Browse Source

add: Added test files for yara to test yara library & potentially yara syntax

pipenv
chrisr3d 3 years ago
parent
commit
4149a07eff
No known key found for this signature in database GPG Key ID: 6BBED1B63A6D639F
  1. 7
      tests/yara_hash_module_test.yara
  2. 5
      tests/yara_pe_module_test.yara
  3. 22
      tests/yara_test.py

7
tests/yara_hash_module_test.yara

@ -0,0 +1,7 @@
import "hash"
rule oui {
condition:
hash.md5(0, filesize) == "8764605c6f388c89096b534d33565802" and
hash.sha1(0, filesize) == "46aba99aa7158e4609aaa72b50990842fd22ae86" and
hash.sha256(0, filesize) == "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b"
}

5
tests/yara_pe_module_test.yara

@ -0,0 +1,5 @@
import "pe"
rule my_pe {
condition:
pe.imphash() == "eecc824da5b175f530705611127a6b41"
}

22
tests/yara_test.py

@ -0,0 +1,22 @@
import sys
try:
import yara
except (OSError, ImportError):
sys.exit("yara is missing, use 'pip3 install -I -r REQUIREMENTS' from the root of this repository to install it.")
# Usage: python3 yara_test.py [yara files]
# with any yara file(s) in order to test if yara library is correctly installed.
# (it is also validating yara syntax)
#
# If no argument is given, this script takes the 2 yara test rules in the same directory
# in order to test if both yara modules we need work properly.
files = sys.argv[1:] if len(sys.argv) > 1 else ['yara_hash_module_test.yara', 'yara_pe_module_test.yara']
for file_ in files:
try:
yara.compile(file_)
status = "Valid syntax"
except Exception as e:
status = e
print("{}: {}".format(file_, status))
Loading…
Cancel
Save