mirror of
https://github.com/gchq/CyberChef.git
synced 2025-04-21 23:36:16 -04:00
Fixed problems flagged by n's review
This commit is contained in:
Matt
parent
ebb632e888
commit
dd9ba4d250
4 changed files with 19 additions and 22 deletions
|
|
@ -1,110 +0,0 @@
|
|||
/**
|
||||
* @author Matt C [matt@artemisbot.uk]
|
||||
* @copyright Crown Copyright 2019
|
||||
* @license Apache-2.0
|
||||
*/
|
||||
|
||||
import Operation from "../Operation";
|
||||
import OperationError from "../errors/OperationError";
|
||||
import Yara from "libyara-wasm";
|
||||
|
||||
/**
|
||||
* Yara Rules operation
|
||||
*/
|
||||
class YaraRules extends Operation {
|
||||
|
||||
/**
|
||||
* YaraRules constructor
|
||||
*/
|
||||
constructor() {
|
||||
super();
|
||||
|
||||
this.name = "Yara Rules";
|
||||
this.module = "Yara";
|
||||
this.description = "Yara support";
|
||||
this.infoURL = "https://en.wikipedia.org/wiki/YARA";
|
||||
this.inputType = "ArrayBuffer";
|
||||
this.outputType = "string";
|
||||
this.args = [
|
||||
{
|
||||
name: "Rules",
|
||||
type: "code",
|
||||
value: ""
|
||||
},
|
||||
{
|
||||
name: "Show strings",
|
||||
type: "boolean",
|
||||
value: false
|
||||
},
|
||||
{
|
||||
name: "Show string lengths",
|
||||
type: "boolean",
|
||||
value: false
|
||||
},
|
||||
{
|
||||
name: "Show metadata",
|
||||
type: "boolean",
|
||||
value: false
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param {string} input
|
||||
* @param {Object[]} args
|
||||
* @returns {string}
|
||||
*/
|
||||
run(input, args) {
|
||||
const [rules, showStrings, showLengths, showMeta] = args;
|
||||
return new Promise((resolve, reject) => {
|
||||
Yara().then(yara => {
|
||||
let matchString = "";
|
||||
const inpArr = new Uint8Array(input); // I know this is garbage but it's like 1.5 times faster
|
||||
const inpVec = new yara.vectorChar();
|
||||
for (let i = 0; i < inpArr.length; i++) {
|
||||
inpVec.push_back(inpArr[i]);
|
||||
}
|
||||
const resp = yara.run(inpVec, rules);
|
||||
if (resp.compileErrors.size() > 0) {
|
||||
for (let i = 0; i < resp.compileErrors.size(); i++) {
|
||||
const compileError = resp.compileErrors.get(i);
|
||||
if (!compileError.warning) {
|
||||
reject(new OperationError(`Error on line ${compileError.lineNumber}: ${compileError.message}`));
|
||||
} else {
|
||||
matchString += `Warning on line ${compileError.lineNumber}: ${compileError.message}`;
|
||||
}
|
||||
}
|
||||
}
|
||||
const matchedRules = resp.matchedRules;
|
||||
for (let i = 0; i < matchedRules.size(); i++) {
|
||||
const rule = matchedRules.get(i);
|
||||
const matches = rule.resolvedMatches;
|
||||
let meta = "";
|
||||
if (showMeta && rule.metadata.size() > 0) {
|
||||
meta += " [";
|
||||
for (let j = 0; j < rule.metadata.size(); j++) {
|
||||
meta += `${rule.metadata.get(j).identifier}: ${rule.metadata.get(j).data}, `;
|
||||
}
|
||||
meta = meta.slice(0, -2) + "]";
|
||||
}
|
||||
if (matches.size() === 0 || !(showStrings || showLengths)) {
|
||||
matchString += `Input matches rule "${rule.ruleName}"${meta}.\n`;
|
||||
} else {
|
||||
matchString += `Rule "${rule.ruleName}"${meta} matches:\n`;
|
||||
for (let j = 0; j < matches.size(); j++) {
|
||||
const match = matches.get(j);
|
||||
if (showStrings || showLengths) {
|
||||
matchString += `Pos ${match.location}, ${showLengths ? `length ${match.matchLength}, ` : ""}identifier ${match.stringIdentifier}${showStrings ? `, data: "${match.data}"` : ""}\n`;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
resolve(matchString);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
export default YaraRules;
|
||||
Loading…
Add table
Add a link
Reference in a new issue