def test_rule_with_custom_modules(self):
cond = yaramod.conjunction([
yaramod.id("module_test.structure_test.function_test")(yaramod.regexp("abc", "")),
yaramod.id("cuckoo.sync.mutex")(yaramod.regexp("abc", ""))
]).get()
rule = yaramod.YaraRuleBuilder() \
.with_name('test') \
.with_condition(cond)\
.get()
yara_file = yaramod.YaraFileBuilder(yaramod.Features.AllCurrent, "./tests/python/testing_modules") \
.with_module("cuckoo") \
.with_module("module_test") \
.with_rule(rule) \
.get(recheck=True)
self.assertEqual(yara_file.text_formatted, '''import "cuckoo"
import "module_test"
rule test
{
condition:
module_test.structure_test.function_test(/abc/) and
cuckoo.sync.mutex(/abc/)
}
''')
self.assertEqual(yara_file.text, '''import "cuckoo"
import "module_test"
rule test {
condition:
module_test.structure_test.function_test(/abc/) and cuckoo.sync.mutex(/abc/)
}''')
def test_literal_to_hex():
rule = yaramod.YaraRuleBuilder().with_plain_string("$str", "abc").get()
new_file = yaramod.YaraFileBuilder()
yara_file = new_file.with_rule(rule).get()
ascii_str = yara_file.rules[0].strings[0]
result = ursify_plain_string(ascii_str)
assert result.query == "{616263}"
def setUp(self):
self.new_file = yaramod.YaraFileBuilder(yaramod.ImportFeatures.AllCurrent)
self.new_rule = yaramod.YaraRuleBuilder()
def setUp(self):
self.new_file = yaramod.YaraFileBuilder()
self.new_rule = yaramod.YaraRuleBuilder()
