summaryrefslogtreecommitdiff
path: root/tests/analysis
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-10-10 06:11:17 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-10-10 06:11:17 (GMT)
commitd122453f3ce11f45a63fb870e889f4ce91b34527 (patch)
tree819c5bd40cf23be3c843fdf8b5e576a06d4f4de5 /tests/analysis
parent2e144129d6884f4f9ec5d3f599ec2820613ed419 (diff)
Introduce a "wide" function in order to deal with UTF-16 in match conditions.
Diffstat (limited to 'tests/analysis')
-rw-r--r--tests/analysis/scan/functions.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/analysis/scan/functions.py b/tests/analysis/scan/functions.py
index 96f029f..e936263 100644
--- a/tests/analysis/scan/functions.py
+++ b/tests/analysis/scan/functions.py
@@ -108,6 +108,7 @@ rule test {
self.check_rule_success(rule)
+
rule = '''
rule test {
@@ -119,6 +120,7 @@ rule test {
self.check_rule_success(rule)
+
rule = '''
rule test {
@@ -134,6 +136,19 @@ rule test {
self.check_rule_success(rule)
+ rule = r'''
+rule test {
+
+ condition:
+ "A\x00B\x00C\x00D\x00" endswith string.wide("CD")
+ and "A\x00B\x00C\x00D\x00" contains string.wide("BC")
+
+}
+'''
+
+ self.check_rule_success(rule)
+
+
def testTime(self):
"""Check current time."""
@@ -150,6 +165,7 @@ rule test {
self.check_rule_success(rule)
+
rule = '''
rule test {