summaryrefslogtreecommitdiff
path: root/tests/analysis/scan
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-10-15 23:21:31 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-10-15 23:21:31 (GMT)
commitecc1db5226f6cd5fee2bb52da5fc0061b43ed0e7 (patch)
tree82e739970fde9de8d95b572c801f33af702731ee /tests/analysis/scan
parent12d33579e3916baae3f350f615c8f9de98e47d41 (diff)
Allow many arguments for the count() function.
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r--tests/analysis/scan/functions.py35
1 files changed, 35 insertions, 0 deletions
diff --git a/tests/analysis/scan/functions.py b/tests/analysis/scan/functions.py
index 983b8da..6aca957 100644
--- a/tests/analysis/scan/functions.py
+++ b/tests/analysis/scan/functions.py
@@ -9,6 +9,41 @@ class TestRostFunctions(RostTestClass):
# Core
# ====
+ def testSetCounter(self):
+ """Count quantities and set sizes."""
+
+ rule = '''
+rule test {
+
+ condition:
+ count("ABC") == 3
+ and count("AB", "C") == count("ABC")
+
+}
+'''
+
+ self.check_rule_success(rule)
+
+
+ cnt = MemoryContent(b'\x01\x02\x02\x03\x03\x03')
+
+ rule = '''
+rule test {
+
+ bytes:
+ $int_01 = "\x01"
+ $int_02 = "\x02"
+ $int_3 = "\x03"
+
+ condition:
+ count($int_0*, $int_3) == #int_*
+
+}
+'''
+
+ self.check_rule_success(rule, cnt)
+
+
def testDatasize(self):
"""Handle the size of the provided data."""