diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2023-10-10 06:11:17 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2023-10-10 06:11:17 (GMT) |
commit | d122453f3ce11f45a63fb870e889f4ce91b34527 (patch) | |
tree | 819c5bd40cf23be3c843fdf8b5e576a06d4f4de5 /tests/analysis/scan | |
parent | 2e144129d6884f4f9ec5d3f599ec2820613ed419 (diff) |
Introduce a "wide" function in order to deal with UTF-16 in match conditions.
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r-- | tests/analysis/scan/functions.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/analysis/scan/functions.py b/tests/analysis/scan/functions.py index 96f029f..e936263 100644 --- a/tests/analysis/scan/functions.py +++ b/tests/analysis/scan/functions.py @@ -108,6 +108,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { @@ -119,6 +120,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { @@ -134,6 +136,19 @@ rule test { self.check_rule_success(rule) + rule = r''' +rule test { + + condition: + "A\x00B\x00C\x00D\x00" endswith string.wide("CD") + and "A\x00B\x00C\x00D\x00" contains string.wide("BC") + +} +''' + + self.check_rule_success(rule) + + def testTime(self): """Check current time.""" @@ -150,6 +165,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { |