diff options
-rw-r--r-- | src/analysis/scan/patterns/tokens/atom.c | 2 | ||||
-rw-r--r-- | tests/analysis/scan/fuzzing.py | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/src/analysis/scan/patterns/tokens/atom.c b/src/analysis/scan/patterns/tokens/atom.c index 52f239c..01da28d 100644 --- a/src/analysis/scan/patterns/tokens/atom.c +++ b/src/analysis/scan/patterns/tokens/atom.c @@ -69,7 +69,7 @@ int rate_byte_quality(bin_t ch, bitfield_t *seen, size_t *letters) break; case 'A' ... 'Z': - case 'z' ... 'z': + case 'a' ... 'z': if (letters == NULL) result = 20; else diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index 9572774..c38b25c 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -141,3 +141,21 @@ rule test { ''' self.check_rule_success(rule) + + + def testAAsAcharacter(self): + """Consider the 'a' character as a valid lowercase character.""" + + rule = ''' +rule test { + + bytes: + $a = "0000a0I0" nocase + + condition: + $a + +} +''' + + self.check_rule_failure(rule) |