def test_rule_with_custom_modules(self): cond = yaramod.conjunction([ yaramod.id("module_test.structure_test.function_test")(yaramod.regexp("abc", "")), yaramod.id("cuckoo.sync.mutex")(yaramod.regexp("abc", "")) ]).get() rule = yaramod.YaraRuleBuilder() \ .with_name('test') \ .with_condition(cond)\ .get() yara_file = yaramod.YaraFileBuilder(yaramod.Features.AllCurrent, "./tests/python/testing_modules") \ .with_module("cuckoo") \ .with_module("module_test") \ .with_rule(rule) \ .get(recheck=True) self.assertEqual(yara_file.text_formatted, '''import "cuckoo" import "module_test" rule test { condition: module_test.structure_test.function_test(/abc/) and cuckoo.sync.mutex(/abc/) } ''') self.assertEqual(yara_file.text, '''import "cuckoo" import "module_test" rule test { condition: module_test.structure_test.function_test(/abc/) and cuckoo.sync.mutex(/abc/) }''')
def test_literal_to_hex(): rule = yaramod.YaraRuleBuilder().with_plain_string("$str", "abc").get() new_file = yaramod.YaraFileBuilder() yara_file = new_file.with_rule(rule).get() ascii_str = yara_file.rules[0].strings[0] result = ursify_plain_string(ascii_str) assert result.query == "{616263}"
def setUp(self): self.new_file = yaramod.YaraFileBuilder(yaramod.ImportFeatures.AllCurrent) self.new_rule = yaramod.YaraRuleBuilder()
def setUp(self): self.new_file = yaramod.YaraFileBuilder() self.new_rule = yaramod.YaraRuleBuilder()