gitea-mirror/capa
1
0
Fork 0
mirror of https://github.com/mandiant/capa.git synced 2025-12-31 23:16:10 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
28792ec6a69be2f96b981485f04f1c4288eb86c7
capa/tests/test_vmray_model.py
Mike Hunhoff 28792ec6a6 vmray: add model tests for FunctionCall
2024-07-19 13:56:46 -06:00

60 lines
2.0 KiB
Python
Raw Blame History

# Copyright (C) 2024 Mandiant, Inc. All Rights Reserved.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at: [package root]/LICENSE.txt
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and limitations under the License.
import textwrap
from capa.features.extractors.vmray.models import Param, FunctionCall, xml_to_dict
def test_vmray_model_call():
call_xml = textwrap.dedent(
"""
<fncall ts="9044" fncall_id="18" process_id="1" thread_id="1" name="sys_time" addr="0xaaaaaaaaaaaaaaaa" from="0xaaaaaaaa">
<kernel/>
<in>
<param name="tloc" type="unknown" value="0x0"/>
</in>
<out>
<param name="ret_val" type="unknown" value="0xaaaaaaaa"/>
</out>
</fncall>
"""
)
call: FunctionCall = FunctionCall.model_validate(xml_to_dict(call_xml)["fncall"])
assert call.fncall_id == 18
assert call.process_id == 1
assert call.thread_id == 1
assert call.name == "time"
assert call.params_in is not None
assert call.params_out is not None
def test_vmray_model_call_param():
param_xml = textwrap.dedent(
"""
<param name="addrlen" type="signed_32bit" value="16"/>
"""
)
param: Param = Param.model_validate(xml_to_dict(param_xml)["param"])
assert param.value == "16"
def test_vmray_model_call_param_deref():
param_xml = textwrap.dedent(
"""
<param name="buf" type="ptr" value="0xaaaaaaaa">
<deref type="str" value="Hello world"/>
</param>
"""
)
param: Param = Param.model_validate(xml_to_dict(param_xml)["param"])
assert param.deref is not None
assert param.deref.value == "Hello world"
Reference in New Issue View Git Blame Copy Permalink