine.match(capa.engine.topologically_order_rules(reversed(rules)), features, matches = capa.engine.match(capa.engine.topologically_order_rules(reversed(rules)),
{capa.features.insn.Number(100): {1}}, 0x0) {capa.features.insn.Number(100): {1}}, 0x0)
assert capa.features.MatchedRule('test rule1') in features assert capa.features.MatchedRule('test rule1') in features
assert capa.features.MatchedRule('test rule2') in features assert capa.features.MatchedRule('test rule2') in features
@@ -168,11 +170,11 @@ def test_regex():
''')), ''')),
] ]
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.insn.Number(100): {1}}, 0x0) {capa.features.insn.Number(100): {1}}, 0x0)
assert capa.features.MatchedRule('test rule') not in features assert capa.features.MatchedRule('test rule') not in features
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.String('aaaa'): {1}}, 0x0) {capa.features.String('aaaa'): {1}}, 0x0)
assert capa.features.MatchedRule('test rule') not in features assert capa.features.MatchedRule('test rule') not in features
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
@@ -180,7 +182,7 @@ def test_regex():
assert capa.features.MatchedRule('test rule') not in features assert capa.features.MatchedRule('test rule') not in features
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.String('abbbba'): {1}}, 0x0) {capa.features.String('abbbba'): {1}}, 0x0)
assert capa.features.MatchedRule('test rule') in features assert capa.features.MatchedRule('test rule') in features
assert capa.features.MatchedRule('rule with implied wildcards') in features assert capa.features.MatchedRule('rule with implied wildcards') in features
assert capa.features.MatchedRule('rule with anchor') not in features assert capa.features.MatchedRule('rule with anchor') not in features
@@ -214,13 +216,13 @@ def test_regex_complex():
''')), ''')),
] ]
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.String(r'Hardware\Key\key with spaces\some value'): {1}}, 0x0) {capa.features.String(r'Hardware\Key\key with spaces\some value'): {1}}, 0x0)
assert capa.features.MatchedRule('test rule') in features assert capa.features.MatchedRule('test rule') in features
def test_match_namespace(): def test_match_namespace():
rules = [ rules = [
capa.rules.Rule.from_yaml(textwrap.dedent(''' capa.rules.Rule.from_yaml(textwrap.dedent('''
rule: rule:
meta: meta:
name: CreateFile API name: CreateFile API
@@ -228,7 +230,7 @@ def test_match_namespace():
features: features:
- api: CreateFile - api: CreateFile
''')), ''')),
capa.rules.Rule.from_yaml(textwrap.dedent(''' capa.rules.Rule.from_yaml(textwrap.dedent('''
rule: rule:
meta: meta:
name: WriteFile API name: WriteFile API
@@ -236,32 +238,32 @@ def test_match_namespace():
features: features:
- api: WriteFile - api: WriteFile
''')), ''')),
capa.rules.Rule.from_yaml(textwrap.dedent(''' capa.rules.Rule.from_yaml(textwrap.dedent('''
rule: rule:
meta: meta:
name: file-create name: file-create
features: features:
- match: file/create - match: file/create
''')), ''')),
capa.rules.Rule.from_yaml(textwrap.dedent(''' capa.rules.Rule.from_yaml(textwrap.dedent('''
rule: rule:
meta: meta:
name: filesystem-any name: filesystem-any
features: features:
- match: file - match: file
''')), ''')),
] ]
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.insn.API('CreateFile'): {1}}, {capa.features.insn.API('CreateFile'): {1}},
0x0) 0x0)
assert 'CreateFile API' in matches assert 'CreateFile API' in matches
assert 'file-create' in matches assert 'file-create' in matches
assert 'filesystem-any' in matches assert 'filesystem-any' in matches
features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules), features, matches = capa.engine.match(capa.engine.topologically_order_rules(rules),
{capa.features.insn.API('WriteFile'): {1}}, {capa.features.insn.API('WriteFile'): {1}},
0x0) 0x0)
assert 'WriteFile API' in matches assert 'WriteFile API' in matches
assert 'file-create' not in matches assert 'file-create' not in matches
assert 'filesystem-any' in matches assert 'filesystem-any' in matches