add: Added test files for yara to test yara library & potentially yara syntax

5 years ago · 4149a07eff
parent 299e97d1ce
commit 4149a07eff
3 changed files with 34 additions and 0 deletions
--- a/tests/yara_hash_module_test.yara
+++ b/tests/yara_hash_module_test.yara
@ -0,0 +1,7 @@
+import "hash"
+rule oui {
+    condition:
+        hash.md5(0, filesize) == "8764605c6f388c89096b534d33565802" and
+        hash.sha1(0, filesize) == "46aba99aa7158e4609aaa72b50990842fd22ae86" and
+        hash.sha256(0, filesize) == "ec5aedf5ecc6bdadd4120932170d1b10f6cfa175cfda22951dfd882928ab279b"
+}
--- a/tests/yara_pe_module_test.yara
+++ b/tests/yara_pe_module_test.yara
@ -0,0 +1,5 @@
+import "pe"
+rule my_pe {
+    condition:
+        pe.imphash() == "eecc824da5b175f530705611127a6b41"
+}
--- a/tests/yara_test.py
+++ b/tests/yara_test.py
@ -0,0 +1,22 @@
+import sys
+try:
+    import yara
+except (OSError, ImportError):
+    sys.exit("yara is missing, use 'pip3 install -I -r REQUIREMENTS' from the root of this repository to install it.")
+
+# Usage: python3 yara_test.py [yara files]
+# with any yara file(s) in order to test if yara library is correctly installed.
+# (it is also validating yara syntax)
+#
+# If no argument is given, this script takes the 2 yara test rules in the same directory
+# in order to test if both yara modules we need work properly.
+
+files = sys.argv[1:] if len(sys.argv) > 1 else ['yara_hash_module_test.yara', 'yara_pe_module_test.yara']
+
+for file_ in files:
+    try:
+        yara.compile(file_)
+        status = "Valid syntax"
+    except Exception as e:
+        status = e
+    print("{}: {}".format(file_, status))