diff options
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r-- | tests/analysis/scan/functions.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/analysis/scan/functions.py b/tests/analysis/scan/functions.py index 96f029f..e936263 100644 --- a/tests/analysis/scan/functions.py +++ b/tests/analysis/scan/functions.py @@ -108,6 +108,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { @@ -119,6 +120,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { @@ -134,6 +136,19 @@ rule test { self.check_rule_success(rule) + rule = r''' +rule test { + + condition: + "A\x00B\x00C\x00D\x00" endswith string.wide("CD") + and "A\x00B\x00C\x00D\x00" contains string.wide("BC") + +} +''' + + self.check_rule_success(rule) + + def testTime(self): """Check current time.""" @@ -150,6 +165,7 @@ rule test { self.check_rule_success(rule) + rule = ''' rule test { |