diff options
Diffstat (limited to 'tests/analysis/scan/scanning_hex.py')
-rw-r--r-- | tests/analysis/scan/scanning_hex.py | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/tests/analysis/scan/scanning_hex.py b/tests/analysis/scan/scanning_hex.py new file mode 100644 index 0000000..e009b79 --- /dev/null +++ b/tests/analysis/scan/scanning_hex.py @@ -0,0 +1,26 @@ + +from common import RostTestClass +from pychrysalide.analysis.contents import MemoryContent + + +class TestRostScanning(RostTestClass): + """TestCases for the bytes section syntax.""" + + def testSimpleHexPattern(self): + """Test a simple hex pattern.""" + + cnt = MemoryContent(b'123-Abc-456') + + rule = ''' +rule test { + + strings: + $a = { 41 62 63 } + + condition: + #a == 1 and @a[0] == 4 + +} +''' + + self.check_rule_success(rule, content=cnt) |