def test_run(self, outputs):
with patch.dict('sys.modules', **{
'yara': MagicMock(),
}):
from fibratus.binding.yar import YaraBinding
with patch('os.path.exists', return_value=True), \
patch('os.path.isdir', return_value=True), \
patch('glob.glob', return_value=['silent_banker.yar']), \
patch('yara.compile'):
yara_binding = YaraBinding(outputs,
Mock(spec_set=Logger), output='amqp', path='C:\\yara-rules')
yara_binding.run(thread_info=Mock(spec_set=ThreadInfo), kevent=Mock(spec_set=KEvent))
assert yara_binding._rules.match.called
评论列表
文章目录
