From ebb632e8882f8f2bad67429c4bf49ab13a211587 Mon Sep 17 00:00:00 2001 From: Matt Date: Wed, 9 Jan 2019 14:29:14 +0000 Subject: [PATCH] Added metadata, string identifiers and operation args --- package-lock.json | 6 ++-- package.json | 2 +- src/core/operations/YaraRules.mjs | 58 +++++++++++++++++++++++-------- src/web/HTMLIngredient.mjs | 3 +- 4 files changed, 49 insertions(+), 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index 573f8e67..2b4d058b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7756,9 +7756,9 @@ "integrity": "sha1-ZMTwJfF/1Tv7RXY/rrFvAVp0dVA=" }, "libyara-wasm": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-0.0.6.tgz", - "integrity": "sha512-Crnaz5G/ejjZrEYTlyUZIaquR66djW8w8UR8GtgFrpWzhiySPJTcdxwOhGmCku2VhhETPznz20KxBNifBSF+oA==" + "version": "0.0.8", + "resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-0.0.8.tgz", + "integrity": "sha512-ZB+Ya3bEBoanvde47X8RzqpMBHgrPxrTZIJ/UEoatVnOEy2he1IORuotdSkP2o73URRzHGN1jNWDIhTdfbZ3rQ==" }, "livereload-js": { "version": "2.4.0", diff --git a/package.json b/package.json index 2f9c7d04..8e21a0a6 100644 --- a/package.json +++ b/package.json @@ -106,7 +106,7 @@ "jsqr": "^1.1.1", "jsrsasign": "8.0.12", "kbpgp": "^2.0.82", - "libyara-wasm": "0.0.6", + "libyara-wasm": "0.0.8", "lodash": "^4.17.11", "loglevel": "^1.6.1", "loglevel-message-prefix": "^3.0.0", diff --git a/src/core/operations/YaraRules.mjs b/src/core/operations/YaraRules.mjs index b6d78a8c..bfdebb13 100644 --- a/src/core/operations/YaraRules.mjs +++ b/src/core/operations/YaraRules.mjs @@ -25,11 +25,28 @@ class YaraRules extends Operation { this.infoURL = "https://en.wikipedia.org/wiki/YARA"; this.inputType = "ArrayBuffer"; this.outputType = "string"; - this.args = [{ - name: "Rules", - type: "code", - value: "" - }]; + this.args = [ + { + name: "Rules", + type: "code", + value: "" + }, + { + name: "Show strings", + type: "boolean", + value: false + }, + { + name: "Show string lengths", + type: "boolean", + value: false + }, + { + name: "Show metadata", + type: "boolean", + value: false + } + ]; } /** @@ -38,6 +55,7 @@ class YaraRules extends Operation { * @returns {string} */ run(input, args) { + const [rules, showStrings, showLengths, showMeta] = args; return new Promise((resolve, reject) => { Yara().then(yara => { let matchString = ""; @@ -46,7 +64,7 @@ class YaraRules extends Operation { for (let i = 0; i < inpArr.length; i++) { inpVec.push_back(inpArr[i]); } - const resp = yara.run(inpVec, args[0]); + const resp = yara.run(inpVec, rules); if (resp.compileErrors.size() > 0) { for (let i = 0; i < resp.compileErrors.size(); i++) { const compileError = resp.compileErrors.get(i); @@ -58,16 +76,26 @@ class YaraRules extends Operation { } } const matchedRules = resp.matchedRules; - for (let i = 0; i < matchedRules.keys().size(); i++) { - const ruleMatches = matchedRules.get(matchedRules.keys().get(i)); - if (ruleMatches.size() === 0) { - matchString += `Input matches rule "${matchedRules.keys().get(i)}".\n`; + for (let i = 0; i < matchedRules.size(); i++) { + const rule = matchedRules.get(i); + const matches = rule.resolvedMatches; + let meta = ""; + if (showMeta && rule.metadata.size() > 0) { + meta += " ["; + for (let j = 0; j < rule.metadata.size(); j++) { + meta += `${rule.metadata.get(j).identifier}: ${rule.metadata.get(j).data}, `; + } + meta = meta.slice(0, -2) + "]"; + } + if (matches.size() === 0 || !(showStrings || showLengths)) { + matchString += `Input matches rule "${rule.ruleName}"${meta}.\n`; } else { - matchString += `Rule "${matchedRules.keys().get(i)}" matches:\n`; - - for (let j = 0; j < ruleMatches.size(); j++) { - const match = ruleMatches.get(j); - matchString += `Position ${match.location}, length ${match.matchLength}, data: ${match.data}\n`; + matchString += `Rule "${rule.ruleName}"${meta} matches:\n`; + for (let j = 0; j < matches.size(); j++) { + const match = matches.get(j); + if (showStrings || showLengths) { + matchString += `Pos ${match.location}, ${showLengths ? `length ${match.matchLength}, ` : ""}identifier ${match.stringIdentifier}${showStrings ? `, data: "${match.data}"` : ""}\n`; + } } } diff --git a/src/web/HTMLIngredient.mjs b/src/web/HTMLIngredient.mjs index 4de7e43f..234c5343 100755 --- a/src/web/HTMLIngredient.mjs +++ b/src/web/HTMLIngredient.mjs @@ -51,7 +51,8 @@ class HTMLIngredient { value="${this.value}" rows=5 ${this.disabled ? "disabled" : ""}> - ${this.hint ? "" + this.hint + "" : ""}`; + ${this.hint ? "" + this.hint + "" : ""} + `; break; case "string": case "binaryString":