Static Token And Credential Scanner Community Rules.
This repository contains community rule packs for use with STACS. Please see the STACS repository for more information!
In order to ensure that new rules are tested appropriately, a set of negative and
positive test fixtures should exist for all rules. These must live under the tests
directory and reflect the same structure as the rule itself - including the rule name.
As an example, the following shell snippet will generate negative and positive
directories for all rules of a defined RULE_TYPE when run from the root of this
repository.
find rules -name *.yar | sed 's/rules\///' \
| xargs -I{} bash -c "\
mkdir -p ./tests/fixtures/{}/{positive,negative} ; \
touch ./tests/fixtures/{}/{negative,positive}/.gitignore"These directories must then be populated with fixtures which demonstrate both a positive
match (positive) and a negative match (negative). Ideally, negative tests should be
close to a match, but not exact - rather than just a random block of data. This is in
order to ensure that partial matches do not trigger a finding.