def test_match(self):
rule = suricata.update.rule.parse(self.rule_string,
"rules/malware.rules")
matcher = matchers_mod.parse_rule_match("group: malware.rules")
self.assertEqual(matcher.__class__, matchers_mod.GroupMatcher)
self.assertTrue(matcher.match(rule))
# Test match of just the group basename.
matcher = matchers_mod.parse_rule_match("group: malware")
self.assertEqual(matcher.__class__, matchers_mod.GroupMatcher)
self.assertTrue(matcher.match(rule))
def parse_matchers(fileobj):
matchers = []
for line in fileobj:
line = line.strip()
if not line or line.startswith("#"):
continue
line = line.rsplit(" #")[0]
matcher = matchers_mod.parse_rule_match(line)
if not matcher:
logger.warn("Failed to parse: \"%s\"" % (line))
else:
matchers.append(matcher)
return matchers
def test_match(self):
rule = suricata.update.rule.parse(self.rule_string,
"rules/trojan.rules")
matcher = matchers_mod.parse_rule_match("filename: */trojan.rules")
self.assertEqual(matcher.__class__, matchers_mod.FilenameMatcher)
self.assertTrue(matcher.match(rule))
