summaryrefslogtreecommitdiff
path: root/tests/analysis
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-08-18 00:07:39 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-08-18 00:07:39 (GMT)
commit2424c52c4f3bc44ce5f36348442cfa103e0989c2 (patch)
treef68aea488f403b234d4fcc6fd6e0f7b88a628ac8 /tests/analysis
parent1c5a0e67186def152536d9c506e2e6c3a3a265c5 (diff)
Create some modifiers and handle match properties inside ROST.
Diffstat (limited to 'tests/analysis')
-rw-r--r--tests/analysis/scan/pyapi.py33
-rw-r--r--tests/analysis/scan/scanning_hex.py26
2 files changed, 59 insertions, 0 deletions
diff --git a/tests/analysis/scan/pyapi.py b/tests/analysis/scan/pyapi.py
index 1bba44e..b5b2453 100644
--- a/tests/analysis/scan/pyapi.py
+++ b/tests/analysis/scan/pyapi.py
@@ -1,8 +1,12 @@
+import binascii
+
from chrysacase import ChrysalideTestCase
from gi._constants import TYPE_INVALID
from pychrysalide.analysis.scan import ScanExpression
from pychrysalide.analysis.scan import ScanOptions
+from pychrysalide.analysis.scan import find_token_modifiers_for_name
+from pychrysalide.analysis.scan.patterns.modifiers import PlainModifier
from pychrysalide.glibext import ComparableItem
@@ -24,6 +28,7 @@ class TestRostPythonAPI(ChrysalideTestCase):
e = ScanExpression()
+
def testBooleanComparison(self):
"""Compare custom scan expressions."""
@@ -56,3 +61,31 @@ class TestRostPythonAPI(ChrysalideTestCase):
# TypeError: '<' not supported between instances of 'StrLenExpr' and 'StrLenExpr'
with self.assertRaisesRegex(TypeError, '\'<\' not supported between instances'):
self.assertTrue(e0 < e1)
+
+
+ def testBytePatternModifiers(self):
+ """Validate the bytes produced by modifiers."""
+
+ mod = find_token_modifiers_for_name('plain')
+ self.assertIsNotNone(mod)
+
+ source = b'ABC'
+ transformed = mod.transform(source)
+
+ self.assertEqual(source, transformed[0])
+
+ mod = find_token_modifiers_for_name('hex')
+ self.assertIsNotNone(mod)
+
+ source = b'ABC'
+ transformed = mod.transform(source)
+
+ self.assertEqual(binascii.hexlify(source), transformed[0])
+
+ mod = find_token_modifiers_for_name('rev')
+ self.assertIsNotNone(mod)
+
+ source = b'ABC'
+ transformed = mod.transform(source)
+
+ self.assertEqual(source[::-1], transformed[0])
diff --git a/tests/analysis/scan/scanning_hex.py b/tests/analysis/scan/scanning_hex.py
new file mode 100644
index 0000000..e009b79
--- /dev/null
+++ b/tests/analysis/scan/scanning_hex.py
@@ -0,0 +1,26 @@
+
+from common import RostTestClass
+from pychrysalide.analysis.contents import MemoryContent
+
+
+class TestRostScanning(RostTestClass):
+ """TestCases for the bytes section syntax."""
+
+ def testSimpleHexPattern(self):
+ """Test a simple hex pattern."""
+
+ cnt = MemoryContent(b'123-Abc-456')
+
+ rule = '''
+rule test {
+
+ strings:
+ $a = { 41 62 63 }
+
+ condition:
+ #a == 1 and @a[0] == 4
+
+}
+'''
+
+ self.check_rule_success(rule, content=cnt)