예제 #1
0
    def test_run_on_chunk(self):
        self.rule.update(state=RUNNING)  # Pretend we started running the rule.
        run_yara_query_rule_on_versions_chunk([self.version.pk], self.rule.pk)

        yara_results = ScannerQueryResult.objects.all()
        assert len(yara_results) == 1
        yara_result = yara_results[0]
        assert yara_result.version == self.version
        assert len(yara_result.results) == 2
        assert yara_result.results[0] == {
            'rule': self.rule.name,
            'tags': [],
            'meta': {
                'filename': 'index.js'
            },
        }
        assert yara_result.results[1] == {
            'rule': self.rule.name,
            'tags': [],
            'meta': {
                'filename': 'manifest.json'
            },
        }
        self.rule.reload()
        assert self.rule.state == RUNNING  # Not touched by this task.
예제 #2
0
 def test_dont_generate_results_if_not_matching_rule(self):
     # Unlike "regular" ScannerRule/ScannerResult, for query stuff we don't
     # store a result instance if the version doesn't match the rule.
     self.rule.update(definition='rule always_false { condition: false }')
     run_yara_query_rule_on_versions_chunk([self.version.pk], self.rule.pk)
     assert ScannerQueryResult.objects.count() == 0
     self.rule.reload()
     assert self.rule.state == NEW  # Not touched by this task.
예제 #3
0
    def test_run_on_chunk_aborting(self):
        self.rule.update(state=ABORTING)
        run_yara_query_rule_on_versions_chunk([self.version.pk], self.rule.pk)

        assert ScannerQueryResult.objects.count() == 0

        self.rule.reload()
        assert self.rule.state == ABORTING  # Not touched by this.
예제 #4
0
    def test_run_on_chunk_aborted(self):
        # This shouldn't happen - if there are any tasks left, state should be
        # RUNNING or ABORTING, but let's make sure we handle it.
        self.rule.update(state=ABORTED)
        run_yara_query_rule_on_versions_chunk([self.version.pk], self.rule.pk)

        assert ScannerQueryResult.objects.count() == 0
        self.rule.reload()
        assert self.rule.state == ABORTED  # Not touched by this.
예제 #5
0
    def test_run_on_chunk_was_blocked(self):
        self.rule.update(state=RUNNING)  # Pretend we started running the rule.
        Block.objects.create(guid=self.version.addon.guid, updated_by=user_factory())
        run_yara_query_rule_on_versions_chunk([self.version.pk], self.rule.pk)

        yara_results = ScannerQueryResult.objects.all()
        assert len(yara_results) == 1
        yara_result = yara_results[0]
        assert yara_result.version == self.version
        assert yara_result.was_blocked