from common import RostTestClass
from pychrysalide.analysis.contents import MemoryContent


class TestRostMatchs(RostTestClass):
    """TestCases for the ROST pattern matching engine."""

    def testCountMatches(self):
        """Count matched patterns."""

        cnt = MemoryContent(b'aaa aaa bbb aaa')

        rule = '''
rule test {

   bytes:
      $a = "aaa"
      $b = "bbb"

   condition:
      #a == 3 and #b < 2

}
'''

        self.check_rule_success(rule, cnt)


    def testCountSameMatches(self):
        """Count matches of similar patterns."""

        cnt = MemoryContent(b'ABCDabcdABCDabcd')

        rule = '''
rule test {

   bytes:
      $a = "\x61\x62\x63\x64"
      $b = "\x61\x62\x63\x64"

   condition:
      #a == 2 and #b == 2

}
'''

        self.check_rule_success(rule, cnt)


        rule = '''
rule test {

   bytes:
      $a = "\x61\x62\x63\x64"
      $b = "\x61\x62\x63"

   condition:
      #a == 2 and #b == 2

}
'''

        self.check_rule_success(rule, cnt)