summaryrefslogtreecommitdiff
path: root/tests/analysis/scan
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-10-15 22:16:29 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-10-15 22:16:29 (GMT)
commit12d33579e3916baae3f350f615c8f9de98e47d41 (patch)
treeb4dca88cb7a44c050227a07abf46468f7dcb4d65 /tests/analysis/scan
parente30e083de9009e52bec5bc574d9c80de4e49a3c3 (diff)
Handle more fuzzy pattern properties.
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r--tests/analysis/scan/grammar.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/analysis/scan/grammar.py b/tests/analysis/scan/grammar.py
index 13a255b..3a8196a 100644
--- a/tests/analysis/scan/grammar.py
+++ b/tests/analysis/scan/grammar.py
@@ -2,6 +2,7 @@
import json
from common import RostTestClass
+from pychrysalide.analysis.contents import MemoryContent
class TestRostGrammar(RostTestClass):
@@ -250,6 +251,30 @@ rule test {
self.check_rule_failure(rule)
+ def testMatchCount(self):
+ """Ensure match count provides expected values."""
+
+ cnt = MemoryContent(b'\x01\x02\x02\x03\x03\x03')
+
+ rule = '''
+rule test {
+
+ bytes:
+ $int_01 = "\x01"
+ $int_02 = "\x02"
+ $int_03 = "\x03"
+
+ condition:
+ #int_01 == count($int_01) and #int_01 == 1
+ and #int_02 == count($int_02) and #int_02 == 2
+ and #int_03 == count($int_03) and #int_03 == 3
+ and #int_0* == count($int_0*) and #int_0* == 6
+
+}
+'''
+
+ self.check_rule_success(rule, cnt)
+
# TODO : test <haystack> matches <regex>