1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
import binascii
from chrysacase import ChrysalideTestCase
from gi._constants import TYPE_INVALID
from pychrysalide.analysis.scan import ScanExpression
from pychrysalide.analysis.scan import ScanOptions
from pychrysalide.analysis.scan import find_token_modifiers_for_name
from pychrysalide.glibext import ComparableItem
class TestRostPythonAPI(ChrysalideTestCase):
"""TestCase for the ROST Python API."""
def testEmptyOptions(self):
"""Check default scan options."""
ops = ScanOptions()
self.assertEqual(ops.backend_for_data, TYPE_INVALID)
def testDirectInstancesOfExpression(self):
"""Reject direct instances of ROST expressions."""
with self.assertRaisesRegex(RuntimeError, 'pychrysalide.analysis.scan.ScanExpression is an abstract class'):
e = ScanExpression()
def testBooleanComparison(self):
"""Compare custom scan expressions."""
class StrLenExpr(ScanExpression):
def __init__(self, value):
super().__init__(ScanExpression.ScanReductionState.REDUCED)
self._value = value
def _cmp_rich(self, other, op):
if op == ComparableItem.RichCmpOperation.EQ:
return len(self._value) == len(other._value)
e0 = StrLenExpr('00000000000')
e1 = StrLenExpr('00000000000')
e2 = StrLenExpr('000000000000000000000000000')
self.assertTrue(e0 == e1)
# !?
# Python teste e0 != e1 (non implémenté), puis e1 != e0 (pareil) et en déduit une différence !
# self.assertFalse(e0 != e1)
self.assertFalse(e0 == e2)
# TypeError: '<' not supported between instances of 'StrLenExpr' and 'StrLenExpr'
with self.assertRaisesRegex(TypeError, '\'<\' not supported between instances'):
self.assertTrue(e0 < e1)
def testBytePatternModifiers(self):
"""Validate the bytes produced by modifiers."""
mod = find_token_modifiers_for_name('plain')
self.assertIsNotNone(mod)
source = b'ABC'
transformed = mod.transform(source)
self.assertEqual(source, transformed[0])
mod = find_token_modifiers_for_name('hex')
self.assertIsNotNone(mod)
source = b'ABC'
transformed = mod.transform(source)
self.assertEqual(binascii.hexlify(source), transformed[0])
mod = find_token_modifiers_for_name('rev')
self.assertIsNotNone(mod)
source = b'ABC'
transformed = mod.transform(source)
self.assertEqual(source[::-1], transformed[0])
mod = find_token_modifiers_for_name('base64')
self.assertIsNotNone(mod)
source = b'ABC'
transformed = mod.transform(source)
self.assertEqual(len(transformed), 3)
self.assertEqual(transformed[0], b'QUJD')
self.assertEqual(transformed[1], b'FCQw')
self.assertEqual(transformed[2], b'BQkM')
def testBytePatternModifiersAPI(self):
"""Validate the API for pattern modifiers."""
mod = find_token_modifiers_for_name('plain')
self.assertIsNotNone(mod)
source = [ b'ABC', b'01234' ]
transformed = mod.transform(source)
self.assertEqual(len(source), len(transformed))
self.assertEqual(source[0], transformed[0])
self.assertEqual(source[1], transformed[1])
mod = find_token_modifiers_for_name('xor')
self.assertIsNotNone(mod)
source = [ b'ABC' ]
transformed = mod.transform(source, 0x20)
self.assertEqual(transformed[0], b'abc')
|