[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH 6/6] yara_scan: added API tests



Signed-off-by: Matteo Cafasso <noxdafox gmail com>
---
 configure.ac                 |  1 +
 tests/yara/Makefile.am       | 26 ++++++++++++++++
 tests/yara/test-yara-scan.sh | 72 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 99 insertions(+)
 create mode 100644 tests/yara/Makefile.am
 create mode 100755 tests/yara/test-yara-scan.sh

diff --git a/configure.ac b/configure.ac
index 45bb935..0681010 100644
--- a/configure.ac
+++ b/configure.ac
@@ -285,6 +285,7 @@ AC_CONFIG_FILES([Makefile
                  tests/tsk/Makefile
                  tests/xfs/Makefile
                  tests/xml/Makefile
+                 tests/yara/Makefile
                  tools/Makefile
                  utils/boot-analysis/Makefile
                  utils/boot-benchmark/Makefile
diff --git a/tests/yara/Makefile.am b/tests/yara/Makefile.am
new file mode 100644
index 0000000..e23d94e
--- /dev/null
+++ b/tests/yara/Makefile.am
@@ -0,0 +1,26 @@
+# libguestfs
+# Copyright (C) 2016 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+include $(top_srcdir)/subdir-rules.mk
+
+TESTS = \
+	test-yara-scan.sh
+
+TESTS_ENVIRONMENT = $(top_builddir)/run --test
+
+EXTRA_DIST = \
+	$(TESTS)
diff --git a/tests/yara/test-yara-scan.sh b/tests/yara/test-yara-scan.sh
new file mode 100755
index 0000000..a899e33
--- /dev/null
+++ b/tests/yara/test-yara-scan.sh
@@ -0,0 +1,72 @@
+#!/bin/bash -
+# libguestfs
+# Copyright (C) 2016 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# Test the yara_scan command.
+
+set -e
+
+if [ -n "$SKIP_TEST_YARA_SCAN_SH" ]; then
+    echo "$0: test skipped because environment variable is set."
+    exit 77
+fi
+
+rm -f test-yara-rules.yar
+
+# Skip if Yara is not supported by the appliance.
+if ! guestfish add /dev/null : run : available "libyara"; then
+    echo "$0: skipped because Yara is not available in the appliance"
+    exit 77
+fi
+
+if [ ! -s ../../test-data/phony-guests/blank-fs.img ]; then
+    echo "$0: skipped because blank-fs.img is zero-sized"
+    exit 77
+fi
+
+/bin/cat << EOF > test-yara-rules.yar
+rule TestRule
+{
+    strings:
+        \$my_text_string = "some text"
+
+    condition:
+        \$my_text_string
+}
+EOF
+
+output=$(
+guestfish --ro -a ../../test-data/phony-guests/blank-fs.img <<EOF
+run
+mount /dev/sda1 /
+write /text.txt "some text"
+yara-load test-yara-rules.yar
+yara-scan /text.txt
+umount /
+yara-destroy
+EOF
+)
+
+echo $output | grep -zq '{ name: /text.txt rule: TestRule }'
+if [ $? != 0 ]; then
+    echo "$0: TestRule not found in detections list."
+    echo "Detections list:"
+    echo $output
+    exit 1
+fi
+
+rm -f test-yara-rules.yar
--
2.10.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]