def test_rule_equals():
r1 = Rule('Path', 'contains', '1337', True)
r2 = Rule('Path', 'contains', u'1337', True)
assert r1 == r2
r3 = Rule('Path', 'contains', u'1337', False)
assert not r1 == r3
assert r1 != r3
def test_build_mistyped_path_config_option():
config = {
"SymbolPath": [
Rule('Path', 'contains', '1337', True),
Rule('pid', 'is_not', '1338', True),
Rule('Event_class', 'is', 'Profiling', False),
Rule('Path', 'ends_with', '$Mft', False),
]
}
with pytest.raises(TypeError):
_ = dumps_configuration(config)
def test_build_mistyped_rule():
config = {
u"FilterRules": [
Rule('Path', 'contains', u'1337', True),
Rule('pid', 'is_not', u'1338', True),
Rule('Event_class', 'is', u'Profiling', False),
u"SomeString",
]
}
with pytest.raises(AttributeError):
_ = dumps_configuration(config)
def test_parse_built_configuration_sanity():
config = {
"SymbolPath":
"",
"DbgHelpPath":
"C:\\Windows\\help.dll",
"FilterRules": [
Rule('Path', 'contains', '1337', True),
Rule('pid', 'is_not', '1338', True),
Rule('Event_class', 'is', 'Profiling', False),
Rule('Path', 'ends_with', '$Mft', False),
],
}
raw_config = dumps_configuration(config)
parsed_raw_config = loads_configuration(raw_config)
assert config == parsed_raw_config, "Parsed Built configuration is not equal to the original configuration"
def test_parse_filter_rules_sanity(raw_config_full):
config = loads_configuration(raw_config_full)
assert 0 == len(
config["HighlightRules"]), "HighlightRules should be an empty list"
assert 25 == len(config["FilterRules"]), "Unexpected FilterRules length"
assert config["FilterRules"][0] == Rule(Column.PROCESS_NAME,
RuleRelation.IS, "python.exe",
RuleAction.INCLUDE)
def _decode(self, obj, context, path):
return Rule(column=obj["column"],
relation=obj["relation"],
value=obj["value"],
action=obj["action"])