gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-22 07:10:29 -08:00
Code Issues Packages Projects Releases Wiki Activity

tests: rules: demonstrate substring with description

Browse Source
This commit is contained in:
William Ballenthin
2021-08-24 11:45:24 -06:00
parent c5a5e5600a
commit f55e758d47
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
tests/test_rules.py
View File

@@ -766,6 +766,23 @@ def test_substring_feature():
assert (Substring("abc") in children) == True assert (Substring("abc") in children) == True
assert (Substring("def") in children) == True assert (Substring("def") in children) == True
assert (Substring("gh\ni") in children) == True assert (Substring("gh\ni") in children) == True
def test_substring_description():
rule = textwrap.dedent(
"""
rule:
meta:
name: test rule
features:
- or:
- substring: abc
description: the start of the alphabet
"""
)
r = capa.rules.Rule.from_yaml(rule)
children = list(r.statement.get_children())
assert (Substring("abc") in children) == True
def test_regex_values_always_string(): def test_regex_values_always_string():