diff options
Diffstat (limited to 'tests/analysis')
| -rw-r--r-- | tests/analysis/scan/pyapi.py | 33 | ||||
| -rw-r--r-- | tests/analysis/scan/scanning_hex.py | 26 |
2 files changed, 59 insertions, 0 deletions
diff --git a/tests/analysis/scan/pyapi.py b/tests/analysis/scan/pyapi.py index 1bba44e..b5b2453 100644 --- a/tests/analysis/scan/pyapi.py +++ b/tests/analysis/scan/pyapi.py @@ -1,8 +1,12 @@ +import binascii + from chrysacase import ChrysalideTestCase from gi._constants import TYPE_INVALID from pychrysalide.analysis.scan import ScanExpression from pychrysalide.analysis.scan import ScanOptions +from pychrysalide.analysis.scan import find_token_modifiers_for_name +from pychrysalide.analysis.scan.patterns.modifiers import PlainModifier from pychrysalide.glibext import ComparableItem @@ -24,6 +28,7 @@ class TestRostPythonAPI(ChrysalideTestCase): e = ScanExpression() + def testBooleanComparison(self): """Compare custom scan expressions.""" @@ -56,3 +61,31 @@ class TestRostPythonAPI(ChrysalideTestCase): # TypeError: '<' not supported between instances of 'StrLenExpr' and 'StrLenExpr' with self.assertRaisesRegex(TypeError, '\'<\' not supported between instances'): self.assertTrue(e0 < e1) + + + def testBytePatternModifiers(self): + """Validate the bytes produced by modifiers.""" + + mod = find_token_modifiers_for_name('plain') + self.assertIsNotNone(mod) + + source = b'ABC' + transformed = mod.transform(source) + + self.assertEqual(source, transformed[0]) + + mod = find_token_modifiers_for_name('hex') + self.assertIsNotNone(mod) + + source = b'ABC' + transformed = mod.transform(source) + + self.assertEqual(binascii.hexlify(source), transformed[0]) + + mod = find_token_modifiers_for_name('rev') + self.assertIsNotNone(mod) + + source = b'ABC' + transformed = mod.transform(source) + + self.assertEqual(source[::-1], transformed[0]) diff --git a/tests/analysis/scan/scanning_hex.py b/tests/analysis/scan/scanning_hex.py new file mode 100644 index 0000000..e009b79 --- /dev/null +++ b/tests/analysis/scan/scanning_hex.py @@ -0,0 +1,26 @@ + +from common import RostTestClass +from pychrysalide.analysis.contents import MemoryContent + + +class TestRostScanning(RostTestClass): + """TestCases for the bytes section syntax.""" + + def testSimpleHexPattern(self): + """Test a simple hex pattern.""" + + cnt = MemoryContent(b'123-Abc-456') + + rule = ''' +rule test { + + strings: + $a = { 41 62 63 } + + condition: + #a == 1 and @a[0] == 4 + +} +''' + + self.check_rule_success(rule, content=cnt) |