diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2023-08-18 00:07:39 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2023-08-18 00:07:39 (GMT) |
commit | 2424c52c4f3bc44ce5f36348442cfa103e0989c2 (patch) | |
tree | f68aea488f403b234d4fcc6fd6e0f7b88a628ac8 /tests/analysis/scan/scanning_hex.py | |
parent | 1c5a0e67186def152536d9c506e2e6c3a3a265c5 (diff) |
Create some modifiers and handle match properties inside ROST.
Diffstat (limited to 'tests/analysis/scan/scanning_hex.py')
-rw-r--r-- | tests/analysis/scan/scanning_hex.py | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/tests/analysis/scan/scanning_hex.py b/tests/analysis/scan/scanning_hex.py new file mode 100644 index 0000000..e009b79 --- /dev/null +++ b/tests/analysis/scan/scanning_hex.py @@ -0,0 +1,26 @@ + +from common import RostTestClass +from pychrysalide.analysis.contents import MemoryContent + + +class TestRostScanning(RostTestClass): + """TestCases for the bytes section syntax.""" + + def testSimpleHexPattern(self): + """Test a simple hex pattern.""" + + cnt = MemoryContent(b'123-Abc-456') + + rule = ''' +rule test { + + strings: + $a = { 41 62 63 } + + condition: + #a == 1 and @a[0] == 4 + +} +''' + + self.check_rule_success(rule, content=cnt) |