File: yaramod_tests.cpp

package info (click to toggle)
yaramod 3.6.0-1.1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 3,924 kB
  • sloc: cpp: 52,237; python: 2,921; ansic: 71; sh: 70; makefile: 41
file content (126 lines) | stat: -rw-r--r-- 2,319 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
/**
* @file tests/yaramod_tests.cpp
* @brief Tests for the YARA literal.
* @copyright (c) 2019 Avast Software, licensed under the MIT license
*/

#include <gtest/gtest.h>
#include <iostream>

#include "yaramod/types/plain_string.h"
#include "yaramod/yaramod.h"

using namespace ::testing;

namespace yaramod {
namespace tests {

class YaramodTests : public Test {};

TEST_F(YaramodTests,
MultipleParsePhasesWithSingleYaramod) {
   yaramod::Yaramod ymod;
   std::string input_text = R"(
rule empty_rule
{
	condition:
		true
}
)";
   std::stringstream input;
   input << input_text;
   auto yarafile = ymod.parseStream(input);

   ASSERT_EQ(1u, yarafile->getRules().size());
   const auto& rule = yarafile->getRules()[0];
   EXPECT_EQ("empty_rule", rule->getName());
   EXPECT_EQ(Rule::Modifier::None, rule->getModifier());
   EXPECT_EQ(0u, rule->getMetas().size());
   EXPECT_TRUE(rule->getStrings().empty());

   EXPECT_EQ(input_text, yarafile->getTokenStream()->getText());

   input_text = R"(
rule rule_1 {
	strings:
		$1 = "String from Rule 1"
	condition:
		true
}

rule rule_2
{
	strings:
		$1 = "String from Rule 2"
	condition:
		true
}

rule rule_3 {
	strings:
		$1 = "String from Rule 3"
	condition:
		true
}
)";
   input.clear();
   input << input_text;
   yarafile = ymod.parseStream(input);

   ASSERT_EQ(3u, yarafile->getRules().size());

   std::uint64_t ruleId = 1;
   for (const auto& rule : yarafile->getRules())
   {
      std::ostringstream stream;
      stream << "rule_" << ruleId;

      EXPECT_EQ(stream.str(), rule->getName());

      auto strings = rule->getStrings();
      ASSERT_EQ(1u, strings.size());

      auto str = strings[0];
      stream.str(std::string());
      stream.clear();
      stream << "String from Rule " << ruleId;

      ASSERT_TRUE(str->isPlain());
      EXPECT_EQ("$1", str->getIdentifier());
      EXPECT_EQ('"' + stream.str() + '"', str->getText());
      EXPECT_TRUE(static_cast<const PlainString*>(str)->isAscii());

      ruleId++;
   }

   std::string expected = R"(
rule rule_1
{
	strings:
		$1 = "String from Rule 1"
	condition:
		true
}

rule rule_2
{
	strings:
		$1 = "String from Rule 2"
	condition:
		true
}

rule rule_3
{
	strings:
		$1 = "String from Rule 3"
	condition:
		true
}
)";

   EXPECT_EQ(expected, yarafile->getTokenStream()->getText());
}

}
}