Added initial tests & counts support

master
Matt 2019-01-15 16:24:29 +00:00
parent 8bba4b2973
commit 0602f457ce
3 changed files with 35 additions and 3 deletions

View File

@ -49,6 +49,12 @@ class YARARules extends Operation {
type: "boolean",
hint: "Show the metadata of each rule",
value: false
},
{
name: "Show counts",
type: "boolean",
hint: "Show the number of matches per rule",
value: true
}
];
}
@ -61,7 +67,7 @@ class YARARules extends Operation {
run(input, args) {
if (ENVIRONMENT_IS_WORKER())
self.sendStatusMessage("Instantiating YARA.");
const [rules, showStrings, showLengths, showMeta] = args;
const [rules, showStrings, showLengths, showMeta, showCounts] = args;
return new Promise((resolve, reject) => {
Yara().then(yara => {
if (ENVIRONMENT_IS_WORKER()) self.sendStatusMessage("Converting data for YARA.");
@ -97,10 +103,11 @@ class YARARules extends Operation {
}
meta = meta.slice(0, -2) + "]";
}
const countString = showCounts ? `${matches.size()} time${matches.size() > 1 ? "s" : ""}` : "";
if (matches.size() === 0 || !(showStrings || showLengths)) {
matchString += `Input matches rule "${rule.ruleName}"${meta}.\n`;
matchString += `Input matches rule "${rule.ruleName}"${meta}${countString.length > 0 ? ` ${countString}`: ""}.\n`;
} else {
matchString += `Rule "${rule.ruleName}"${meta} matches:\n`;
matchString += `Rule "${rule.ruleName}"${meta} matches (${countString}):\n`;
for (let j = 0; j < matches.size(); j++) {
const match = matches.get(j);
if (showStrings || showLengths) {

View File

@ -82,6 +82,7 @@ import "./tests/TranslateDateTimeFormat";
import "./tests/Magic";
import "./tests/ParseTLV";
import "./tests/Media";
import "./tests/YARA.mjs";
// Cannot test operations that use the File type yet
//import "./tests/SplitColourChannels";

View File

@ -0,0 +1,24 @@
/**
* YARA Rules tests.
*
* @author Matt C [matt@artemisbot.uk]
*
* @copyright Crown Copyright 2019
* @license Apache-2.0
*/
import TestRegister from "../TestRegister";
TestRegister.addTests([
{
name: "YARA Match: simple foobar",
input: "foobar foobar bar foo foobar",
expectedOutput: "Rule \"foo\" matches (4 times):\nPos 0, length 3, identifier $re1, data: \"foo\"\nPos 7, length 3, identifier $re1, data: \"foo\"\nPos 18, length 3, identifier $re1, data: \"foo\"\nPos 22, length 3, identifier $re1, data: \"foo\"\nRule \"bar\" matches (4 times):\nPos 3, length 3, identifier $re1, data: \"bar\"\nPos 10, length 3, identifier $re1, data: \"bar\"\nPos 14, length 3, identifier $re1, data: \"bar\"\nPos 25, length 3, identifier $re1, data: \"bar\"\n",
recipeConfig: [
{
"op": "YARA Rules",
"args": ["rule foo {strings: $re1 = /foo/ condition: $re1} rule bar {strings: $re1 = /bar/ condition: $re1}", true, true, true, true],
}
],
},
]);