diff options
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r-- | tests/analysis/scan/grammar.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/analysis/scan/grammar.py b/tests/analysis/scan/grammar.py index 13a255b..3a8196a 100644 --- a/tests/analysis/scan/grammar.py +++ b/tests/analysis/scan/grammar.py @@ -2,6 +2,7 @@ import json from common import RostTestClass +from pychrysalide.analysis.contents import MemoryContent class TestRostGrammar(RostTestClass): @@ -250,6 +251,30 @@ rule test { self.check_rule_failure(rule) + def testMatchCount(self): + """Ensure match count provides expected values.""" + + cnt = MemoryContent(b'\x01\x02\x02\x03\x03\x03') + + rule = ''' +rule test { + + bytes: + $int_01 = "\x01" + $int_02 = "\x02" + $int_03 = "\x03" + + condition: + #int_01 == count($int_01) and #int_01 == 1 + and #int_02 == count($int_02) and #int_02 == 2 + and #int_03 == count($int_03) and #int_03 == 3 + and #int_0* == count($int_0*) and #int_0* == 6 + +} +''' + + self.check_rule_success(rule, cnt) + # TODO : test <haystack> matches <regex> |