lots of mypy

2025-12-22 07:10:29 -08:00 · 2022-12-14 10:37:39 +01:00
parent b1d6fcd6c8
commit b819033da0
29 changed files with 410 additions and 233 deletions
--- a/tests/test_rules.py
+++ b/tests/test_rules.py
@@ -13,8 +13,10 @@ import pytest
 import capa.rules
 import capa.engine
 import capa.features.common
+from capa.features.address import AbsoluteVirtualAddress
 from capa.features.file import FunctionName
 from capa.features.insn import Number, Offset, Property
+from capa.engine import Or
 from capa.features.common import (
    OS,
    OS_LINUX,
@@ -29,12 +31,19 @@ from capa.features.common import (
    Substring,
    FeatureAccess,
 )
+import capa.features.address
+
+
+ADDR1 = capa.features.address.AbsoluteVirtualAddress(0x401001)
+ADDR2 = capa.features.address.AbsoluteVirtualAddress(0x401002)
+ADDR3 = capa.features.address.AbsoluteVirtualAddress(0x401003)
+ADDR4 = capa.features.address.AbsoluteVirtualAddress(0x401004)


 def test_rule_ctor():
-    r = capa.rules.Rule("test rule", capa.rules.FUNCTION_SCOPE, Number(1), {})
-    assert r.evaluate({Number(0): {1}}) == False
-    assert r.evaluate({Number(1): {1}}) == True
+    r = capa.rules.Rule("test rule", capa.rules.FUNCTION_SCOPE, Or(Number(1)), {})
+    assert r.evaluate({Number(0): {ADDR1}}) == False
+    assert r.evaluate({Number(1): {ADDR2}}) == True


 def test_rule_yaml():
@@ -56,10 +65,10 @@ def test_rule_yaml():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({Number(0): {1}}) == False
-    assert r.evaluate({Number(0): {1}, Number(1): {1}}) == False
-    assert r.evaluate({Number(0): {1}, Number(1): {1}, Number(2): {1}}) == True
-    assert r.evaluate({Number(0): {1}, Number(1): {1}, Number(2): {1}, Number(3): {1}}) == True
+    assert r.evaluate({Number(0): {ADDR1}}) == False
+    assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}}) == False
+    assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}}) == True
+    assert r.evaluate({Number(0): {ADDR1}, Number(1): {ADDR1}, Number(2): {ADDR1}, Number(3): {ADDR1}}) == True


 def test_rule_yaml_complex():
@@ -82,8 +91,8 @@ def test_rule_yaml_complex():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({Number(5): {1}, Number(6): {1}, Number(7): {1}, Number(8): {1}}) == True
-    assert r.evaluate({Number(6): {1}, Number(7): {1}, Number(8): {1}}) == False
+    assert r.evaluate({Number(5): {ADDR1}, Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) == True
+    assert r.evaluate({Number(6): {ADDR1}, Number(7): {ADDR1}, Number(8): {ADDR1}}) == False


 def test_rule_descriptions():
@@ -160,8 +169,8 @@ def test_rule_yaml_not():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({Number(1): {1}}) == True
-    assert r.evaluate({Number(1): {1}, Number(2): {1}}) == False
+    assert r.evaluate({Number(1): {ADDR1}}) == True
+    assert r.evaluate({Number(1): {ADDR1}, Number(2): {ADDR1}}) == False


 def test_rule_yaml_count():
@@ -175,9 +184,9 @@ def test_rule_yaml_count():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({Number(100): {}}) == False
-    assert r.evaluate({Number(100): {1}}) == True
-    assert r.evaluate({Number(100): {1, 2}}) == False
+    assert r.evaluate({Number(100): set()}) == False
+    assert r.evaluate({Number(100): {ADDR1}}) == True
+    assert r.evaluate({Number(100): {ADDR1, ADDR2}}) == False


