From fd45fbaafff03a93e3321dd7a3019f2884e3d8f9 Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Wed, 19 Jul 2023 18:41:31 +0200 Subject: [PATCH] test: more test cases for hex patterns --- yara-x-parser/src/parser/cst2ast.rs | 15 ++++- yara-x-parser/src/parser/tests/errors.rs | 72 ++++++++++++++++++++++-- yara-x/src/tests/mod.rs | 63 +++++++++++++++++++++ 3 files changed, 143 insertions(+), 7 deletions(-) diff --git a/yara-x-parser/src/parser/cst2ast.rs b/yara-x-parser/src/parser/cst2ast.rs index c759201b3..c407adf45 100644 --- a/yara-x-parser/src/parser/cst2ast.rs +++ b/yara-x-parser/src/parser/cst2ast.rs @@ -2066,8 +2066,18 @@ fn hex_pattern_from_cst<'src>( )); } - if let (Some(start), Some(end)) = (jump.start, jump.end) { - if start > end { + match (jump.start, jump.end) { + (Some(0), Some(0)) => { + return Err(Error::from(ErrorInfo::invalid_pattern( + ctx.report_builder, + ctx.current_pattern_ident(), + "zero-length jumps are useless, remove it" + .to_string(), + jump_span, + None, + ))); + } + (Some(start), Some(end)) if start > end => { return Err(Error::from(ErrorInfo::invalid_pattern( ctx.report_builder, ctx.current_pattern_ident(), @@ -2082,6 +2092,7 @@ fn hex_pattern_from_cst<'src>( }, ))); } + _ => {} } HexToken::Jump(jump) diff --git a/yara-x-parser/src/parser/tests/errors.rs b/yara-x-parser/src/parser/tests/errors.rs index 2df028436..bdb41b5a2 100644 --- a/yara-x-parser/src/parser/tests/errors.rs +++ b/yara-x-parser/src/parser/tests/errors.rs @@ -270,7 +270,8 @@ fn syntax_errors() { rule test { strings: $a = { 00 [0-1] } -condition: true +condition: + $a }"#, r#"error: syntax error ╭─[line:4:19] @@ -288,7 +289,8 @@ condition: true rule test { strings: $a = { [0-1] 00 } -condition: true +condition: + $a }"#, r#"error: syntax error ╭─[line:4:10] @@ -306,7 +308,8 @@ condition: true rule test { strings: $a = { 00 ( 00 } -condition: true +condition: + $a }"#, r#"error: syntax error ╭─[line:4:18] @@ -322,9 +325,29 @@ condition: true line!(), r#" rule test { +strings: + $a = { [-] 01 02 } +condition: + $a +}"#, + r#"error: syntax error + ╭─[line:4:10] + │ + 4 │ $a = { [-] 01 02 } + │ │ + │ ╰─ expected bytes +───╯ +"#, + ), + ///////////////////////////////////////////////////////// + ( + line!(), + r#" +rule test { strings: $a = { 00 ~?? 11 } -condition: true +condition: + $a }"#, r#"error: invalid pattern `$a` ╭─[line:4:13] @@ -342,7 +365,8 @@ condition: true rule test { strings: $a = { G0 } -condition: true +condition: + $a }"#, r#"error: syntax error ╭─[line:4:10] @@ -377,6 +401,25 @@ condition: line!(), r#" rule test { +strings: + $a = { 01 ~0 11 } +condition: + $a +}"#, + r#"error: invalid pattern `$a` + ╭─[line:4:13] + │ + 4 │ $a = { 01 ~0 11 } + │ ─┬ + │ ╰── uneven number of nibbles +───╯ +"#, + ), + ///////////////////////////////////////////////////////// + ( + line!