def test_rule_with_of_in_range_condition(self):
cond = yaramod.of(yaramod.all(), yaramod.them(), yaramod.range(yaramod.filesize() - yaramod.int_val(1024), yaramod.filesize()))
rule = self.new_rule \
.with_name('rule_with_of_in_range_condition') \
.with_plain_string('$a1', 'This is plain string 1.') \
.with_plain_string('$a2', 'This is plain string 2.') \
.with_condition(cond.get()) \
.get()
yara_file = self.new_file \
.with_rule(rule) \
.get()
self.assertEqual(yara_file.text_formatted, '''rule rule_with_of_in_range_condition
{
strings:
$a1 = "This is plain string 1."
$a2 = "This is plain string 2."
condition:
all of them in (filesize - 1024 .. filesize)
}
''')
self.assertEqual(yara_file.text, '''rule rule_with_of_in_range_condition {
strings:
$a1 = "This is plain string 1."
$a2 = "This is plain string 2."
condition:
all of them in (filesize - 1024 .. filesize)
}''')
def test_rule_with_match_in_range_condition(self):
cond = yaramod.match_in_range('$1', yaramod.range(yaramod.int_val(100), yaramod.int_val(200)))
rule = self.new_rule \
.with_name('rule_with_match_in_range_condition') \
.with_condition(cond.get()) \
.with_plain_string('$1', 'This is plain string 1.') \
.get()
yara_file = self.new_file \
.with_rule(rule) \
.get()
self.assertEqual(yara_file.text_formatted, '''rule rule_with_match_in_range_condition
{
strings:
$1 = "This is plain string 1."
condition:
$1 in (100 .. 200)
}
''')
self.assertEqual(yara_file.text, '''rule rule_with_match_in_range_condition {
strings:
$1 = "This is plain string 1."
condition:
$1 in (100 .. 200)
}''')
def test_rule_with_match_in_range_condition(self):
cond = yaramod.match_in_range(
'$1', yaramod.range(yaramod.int_val(100), yaramod.int_val(200)))
rule = self.new_rule \
.with_name('rule_with_match_in_range_condition') \
.with_condition(cond.get()) \
.get()
yara_file = self.new_file \
.with_rule(rule) \
.get()
self.assertEqual(
yara_file.text, '''rule rule_with_match_in_range_condition {
condition:
$1 in (100 .. 200)
}''')