Major changes from @malvidin's pull request "https://github.com/CybercentreCanada/CCCS-Yara/pull/24" have been merged in. Including much of the stylistic changes:
standardizing the use of ' ' vs " ".
standardizing on the use of YARA vs yara or Yara in comments, file names, etc.
changing the use of tag to metadata to avoid confusion with the existing tag functionality of YARA
changing the TagAttributes class to MetadataAttributes for similar reasons to the above
strips down the requirements.txt so that it no longer includes the items that will be installed when stix2 is installed
renames the cfg folder to stix2_patch
several other changes to improve the overall readability
@BitsOfBinary made the suggestion of a yara_version optional metadata entry in pull request "https://github.com/CybercentreCanada/CCCS-Yara/pull/29". We incorporated it as "minimum_yara" using the existing valid_version() function in this branch.
Major changes with the inclusion of the yara_file_processor.py library to support the handling of multi-rule YARA files:
Created the YaraFileProcessor class to read, parse, and maintain both the original file provided and individual instances of YaraRule objects for each YARA rule found in the file. This also handles errors for reading and parsing the file as well as errors and warning for each individual rule.
Created the YaraRule class to maintain an original string, plyara object, rule name and YaraReturn object for each rule parsed by the YaraFileProcessor. This maintains the status of the rule, changes, errors and warnings.
Created the YaraReturn class to maintain the error and warning states, the error and warning messages, the original rule and the edited rule.
This is a major feature and format overhaul:
Major changes from @malvidin's pull request "https://github.com/CybercentreCanada/CCCS-Yara/pull/24" have been merged in. Including much of the stylistic changes: standardizing the use of ' ' vs " ". standardizing on the use of YARA vs yara or Yara in comments, file names, etc. changing the use of tag to metadata to avoid confusion with the existing tag functionality of YARA changing the TagAttributes class to MetadataAttributes for similar reasons to the above strips down the requirements.txt so that it no longer includes the items that will be installed when stix2 is installed renames the cfg folder to stix2_patch several other changes to improve the overall readability
@BitsOfBinary made the suggestion of a yara_version optional metadata entry in pull request "https://github.com/CybercentreCanada/CCCS-Yara/pull/29". We incorporated it as "minimum_yara" using the existing valid_version() function in this branch.
Major changes with the inclusion of the yara_file_processor.py library to support the handling of multi-rule YARA files: Created the YaraFileProcessor class to read, parse, and maintain both the original file provided and individual instances of YaraRule objects for each YARA rule found in the file. This also handles errors for reading and parsing the file as well as errors and warning for each individual rule. Created the YaraRule class to maintain an original string, plyara object, rule name and YaraReturn object for each rule parsed by the YaraFileProcessor. This maintains the status of the rule, changes, errors and warnings. Created the YaraReturn class to maintain the error and warning states, the error and warning messages, the original rule and the edited rule.
Issues resolved: Fixed https://github.com/CybercentreCanada/CCCS-Yara/issues/28 with the change to the regex used to validate info|exploit|technique|tool|malware to be '^[^a-z]$'. Fixed https://github.com/CybercentreCanada/CCCS-Yara/issues/18 by adding the validator_cfg.yml and the option to change which encoding is applied to the file if any.