forked from hillu/go-yara
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mem_blocks_test.go
148 lines (135 loc) · 3.07 KB
/
mem_blocks_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
// Copyright © 2015-2020 Hilko Bengen <[email protected]>
// All rights reserved.
//
// Use of this source code is governed by the license that can be
// found in the LICENSE file.
package yara
import (
"testing"
)
type block struct {
base uint64
data []byte
}
type testIter struct {
data []block
current int
}
func (it *testIter) First() *MemoryBlock {
it.current = 0
return it.Next()
}
func (it *testIter) Next() *MemoryBlock {
if it.current >= len(it.data) {
return nil
}
data := it.data[it.current].data
base := it.data[it.current].base
it.current += 1
return &MemoryBlock{
Base: base,
Size: uint64(len(data)),
FetchData: func(buf []byte) { copy(buf, data) },
}
}
type testIterWithFilesize struct {
testIter
filesize uint64
}
func (it *testIterWithFilesize) Filesize() uint64 {
return it.filesize
}
func TestIterator(t *testing.T) {
rs := MustCompile(`
rule t1 { condition: true }
//rule a { strings: $a = "aaaa" condition: all of them }
//rule b { strings: $b = "bbbb" condition: all of them }
rule t2 {
strings: $a = "aaaa" $b = "bbbb"
condition: $a at 0 and $b at 32
}
rule t3 {
condition: filesize < 20
}
rule t4 {
condition: filesize >= 20
}
`, nil)
var mrs MatchRules
if err := rs.ScanMemBlocks(&testIter{}, 0, 0, &mrs); err != nil {
t.Errorf("simple iterator scan (no data): %v", err)
} else {
t.Logf("simple iterator scan (no data): %v", mrs)
}
mrs = nil
if err := rs.ScanMemBlocks(&testIter{
data: []block{{0, nil}},
}, 0, 0, &mrs); err != nil {
t.Errorf("simple iterator scan (empty block): %v", err)
} else {
t.Logf("simple iterator scan (empty block): %+v", mrs)
}
mrs = nil
if err := rs.ScanMemBlocks(&testIterWithFilesize{
testIter: testIter{
data: []block{
{0, []byte("aaaaaaaaaaaaaaaa")},
{32, []byte("bbbbbbbbbbbbbbbb")},
},
},
filesize: 64,
}, 0, 0, &mrs); err != nil {
t.Errorf("simple iterator scan (aaa..bbbb): %v", err)
} else {
t.Logf("simple iterator scan (aaa..bbb): %+v", mrs)
}
}
type testPanicIter struct {
data []block
current int
}
func (it *testPanicIter) First() *MemoryBlock {
it.current = 0
return it.Next()
}
func (it *testPanicIter) Next() *MemoryBlock {
if it.current >= len(it.data) {
return nil
}
data := it.data[it.current].data
base := it.data[it.current].base
it.current += 1
return &MemoryBlock{
Base: base,
Size: uint64(len(data)),
FetchData: func(buf []byte) {
// Simulate a caught panic during data fetch
func() {
defer func() {
recover() // Recover from panic
}()
// Cause a panic by writing to a nil pointer
var nilPointer *int
*nilPointer = 0
}()
copy(buf, data)
},
}
}
func TestIteratorWithPanic(t *testing.T) {
rs := MustCompile(`
import "math"
rule t1 { condition: math.entropy(0, 10) < 0.5 }
`, nil)
var mrs MatchRules
if err := rs.ScanMemBlocks(&testPanicIter{
data: []block{
{0, []byte("aaaaaaaaaaaaaaaa")},
{32, []byte("bbbbbbbbbbbbbbbb")},
},
}, 0, 0, &mrs); err != nil {
t.Errorf("simple iterator scan (aaa..bbbb): %v", err)
} else {
t.Logf("simple iterator scan (aaa..bbb): %+v", mrs)
}
}