summaryrefslogtreecommitdiff
path: root/tests/analysis/scan
diff options
context:
space:
mode:
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r--tests/analysis/scan/grammar.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/analysis/scan/grammar.py b/tests/analysis/scan/grammar.py
index 13a255b..3a8196a 100644
--- a/tests/analysis/scan/grammar.py
+++ b/tests/analysis/scan/grammar.py
@@ -2,6 +2,7 @@
import json
from common import RostTestClass
+from pychrysalide.analysis.contents import MemoryContent
class TestRostGrammar(RostTestClass):
@@ -250,6 +251,30 @@ rule test {
self.check_rule_failure(rule)
+ def testMatchCount(self):
+ """Ensure match count provides expected values."""
+
+ cnt = MemoryContent(b'\x01\x02\x02\x03\x03\x03')
+
+ rule = '''
+rule test {
+
+ bytes:
+ $int_01 = "\x01"
+ $int_02 = "\x02"
+ $int_03 = "\x03"
+
+ condition:
+ #int_01 == count($int_01) and #int_01 == 1
+ and #int_02 == count($int_02) and #int_02 == 2
+ and #int_03 == count($int_03) and #int_03 == 3
+ and #int_0* == count($int_0*) and #int_0* == 6
+
+}
+'''
+
+ self.check_rule_success(rule, cnt)
+
# TODO : test <haystack> matches <regex>