public void VerifyFileMonitorAsFile()
{
var RuleName = "AndRule";
var andRule = new AsaRule(RuleName)
{
Expression = "0 AND 1",
ResultType = RESULT_TYPE.FILE,
Flag = ANALYSIS_RESULT_TYPE.FATAL,
Clauses = new List <Clause>()
{
new Clause(Operation.Equals, "Path")
{
Label = "0",
Data = new List <string>()
{
"TestPath1"
}
},
new Clause(Operation.IsTrue, "IsExecutable")
{
Label = "1"
}
}
};
var analyzer = new AsaAnalyzer();
var opts = new CompareCommandOptions(null, "SecondRun")
{
ApplySubObjectRulesToMonitor = true
};
var results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile()
{
AsaRules = new AsaRule[] { andRule }
});
Assert.IsTrue(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule))));
opts = new CompareCommandOptions(null, "SecondRun")
{
ApplySubObjectRulesToMonitor = false
};
results = AttackSurfaceAnalyzerClient.AnalyzeMonitored(opts, analyzer, new MonitorObject[] { testPathOneObject }, new RuleFile()
{
AsaRules = new AsaRule[] { andRule }
});
Assert.IsFalse(results.Any(x => x.Value.Any(y => y.Identity == testPathOneObject.Identity && y.Rules.Contains(andRule))));
}