(), + r#" +rule test { condition: any of (a,b,c) in (0..100) }"#, @@ -719,6 +762,25 @@ rule test { │ │ Note: consecutive jumps were coalesced into a single one ───╯ +"#, + ), + ///////////////////////////////////////////////////////// + ( + line!(), + r#" +rule test { +strings: + $a = { 01 [0] 02 } +condition: + $a +}"#, + r#"error: invalid pattern `$a` + ╭─[line:4:13] + │ + 4 │ $a = { 01 [0] 02 } + │ ─┬─ + │ ╰─── zero-length jumps are useless, remove it +───╯ "#, ), //////////////////////////////////////////////////////////// diff --git a/yara-x/src/tests/mod.rs b/yara-x/src/tests/mod.rs index 472e836c0..233932908 100644 --- a/yara-x/src/tests/mod.rs +++ b/yara-x/src/tests/mod.rs @@ -437,6 +437,69 @@ fn hex_patterns() { pattern_true!(r#"{ 01 }"#, b"\x01"); pattern_true!(r#"{ 01 02 03 04 }"#, b"\x01\x02\x03\x04"); pattern_true!(r#"{ (01 02 03 04 | 05 06 07 08) }"#, b"\x01\x02\x03\x04"); + pattern_match!(r#"{ 31 32 [-] 38 39 }"#, b"123456789", b"123456789"); + pattern_match!( + r#"{ 31 32 [-] 33 34 [-] 38 39 }"#, + b"123456789", + b"123456789" + ); + pattern_match!( + r#"{ 31 32 [1] 34 35 [2] 38 39 }"#, + b"123456789", + b"123456789" + ); + pattern_match!( + r#"{ 31 32 [1-] 34 35 [1-] 38 39 }"#, + b"123456789", + b"123456789" + ); + //TODO + /* + pattern_match!( + r#"{ 31 32 [0-3] 34 35 [1-] 38 39 }"#, + b"123456789", + b"123456789" + ); + pattern_match!( + r#"{ 31 32 [0-2] 34 35 [1-] 38 39 }"#, + b"123456789", + b"123456789" + ); + */ + pattern_match!(r#"{ 31 32 ~32 34 35 }"#, b"123456789", b"12345"); + pattern_false!(r#"{ 31 32 ~33 34 35 }"#, b"123456789"); + pattern_match!( + r#"{ ( 31 32 ~32 34 35 | 31 32 ~33 34 35 ) }"#, + b"123456789", + b"12345" + ); + pattern_match!(r#"{ 31 32 ~?2 34 35 }"#, b"123456789", b"12345"); + pattern_false!(r#"{ 31 32 ~?3 34 35 }"#, b"123456789"); + pattern_match!(r#"{ 31 32 ~4? 34 35 }"#, b"123456789", b"12345"); + pattern_false!(r#"{ 31 32 ~3? 34 35 }"#, b"123456789"); + pattern_match!( + r#"{ ( 31 32 ~3? 34 35 | 31 32 ~?2 34 35) }"#, + b"123456789", + b"12345" + ); + pattern_false!(r#"{ 35 36 [-] 31 32 }"#, b"123456789"); + pattern_false!(r#"{ 31 32 [2-] 34 35 }"#, b"123456789"); + pattern_match!( + r#"{ 31 32 [0-1] 34 35 [0-2] 36 37 }"#, + b"123456789", + b"1234567" + ); + pattern_match!(r#"{ 31 32 [0-5] 38 39 }"#, b"123456789", b"123456789"); + pattern_false!(r#"{ 31 32 [0-3] 37 38 }"#, b"123456789"); + pattern_match!(r#"{ 31 32 [0-2] 34 [0-2] 34 }"#, b"1244", b"1244"); + pattern_match!(r#"{ 31 32 [0-2] 34 [0-2] 34 }"#, b"12344", b"12344"); + pattern_match!( + r#"{ 31 32 [0-2] 34 [0-2] 34 [2-3] 34 }"#, + b"123440004", + b"123440004" + ); + pattern_match!(r#"{ 31[-][8-][-]30 }"#, b"1234567890", b"1234567890"); + pattern_false!(r#"{ 31[-][9-][-]30 }"#, b"1234567890"); } #[test]