예제 #1
0
        public void CheckSaveLoadRuleTest()
        {
            // Initialize yara context
            using (YaraContext ctx = new YaraContext())
            {
                using (var compiler = new Compiler())
                {
                    compiler.AddRuleString("rule foo: bar {strings: $a = \"lmn\" condition: $a}");
                    CompiledRules compiledRules = compiler.Compile();
                    Assert.True(compiledRules.RuleCount == 1);

                    Encoding encoding = Encoding.ASCII;
                    byte[]   buffer   = encoding.GetBytes("abcdefgjiklmnoprstuvwxyz");

                    // Initialize the scanner
                    var scanner = new Scanner();

                    List <ScanResult> compiledScanResults = scanner.ScanMemory(ref buffer, compiledRules);
                    Assert.True(compiledScanResults.Count == 1);
                    Assert.Equal("foo", compiledScanResults[0].MatchingRule.Identifier);


                    //save the rule to disk
                    string tempfile = System.IO.Path.GetTempFileName();
                    bool   saved    = compiledRules.Save(tempfile);
                    Assert.True(saved);

                    //load the saved rule to a new ruleset
                    CompiledRules loadedRules = new CompiledRules(tempfile);

                    List <ScanResult> loadedScanResults = scanner.ScanMemory(ref buffer, loadedRules);

                    Assert.True(loadedScanResults.Count == 1);
                    Assert.Equal("foo", loadedScanResults[0].MatchingRule.Identifier);

                    System.IO.File.Delete(tempfile);
                }
            }
        }