Extend the ROST grammar with a first batch of new features.

author: Cyrille Bagard <nocbos@gmail.com> 2023-08-06 16:54:57 (GMT)
committer: Cyrille Bagard <nocbos@gmail.com> 2023-08-06 16:54:57 (GMT)
commit: 4fcc35a52ccb025b6d803d85e017931cd2452960 (patch)
tree: e95920f16c273e41f9cae1ea2f02571c221a514e /tests/analysis/scan/matches.py
parent: 74d062d4ec55d7ac3914bbf64b8b6c5ab52227df (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/tests/analysis/scan/matches.py b/tests/analysis/scan/matches.py
new file mode 100644
index 0000000..0d7556e
--- /dev/null
+++ b/tests/analysis/scan/matches.py
@@ -0,0 +1,27 @@
+
+from common import RostTestClass
+from pychrysalide.analysis.contents import MemoryContent
+
+
+class TestRostMatchs(RostTestClass):
+    """TestCases for the ROST pattern matching engine."""
+
+    def testCountMatches(self):
+        """Count matches patterns."""
+
+        cnt = MemoryContent(b'aaa aaa bbb aaa')
+
+        rule = '''
+rule test {
+
+   strings:
+      $a = "aaa"
+      $b = "bbb"
+
+   condition:
+      #a == 3 and #b < 2
+
+}
+'''
+
+        self.check_rule_success(rule, cnt)
author	Cyrille Bagard <nocbos@gmail.com>	2023-08-06 16:54:57 (GMT)
committer	Cyrille Bagard <nocbos@gmail.com>	2023-08-06 16:54:57 (GMT)
commit	4fcc35a52ccb025b6d803d85e017931cd2452960 (patch)
tree	e95920f16c273e41f9cae1ea2f02571c221a514e /tests/analysis/scan/matches.py
parent	74d062d4ec55d7ac3914bbf64b8b6c5ab52227df (diff)