summaryrefslogtreecommitdiff
path: root/tests/analysis/scan
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2024-02-24 17:19:31 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2024-02-24 17:19:31 (GMT)
commitea9be67a9ddec2b4b96b3114bab5f192e53c7911 (patch)
treee667e83a57565528791e981ea387e31c60938fad /tests/analysis/scan
parentcc181167644e1b88630ac02e2b718ad3ad0145c4 (diff)
Rely on the ACISM tree to detect identical patterns.
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r--tests/analysis/scan/matches.py39
1 files changed, 38 insertions, 1 deletions
diff --git a/tests/analysis/scan/matches.py b/tests/analysis/scan/matches.py
index 768531b..efcae4f 100644
--- a/tests/analysis/scan/matches.py
+++ b/tests/analysis/scan/matches.py
@@ -7,7 +7,7 @@ class TestRostMatchs(RostTestClass):
"""TestCases for the ROST pattern matching engine."""
def testCountMatches(self):
- """Count matches patterns."""
+ """Count matched patterns."""
cnt = MemoryContent(b'aaa aaa bbb aaa')
@@ -25,3 +25,40 @@ rule test {
'''
self.check_rule_success(rule, cnt)
+
+
+ def testCountSameMatches(self):
+ """Count matches of similar patterns."""
+
+ cnt = MemoryContent(b'ABCDabcdABCDabcd')
+
+ rule = '''
+rule test {
+
+ bytes:
+ $a = "\x61\x62\x63\x64"
+ $b = "\x61\x62\x63\x64"
+
+ condition:
+ #a == 2 and #b == 2
+
+}
+'''
+
+ self.check_rule_success(rule, cnt)
+
+
+ rule = '''
+rule test {
+
+ bytes:
+ $a = "\x61\x62\x63\x64"
+ $b = "\x61\x62\x63"
+
+ condition:
+ #a == 2 and #b == 2
+
+}
+'''
+
+ self.check_rule_success(rule, cnt)