mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-22 07:46:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added yara rule support

Browse source
This commit is contained in:
Matt 2019-01-08 16:19:58 +00:00
parent 15fbe5a459
commit 5ac469b174
3 changed files with 147 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

68
src/core/operations/YaraRules.mjs Normal file
View file

@ -0,0 +1,68 @@
/**
* @author Matt C [matt@artemisbot.uk]
* @copyright Crown Copyright 2019
* @license Apache-2.0
*/
import Operation from "../Operation";
import OperationError from "../errors/OperationError";
import Yara from "libyara-wasm";
/**
* Yara Rules operation
*/
class YaraRules extends Operation {
/**
* YaraRules constructor
*/
constructor() {
super();
this.name = "Yara Rules";
this.module = "Yara";
this.description = "Yara support";
this.infoURL = "https://en.wikipedia.org/wiki/YARA";
this.inputType = "string";
this.outputType = "string";
this.args = [{
name: "Rules",
type: "string",
value: ""
}];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
return new Promise((resolve, reject) => {
Yara().then(yara => {
const resp = yara.run(input, args[0]);
if (resp.compileErrors.size() > 0) {
for (let i = 0; i < resp.compileErrors.size(); i++) {
const compileError = resp.compileErrors.get(i);
reject(new OperationError(`Error on line ${compileError.lineNumber}: ${compileError.message}`));
}
}
const matchedRules = resp.matchedRules;
let matchString = "";
for (let i = 0; i < matchedRules.keys().size(); i++) {
const ruleMatches = matchedRules.get(matchedRules.keys().get(i));
matchString += `Rule "${matchedRules.keys().get(i)}" matches:\n`;
for (let j = 0; j < ruleMatches.size(); j++) {
const match = ruleMatches.get(j);
matchString += `Position ${match.location}, length ${match.matchLength}, data: ${match.data}\n`;
}
}
resolve(matchString);
});
});
}
}
export default YaraRules;