gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

Update test_scripts.py

Browse Source
This commit is contained in:
Aayush Goel
2023-05-20 13:09:48 +05:30
parent 66ea0451e9
commit acdaeb26d3
1 changed files with 14 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
tests/test_scripts.py
View File

@@ -86,14 +86,6 @@ def test_proto_conversion(tmpdir):
assert p.stdout.startswith(b'{\n "meta": ') or p.stdout.startswith(b'{\r\n "meta": ')
def run_detect_duplicate_features(rule_dir, rule_path):
args = [rule_dir, rule_path]
script_path = get_script_path("detect_duplicate_features.py")
args = [sys.executable] + [script_path] + args
print(f"running: '{args}'")
return subprocess.run(args)
def test_detect_duplicate_features(tmpdir):
TEST_RULE_0 = textwrap.dedent(
"""
@@ -103,10 +95,9 @@ def test_detect_duplicate_features(tmpdir):
scope: function
features:
- and:
- number: 2
- or:
- mnemonic: shr
- api: connect
- number: 1
- not:
- string: process
"""
)
@@ -116,11 +107,10 @@ def test_detect_duplicate_features(tmpdir):
rule:
meta:
name: Test Rule 1
scope: function
features:
- or:
- string: "sites.ini"
- number: 0xEDB88320
- string: unique
- number: 2
- and:
- or:
- arch: i386
@@ -136,15 +126,13 @@ def test_detect_duplicate_features(tmpdir):
rule:
meta:
name: Test Rule 2
scope: function
features:
- and:
- string: "sites.ini"
- arch: i386
- basic block:
- and:
- api: setsockopt
- count(mnemonic(mov)): 3
- api: CreateFile
- mnemonic: xor
"""
),
"rule_3": textwrap.dedent(
@@ -152,15 +140,14 @@ def test_detect_duplicate_features(tmpdir):
rule:
meta:
name: Test Rule 3
scope: function
features:
- or:
- not:
- os: linux
- number: 4
- basic block:
- and:
- api: bind
- count(mnemonic(mov)): 3
- number: 2
"""
),
"rule_4": textwrap.dedent(
@@ -168,7 +155,6 @@ def test_detect_duplicate_features(tmpdir):
rule:
meta:
name: Test Rule 4
scope: function
features:
- not:
- string: "expa"
@@ -179,6 +165,7 @@ def test_detect_duplicate_features(tmpdir):
"""
The rule_overlaps list represents the number of overlaps between each rule in the RULESET.
An overlap includes a rule overlap with itself.
The scripts
The overlaps are like:
- Rule 0 has zero overlaps in RULESET
- Rule 1 overlaps with 3 other rules in RULESET
@@ -186,7 +173,7 @@ def test_detect_duplicate_features(tmpdir):
These overlap values indicate the number of rules with which
each rule in RULESET has overlapping features.
"""
rule_overlaps = [0, 3, 4, 4, 1]
rule_overlaps = [0, 4, 3, 3, 1]
rule_dir = tmpdir.mkdir("capa_rule_overlap_test")
rule_paths = []
@@ -201,6 +188,8 @@ def test_detect_duplicate_features(tmpdir):
rule_paths.append(rule_file.strpath)
# tests if number of overlaps for rules in RULESET found are correct.
script_path = get_script_path("detect_duplicate_features.py")
for expected_overlaps, rule_path in zip(rule_overlaps, rule_paths):
overlaps_found = run_detect_duplicate_features(rule_dir.strpath, rule_path)
args = [rule_dir.strpath, rule_path]
overlaps_found = run_program(script_path, args)
assert overlaps_found.returncode == expected_overlaps