Added initial tests & counts support
Matt
parent
8bba4b2973
commit
0602f457ce
|
|
@ -49,6 +49,12 @@ class YARARules extends Operation {
|
|||
type: "boolean",
|
||||
hint: "Show the metadata of each rule",
|
||||
value: false
|
||||
},
|
||||
{
|
||||
name: "Show counts",
|
||||
type: "boolean",
|
||||
hint: "Show the number of matches per rule",
|
||||
value: true
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
@ -61,7 +67,7 @@ class YARARules extends Operation {
|
|||
run(input, args) {
|
||||
if (ENVIRONMENT_IS_WORKER())
|
||||
self.sendStatusMessage("Instantiating YARA.");
|
||||
const [rules, showStrings, showLengths, showMeta] = args;
|
||||
const [rules, showStrings, showLengths, showMeta, showCounts] = args;
|
||||
return new Promise((resolve, reject) => {
|
||||
Yara().then(yara => {
|
||||
if (ENVIRONMENT_IS_WORKER()) self.sendStatusMessage("Converting data for YARA.");
|
||||
|
|
@ -97,10 +103,11 @@ class YARARules extends Operation {
|
|||
}
|
||||
meta = meta.slice(0, -2) + "]";
|
||||
}
|
||||
const countString = showCounts ? `${matches.size()} time${matches.size() > 1 ? "s" : ""}` : "";
|
||||
if (matches.size() === 0 || !(showStrings || showLengths)) {
|
||||
matchString += `Input matches rule "${rule.ruleName}"${meta}.\n`;
|
||||
matchString += `Input matches rule "${rule.ruleName}"${meta}${countString.length > 0 ? ` ${countString}`: ""}.\n`;
|
||||
} else {
|
||||
matchString += `Rule "${rule.ruleName}"${meta} matches:\n`;
|
||||
matchString += `Rule "${rule.ruleName}"${meta} matches (${countString}):\n`;
|
||||
for (let j = 0; j < matches.size(); j++) {
|
||||
const match = matches.get(j);
|
||||
if (showStrings || showLengths) {
|
||||
|
|
|
|||
|
|
@ -82,6 +82,7 @@ import "./tests/TranslateDateTimeFormat";
|
|||
import "./tests/Magic";
|
||||
import "./tests/ParseTLV";
|
||||
import "./tests/Media";
|
||||
import "./tests/YARA.mjs";
|
||||
|
||||
// Cannot test operations that use the File type yet
|
||||
//import "./tests/SplitColourChannels";
|
||||
|
|
|
|||
|
|
@ -0,0 +1,24 @@
|
|||
/**
|
||||
* YARA Rules tests.
|
||||
*
|
||||
* @author Matt C [matt@artemisbot.uk]
|
||||
*
|
||||
* @copyright Crown Copyright 2019
|
||||
* @license Apache-2.0
|
||||
*/
|
||||
import TestRegister from "../TestRegister";
|
||||
|
||||
TestRegister.addTests([
|
||||
{
|
||||
name: "YARA Match: simple foobar",
|
||||
input: "foobar foobar bar foo foobar",
|
||||
expectedOutput: "Rule \"foo\" matches (4 times):\nPos 0, length 3, identifier $re1, data: \"foo\"\nPos 7, length 3, identifier $re1, data: \"foo\"\nPos 18, length 3, identifier $re1, data: \"foo\"\nPos 22, length 3, identifier $re1, data: \"foo\"\nRule \"bar\" matches (4 times):\nPos 3, length 3, identifier $re1, data: \"bar\"\nPos 10, length 3, identifier $re1, data: \"bar\"\nPos 14, length 3, identifier $re1, data: \"bar\"\nPos 25, length 3, identifier $re1, data: \"bar\"\n",
|
||||
recipeConfig: [
|
||||
{
|
||||
"op": "YARA Rules",
|
||||
"args": ["rule foo {strings: $re1 = /foo/ condition: $re1} rule bar {strings: $re1 = /bar/ condition: $re1}", true, true, true, true],
|
||||
}
|
||||
],
|
||||
},
|
||||
]);
|
||||
|
||||
Loading…
Reference in New Issue