def test_rebuild_yara_rule_metadata(self): test_rule = """ rule check_meta { meta: string_value = "TEST STRING" string_value = "DIFFERENT TEST STRING" string_value = "" bool_value = true bool_value = false digit_value = 5 digit_value = 10 condition: true } """ parsed = Plyara().parse_string(test_rule) for rule in parsed: with self.assertWarns(DeprecationWarning): unparsed = Plyara.rebuild_yara_rule(rule) self.assertIn('string_value = "TEST STRING"', unparsed) self.assertIn('string_value = "DIFFERENT TEST STRING"', unparsed) self.assertIn('string_value = ""', unparsed) self.assertIn('bool_value = true', unparsed) self.assertIn('bool_value = false', unparsed) self.assertIn('digit_value = 5', unparsed) self.assertIn('digit_value = 10', unparsed)
def test_rebuild_yara_rule(self): with codecs.open('tests/data/rebuild_ruleset.yar', 'r', encoding='utf-8') as f: inputString = f.read() result = Plyara().parse_string(inputString) rebuilt_rules = "" for rule in result: rebuilt_rules += Plyara.rebuild_yara_rule(rule) self.assertEqual(inputString, rebuilt_rules)
def format_rule(self): raw_rule = {} raw_rule['rule_name'] = self.name raw_rule['tags'] = self.tags raw_rule['imports'] = self.imports raw_rule['metadata'] = self.metadata raw_rule['strings'] = self.strings raw_rule['condition_terms'] = self.condition raw_rule['scopes'] = self.scopes formatted_rule = Plyara.rebuild_yara_rule(raw_rule) return formatted_rule
def test_rebuild_yara_rule(self): with data_dir.joinpath('rebuild_ruleset.yar').open( 'r', encoding='utf-8') as fh: inputString = fh.read() result = Plyara().parse_string(inputString) rebuilt_rules = str() with self.assertWarns(DeprecationWarning): for rule in result: rebuilt_rules += Plyara.rebuild_yara_rule(rule) self.assertEqual(inputString, rebuilt_rules)
def test_rebuild_yara_rule_metadata(self): test_rule = """ rule check_meta { meta: string_value = "TEST STRING" bool_value = true digit_value = 5 condition: true } """ parsed = Plyara().parse_string(test_rule) for rule in parsed: unparsed = Plyara.rebuild_yara_rule(rule) self.assertTrue('string_value = "TEST STRING"' in unparsed) self.assertTrue('bool_value = true' in unparsed) self.assertTrue('digit_value = 5' in unparsed)