private void TestExtractMeta <T>(YaraRule rule, string metaIdentifier, T expectedValue)
{
T metaValue = default(T);
bool metaExtractSuccess = rule.ExtractMetaValue(metaIdentifier, ref metaValue);
Assert.IsTrue(metaExtractSuccess);
Assert.AreEqual(expectedValue, metaValue);
}
public void TestYaraLoadFromSource()
{
string yrRuleSource = Properties.Resources.TestRule1;
using (YaraRules yrRules = LoadYaraRulesFromSource(yrRuleSource, null))
{
Assert.AreEqual(yrRules.Rules.Count, 1);
YaraRule rule = yrRules.Rules[0];
Assert.AreEqual("silent_banker", rule.Name);
Assert.AreEqual("default", rule.Namespace);
Assert.AreEqual(3, rule.Metas.Count);
TestExtractMeta(rule, "description", "This is just an example");
TestExtractMeta(rule, "thread_level", 3);
TestExtractMeta(rule, "in_the_wild", true);
TestRuleContainsStringIdentifier(rule, "$a");
TestRuleContainsStringIdentifier(rule, "$b");
TestRuleContainsStringIdentifier(rule, "$c");
Assert.AreEqual(yrRules.Rules[0].StringIdentifiers.Count, 3);
}
}
private void TestRuleContainsStringIdentifier(YaraRule rule, string stringIdentifier)
{
bool containsIdentifier = rule.StringIdentifiers.Contains(stringIdentifier);
Assert.IsTrue(containsIdentifier);
}