CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed test due to check regexes based on exe dirpath.

Browse Source
This commit is contained in:
DustInDark
2022-06-24 22:16:12 +09:00
parent ad79d11fe3
commit 6224e9951e
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/detections/rule/matchers.rs
View File

@@ -523,8 +523,8 @@ mod tests {
- ホスト アプリケーション - ホスト アプリケーション
ImagePath: ImagePath:
min_length: 1234321 min_length: 1234321
regexes: ./rules/config/regex/detectlist_suspicous_services.txt regexes: ./../../../rules/config/regex/detectlist_suspicous_services.txt
allowlist: ./rules/config/regex/allowlist_legitimate_services.txt allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
falsepositives: falsepositives:
- unknown - unknown
level: medium level: medium
@@ -1111,7 +1111,7 @@ mod tests {
selection: selection:
EventID: 4103 EventID: 4103
Channel: Channel:
- allowlist: ./rules/config/regex/allowlist_legitimate_services.txt - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
details: 'command=%CommandLine%' details: 'command=%CommandLine%'
"#; "#;
@@ -1145,7 +1145,7 @@ mod tests {
selection: selection:
EventID: 4103 EventID: 4103
Channel: Channel:
- allowlist: ./rules/config/regex/allowlist_legitimate_services.txt - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
details: 'command=%CommandLine%' details: 'command=%CommandLine%'
"#; "#;
@@ -1179,7 +1179,7 @@ mod tests {
selection: selection:
EventID: 4103 EventID: 4103
Channel: Channel:
- allowlist: ./rules/config/regex/allowlist_legitimate_services.txt - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
details: 'command=%CommandLine%' details: 'command=%CommandLine%'
"#; "#;

4
src/detections/utils.rs
View File

@@ -443,7 +443,7 @@ mod tests {
#[test] #[test]
fn test_check_regex() { fn test_check_regex() {
let regexes: Vec<Regex> = let regexes: Vec<Regex> =
utils::read_txt("./rules/config/regex/detectlist_suspicous_services.txt") utils::read_txt("./../../../rules/config/regex/detectlist_suspicous_services.txt")
.unwrap() .unwrap()
.into_iter() .into_iter()
.map(|regex_str| Regex::new(&regex_str).unwrap()) .map(|regex_str| Regex::new(&regex_str).unwrap())
@@ -459,7 +459,7 @@ mod tests {
fn test_check_allowlist() { fn test_check_allowlist() {
let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\""; let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\"";
let allowlist: Vec<Regex> = let allowlist: Vec<Regex> =
utils::read_txt("./rules/config/regex/allowlist_legitimate_services.txt") utils::read_txt("./../../../rules/config/regex/allowlist_legitimate_services.txt")
.unwrap() .unwrap()
.into_iter() .into_iter()
.map(|allow_str| Regex::new(&allow_str).unwrap()) .map(|allow_str| Regex::new(&allow_str).unwrap())