chg: [yara trackers UI] add yara trackers, show default yara rule

2020-09-03 16:33:10 +02:00 · 2020-09-03 16:33:10 +02:00 · d55c8221ad
parent 55ab603f27
commit d55c8221ad
3 changed files with 47 additions and 11 deletions
--- a/bin/lib/Tracker.py
+++ b/bin/lib/Tracker.py
@ -139,6 +139,22 @@ def get_yara_rule_content(yara_rule):
        rule_content = f.read()
    return rule_content

+def api_get_default_rule_content(default_yara_rule):
+    yara_dir = get_yara_rules_default_dir()
+    filename = os.path.join(yara_dir, default_yara_rule)
+    filename = os.path.realpath(filename)
+
+    # incorrect filename
+    if not os.path.commonprefix([filename, yara_dir]) == yara_dir:
+        return ({'status': 'error', 'reason': 'file transversal detected'}, 400)
+
+    if not os.path.isfile(filename):
+        return ({'status': 'error', 'reason': 'yara rule not found'}, 400)
+
+    with open(filename, 'r') as f:
+        rule_content = f.read()
+    return ({'rule_name': default_yara_rule, 'content': rule_content}, 200)
+
 ##-- YARA --##


--- a/var/www/modules/hunter/Flask_hunter.py
+++ b/var/www/modules/hunter/Flask_hunter.py
@ -254,12 +254,13 @@ def get_json_tracker_stats():
        res = Term.get_list_tracked_term_stats_by_day([tracker_uuid])
    return jsonify(res)

-# @hunter.route("/tracker/get_all_default_yara_rules_by_type", methods=['GET'])
-# @login_required
-# @login_read_only
-# def get_all_default_yara_rules_by_type():
-#     yara_types = request.args.get('yara_types')
-#     get_all_default_yara_rules_by_types(yara_types)
+@hunter.route("/tracker/yara/default_rule/content", methods=['GET'])
+@login_required
+@login_read_only
+def get_default_yara_rule_content():
+    default_yara_rule = request.args.get('rule_name')
+    res = Tracker.api_get_default_rule_content(default_yara_rule)
+    return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]

 # ========= REGISTRATION =========
 app.register_blueprint(hunter, url_prefix=baseUrl)
--- a/var/www/modules/hunter/templates/Add_tracker.html
+++ b/var/www/modules/hunter/templates/Add_tracker.html
@ -89,10 +89,10 @@
 									</div>


-									<div class="" id="yara_rule">
+									<div class="mb-2" id="yara_rule">
 										<div class="" id="yara_default_rules">

-											<select class="custom-select w-100 mb-3" name="yara_default_rule">
+											<select class="custom-select w-100 mb-3" name="yara_default_rule" onchange="get_default_rule_content(this);">
 											  <option selected>Select a default rule</option>
 												{% for yara_types in all_yara_files %}
 													{% for yara_file in all_yara_files[yara_types] %}
@ -100,12 +100,17 @@
 													{% endfor %}
 												{% endfor %}
 											</select>
+
+											<pre class="border bg-light" id="default_yara_rule_content"></pre>
+
 										</div>

-									<div class="row" id="textarea">
-										<textarea class="form-control mx-3" id="text_input" name="yara_custom_rule" placeholder="Enter your own YARA rule" rows="5"></textarea>
+										<hr>
+
+										<div class="row" id="textarea">
+											<textarea class="form-control mx-3" id="text_input" name="yara_custom_rule" placeholder="Enter your own YARA rule" rows="5"></textarea>
+										</div>
 									</div>
-								</div>

 									<br>
 									<button class="btn btn-success mt-2">
@ -183,4 +188,18 @@ function toggle_sidebar(){
 	}
 }

+
+
+function get_default_rule_content(selector){
+	var yara_name = selector.value
+	if (yara_name === "Select a default rule") {
+		jQuery("#default_yara_rule_content").text("")
+	} else {
+		$.getJSON("{{ url_for('hunter.get_default_yara_rule_content') }}?rule_name=" + yara_name,
+			function(data) {
+				jQuery("#default_yara_rule_content").text(data['content'])
+		});
+	}
+}
+
 </script>