diff --git a/tests/fixtures.py b/tests/fixtures.py index 2dbaf9f0..21ee429d 100644 --- a/tests/fixtures.py +++ b/tests/fixtures.py @@ -224,9 +224,10 @@ FEATURE_PRESENCE_TESTS = [ ("mimikatz", "file", capa.features.String("ACR > "), True), ("mimikatz", "file", capa.features.String("nope"), False), # file/sections - ("mimikatz", "file", capa.features.file.Section(".rsrc"), True), ("mimikatz", "file", capa.features.file.Section(".text"), True), ("mimikatz", "file", capa.features.file.Section(".nope"), False), + # IDA doesn't extract unmapped sections by default + # ("mimikatz", "file", capa.features.file.Section(".rsrc"), True), # file/exports ("kernel32", "file", capa.features.file.Export("BaseThreadInitThunk"), True), ("kernel32", "file", capa.features.file.Export("lstrlenW"), True), @@ -350,12 +351,15 @@ FEATURE_PRESENCE_TESTS = [ ("mimikatz", "function=0x4702FD", capa.features.Characteristic("calls from"), False), # function/characteristic(calls to) ("mimikatz", "function=0x40105D", capa.features.Characteristic("calls to"), True), - ("mimikatz", "function=0x46C0D2", capa.features.Characteristic("calls to"), False), + ("mimikatz", "function=0x4556E5", capa.features.Characteristic("calls to"), False), ] FEATURE_COUNT_TESTS = [ ("mimikatz", "function=0x40E5C2", capa.features.basicblock.BasicBlock(), 7), + ("mimikatz", "function=0x4702FD", capa.features.Characteristic("calls from"), 0), ("mimikatz", "function=0x40E5C2", capa.features.Characteristic("calls from"), 3), + ("mimikatz", "function=0x4556E5", capa.features.Characteristic("calls to"), 0), + ("mimikatz", "function=0x40B1F1", capa.features.Characteristic("calls to"), 3), ] diff --git a/tests/test_ida_features.py b/tests/test_ida_features.py index 2d8a5c04..e21815cb 100644 --- a/tests/test_ida_features.py +++ b/tests/test_ida_features.py @@ -29,8 +29,9 @@ def check_input_file(wanted): # in IDA 7.5 or so, GetInputFileMD5 started returning raw binary # rather than the hex digest found = binascii.hexlify(idautils.GetInputFileMD5()[:15]).decode("ascii").lower() + if not wanted.startswith(found): - raise RuntimeError("please run the tests against `mimikatz.exe`") + raise RuntimeError("please run the tests against sample with MD5: `%s`" % (wanted)) def get_ida_extractor(_path): @@ -99,10 +100,6 @@ if __name__ == "__main__": test = getattr(sys.modules[__name__], name) logger.debug("invoking test: %s", name) sys.stderr.flush() - try: - test() - except AssertionError as e: - print("FAIL %s" % (name)) - traceback.print_exc() - else: - print("OK %s" % (name)) + test() + + print("DONE")