From 1bbfc0b4f59d19b21658be1fa7d97f28ba4f16d8 Mon Sep 17 00:00:00 2001
From: Kelly Kelly <kelly@basistech.com>
Date: Wed, 28 Oct 2020 14:28:45 -0400
Subject: [PATCH] Cleaned up the test code

---
 .../YaraWrapperTest/resources/hello.compiled  | Bin 0 -> 5165 bytes
 .../yara/YaraWrapperTest/resources/hello.txt  |   1 +
 .../autopsy/yara/YaraWrapperTest.java         |  65 ++++++++++++++----
 3 files changed, 51 insertions(+), 15 deletions(-)
 create mode 100755 Tools/yara/YaraWrapperTest/resources/hello.compiled
 create mode 100755 Tools/yara/YaraWrapperTest/resources/hello.txt

diff --git a/Tools/yara/YaraWrapperTest/resources/hello.compiled b/Tools/yara/YaraWrapperTest/resources/hello.compiled
new file mode 100755
index 0000000000000000000000000000000000000000..8912235125640252150b52bd4a63d651117fc734
GIT binary patch
literal 5165
zcmeHLziSjh6n_2+Q6q>#P>3=}0;iRQ1j`&+B%O#LB1*>Fce#bR+hcYvXctJ6*2cz0
zEJUysgj81I-(Y3s9}$G}eLHXD2zP=6!D1fw?)%<*^J~A|J9g$#`+obv!Yhh)Uf`Yb
zO~JWiG59X<L-}ptSC7a1C4p7tUxfcuent4@6R{1xfAe|aXEhIgG4hr`Tls?UQ`%$_
zFg^0ptwA)`>1bjq$r7CuKlls7xJDefBAzUbkNhoh;F@@{$@-QgQTM4RI9cD-`reHC
zORdkE|FzcN&glO^>mLu*q1)-jm>hrGKakHD5pDz4yDvUg6WSQ^pOjCNvEZ&9xj^ge
zT=lT>u85Q(r-AJ=Z4ByQovZKqa+^IBTz7mq3}rQ-2R%03(y_52aDN!MFrhMK>|m@Z
zVwa8$yjA&<Yr5yF4%fB0<JmStgcn05ejeBltfOb#v)g6mYpO<JI11Ey{PfzB8`qZ!
z<2xCLR%%+dahWDAb7@I0@mzX-7V+RV)<~3sjMEj^NYD55@;}RV@%#RR_2-EC_@Bs@
z703!?1+oHJfg>uQZ@)(zC3nvXWCgMUS%IuTR^WeDARP&$qmjdywxD<~NS>|-F}9yT
z9H{|~B96=ux5U%-8Hn~kqnPSz8m}vED)tn26!#S0D85(xtoT(B*K|`6>p*P8&xpf-
P^NLtEVziU(bi;oEz|h56

literal 0
HcmV?d00001

diff --git a/Tools/yara/YaraWrapperTest/resources/hello.txt b/Tools/yara/YaraWrapperTest/resources/hello.txt
new file mode 100755
index 0000000000..5e1c309dae
--- /dev/null
+++ b/Tools/yara/YaraWrapperTest/resources/hello.txt
@@ -0,0 +1 @@
+Hello World
\ No newline at end of file
diff --git a/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java b/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java
index d63a160a5a..c015ea8c7e 100755
--- a/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java
+++ b/Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java
@@ -1,7 +1,20 @@
 /*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
+ * Autopsy Forensic Browser
+ *
+ * Copyright 2020 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 package org.sleuthkit.autopsy.yara;
 
@@ -14,28 +27,50 @@ import java.util.List;
 import org.sleuthkit.autopsy.yara.YaraJNIWrapper;
 import org.sleuthkit.autopsy.yara.YaraWrapperException;
 
-
+/**
+ * Tests the YaraJNIWrapper code.
+ */
 public class YaraWrapperTest {
 
-    private static String compiledRulePath = "C:\\Temp\\yara\\hello.compiled";
-    private static String textFilePath = "C:\\Temp\\yara\\hello.txt";
-
     public static void main(String[] args) {
-        Path path = Paths.get(textFilePath);
+        if (args.length < 2) {
+            System.out.println("Please supply two arguments, a yara compiled rule path and a path to the file to scan.");
+            return;
+        }
+
+        TestFileRuleMatch(args[0], args[1]);
+    }
+
+    /**
+     * Call the YaraJNIWrapper FindRuleMatch with the given path and output the
+     * results to the cl.
+     *
+     * @param compiledRulePath Path to yara compiled rule file
+     * @param filePath         Path to file
+     */
+    private static void TestFileRuleMatch(String compiledRulePath, String filePath) {
+        Path path = Paths.get(filePath);
+
         try {
             byte[] data = Files.readAllBytes(path);
 
             List<String> list = YaraJNIWrapper.FindRuleMatch(compiledRulePath, data);
 
-            for (String s : list) {
-                System.out.println(s);
+            if (list != null) {
+                if (list.isEmpty()) {
+                    System.out.println("FindRuleMatch return an empty list");
+                } else {
+                    for (String s : list) {
+                        System.out.println("Matching Rules:");
+                        System.out.println(s);
+                    }
+                }
+            } else {
+                System.out.println("FindRuleMatch return a null list");
             }
 
-        } catch (IOException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (YaraWrapperException ex) {
-            System.out.println("it worked");
+        } catch (IOException | YaraWrapperException ex) {
+            ex.printStackTrace();
         }
     }