Merge pull request #253 from MISP/chrisr3d_patch

Validation of yara rules
pipenv
Alexandre Dulaunoy 4 years ago committed by GitHub
commit f62ca53e90
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      REQUIREMENTS
  2. 11
      misp_modules/modules/expansion/yara_query.py
  3. 2
      misp_modules/modules/expansion/yara_syntax_validator.py

@ -21,7 +21,7 @@ domaintools_api
pygeoip
bs4
oauth2
yara-python
yara-python==3.8.0
sigmatools
stix2-patterns
maclookup

@ -1,5 +1,9 @@
import json
import re
try:
import yara
except (OSError, ImportError):
print("yara is missing, use 'pip3 install -I -r REQUIREMENTS' from the root of this repository to install it.")
misperrors = {'error': 'Error'}
moduleinfo = {'version': '1', 'author': 'Christian STUDER',
@ -30,7 +34,12 @@ def handler(q=False):
rule_start = 'import "hash" \r\nrule %s_%s {' % (attribute_type.upper(), re.sub(r'\W+', '_', uuid)) if uuid else 'import "hash"\r\nrule %s {' % attribute_type.upper()
condition = '\tcondition:\r\n\t\t{}'.format(condition)
rule = '\r\n'.join([rule_start, condition, '}'])
return {'results': [{'types': mispattributes['output'], 'values': [rule]}]}
try:
yara.compile(source=rule)
except Exception as e:
misperrors['error'] = 'Syntax error: {}'.format(e)
return misperrors
return {'results': [{'types': mispattributes['output'], 'values': rule}]}
def introspection():
return mispattributes

@ -3,7 +3,7 @@ import requests
try:
import yara
except (OSError, ImportError):
print("yara is missing, use 'pip3 install yara' to install it.")
print("yara is missing, use 'pip3 install -I -r REQUIREMENTS' from the root of this repository to install it.")
misperrors = {'error': 'Error'}
mispattributes = {'input': ['yara'], 'output': ['text']}

Loading…
Cancel
Save