コード例 #1
0
        public void VerifyFileMonitorAsFile()
        {
            var RuleName = "AndRule";
            var andRule  = new AsaRule(RuleName)
            {
                Expression = "0 AND 1",
                ResultType = RESULT_TYPE.FILE,
                Flag       = ANALYSIS_RESULT_TYPE.FATAL,
                Clauses    = new List <Clause>()
                {
                    new Clause(Operation.Equals, "Path")
                    {
                        Label = "0",
                        Data  = new List <string>()
                        {
                            "TestPath1"
                        }
                    },
                    new Clause(Operation.IsTrue, "IsExecutable")
                    {
                        Label = "1"
                    }
                }
            };

            var analyzer = new AsaAnalyzer();

            var opts = new CompareCommandOptions(null, "SecondRun")
            {
                ApplySubObjectRulesToMonitor = true
            };

            var results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile()
            {
                AsaRules = new AsaRule[] { andRule }
            });

            Assert.IsTrue(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule))));

            opts = new CompareCommandOptions(null, "SecondRun")
            {
                ApplySubObjectRulesToMonitor = false
            };

            results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile()
            {
                AsaRules = new AsaRule[] { andRule }
            });

            Assert.IsFalse(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule))));
        }