def testFileRuleParse(self): """Tests that the Yara analyzer can read rules.""" test_yara_rules = self._ReadTestRuleFile() analyzer = yara_analyzer.YaraAnalyzer() analyzer.SetRules(test_yara_rules) self.assertIsNotNone(analyzer._rules)
def testFileRuleParse(self): """Tests that the Yara analyzer can read rules.""" analyzer = yara_analyzer.YaraAnalyzer() rule_path = self._GetTestFilePath(self._RULE_FILE) with open(rule_path, 'r') as rules_file: rules = rules_file.read() analyzer.SetRules(rules) self.assertIsNotNone(analyzer._rules)
def testMatchFile(self): """Tests that the Yara analyzer correctly matches a file.""" analyzer = yara_analyzer.YaraAnalyzer() rule_path = self._GetTestFilePath(self._RULE_FILE) with open(rule_path, 'r') as rule_file: rule_string = rule_file.read() analyzer.SetRules(rule_string) target_path = self._GetTestFilePath(['test_pe.exe']) with open(target_path, 'rb') as target_file: target_data = target_file.read() analyzer.Analyze(target_data) results = analyzer.GetResults() self.assertIsInstance(results, list) first_result = results[0] self.assertIsInstance(first_result, analyzer_result.AnalyzerResult) self.assertEqual(first_result.attribute_name, 'yara_match') self.assertEqual(first_result.analyzer_name, 'yara') self.assertEqual(first_result.attribute_value, 'PEfileBasic,PEfile')
def testMatchFile(self): """Tests that the Yara analyzer correctly matches a file.""" test_yara_rules = self._ReadTestRuleFile() test_file_path = self._GetTestFilePath(['test_pe.exe']) self._SkipIfPathNotExists(test_file_path) analyzer = yara_analyzer.YaraAnalyzer() analyzer.SetRules(test_yara_rules) with open(test_file_path, 'rb') as file_object: test_data = file_object.read() analyzer.Analyze(test_data) results = analyzer.GetResults() self.assertIsInstance(results, list) first_result = results[0] self.assertIsInstance(first_result, analyzer_result.AnalyzerResult) self.assertEqual(first_result.attribute_name, 'yara_match') self.assertEqual(first_result.analyzer_name, 'yara') self.assertEqual(first_result.attribute_value, 'PEfileBasic,PEfile')