mirror of https://github.com/CIRCL/AIL-framework
chg: [yara trackers UI] add yara trackers, show default yara rule
parent
55ab603f27
commit
d55c8221ad
|
@ -139,6 +139,22 @@ def get_yara_rule_content(yara_rule):
|
||||||
rule_content = f.read()
|
rule_content = f.read()
|
||||||
return rule_content
|
return rule_content
|
||||||
|
|
||||||
|
def api_get_default_rule_content(default_yara_rule):
|
||||||
|
yara_dir = get_yara_rules_default_dir()
|
||||||
|
filename = os.path.join(yara_dir, default_yara_rule)
|
||||||
|
filename = os.path.realpath(filename)
|
||||||
|
|
||||||
|
# incorrect filename
|
||||||
|
if not os.path.commonprefix([filename, yara_dir]) == yara_dir:
|
||||||
|
return ({'status': 'error', 'reason': 'file transversal detected'}, 400)
|
||||||
|
|
||||||
|
if not os.path.isfile(filename):
|
||||||
|
return ({'status': 'error', 'reason': 'yara rule not found'}, 400)
|
||||||
|
|
||||||
|
with open(filename, 'r') as f:
|
||||||
|
rule_content = f.read()
|
||||||
|
return ({'rule_name': default_yara_rule, 'content': rule_content}, 200)
|
||||||
|
|
||||||
##-- YARA --##
|
##-- YARA --##
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -254,12 +254,13 @@ def get_json_tracker_stats():
|
||||||
res = Term.get_list_tracked_term_stats_by_day([tracker_uuid])
|
res = Term.get_list_tracked_term_stats_by_day([tracker_uuid])
|
||||||
return jsonify(res)
|
return jsonify(res)
|
||||||
|
|
||||||
# @hunter.route("/tracker/get_all_default_yara_rules_by_type", methods=['GET'])
|
@hunter.route("/tracker/yara/default_rule/content", methods=['GET'])
|
||||||
# @login_required
|
@login_required
|
||||||
# @login_read_only
|
@login_read_only
|
||||||
# def get_all_default_yara_rules_by_type():
|
def get_default_yara_rule_content():
|
||||||
# yara_types = request.args.get('yara_types')
|
default_yara_rule = request.args.get('rule_name')
|
||||||
# get_all_default_yara_rules_by_types(yara_types)
|
res = Tracker.api_get_default_rule_content(default_yara_rule)
|
||||||
|
return Response(json.dumps(res[0], indent=2, sort_keys=True), mimetype='application/json'), res[1]
|
||||||
|
|
||||||
# ========= REGISTRATION =========
|
# ========= REGISTRATION =========
|
||||||
app.register_blueprint(hunter, url_prefix=baseUrl)
|
app.register_blueprint(hunter, url_prefix=baseUrl)
|
||||||
|
|
|
@ -89,10 +89,10 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<div class="" id="yara_rule">
|
<div class="mb-2" id="yara_rule">
|
||||||
<div class="" id="yara_default_rules">
|
<div class="" id="yara_default_rules">
|
||||||
|
|
||||||
<select class="custom-select w-100 mb-3" name="yara_default_rule">
|
<select class="custom-select w-100 mb-3" name="yara_default_rule" onchange="get_default_rule_content(this);">
|
||||||
<option selected>Select a default rule</option>
|
<option selected>Select a default rule</option>
|
||||||
{% for yara_types in all_yara_files %}
|
{% for yara_types in all_yara_files %}
|
||||||
{% for yara_file in all_yara_files[yara_types] %}
|
{% for yara_file in all_yara_files[yara_types] %}
|
||||||
|
@ -100,8 +100,13 @@
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
</select>
|
</select>
|
||||||
|
|
||||||
|
<pre class="border bg-light" id="default_yara_rule_content"></pre>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
<hr>
|
||||||
|
|
||||||
<div class="row" id="textarea">
|
<div class="row" id="textarea">
|
||||||
<textarea class="form-control mx-3" id="text_input" name="yara_custom_rule" placeholder="Enter your own YARA rule" rows="5"></textarea>
|
<textarea class="form-control mx-3" id="text_input" name="yara_custom_rule" placeholder="Enter your own YARA rule" rows="5"></textarea>
|
||||||
</div>
|
</div>
|
||||||
|
@ -183,4 +188,18 @@ function toggle_sidebar(){
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function get_default_rule_content(selector){
|
||||||
|
var yara_name = selector.value
|
||||||
|
if (yara_name === "Select a default rule") {
|
||||||
|
jQuery("#default_yara_rule_content").text("")
|
||||||
|
} else {
|
||||||
|
$.getJSON("{{ url_for('hunter.get_default_yara_rule_content') }}?rule_name=" + yara_name,
|
||||||
|
function(data) {
|
||||||
|
jQuery("#default_yara_rule_content").text(data['content'])
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
</script>
|
</script>
|
||||||
|
|
Loading…
Reference in New Issue