From 9b1837df2afda95d0e31c9c7044cd0689616423d Mon Sep 17 00:00:00 2001
From: Jason Batchelor <jbatchelor@microsoft.com>
Date: Thu, 18 Jan 2024 15:16:19 +0000
Subject: [PATCH] YARA validation perf improvement candiate

---
 yara_validator/validator.py | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/yara_validator/validator.py b/yara_validator/validator.py
index 8420428..e6baa90 100644
--- a/yara_validator/validator.py
+++ b/yara_validator/validator.py
@@ -139,12 +139,21 @@ def run_yara_validator(yara_file, generate_values=True, check_import_modules=Tru
             .format(str(validator_configuration.get(STRING_ENCODING).get(VALUE)))
         yara_file_processor.update_file_error(True, str(yara_file_processor.original_rule_file.name), file_response)
         return yara_file_processor
+    
+    with open(CONFIG_VALUES_YAML_PATH, 'r', encoding='utf8') as yaml_file:
+        scheme = yaml.safe_load(yaml_file)
+
+    with open(CONFIG_YAML_PATH, 'r', encoding='utf8') as config_file:
+        yara_config = yaml.safe_load(config_file)
+
+    validator = YaraValidator(MITRE_STIX_DATA_PATH, CONFIG_YAML_PATH, CONFIG_VALUES_YAML_PATH, yara_config, scheme)
 
     for rule in yara_file_processor.yara_rules:
         try:
-            validator = YaraValidator(MITRE_STIX_DATA_PATH, config_path or CONFIG_YAML_PATH,
-                                      config_values_path or CONFIG_VALUES_YAML_PATH)
             rule.add_rule_return(validator.validation(rule.rule_plyara, rule.rule_string, generate_values))
+            # reset the counter here since we are evaluating 'per rule' 
+            for key, value in validator.required_fields.items():
+                validator.required_fields_index[value.position].count = 0
         except Exception as e:
             raise Exception(
                 f"{rule.rule_plyara.get('rule_name', None)} produced the following exception: {str(e)}. Halting validation..")
@@ -377,18 +386,15 @@ class YaraValidator:
     Class for YaraValidator that does most of the work for validating YARA rules to the defined YARA Metadata Standard.
     """
 
-    def __init__(self, stix_data_path, validator_yaml, validator_yaml_values):
+    def __init__(self, stix_data_path, validator_yaml, validator_yaml_values, yara_config, scheme):
         # initialize the file system source for the MITRE ATT&CK data
         self.STIX_DATA_PATH = stix_data_path
         self.fs = FileSystemSource(self.STIX_DATA_PATH)
 
         self.validator_yaml_values = validator_yaml_values
-        with open(validator_yaml_values, 'r', encoding='utf8') as yaml_file:
-            self.scheme = yaml.safe_load(yaml_file)
-
+        self.scheme = scheme
         self.validator_yaml = validator_yaml
-        with open(validator_yaml, 'r', encoding='utf8') as config_file:
-            self.yara_config = yaml.safe_load(config_file)
+        self.yara_config = yara_config
 
         self.validators = Validators()
         self.required_fields = {}
@@ -904,3 +910,4 @@ def import_yara_cfg(self):
         # check if any metadata in child-parent relationship are missing
         self.validate_child_parent_metadata(self.yara_config, metadata_in_child_parent_relationship)
         self.metadata_keys_regex = self.metadata_keys_regex[:-1]
+