Python conjunction 예제들

프로그래밍 언어: Python

네임스페이스/패키지 이름: yaramod

메소드/함수: conjunction

hotexamples.com에서의 예제들: 5

Python conjunction - 5개의 예제가 발견되었습니다. 이것들은 오픈소스 프로젝트에서 추출된 Python의 yaramod.conjunction에 대한 실세계 최고 등급의 예제들입니다. 예제들을 평가하여 예제의 품질 향상에 도움을 줄 수 있습니다.

예제 #1

파일 보기

    def test_rule_with_custom_modules(self):
        cond = yaramod.conjunction([
            yaramod.id("module_test.structure_test.function_test")(yaramod.regexp("abc", "")),
            yaramod.id("cuckoo.sync.mutex")(yaramod.regexp("abc", ""))
        ]).get()
        rule = yaramod.YaraRuleBuilder() \
            .with_name('test') \
            .with_condition(cond)\
            .get()
        yara_file = yaramod.YaraFileBuilder(yaramod.Features.AllCurrent, "./tests/python/testing_modules") \
            .with_module("cuckoo") \
            .with_module("module_test") \
            .with_rule(rule) \
            .get(recheck=True)

        self.assertEqual(yara_file.text_formatted, '''import "cuckoo"
import "module_test"

rule test
{
	condition:
		module_test.structure_test.function_test(/abc/) and
		cuckoo.sync.mutex(/abc/)
}
''')
        self.assertEqual(yara_file.text, '''import "cuckoo"
import "module_test"

rule test {
	condition:
		module_test.structure_test.function_test(/abc/) and cuckoo.sync.mutex(/abc/)
}''')

예제 #2

파일 보기

파일: test_builder.py 프로젝트: MatejKastak/yaramod

    def test_rule_with_and_condition(self):
        cond = yaramod.conjunction([
            yaramod.filesize() > yaramod.int_val(100),
            yaramod.filesize() < yaramod.int_val(200)
        ])
        rule = self.new_rule \
            .with_name('rule_with_and_condition') \
            .with_condition(cond.get()) \
            .get()
        yara_file = self.new_file \
            .with_rule(rule) \
            .get()

        self.assertEqual(
            yara_file.text_formatted, '''rule rule_with_and_condition
{
	condition:
		filesize > 100 and
		filesize < 200
}
''')
        self.assertEqual(
            yara_file.text, '''rule rule_with_and_condition {
	condition:
		filesize > 100 and filesize < 200
}''')

예제 #3

파일 보기

파일: test_builder.py 프로젝트: MatejKastak/yaramod

    def test_rule_with_and_condition_with_comments(self):
        cond = yaramod.conjunction(
            [[yaramod.filesize() > yaramod.int_val(100), 'comment1'],
             [yaramod.filesize() < yaramod.int_val(200), 'comment2']])
        rule = self.new_rule \
            .with_name('rule_with_and_condition_with_comments') \
            .with_condition(cond.get()) \
            .get()
        yara_file = self.new_file \
            .with_rule(rule) \
            .get()

        self.assertEqual(
            yara_file.text_formatted,
            '''rule rule_with_and_condition_with_comments
{
	condition:
		/* comment1 */
		filesize > 100 and
		/* comment2 */
		filesize < 200
}
''')
        self.assertEqual(
            yara_file.text, '''rule rule_with_and_condition_with_comments {
	condition:
		filesize > 100 and
		filesize < 200
}''')

예제 #4

파일 보기

            def insert_rule(self, yara_file):
                rule_cond = yaramod.conjunction(
                    [yaramod.id('first_file'),
                     yaramod.id('second_file')])

                another_rule = yaramod.YaraRuleBuilder() \
                    .with_modifier(yaramod.RuleModifier.Private) \
                    .with_name('ANOTHER_RULE') \
                    .with_condition(rule_cond.get()) \
                    .get()

                for rule in yara_file.rules:
                    if not rule.is_private:
                        context = yaramod.TokenStreamContext(rule.condition)
                        output = yaramod.conjunction([
                            yaramod.id(another_rule.name),
                            yaramod.paren(yaramod.YaraExpressionBuilder(
                                rule.condition),
                                          linebreaks=True)
                        ]).get()
                        self.cleanup_tokenstreams(context, output)
                        rule.condition = output

                yara_file.insert_rule(0, another_rule)

예제 #5

파일 보기

    def test_rule_with_for_loop_over_dictionary(self):
        cond = yaramod.for_loop(
                yaramod.any(),
                'k',
                'v',
                yaramod.id('pe').access('version_info'),
                yaramod.conjunction([
                    yaramod.id('k') == yaramod.string_val('CompanyName'),
                    yaramod.id('v').contains(yaramod.string_val('Microsoft'))
                ])
            )
        rule = self.new_rule \
            .with_name('rule_with_for_loop_over_dictionary') \
            .with_plain_string('$1', 'This is plain string.') \
            .with_condition(cond.get()) \
            .get()
        yara_file = self.new_file \
            .with_rule(rule) \
            .get()


        self.assertEqual(yara_file.text_formatted, '''rule rule_with_for_loop_over_dictionary
{
	strings:
		$1 = "This is plain string."
	condition:
		for any k, v in pe.version_info : (
			k == "CompanyName" and
			v contains "Microsoft"
		)
}
''')
        self.assertEqual(yara_file.text, '''rule rule_with_for_loop_over_dictionary {
	strings:
		$1 = "This is plain string."
	condition:
		for any k, v in pe.version_info : ( k == "CompanyName" and v contains "Microsoft" )
}''')