diff options
Diffstat (limited to 'tests/analysis/scan')
-rw-r--r-- | tests/analysis/scan/matches.py | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/tests/analysis/scan/matches.py b/tests/analysis/scan/matches.py index 768531b..efcae4f 100644 --- a/tests/analysis/scan/matches.py +++ b/tests/analysis/scan/matches.py @@ -7,7 +7,7 @@ class TestRostMatchs(RostTestClass): """TestCases for the ROST pattern matching engine.""" def testCountMatches(self): - """Count matches patterns.""" + """Count matched patterns.""" cnt = MemoryContent(b'aaa aaa bbb aaa') @@ -25,3 +25,40 @@ rule test { ''' self.check_rule_success(rule, cnt) + + + def testCountSameMatches(self): + """Count matches of similar patterns.""" + + cnt = MemoryContent(b'ABCDabcdABCDabcd') + + rule = ''' +rule test { + + bytes: + $a = "\x61\x62\x63\x64" + $b = "\x61\x62\x63\x64" + + condition: + #a == 2 and #b == 2 + +} +''' + + self.check_rule_success(rule, cnt) + + + rule = ''' +rule test { + + bytes: + $a = "\x61\x62\x63\x64" + $b = "\x61\x62\x63" + + condition: + #a == 2 and #b == 2 + +} +''' + + self.check_rule_success(rule, cnt) |