 def test_rule_yaml_count_range():
@@ -191,10 +200,10 @@ def test_rule_yaml_count_range():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({Number(100): {}}) == False
-    assert r.evaluate({Number(100): {1}}) == True
-    assert r.evaluate({Number(100): {1, 2}}) == True
-    assert r.evaluate({Number(100): {1, 2, 3}}) == False
+    assert r.evaluate({Number(100): set()}) == False
+    assert r.evaluate({Number(100): {ADDR1}}) == True
+    assert r.evaluate({Number(100): {ADDR1, ADDR2}}) == True
+    assert r.evaluate({Number(100): {ADDR1, ADDR2, ADDR3}}) == False


 def test_rule_yaml_count_string():
@@ -208,10 +217,10 @@ def test_rule_yaml_count_string():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({String("foo"): {}}) == False
-    assert r.evaluate({String("foo"): {1}}) == False
-    assert r.evaluate({String("foo"): {1, 2}}) == True
-    assert r.evaluate({String("foo"): {1, 2, 3}}) == False
+    assert r.evaluate({String("foo"): set()}) == False
+    assert r.evaluate({String("foo"): {ADDR1}}) == False
+    assert r.evaluate({String("foo"): {ADDR1, ADDR2}}) == True
+    assert r.evaluate({String("foo"): {ADDR1, ADDR2, ADDR3}}) == False


 def test_invalid_rule_feature():
@@ -481,11 +490,11 @@ def test_count_number_symbol():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({Number(2): {}}) == False
-    assert r.evaluate({Number(2): {1}}) == True
-    assert r.evaluate({Number(2): {1, 2}}) == False
-    assert r.evaluate({Number(0x100, description="symbol name"): {1}}) == False
-    assert r.evaluate({Number(0x100, description="symbol name"): {1, 2, 3}}) == True
+    assert r.evaluate({Number(2): set()}) == False
+    assert r.evaluate({Number(2): {ADDR1}}) == True
+    assert r.evaluate({Number(2): {ADDR1, ADDR2}}) == False
+    assert r.evaluate({Number(0x100, description="symbol name"): {ADDR1}}) == False
+    assert r.evaluate({Number(0x100, description="symbol name"): {ADDR1, ADDR2, ADDR3}}) == True


 def test_invalid_number():
@@ -567,11 +576,11 @@ def test_count_offset_symbol():
        """
    )
    r = capa.rules.Rule.from_yaml(rule)
-    assert r.evaluate({Offset(2): {}}) == False
-    assert r.evaluate({Offset(2): {1}}) == True
-    assert r.evaluate({Offset(2): {1, 2}}) == False
-    assert r.evaluate({Offset(0x100, description="symbol name"): {1}}) == False
-    assert r.evaluate({Offset(0x100, description="symbol name"): {1, 2, 3}}) == True
+    assert r.evaluate({Offset(2): set()}) == False
+    assert r.evaluate({Offset(2): {ADDR1}}) == True
+    assert r.evaluate({Offset(2): {ADDR1, ADDR2}}) == False
+    assert r.evaluate({Offset(0x100, description="symbol name"): {ADDR1}}) == False
+    assert r.evaluate({Offset(0x100, description="symbol name"): {ADDR1, ADDR2, ADDR3}}) == True


 def test_invalid_offset():
@@ -966,10 +975,10 @@ def test_property_access():
            """
        )
    )
-    assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.READ): {1}}) == True
+    assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.READ): {ADDR1}}) == True

-    assert r.evaluate({Property("System.IO.FileInfo::Length"): {1}}) == False
-    assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.WRITE): {1}}) == False
+    assert r.evaluate({Property("System.IO.FileInfo::Length"): {ADDR1}}) == False
+    assert r.evaluate({Property("System.IO.FileInfo::Length", access=FeatureAccess.WRITE): {ADDR1}}) == False


 def test_property_access_symbol():
@@ -986,7 +995,7 @@ def test_property_access_symbol():
    )
    assert (
        r.evaluate(
-            {Property("System.IO.FileInfo::Length", access=FeatureAccess.READ, description="some property"): {1}}
+            {Property("System.IO.FileInfo::Length", access=FeatureAccess.READ, description="some property"): {ADDR1}}
        )
        == True
    )