1 files changed, 179 insertions, 0 deletions

diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py
index 53227af..1b9b25b 100644
--- a/tests/analysis/scan/fuzzing.py
+++ b/tests/analysis/scan/fuzzing.py
@@ -108,3 +108,182 @@ rule test {
 '''
 
         self.check_rule_failure(rule)
+
+
+    def testSelfReferencingRule(self):
+        """Expect only one argument for the not operator, even in debug mode."""
+
+        rule = '''
+rule test {
+
+   condition:
+      not(0)
+
+}
+'''
+
+        self.check_rule_success(rule)
+
+
+    def testNoCommon(self):
+        """Handle the case where no common item is found from an empty set."""
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = "a"
+
+   condition:
+      maxcommon($a) == 0
+
+}
+'''
+
+        self.check_rule_success(rule)
+
+
+    def testAAsAcharacter(self):
+        """Consider the 'a' character as a valid lowercase character."""
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = "0000a0I0" nocase
+
+   condition:
+      $a
+
+}
+'''
+
+        self.check_rule_failure(rule)
+
+
+    def testAAsAcharacter(self):
+        """Do not expect initialized trackers when there is no real defined search pattern."""
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = {[0]}
+
+   condition:
+      $a
+
+}
+'''
+
+        with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'):
+
+            scanner = ContentScanner(rule)
+
+
+    def testAllocations(self):
+        """Handle big alloctions for strings in conditions with regular expressions."""
+
+        rule = '''
+rule test {
+
+   condition:
+      "%s" == "%s"
+
+}
+''' % ("0" * (256 * 2 + 8), "0" * (256 * 2 + 8))
+
+        self.check_rule_success(rule)
+
+
+    def testFileFinalAccess(self):
+        """Ensure patterns found at the edges of scanned content do not crash the scanner."""
+
+        cnt = MemoryContent(bytes([ 0 for i in range(16) ]))
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = { 00 00 00 00 00 00 00 00 }
+
+   condition:
+      $a
+
+}
+'''
+
+        self.check_rule_success(rule, cnt)
+
+
+    def testValidHexRangeMerge(self):
+        """Merge valid hexadecimal ranges."""
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = { [0] ?? }
+
+   condition:
+      $a
+
+}
+'''
+
+        with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'):
+
+            scanner = ContentScanner(rule)
+
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = { [2] ?? }
+
+   condition:
+      $a
+
+}
+'''
+
+        self.check_rule_failure(rule)
+
+
+    def testSmallBase64(self):
+        """Handle small base64 encodings which may produce few patterns."""
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = "0" base64
+
+   condition:
+      $a
+
+}
+'''
+
+        self.check_rule_failure(rule)
+
+
+    def testCountIndex(self):
+        """Ban pattern count indexes from the grammer."""
+
+        rule = '''
+rule test {
+
+   bytes:
+      $a = "1"
+
+   condition:
+      #*[0]
+
+}
+'''
+
+        with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'):
+
+            scanner = ContentScanner(rule)