mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleaned up the test code

Browse Source
This commit is contained in:
Kelly Kelly 2020-10-28 14:28:45 -04:00
parent 7a0054f9a9
commit 1bbfc0b4f5
3 changed files with 51 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Tools/yara/YaraWrapperTest/resources/hello.compiled Executable file
View File

Binary file not shown.

1
Tools/yara/YaraWrapperTest/resources/hello.txt Executable file
View File

@ -0,0 +1 @@
Hello World

65
Tools/yara/YaraWrapperTest/src/org/sleuthkit/autopsy/yara/YaraWrapperTest.java
View File

@ -1,7 +1,20 @@
/* /*
* To change this license header, choose License Headers in Project Properties. * Autopsy Forensic Browser
* To change this template file, choose Tools | Templates *
* and open the template in the editor. * Copyright 2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package org.sleuthkit.autopsy.yara; package org.sleuthkit.autopsy.yara;
@ -14,28 +27,50 @@ import java.util.List;
import org.sleuthkit.autopsy.yara.YaraJNIWrapper; import org.sleuthkit.autopsy.yara.YaraJNIWrapper;
import org.sleuthkit.autopsy.yara.YaraWrapperException; import org.sleuthkit.autopsy.yara.YaraWrapperException;
/**
* Tests the YaraJNIWrapper code.
*/
public class YaraWrapperTest { public class YaraWrapperTest {
private static String compiledRulePath = "C:\\Temp\\yara\\hello.compiled";
private static String textFilePath = "C:\\Temp\\yara\\hello.txt";
public static void main(String[] args) { public static void main(String[] args) {
Path path = Paths.get(textFilePath); if (args.length < 2) {
System.out.println("Please supply two arguments, a yara compiled rule path and a path to the file to scan.");
return;
}
TestFileRuleMatch(args[0], args[1]);
}
/**
* Call the YaraJNIWrapper FindRuleMatch with the given path and output the
* results to the cl.
*
* @param compiledRulePath Path to yara compiled rule file
* @param filePath Path to file
*/
private static void TestFileRuleMatch(String compiledRulePath, String filePath) {
Path path = Paths.get(filePath);
try { try {
byte[] data = Files.readAllBytes(path); byte[] data = Files.readAllBytes(path);
List<String> list = YaraJNIWrapper.FindRuleMatch(compiledRulePath, data); List<String> list = YaraJNIWrapper.FindRuleMatch(compiledRulePath, data);
for (String s : list) { if (list != null) {
System.out.println(s); if (list.isEmpty()) {
System.out.println("FindRuleMatch return an empty list");
} else {
for (String s : list) {
System.out.println("Matching Rules:");
System.out.println(s);
}
}
} else {
System.out.println("FindRuleMatch return a null list");
} }
} catch (IOException e) { } catch (IOException | YaraWrapperException ex) {
// TODO Auto-generated catch block ex.printStackTrace();
e.printStackTrace();
} catch (YaraWrapperException ex) {
System.out.println("it worked");
} }
} }