summaryrefslogtreecommitdiff
path: root/tests/analysis/scan/exprs.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/analysis/scan/exprs.py')
-rw-r--r--tests/analysis/scan/exprs.py122
1 files changed, 122 insertions, 0 deletions
diff --git a/tests/analysis/scan/exprs.py b/tests/analysis/scan/exprs.py
new file mode 100644
index 0000000..c89dc59
--- /dev/null
+++ b/tests/analysis/scan/exprs.py
@@ -0,0 +1,122 @@
+
+from chrysacase import ChrysalideTestCase
+from pychrysalide.analysis.contents import MemoryContent
+from pychrysalide.analysis.scan import ContentScanner
+from pychrysalide.analysis.scan import ScanOptions
+from pychrysalide.analysis.scan.patterns.backends import AcismBackend
+
+
+class TestScanExpressions(ChrysalideTestCase):
+ """TestCase for analysis.scan.exprs.*."""
+
+ @classmethod
+ def setUpClass(cls):
+
+ super(TestScanExpressions, cls).setUpClass()
+
+ cls._options = ScanOptions()
+ cls._options.backend_for_data = AcismBackend
+
+
+ def testBasicStringOperations(self):
+ """Evaluate basic string operations."""
+
+ cnt = MemoryContent(b'empty')
+
+ rule = '''
+rule test {
+
+ condition:
+ "123abc456" contains "abc"
+
+}
+'''
+
+ scanner = ContentScanner(rule)
+ ctx = scanner.analyze(self._options, cnt)
+
+ self.assertTrue(ctx.has_match_for_rule('test'))
+
+ rule = '''
+rule test {
+
+ condition:
+ "123\t456" contains "\t"
+
+}
+'''
+
+ scanner = ContentScanner(rule)
+ ctx = scanner.analyze(self._options, cnt)
+
+ self.assertTrue(ctx.has_match_for_rule('test'))
+
+ rule = '''
+rule test {
+
+ condition:
+ "123-456" startswith "1"
+
+}
+'''
+
+ scanner = ContentScanner(rule)
+ ctx = scanner.analyze(self._options, cnt)
+
+ self.assertTrue(ctx.has_match_for_rule('test'))
+
+ rule = '''
+rule test {
+
+ condition:
+ "123-456" startswith "1234"
+
+}
+'''
+
+ scanner = ContentScanner(rule)
+ ctx = scanner.analyze(self._options, cnt)
+
+ self.assertFalse(ctx.has_match_for_rule('test'))
+
+ rule = '''
+rule test {
+
+ condition:
+ "123-456" endswith "6"
+
+}
+'''
+
+ scanner = ContentScanner(rule)
+ ctx = scanner.analyze(self._options, cnt)
+
+ self.assertTrue(ctx.has_match_for_rule('test'))
+
+ rule = '''
+rule test {
+
+ condition:
+ "123-456" endswith "3456"
+
+}
+'''
+
+ scanner = ContentScanner(rule)
+ ctx = scanner.analyze(self._options, cnt)
+
+ self.assertFalse(ctx.has_match_for_rule('test'))
+
+ rule = '''
+rule test {
+
+ condition:
+ "ABCD" iequals "AbCd"
+
+}
+'''
+
+ scanner = ContentScanner(rule)
+ ctx = scanner.analyze(self._options, cnt)
+
+ self.assertTrue(ctx.has_match_for_rule('test'))
generated by cgit v0.11.2-87-g4458 at 2024-05-14 13:54:56 (GMT)