Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
common_helper_yara
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
common_helper_yara
Commits
38349c85
Commit
38349c85
authored
Sep 08, 2021
by
Jörg Stucke
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
requested review changes + refactoring
parent
b8a16648
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
6 additions
and
8 deletions
+6
-8
yara_compile.py
common_helper_yara/yara_compile.py
+1
-1
yara_scan.py
common_helper_yara/yara_scan.py
+5
-7
No files found.
common_helper_yara/yara_compile.py
View file @
38349c85
...
@@ -31,7 +31,7 @@ def compile_rules(
...
@@ -31,7 +31,7 @@ def compile_rules(
def
_create_joint_signature_file
(
directory
:
Path
,
tmp_file
:
NamedTemporaryFile
):
def
_create_joint_signature_file
(
directory
:
Path
,
tmp_file
:
NamedTemporaryFile
):
all_signatures
=
[
all_signatures
=
[
signature_file
.
read_bytes
()
signature_file
.
read_bytes
()
for
signature_file
in
directory
.
iterdir
(
)
for
signature_file
in
sorted
(
directory
.
iterdir
()
)
]
]
Path
(
tmp_file
.
name
)
.
write_bytes
(
b
'
\n
'
.
join
(
all_signatures
))
Path
(
tmp_file
.
name
)
.
write_bytes
(
b
'
\n
'
.
join
(
all_signatures
))
...
...
common_helper_yara/yara_scan.py
View file @
38349c85
...
@@ -62,7 +62,7 @@ def _split_output_in_rules_and_matches(output):
...
@@ -62,7 +62,7 @@ def _split_output_in_rules_and_matches(output):
while
''
in
match_blocks
:
while
''
in
match_blocks
:
match_blocks
.
remove
(
''
)
match_blocks
.
remove
(
''
)
rule_regex
=
re
.
compile
(
r'(.*)\s\[(.*)]\s(
[/]|[./]
)(.+)'
)
rule_regex
=
re
.
compile
(
r'(.*)\s\[(.*)]\s(
?=/|./|../
)(.+)'
)
rules
=
rule_regex
.
findall
(
output
)
rules
=
rule_regex
.
findall
(
output
)
assert
len
(
match_blocks
)
==
len
(
rules
)
assert
len
(
match_blocks
)
==
len
(
rules
)
...
@@ -70,17 +70,15 @@ def _split_output_in_rules_and_matches(output):
...
@@ -70,17 +70,15 @@ def _split_output_in_rules_and_matches(output):
def
_append_match_to_result
(
match
,
resulting_matches
,
rule
):
def
_append_match_to_result
(
match
,
resulting_matches
,
rule
):
assert
len
(
rule
)
==
4
assert
len
(
rule
)
==
3
,
f
'rule was parsed incorrectly: {rule}'
rule_name
,
meta_string
,
_
,
_
=
rule
rule_name
,
meta_string
,
_
=
rule
assert
len
(
match
)
==
4
assert
len
(
match
)
==
4
,
f
'match was parsed incorrectly: {match}'
_
,
offset
,
matched_tag
,
matched_string
=
match
_
,
offset
,
matched_tag
,
matched_string
=
match
meta_dict
=
_parse_meta_data
(
meta_string
)
meta_dict
=
_parse_meta_data
(
meta_string
)
this_match
=
resulting_matches
[
rule_name
]
if
rule_name
in
resulting_matches
else
dict
(
rule
=
rule_name
,
matches
=
True
,
strings
=
list
(),
meta
=
meta_dict
)
this_match
=
resulting_matches
.
setdefault
(
rule_name
,
dict
(
rule
=
rule_name
,
matches
=
True
,
strings
=
[],
meta
=
meta_dict
))
this_match
[
'strings'
]
.
append
((
int
(
offset
,
16
),
matched_tag
,
matched_string
.
encode
()))
this_match
[
'strings'
]
.
append
((
int
(
offset
,
16
),
matched_tag
,
matched_string
.
encode
()))
resulting_matches
[
rule_name
]
=
this_match
def
_parse_meta_data
(
meta_data_string
):
def
_parse_meta_data
(
meta_data_string
):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
