From b2ffe95571854188dde2c2fe10668ef3eaf354d9 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Fri, 21 Jul 2023 14:01:27 +0000
Subject: [PATCH 1/3] Update settings.json to match current metadata spec

---
 settings.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/settings.json b/settings.json
index c3067a4..813801b 100644
--- a/settings.json
+++ b/settings.json
@@ -1,8 +1,8 @@
 {
     "yara.metaEntries": {
         "version": "1.0",
-        "creation_date": "${CURRENT_YEAR}-${CURRENT_MONTH}-${CURRENT_DATE}",
-        "last_modified": "${CURRENT_YEAR}-${CURRENT_MONTH}-${CURRENT_DATE}",
+        "date": "${CURRENT_YEAR}-${CURRENT_MONTH}-${CURRENT_DATE}",
+        "modified": "${CURRENT_YEAR}-${CURRENT_MONTH}-${CURRENT_DATE}",
         "status": "TESTING|RELEASED|DEPRECATED",
         "sharing": "TLP:AMBER",
         "source": "CCCS",
@@ -16,7 +16,7 @@
         "report": "TA20-0192",
         "reference": "https://cccs/report.html",
         "hash": "d9fcd5af3564d87dc22f1e72763a7959",
-        "yara_version": "4.2"
+        "minimum_yara": "4.2"
     },
     "yara.sortMeta": false
 }

From f81080f8cfb2629d081588bdbbe82174a831e1fa Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Fri, 21 Jul 2023 14:01:52 +0000
Subject: [PATCH 2/3] Add more date formats for parsing

---
 yara_validator/validator_functions.py | 32 +++++++++++++++++----------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/yara_validator/validator_functions.py b/yara_validator/validator_functions.py
index 4b75bac..279a108 100644
--- a/yara_validator/validator_functions.py
+++ b/yara_validator/validator_functions.py
@@ -19,18 +19,26 @@
 UNIVERSAL_REGEX = r'^[^a-z]*$'
 MITRE_GROUP_NAME = 'name'
 CHILD_PLACE_HOLDER = 'child_place_holder'
-DATE_FORMATS = ["%Y-%m", "%Y.%m", "%Y/%m",
-                "%m/%d/%Y", "%m/%d/%y", "%d/%m/%Y", "%d/%m/%y",
-                "%d-%m-%Y", "%m-%d-%Y", "%m-%d-%y", "%Y-%m-%d",
-                "%d.%m.%Y", "%m.%d.%Y", "%m.%d.%y", "%Y.%m.%d",
-                "%f/%e/%Y", "%f/%e/%y", "%e/%f/%Y", "%e/%f/%y",
-                "%f-%e-%Y", "%f-%e-%y", "%e-%f-%Y", "%e-%f-%y",
-                "%f.%e.%Y", "%f.%e.%y", "%e.%f.%Y", "%e.%f.%y",
-                "%b %e, %Y", "%B %e, %Y",
-                "%b %d, %Y", "%B %d, %Y",
-                "%b %e %Y", "%B %e %Y", "%e %b %Y", "%e %B %Y",
-                "%b %d %Y", "%B %d %Y", "%d %b %Y", "%d %B %Y",
-                "%Y-%m-%d %I:%M:%S %p", "%Y-%m-%d %I:%M:%S %p"]
+DATE_FORMATS = [
+    "%Y-%m", "%Y.%m", "%Y/%m",
+    "%m/%d/%Y", "%d/%m/%Y",
+    "%m/%d/%y", "%d/%m/%y",
+    "%Y/%d/%m", "%y/%d/%m",
+    "%Y/%m/%d", "%y/%m/%d",
+    "%Y.%d.%m", "%y.%d.%m",
+    "%Y.%m.%d", "%y.%m.%d",
+    "%d-%m-%Y", "%m-%d-%Y", "%m-%d-%y", "%Y-%m-%d",
+    "%d.%m.%Y", "%m.%d.%Y", "%m.%d.%y", "%Y.%m.%d",
+    "%f/%e/%Y", "%f/%e/%y", "%e/%f/%Y", "%e/%f/%y",
+    "%f-%e-%Y", "%f-%e-%y", "%e-%f-%Y", "%e-%f-%y",
+    "%f.%e.%Y", "%f.%e.%y", "%e.%f.%Y", "%e.%f.%y",
+    "%b %e, %Y", "%B %e, %Y",
+    "%b %d, %Y", "%B %d, %Y",
+    "%b %e %Y", "%B %e %Y", "%e %b %Y", "%e %B %Y",
+    "%b %d %Y", "%B %d %Y", "%d %b %Y", "%d %B %Y",
+    "%Y-%m-%d %I:%M:%S %p", "%Y/%m/%d %I:%M:%S %p"
+    "%Y-%m-%d %H:%M:%S", "%Y/%m/%d %H:%M:%S"
+]
 
