summaryrefslogtreecommitdiff
path: root/tests/analysis
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-09-25 06:34:24 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-09-25 06:34:24 (GMT)
commit4c13ca820e4fa01ca62ad66c0665ebbee150f87c (patch)
tree46d573dc869b11efa03c6782c06dc5121b3dc609 /tests/analysis
parent61704628e3ca8c31df1666b3be4b723643dd25db (diff)
Handle private and global rules.
Diffstat (limited to 'tests/analysis')
-rw-r--r--tests/analysis/scan/common.py2
-rw-r--r--tests/analysis/scan/grammar.py66
2 files changed, 68 insertions, 0 deletions
diff --git a/tests/analysis/scan/common.py b/tests/analysis/scan/common.py
index 3b52e38..507b7e2 100644
--- a/tests/analysis/scan/common.py
+++ b/tests/analysis/scan/common.py
@@ -33,6 +33,8 @@ class RostTestClass(ChrysalideTestCase):
else:
self.assertFalse(ctx.has_match_for_rule('test'))
+ return scanner, ctx
+
def check_rule_success(self, rule, content = None):
"""Check for scan success."""
diff --git a/tests/analysis/scan/grammar.py b/tests/analysis/scan/grammar.py
index 8b18f81..13a255b 100644
--- a/tests/analysis/scan/grammar.py
+++ b/tests/analysis/scan/grammar.py
@@ -1,4 +1,6 @@
+import json
+
from common import RostTestClass
@@ -181,7 +183,71 @@ rule test {
self.check_rule_success(rule)
+ def testPrivateRules(self):
+ """Ensure private rules remain silent."""
+
+ for private in [ True, False ]:
+ for state in [ True, False ]:
+
+ rule = '''
+%srule silent {
+
+ condition:
+ %s
+
+}
+
+rule test {
+
+ condition:
+ silent
+
+}
+''' % ('private ' if private else '', 'true' if state else 'false')
+
+ scanner, ctx = self._validate_rule_result(rule, self._empty_content, state)
+
+ data = scanner.convert_to_json(ctx)
+ jdata = json.loads(data)
+
+ # Exemple :
+ #
+ # [{'bytes_patterns': [], 'matched': True, 'name': 'test'},
+ # {'bytes_patterns': [], 'matched': True, 'name': 'silent'}]
+
+ found = len([ j['name'] for j in jdata if j['name'] == 'silent' ]) > 0
+
+ self.assertTrue(private ^ found)
+
+
+ def testGlobalRules(self):
+ """Take global rules into account."""
+
+ for glob_state in [ True, False ]:
+ for state in [ True, False ]:
+
+ rule = '''
+%srule silent {
+
+ condition:
+ %s
+
+}
+
+rule test {
+
+ condition:
+ true
+
+}
+''' % ('global ' if glob_state else '', 'true' if state else 'false')
+
+ expected = not(glob_state) or state
+ if expected:
+ self.check_rule_success(rule)
+ else:
+ self.check_rule_failure(rule)