Panoptes
1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
src
extensibility
PanoptesYara
test
Test_PanoptesYara.cpp
Go to the documentation of this file.
1
#include "gtest/gtest.h"
2
#include "
PanoptesYara.h
"
3
4
#define YARA_RULES "rules.pkg"
5
#define EICAR_PATH "eicarcom2.zip"
6
7
namespace
Yara
{
8
class
YaraScanTest
:
public
::testing::Test {
9
protected
:
10
YaraScanner
*
yaraScan
;
11
12
void
SetUp
()
override
{
13
yaraScan
=
new
YaraScanner
(
YARA_RULES
);
14
}
15
16
void
TearDown
()
override
{
17
delete
yaraScan
;
18
yaraScan
=
nullptr
;
19
}
20
};
21
22
TEST_F
(
YaraScanTest
, ScanNotePad) {
23
std::vector<string>
result
= yaraScan->
YaraScanFile
(
"C:\\Windows\\System32\\notepad.exe"
);
24
EXPECT_EQ(
result
.size(), 0);
25
}
26
27
TEST_F
(
YaraScanTest
, ScanEicar) {
28
std::vector<string>
result
= yaraScan->YaraScanFile(
EICAR_PATH
);
29
EXPECT_GT(
result
.size(), 0);
30
}
31
}
PanoptesYara.h
EICAR_PATH
#define EICAR_PATH
Definition
Test_PanoptesYara.cpp:5
YARA_RULES
#define YARA_RULES
Definition
Test_PanoptesYara.cpp:4
YaraScanner
The YaraScanner class that is used to scan a file using YARA rules.
Definition
PanoptesYara.h:20
YaraScanner::YaraScanFile
std::vector< std::string > YaraScanFile(std::string PathToFile)
Scan a file using YARA rules.
Definition
yara-scan.cpp:81
Yara::YaraScanTest
Definition
Test_PanoptesYara.cpp:8
Yara::YaraScanTest::yaraScan
YaraScanner * yaraScan
Definition
Test_PanoptesYara.cpp:10
Yara::YaraScanTest::TearDown
void TearDown() override
Definition
Test_PanoptesYara.cpp:16
Yara::YaraScanTest::SetUp
void SetUp() override
Definition
Test_PanoptesYara.cpp:12
result
ULONG result
Definition
events.cpp:22
Yara
Definition
Test_PanoptesYara.cpp:7
Yara::TEST_F
TEST_F(YaraScanTest, ScanNotePad)
Definition
Test_PanoptesYara.cpp:22
Generated by
1.9.8
1.9.8