[Forensics-changes] [yara] 42/135: Add more test cases

Sat Jul 1 10:27:30 UTC 2017

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.1.0
in repository yara.

commit 26c456dbb318a539ff12a0bc8bc63bbe29b7b58c
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Fri Jul 4 10:57:59 2014 +0200

    Add more test cases
---
 libyara/Makefile.am     |  2 +-
 libyara/modules/list    |  2 +-
 libyara/modules/tests.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++
 yara-python/tests.py    | 19 ++++++++++++++++
 4 files changed, 79 insertions(+), 2 deletions(-)

diff --git a/libyara/Makefile.am b/libyara/Makefile.am
index 8547f78..c79916e 100644
--- a/libyara/Makefile.am
+++ b/libyara/Makefile.am
@@ -21,7 +21,7 @@ lib_LTLIBRARIES = libyara.la
 libyara_la_LDFLAGS = -export-symbols libyara.sym -version-number 2:1
 
 
-MODULES = modules/pe.c
+MODULES = modules/tests.c modules/pe.c
 
 if CUCKOO
 MODULES += modules/cuckoo.c
diff --git a/libyara/modules/list b/libyara/modules/list
index 0277fd0..7cbccab 100644
--- a/libyara/modules/list
+++ b/libyara/modules/list
@@ -1,4 +1,4 @@
-
+MODULE(tests)
 MODULE(pe)
 
 #ifdef CUCKOO
diff --git a/libyara/modules/tests.c b/libyara/modules/tests.c
new file mode 100644
index 0000000..2a38198
--- /dev/null
+++ b/libyara/modules/tests.c
@@ -0,0 +1,58 @@
+/*
+Copyright (c) 2014. The YARA Authors. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+#include <yara/modules.h>
+
+#define MODULE_NAME tests
+
+begin_declarations;
+
+  begin_struct("constants");
+    integer("one");
+    integer("two");
+    string("foo");
+  end_struct("constants");
+
+  begin_struct_array("struct_array");
+    integer("i");
+    string("s");
+  end_struct_array("struct_array");
+
+end_declarations;
+
+
+int module_load(
+    YR_SCAN_CONTEXT* context,
+    YR_OBJECT* module, void* module_data, size_t module_data_size)
+{
+  set_integer(1, module, "constants.one");
+  set_integer(2, module, "constants.two");
+  set_string("foo", module, "constants.foo");
+
+  set_integer(1, module, "struct_array[1].i");
+
+  return ERROR_SUCCESS;
+}
+
+
+int module_unload(YR_OBJECT* module)
+{
+  return ERROR_SUCCESS;
+}
+
+
+
+#undef MODULE_NAME
\ No newline at end of file
diff --git a/yara-python/tests.py b/yara-python/tests.py
index c64c7a8..1a47c72 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -606,6 +606,12 @@ class TestYara(unittest.TestCase):
         r = yara.compile(source='rule test { condition: ext_bool }', externals={'ext_bool': True})
         self.assertTrue(r.match(data='dummy'))
 
+        r = yara.compile(source='rule test { condition: ext_str }', externals={'ext_str': ''})
+        self.assertFalse(r.match(data='dummy'))
+
+        r = yara.compile(source='rule test { condition: ext_str }', externals={'ext_str': 'foo'})
+        self.assertTrue(r.match(data='dummy'))
+
         r = yara.compile(source='rule test { condition: ext_bool }', externals={'ext_bool': False})
         self.assertFalse(r.match(data='dummy'))
 
@@ -686,6 +692,19 @@ class TestYara(unittest.TestCase):
             """,
         ])
 
+    def testModules(self):
+
+        self.assertTrueRules([
+            'import "tests" rule test { condition: tests.constants.one + 1 == tests.constants.two }',
+            'import "tests" rule test { condition: tests.constants.foo == "foo" }',
+            'import "tests" rule test { condition: tests.struct_array[1].i == 1 }',
+            'import "tests" rule test { condition: tests.struct_array[0].i == 1 or true}'
+          ])
+
+        self.assertFalseRules([
+            'import "tests" rule test { condition: tests.struct_array[0].i == 1 }'
+          ])
+
 
 if __name__ == "__main__":
     unittest.main()

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

