def test_action_fail(self): jd = copy.deepcopy(cannonical_json_dump) pc = DotDict() pc.json_dump = jd fake_processor = create_basic_fake_processor() rc = DotDict() rd = {} rule = BitguardClassifier() action_result = rule.action(rc, rd, pc, fake_processor) ok_(not action_result) ok_('classifications' not in pc)
def test_action_fail(self): jd = copy.deepcopy(cannonical_json_dump) pc = DotDict() pc.json_dump = jd fake_processor = create_basic_fake_processor() rc = DotDict() rule = BitguardClassifier() action_result = rule.action(rc, pc, fake_processor) self.assertFalse(action_result) self.assertTrue('classifications' not in pc)
def test_action_success(self): jd = copy.deepcopy(cannonical_json_dump) jd['modules'].append({'filename': 'bitguard.dll'}) pc = DotDict() pc.json_dump = jd fake_processor = create_basic_fake_processor() rc = DotDict() rd = {} rule = BitguardClassifier() action_result = rule.action(rc, rd, pc, fake_processor) ok_(action_result) ok_('classifications' in pc) ok_('support' in pc.classifications) eq_('bitguard', pc.classifications.support.classification)