Signed-off-by: Matteo Cafasso <noxda...@gmail.com> --- configure.ac | 1 + tests/yara/Makefile.am | 26 ++++++++++++++++ tests/yara/test-yara-scan.sh | 72 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 tests/yara/Makefile.am create mode 100755 tests/yara/test-yara-scan.sh
diff --git a/configure.ac b/configure.ac index 1e25846e0..999c31184 100644 --- a/configure.ac +++ b/configure.ac @@ -295,6 +295,7 @@ AC_CONFIG_FILES([Makefile tests/tsk/Makefile tests/xfs/Makefile tests/xml/Makefile + tests/yara/Makefile tools/Makefile utils/boot-analysis/Makefile utils/boot-benchmark/Makefile diff --git a/tests/yara/Makefile.am b/tests/yara/Makefile.am new file mode 100644 index 000000000..e23d94e4c --- /dev/null +++ b/tests/yara/Makefile.am @@ -0,0 +1,26 @@ +# libguestfs +# Copyright (C) 2016 Red Hat Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +include $(top_srcdir)/subdir-rules.mk + +TESTS = \ + test-yara-scan.sh + +TESTS_ENVIRONMENT = $(top_builddir)/run --test + +EXTRA_DIST = \ + $(TESTS) diff --git a/tests/yara/test-yara-scan.sh b/tests/yara/test-yara-scan.sh new file mode 100755 index 000000000..a899e33e4 --- /dev/null +++ b/tests/yara/test-yara-scan.sh @@ -0,0 +1,72 @@ +#!/bin/bash - +# libguestfs +# Copyright (C) 2016 Red Hat Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +# Test the yara_scan command. + +set -e + +if [ -n "$SKIP_TEST_YARA_SCAN_SH" ]; then + echo "$0: test skipped because environment variable is set." + exit 77 +fi + +rm -f test-yara-rules.yar + +# Skip if Yara is not supported by the appliance. +if ! guestfish add /dev/null : run : available "libyara"; then + echo "$0: skipped because Yara is not available in the appliance" + exit 77 +fi + +if [ ! -s ../../test-data/phony-guests/blank-fs.img ]; then + echo "$0: skipped because blank-fs.img is zero-sized" + exit 77 +fi + +/bin/cat << EOF > test-yara-rules.yar +rule TestRule +{ + strings: + \$my_text_string = "some text" + + condition: + \$my_text_string +} +EOF + +output=$( +guestfish --ro -a ../../test-data/phony-guests/blank-fs.img <<EOF +run +mount /dev/sda1 / +write /text.txt "some text" +yara-load test-yara-rules.yar +yara-scan /text.txt +umount / +yara-destroy +EOF +) + +echo $output | grep -zq '{ name: /text.txt rule: TestRule }' +if [ $? != 0 ]; then + echo "$0: TestRule not found in detections list." + echo "Detections list:" + echo $output + exit 1 +fi + +rm -f test-yara-rules.yar -- 2.11.0 _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs