mirror of
https://github.com/mandiant/capa.git
synced 2025-12-22 07:10:29 -08:00
Update test_scripts.py
This commit is contained in:
Aayush Goel
@@ -86,14 +86,6 @@ def test_proto_conversion(tmpdir):
|
|||||||
assert p.stdout.startswith(b'{\n "meta": ') or p.stdout.startswith(b'{\r\n "meta": ')
|
assert p.stdout.startswith(b'{\n "meta": ') or p.stdout.startswith(b'{\r\n "meta": ')
|
||||||
|
|
||||||
|
|
||||||
def run_detect_duplicate_features(rule_dir, rule_path):
|
|
||||||
args = [rule_dir, rule_path]
|
|
||||||
script_path = get_script_path("detect_duplicate_features.py")
|
|
||||||
args = [sys.executable] + [script_path] + args
|
|
||||||
print(f"running: '{args}'")
|
|
||||||
return subprocess.run(args)
|
|
||||||
|
|
||||||
|
|
||||||
def test_detect_duplicate_features(tmpdir):
|
def test_detect_duplicate_features(tmpdir):
|
||||||
TEST_RULE_0 = textwrap.dedent(
|
TEST_RULE_0 = textwrap.dedent(
|
||||||
"""
|
"""
|
||||||
@@ -103,10 +95,9 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
scope: function
|
scope: function
|
||||||
features:
|
features:
|
||||||
- and:
|
- and:
|
||||||
- number: 2
|
- number: 1
|
||||||
- or:
|
- not:
|
||||||
- mnemonic: shr
|
- string: process
|
||||||
- api: connect
|
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -116,11 +107,10 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
rule:
|
rule:
|
||||||
meta:
|
meta:
|
||||||
name: Test Rule 1
|
name: Test Rule 1
|
||||||
scope: function
|
|
||||||
features:
|
features:
|
||||||
- or:
|
- or:
|
||||||
- string: "sites.ini"
|
- string: unique
|
||||||
- number: 0xEDB88320
|
- number: 2
|
||||||
- and:
|
- and:
|
||||||
- or:
|
- or:
|
||||||
- arch: i386
|
- arch: i386
|
||||||
@@ -136,15 +126,13 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
rule:
|
rule:
|
||||||
meta:
|
meta:
|
||||||
name: Test Rule 2
|
name: Test Rule 2
|
||||||
scope: function
|
|
||||||
features:
|
features:
|
||||||
- and:
|
- and:
|
||||||
- string: "sites.ini"
|
- string: "sites.ini"
|
||||||
- arch: i386
|
|
||||||
- basic block:
|
- basic block:
|
||||||
- and:
|
- and:
|
||||||
- api: setsockopt
|
- api: CreateFile
|
||||||
- count(mnemonic(mov)): 3
|
- mnemonic: xor
|
||||||
"""
|
"""
|
||||||
),
|
),
|
||||||
"rule_3": textwrap.dedent(
|
"rule_3": textwrap.dedent(
|
||||||
@@ -152,15 +140,14 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
rule:
|
rule:
|
||||||
meta:
|
meta:
|
||||||
name: Test Rule 3
|
name: Test Rule 3
|
||||||
scope: function
|
|
||||||
features:
|
features:
|
||||||
- or:
|
- or:
|
||||||
- not:
|
- not:
|
||||||
- os: linux
|
- number: 4
|
||||||
- basic block:
|
- basic block:
|
||||||
- and:
|
- and:
|
||||||
- api: bind
|
- api: bind
|
||||||
- count(mnemonic(mov)): 3
|
- number: 2
|
||||||
"""
|
"""
|
||||||
),
|
),
|
||||||
"rule_4": textwrap.dedent(
|
"rule_4": textwrap.dedent(
|
||||||
@@ -168,7 +155,6 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
rule:
|
rule:
|
||||||
meta:
|
meta:
|
||||||
name: Test Rule 4
|
name: Test Rule 4
|
||||||
scope: function
|
|
||||||
features:
|
features:
|
||||||
- not:
|
- not:
|
||||||
- string: "expa"
|
- string: "expa"
|
||||||
@@ -179,6 +165,7 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
"""
|
"""
|
||||||
The rule_overlaps list represents the number of overlaps between each rule in the RULESET.
|
The rule_overlaps list represents the number of overlaps between each rule in the RULESET.
|
||||||
An overlap includes a rule overlap with itself.
|
An overlap includes a rule overlap with itself.
|
||||||
|
The scripts
|
||||||
The overlaps are like:
|
The overlaps are like:
|
||||||
- Rule 0 has zero overlaps in RULESET
|
- Rule 0 has zero overlaps in RULESET
|
||||||
- Rule 1 overlaps with 3 other rules in RULESET
|
- Rule 1 overlaps with 3 other rules in RULESET
|
||||||
@@ -186,7 +173,7 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
These overlap values indicate the number of rules with which
|
These overlap values indicate the number of rules with which
|
||||||
each rule in RULESET has overlapping features.
|
each rule in RULESET has overlapping features.
|
||||||
"""
|
"""
|
||||||
rule_overlaps = [0, 3, 4, 4, 1]
|
rule_overlaps = [0, 4, 3, 3, 1]
|
||||||
|
|
||||||
rule_dir = tmpdir.mkdir("capa_rule_overlap_test")
|
rule_dir = tmpdir.mkdir("capa_rule_overlap_test")
|
||||||
rule_paths = []
|
rule_paths = []
|
||||||
@@ -201,6 +188,8 @@ def test_detect_duplicate_features(tmpdir):
|
|||||||
rule_paths.append(rule_file.strpath)
|
rule_paths.append(rule_file.strpath)
|
||||||
|
|
||||||
# tests if number of overlaps for rules in RULESET found are correct.
|
# tests if number of overlaps for rules in RULESET found are correct.
|
||||||
|
script_path = get_script_path("detect_duplicate_features.py")
|
||||||
for expected_overlaps, rule_path in zip(rule_overlaps, rule_paths):
|
for expected_overlaps, rule_path in zip(rule_overlaps, rule_paths):
|
||||||
overlaps_found = run_detect_duplicate_features(rule_dir.strpath, rule_path)
|
args = [rule_dir.strpath, rule_path]
|
||||||
|
overlaps_found = run_program(script_path, args)
|
||||||
assert overlaps_found.returncode == expected_overlaps
|
assert overlaps_found.returncode == expected_overlaps
|
||||||
|
|||||||
Reference in New Issue
Block a user