def test_compilation(self):
"""Ensure all real YARA rules compile correctly."""
compile_rules.compile_rules('compiled_yara_rules.bin')
rules = yara.load('compiled_yara_rules.bin')
num_rules_files = sum(1 for _ in compile_rules._find_yara_files())
# The number of compiled YARA rules should be >= the number of YARA rule files.
self.assertGreaterEqual(sum(1 for _ in rules), num_rules_files)
def test_clone_remote_rules(self, mock_print: mock.MagicMock):
"""Mock out the clone process and verify which rules files were saved/deleted."""
with mock.patch('subprocess.check_call',
side_effect=self._mock_git_clone):
clone_rules.clone_remote_rules()
mock_print.assert_has_calls([
mock.call(
'[1/2] Cloning https://github.com/test-user1/test-repo1... ',
end='',
flush=True),
mock.call('1 YARA file copied'),
mock.call(
'[2/2] Cloning https://github.com/test-user2/test-repo2... ',
end='',
flush=True),
mock.call('1 YARA file copied'),
mock.call('Done! 2 YARA files cloned from 2 repositories.')
])
expected_files = {
'github.com/test-user1/test-repo1/yara/cloned.yara',
'github.com/test-user2/test-repo2/yara/cloned.yara',
'private/private.yara'
}
self.assertEqual(expected_files, set(compile_rules._find_yara_files()))
def test_update_rules(self, mock_print: mock.MagicMock):
"""Verify which rules files were saved and deleted."""
with mock.patch('subprocess.check_call', side_effect=self._mock_git_clone):
clone_rules.clone_rules_from_github()
# There should be one print statement for each repo.
mock_print.assert_has_calls([mock.ANY] * len(clone_rules.REMOTE_RULE_SOURCES))
expected_files = {
'github.com/Neo23x0/signature-base.git/yara/cloned.yara',
'github.com/YARA-Rules/rules.git/CVE_Rules/cloned.yara',
'private/private.yara'
}
self.assertEqual(expected_files, set(compile_rules._find_yara_files()))
def _sorted_find():
"""Return the sorted list of found YARA rules files."""
return sorted(list(compile_rules._find_yara_files()))