mirror of
https://github.com/gchq/CyberChef.git
synced 2025-04-20 23:06:16 -04:00
Added metadata, string identifiers and operation args
This commit is contained in:
Matt
parent
4db2335107
commit
ebb632e888
4 changed files with 49 additions and 20 deletions
6
package-lock.json
generated
6
package-lock.json
generated
|
|
@ -7756,9 +7756,9 @@
|
||||||
"integrity": "sha1-ZMTwJfF/1Tv7RXY/rrFvAVp0dVA="
|
"integrity": "sha1-ZMTwJfF/1Tv7RXY/rrFvAVp0dVA="
|
||||||
},
|
},
|
||||||
"libyara-wasm": {
|
"libyara-wasm": {
|
||||||
"version": "0.0.6",
|
"version": "0.0.8",
|
||||||
"resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-0.0.6.tgz",
|
"resolved": "https://registry.npmjs.org/libyara-wasm/-/libyara-wasm-0.0.8.tgz",
|
||||||
"integrity": "sha512-Crnaz5G/ejjZrEYTlyUZIaquR66djW8w8UR8GtgFrpWzhiySPJTcdxwOhGmCku2VhhETPznz20KxBNifBSF+oA=="
|
"integrity": "sha512-ZB+Ya3bEBoanvde47X8RzqpMBHgrPxrTZIJ/UEoatVnOEy2he1IORuotdSkP2o73URRzHGN1jNWDIhTdfbZ3rQ=="
|
||||||
},
|
},
|
||||||
"livereload-js": {
|
"livereload-js": {
|
||||||
"version": "2.4.0",
|
"version": "2.4.0",
|
||||||
|
|
|
||||||
|
|
@ -106,7 +106,7 @@
|
||||||
"jsqr": "^1.1.1",
|
"jsqr": "^1.1.1",
|
||||||
"jsrsasign": "8.0.12",
|
"jsrsasign": "8.0.12",
|
||||||
"kbpgp": "^2.0.82",
|
"kbpgp": "^2.0.82",
|
||||||
"libyara-wasm": "0.0.6",
|
"libyara-wasm": "0.0.8",
|
||||||
"lodash": "^4.17.11",
|
"lodash": "^4.17.11",
|
||||||
"loglevel": "^1.6.1",
|
"loglevel": "^1.6.1",
|
||||||
"loglevel-message-prefix": "^3.0.0",
|
"loglevel-message-prefix": "^3.0.0",
|
||||||
|
|
|
||||||
|
|
@ -25,11 +25,28 @@ class YaraRules extends Operation {
|
||||||
this.infoURL = "https://en.wikipedia.org/wiki/YARA";
|
this.infoURL = "https://en.wikipedia.org/wiki/YARA";
|
||||||
this.inputType = "ArrayBuffer";
|
this.inputType = "ArrayBuffer";
|
||||||
this.outputType = "string";
|
this.outputType = "string";
|
||||||
this.args = [{
|
this.args = [
|
||||||
name: "Rules",
|
{
|
||||||
type: "code",
|
name: "Rules",
|
||||||
value: ""
|
type: "code",
|
||||||
}];
|
value: ""
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Show strings",
|
||||||
|
type: "boolean",
|
||||||
|
value: false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Show string lengths",
|
||||||
|
type: "boolean",
|
||||||
|
value: false
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "Show metadata",
|
||||||
|
type: "boolean",
|
||||||
|
value: false
|
||||||
|
}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -38,6 +55,7 @@ class YaraRules extends Operation {
|
||||||
* @returns {string}
|
* @returns {string}
|
||||||
*/
|
*/
|
||||||
run(input, args) {
|
run(input, args) {
|
||||||
|
const [rules, showStrings, showLengths, showMeta] = args;
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
Yara().then(yara => {
|
Yara().then(yara => {
|
||||||
let matchString = "";
|
let matchString = "";
|
||||||
|
|
@ -46,7 +64,7 @@ class YaraRules extends Operation {
|
||||||
for (let i = 0; i < inpArr.length; i++) {
|
for (let i = 0; i < inpArr.length; i++) {
|
||||||
inpVec.push_back(inpArr[i]);
|
inpVec.push_back(inpArr[i]);
|
||||||
}
|
}
|
||||||
const resp = yara.run(inpVec, args[0]);
|
const resp = yara.run(inpVec, rules);
|
||||||
if (resp.compileErrors.size() > 0) {
|
if (resp.compileErrors.size() > 0) {
|
||||||
for (let i = 0; i < resp.compileErrors.size(); i++) {
|
for (let i = 0; i < resp.compileErrors.size(); i++) {
|
||||||
const compileError = resp.compileErrors.get(i);
|
const compileError = resp.compileErrors.get(i);
|
||||||
|
|
@ -58,16 +76,26 @@ class YaraRules extends Operation {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
const matchedRules = resp.matchedRules;
|
const matchedRules = resp.matchedRules;
|
||||||
for (let i = 0; i < matchedRules.keys().size(); i++) {
|
for (let i = 0; i < matchedRules.size(); i++) {
|
||||||
const ruleMatches = matchedRules.get(matchedRules.keys().get(i));
|
const rule = matchedRules.get(i);
|
||||||
if (ruleMatches.size() === 0) {
|
const matches = rule.resolvedMatches;
|
||||||
matchString += `Input matches rule "${matchedRules.keys().get(i)}".\n`;
|
let meta = "";
|
||||||
|
if (showMeta && rule.metadata.size() > 0) {
|
||||||
|
meta += " [";
|
||||||
|
for (let j = 0; j < rule.metadata.size(); j++) {
|
||||||
|
meta += `${rule.metadata.get(j).identifier}: ${rule.metadata.get(j).data}, `;
|
||||||
|
}
|
||||||
|
meta = meta.slice(0, -2) + "]";
|
||||||
|
}
|
||||||
|
if (matches.size() === 0 || !(showStrings || showLengths)) {
|
||||||
|
matchString += `Input matches rule "${rule.ruleName}"${meta}.\n`;
|
||||||
} else {
|
} else {
|
||||||
matchString += `Rule "${matchedRules.keys().get(i)}" matches:\n`;
|
matchString += `Rule "${rule.ruleName}"${meta} matches:\n`;
|
||||||
|
for (let j = 0; j < matches.size(); j++) {
|
||||||
for (let j = 0; j < ruleMatches.size(); j++) {
|
const match = matches.get(j);
|
||||||
const match = ruleMatches.get(j);
|
if (showStrings || showLengths) {
|
||||||
matchString += `Position ${match.location}, length ${match.matchLength}, data: ${match.data}\n`;
|
matchString += `Pos ${match.location}, ${showLengths ? `length ${match.matchLength}, ` : ""}identifier ${match.stringIdentifier}${showStrings ? `, data: "${match.data}"` : ""}\n`;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,8 @@ class HTMLIngredient {
|
||||||
value="${this.value}"
|
value="${this.value}"
|
||||||
rows=5
|
rows=5
|
||||||
${this.disabled ? "disabled" : ""}></textarea>
|
${this.disabled ? "disabled" : ""}></textarea>
|
||||||
${this.hint ? "<span class='bmd-help'>" + this.hint + "</span>" : ""}`;
|
${this.hint ? "<span class='bmd-help'>" + this.hint + "</span>" : ""}
|
||||||
|
</div>`;
|
||||||
break;
|
break;
|
||||||
case "string":
|
case "string":
|
||||||
case "binaryString":
|
case "binaryString":
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue