gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 15:16:22 -08:00
Code Issues Packages Projects Releases Wiki Activity

features: support characteristic(os/*) features

Browse Source
This commit is contained in:
William Ballenthin
2021-08-11 08:40:40 -06:00
parent aefe97e09e
commit a1eca58d7a
3 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/test_rules.py
View File

@@ -15,7 +15,7 @@ import capa.engine
import capa.features.common
from capa.features.file import FunctionName
from capa.features.insn import Number, Offset
from capa.features.common import ARCH_X32, ARCH_X64, String
from capa.features.common import ARCH_X32, ARCH_X64, OS_WINDOWS, String, Characteristic
def test_rule_ctor():
@@ -944,3 +944,20 @@ def test_function_name_features():
assert (FunctionName("strcpy") in children) == True
assert (FunctionName("strcmp", description="copy from here to there") in children) == True
assert (FunctionName("strdup", description="duplicate a string") in children) == True
def test_os_features():
rule = textwrap.dedent(
"""
rule:
meta:
name: test rule
scope: file
features:
- and:
- characteristic: os/windows
"""
)
r = capa.rules.Rule.from_yaml(rule)
children = list(r.statement.get_children())
assert (Characteristic(OS_WINDOWS) in children) == True