diff options
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r-- | tests/analysis/scan/common.py | 2 | ||||
-rw-r--r-- | tests/analysis/scan/grammar.py | 66 |
2 files changed, 68 insertions, 0 deletions
diff --git a/tests/analysis/scan/common.py b/tests/analysis/scan/common.py index 3b52e38..507b7e2 100644 --- a/tests/analysis/scan/common.py +++ b/tests/analysis/scan/common.py @@ -33,6 +33,8 @@ class RostTestClass(ChrysalideTestCase): else: self.assertFalse(ctx.has_match_for_rule('test')) + return scanner, ctx + def check_rule_success(self, rule, content = None): """Check for scan success.""" diff --git a/tests/analysis/scan/grammar.py b/tests/analysis/scan/grammar.py index 8b18f81..13a255b 100644 --- a/tests/analysis/scan/grammar.py +++ b/tests/analysis/scan/grammar.py @@ -1,4 +1,6 @@ +import json + from common import RostTestClass @@ -181,7 +183,71 @@ rule test { self.check_rule_success(rule) + def testPrivateRules(self): + """Ensure private rules remain silent.""" + + for private in [ True, False ]: + for state in [ True, False ]: + + rule = ''' +%srule silent { + + condition: + %s + +} + +rule test { + + condition: + silent + +} +''' % ('private ' if private else '', 'true' if state else 'false') + + scanner, ctx = self._validate_rule_result(rule, self._empty_content, state) + + data = scanner.convert_to_json(ctx) + jdata = json.loads(data) + + # Exemple : + # + # [{'bytes_patterns': [], 'matched': True, 'name': 'test'}, + # {'bytes_patterns': [], 'matched': True, 'name': 'silent'}] + + found = len([ j['name'] for j in jdata if j['name'] == 'silent' ]) > 0 + + self.assertTrue(private ^ found) + + + def testGlobalRules(self): + """Take global rules into account.""" + + for glob_state in [ True, False ]: + for state in [ True, False ]: + + rule = ''' +%srule silent { + + condition: + %s + +} + +rule test { + + condition: + true + +} +''' % ('global ' if glob_state else '', 'true' if state else 'false') + + expected = not(glob_state) or state + if expected: + self.check_rule_success(rule) + else: + self.check_rule_failure(rule) |