From 784db2d9bed1dbee40f04e5ee0e9079f87046ef6 Mon Sep 17 00:00:00 2001 From: Stephen Eckels Date: Mon, 19 Aug 2024 15:43:17 +0000 Subject: [PATCH] Add more regex unit tests --- objfile/patterns.go | 1 + objfile/patterns_test.go | 44 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/objfile/patterns.go b/objfile/patterns.go index 53aeb51..43d7621 100644 --- a/objfile/patterns.go +++ b/objfile/patterns.go @@ -278,6 +278,7 @@ func FindRegex(data []byte, regexInfo *RegexAndNeedle) []int { if len(subMatches) == 0 { break } + for _, match := range subMatches { matches = append(matches, match[0]+subStart) } diff --git a/objfile/patterns_test.go b/objfile/patterns_test.go index 7e736ab..902ac08 100644 --- a/objfile/patterns_test.go +++ b/objfile/patterns_test.go @@ -171,4 +171,48 @@ func TestRegexpPatternFromYaraPattern(t *testing.T) { t.Errorf("incorrect needle") } }) + + t.Run("AllSubMatches", func(t *testing.T) { + reg, err := RegexpPatternFromYaraPattern("{ AA [0-1] BB CC }") + if err != nil { + t.Errorf("pattern errored") + } + + if !bytes.Equal(reg.needle, []byte{0xBB, 0xCC}) { + t.Errorf("incorrect needle") + } + + matches := FindRegex([]byte{0xAA, 0xAA, 0xBB, 0xCC}, reg) + if len(matches) != 2 { + t.Errorf("Wrong sub match count") + } + + matches2 := FindRegex([]byte{0xAA, 0xBB, 0xCC}, reg) + if len(matches2) != 1 { + t.Errorf("Wrong sub match count") + } + + matches3 := FindRegex([]byte{0x00, 0x00, 0x11, 0xAA, 0xBB, 0xCC, 0xAA, 0xAA, 0xBB, 0xCC}, reg) + if len(matches3) != 3 { + t.Errorf("Wrong sub match count") + } + + matches4 := FindRegex([]byte{0xFF, 0xAA, 0xFF, 0xBB, 0xCC, 0x00, 0x00, 0x11, 0xAA, 0xBB, 0xCC, 0xAA, 0xAA, 0xBB, 0xCC}, reg) + if len(matches4) != 4 { + t.Errorf("Wrong sub match count") + } + }) + + t.Run("NewLineByte", func(t *testing.T) { + // ensure ?? (dot) matches \n (0x0A) + reg, err := RegexpPatternFromYaraPattern("{ ?? AA BB CC }") + if err != nil { + t.Errorf("pattern errored") + } + + matches := FindRegex([]byte{0x0A, 0xAA, 0xBB, 0xCC, 0x0A, 0xAA, 0xBB, 0x00, 0xAA, 0xBB, 0xCC, 0x0A}, reg) + if len(matches) != 2 { + t.Errorf("Wrong match count") + } + }) }