fixed test due to check regexes based on exe dirpath.

src/detections/rule/matchers.rs

@@ -523,8 +523,8 @@ mod tests {
                     - ホスト アプリケーション
                 ImagePath:
                     min_length: 1234321
-                    regexes: ./rules/config/regex/detectlist_suspicous_services.txt
-                    allowlist: ./rules/config/regex/allowlist_legitimate_services.txt
+                    regexes: ./../../../rules/config/regex/detectlist_suspicous_services.txt
+                    allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
         falsepositives:
             - unknown
         level: medium
@@ -1111,7 +1111,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: ./rules/config/regex/allowlist_legitimate_services.txt
+                    - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
         details: 'command=%CommandLine%'
         "#;
 
@@ -1145,7 +1145,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: ./rules/config/regex/allowlist_legitimate_services.txt
+                    - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
         details: 'command=%CommandLine%'
         "#;
 
@@ -1179,7 +1179,7 @@ mod tests {
             selection:
                 EventID: 4103
                 Channel:
-                    - allowlist: ./rules/config/regex/allowlist_legitimate_services.txt
+                    - allowlist: ./../../../rules/config/regex/allowlist_legitimate_services.txt
         details: 'command=%CommandLine%'
         "#;
 

src/detections/utils.rs

@@ -443,7 +443,7 @@ mod tests {
     #[test]
     fn test_check_regex() {
         let regexes: Vec<Regex> =
-            utils::read_txt("./rules/config/regex/detectlist_suspicous_services.txt")
+            utils::read_txt("./../../../rules/config/regex/detectlist_suspicous_services.txt")
                 .unwrap()
                 .into_iter()
                 .map(|regex_str| Regex::new(&regex_str).unwrap())
@@ -459,7 +459,7 @@ mod tests {
     fn test_check_allowlist() {
         let commandline = "\"C:\\Program Files\\Google\\Update\\GoogleUpdate.exe\"";
         let allowlist: Vec<Regex> =
-            utils::read_txt("./rules/config/regex/allowlist_legitimate_services.txt")
+            utils::read_txt("./../../../rules/config/regex/allowlist_legitimate_services.txt")
                 .unwrap()
                 .into_iter()
                 .map(|allow_str| Regex::new(&allow_str).unwrap())