update OS to match OS_ANY for all supported OSes (#1324)

2025-12-22 07:10:29 -08:00 · 2023-02-24 07:51:40 -07:00
parent 84df8baa5f
commit a07ca443f0
3 changed files with 65 additions and 1 deletions
--- a/tests/test_match.py
+++ b/tests/test_match.py
@@ -13,7 +13,6 @@ import capa.engine
 import capa.features.insn
 import capa.features.common
 from capa.rules import Scope
-from capa.features import *
 from capa.features.insn import *
 from capa.features.common import *

@@ -626,3 +625,53 @@ def test_match_property_access():
        0x0,
    )
    assert "test rule" not in matches
+
+
+def test_match_os_any():
+    rule = textwrap.dedent(
+        """
+        rule:
+            meta:
+                name: test rule
+            features:
+                - or:
+                    - and:
+                        - or:
+                            - os: windows
+                            - os: linux
+                            - os: macos
+                        - string: "Hello world"
+                    - and:
+                        - os: any
+                        - string: "Goodbye world"
+        """
+    )
+    r = capa.rules.Rule.from_yaml(rule)
+
+    _, matches = match(
+        [r],
+        {OS(OS_ANY): {1}, String("Hello world"): {1}},
+        0x0,
+    )
+    assert "test rule" in matches
+
+    _, matches = match(
+        [r],
+        {OS(OS_WINDOWS): {1}, String("Hello world"): {1}},
+        0x0,
+    )
+    assert "test rule" in matches
+
+    _, matches = match(
+        [r],
+        {OS(OS_ANY): {1}, String("Goodbye world"): {1}},
+        0x0,
+    )
+    assert "test rule" in matches
+
+    _, matches = match(
+        [r],
+        {OS(OS_WINDOWS): {1}, String("Goodbye world"): {1}},
+        0x0,
+    )
+    assert "test rule" in matches