 
 # potential values of MetadataAttributes.optional variable

From 95abf7e6725a77ff94668309abda8a3f45adcd03 Mon Sep 17 00:00:00 2001
From: cccs-rs <ryan.samaroo@cyber.gc.ca>
Date: Sat, 22 Jul 2023 04:21:13 +0000
Subject: [PATCH 3/3] Try to automatically handle validation errors where
 possible with `hash`

---
 yara_validator/validator_functions.py | 45 +++------------------------
 1 file changed, 5 insertions(+), 40 deletions(-)

diff --git a/yara_validator/validator_functions.py b/yara_validator/validator_functions.py
index 279a108..d1e7f64 100644
--- a/yara_validator/validator_functions.py
+++ b/yara_validator/validator_functions.py
@@ -177,6 +177,11 @@ def valid_regex(self, rule_to_validate, metadata_index, metadata_key, alias=None
         """
         value = list(rule_to_validate[METADATA][metadata_index].values())[0]
 
+        if METADATA == 'hash':
+            # Strip any whitespace before validation
+            value = str(value).strip()
+            rule_to_validate[METADATA].insert(metadata_index, {METADATA: value})
+
         self.required_fields[metadata_key].attributefound()
         self.required_fields_index[self.required_fields[metadata_key].position].increment_count()
 
@@ -385,46 +390,6 @@ def valid_mitre_att(self, rule_to_validate_mitre_att, metadata_index, metadata_k
 
         return self.required_fields[MITRE_ATT].valid
 
-    def valid_al_config_dumper(self, rule_to_validate_al_config_d, metadata_index, metadata_key, alias=None):
-        """
-        Makes the al_config_parser metadata value required if this is found first.
-        :param rule_to_validate_al_config_d: the plyara parsed rule that is being validated
-        :param metadata_index: used to reference what the array index of the actor metadata value is
-        :param metadata_key: the name of the metadata value that is being processed
-        :return: True all the time because the value is never verified...
-        """
-        AL_CONFIG_D = metadata_key
-        self.required_fields[AL_CONFIG_D].attributefound()
-        self.required_fields_index[self.required_fields[AL_CONFIG_D].position].increment_count()
-
-        # Because there is an al_config_dumper al_config_parser becomes required
-        self.required_fields[AL_CONFIG_D].optional = MetadataOpt.REQ_PROVIDED
-
-        # Because we are not validating the value... So much pain!
-        self.required_fields[AL_CONFIG_D].attributevalid()
-
-        return self.required_fields[AL_CONFIG_D].valid
-
-    def valid_al_config_parser(self, rule_to_validate_al_config_p, metadata_index, metadata_key, alias=None):
-        """
-        Makes the al_config_dumper metadata value required if this is found first.
-        :param rule_to_validate_al_config_p: the plyara parsed rule that is being validated
-        :param metadata_index: used to reference what the array index of the actor metadata value is
-        :param metadata_key: the name of the metadata value that is being processed
-        :return: True all the time because the value is never verified...
-        """
-        AL_CONFIG_P = metadata_key
-        self.required_fields[AL_CONFIG_P].attributefound()
-        self.required_fields_index[self.required_fields[AL_CONFIG_P].position].increment_count()
-
-        # Because there is an al_config_parser al_config_dumper becomes required
-        self.required_fields[AL_CONFIG_P].optional = MetadataOpt.REQ_PROVIDED
-
-        # Because we are not validating the value... So much pain!
-        self.required_fields[AL_CONFIG_P].attributevalid()
-
-        return self.required_fields[AL_CONFIG_P].valid
-
     def valid_category(self, rule_to_validate_category, metadata_index, metadata_key, alias=None):
         """
         Pulls the value of the category metadata value and checks if it is a valid category type.