Skip to content

Commit

Permalink
Merge pull request #34 from CybercentreCanada/feature_change_cli_chan…
Browse files Browse the repository at this point in the history 
…ge_to_no_flag_functionality

First Pass of changes
  • Loading branch information
@CCCS-MA
CCCS-MA authored Jul 21, 2020
2 parents 044412d + e2d12ad commit c9759cd
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 65 deletions.
94 changes: 42 additions & 52 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,39 +79,34 @@ yara_validator_cli.py -h
| |__| |__| |___ ___) | | |/ ___ \| _ < / ___ \
\____\____\____|____/ |_/_/ \_\_| \_\/_/ \_\
usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s] [-g]
usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s]
[-i | -c]
paths [paths ...]
CCCS YARA script to run the CCCS YARA validator, if the -i or -c flags are not
provided no changes will be made to the files. The default behavior without
either of the -i or -c flags is to return the validity of the file or files if
the -i or -c flag had been used. Use the -g flag to check the current validity
of the file or files.
CCCS YARA script to run the CCCS YARA validator, use the -i or -c flags to
generate the id, fingerprint, version, first_imported, or last_modified (if
not already present) and add them to the file.
positional arguments:
paths A list of files or folders to be analyzed.
paths A list of files or folders to be analyzed.
optional arguments:
-h, --help show this help message and exit
-r, --recursive Recursively search folders provided.
-n, --no-changes Makes no changes and outputs potential results to the
output.
-v, --verbose Verbose mode, will print why a rule was invalid.
-vv, --very-verbose Very-verbose mode, will printout what rule is about to
be processed, the invalid rules, the reasons they are
invalid and all contents of the rule.
-f, --fail Fail mode, only prints messages about invalid rules.
-w, --warnings This mode will ignore warnings and proceed with other
behaviors if the rule is valid.
-s, --standard This prints the YARA standard to the screen.
-g, --generate-values
Generate-values, this is true by default use this flag
to prevent values from being generated.
-i, --in-place Modifies valid files in place, mutually exclusive with
-c.
-c, --create-files Writes a new file for each valid file, mutually
exclusive with -i.
-h, --help show this help message and exit
-r, --recursive Recursively search folders provided.
-n, --no-changes Makes no changes and outputs potential results to the
output.
-v, --verbose Verbose mode, will print why a rule was invalid.
-vv, --very-verbose Very-verbose mode, will printout what rule is about to
be processed, the invalid rules, the reasons they are
invalid and all contents of the rule.
-f, --fail Fail mode, only prints messages about invalid rules.
-w, --warnings This mode will ignore warnings and proceed with other
behaviors if the rule is valid.
-s, --standard This prints the YARA standard to the screen.
-i, --in-place Modifies valid files in place, mutually exclusive with
-c.
-c, --create-files Writes a new file for each valid file, mutually
exclusive with -i.
```


Expand Down Expand Up @@ -197,38 +192,33 @@ yara_validator_cli.py -h
| |__| |__| |___ ___) | | |/ ___ \| _ < / ___ \
\____\____\____|____/ |_/_/ \_\_| \_\/_/ \_\
usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s] [-g]
usage: yara_validator_cli.py [-h] [-r] [-n] [-v] [-vv] [-f] [-w] [-s]
[-i | -c]
paths [paths ...]
CCCS YARA script to run the CCCS YARA validator, if the -i or -c flags are not
provided no changes will be made to the files. The default behavior without
either of the -i or -c flags is to return the validity of the file or files if
the -i or -c flag had been used. Use the -g flag to check the current validity
of the file or files.
CCCS YARA script to run the CCCS YARA validator, use the -i or -c flags to
generate the id, fingerprint, version, first_imported, or last_modified (if
not already present) and add them to the file.
positional arguments:
paths A list of files or folders to be analyzed.
paths A list of files or folders to be analyzed.
optional arguments:
-h, --help show this help message and exit
-r, --recursive Recursively search folders provided.
-n, --no-changes Makes no changes and outputs potential results to the
output.
-v, --verbose Verbose mode, will print why a rule was invalid.
-vv, --very-verbose Very-verbose mode, will printout what rule is about to
be processed, the invalid rules, the reasons they are
invalid and all contents of the rule.
-f, --fail Fail mode, only prints messages about invalid rules.
-w, --warnings This mode will ignore warnings and proceed with other
behaviors if the rule is valid.
-s, --standard This prints the YARA standard to the screen.
-g, --generate-values
Generate-values, this is true by default use this flag
to prevent values from being generated.
-i, --in-place Modifies valid files in place, mutually exclusive with
-c.
-c, --create-files Writes a new file for each valid file, mutually
exclusive with -i.
-h, --help show this help message and exit
-r, --recursive Recursively search folders provided.
-n, --no-changes Makes no changes and outputs potential results to the
output.
-v, --verbose Verbose mode, will print why a rule was invalid.
-vv, --very-verbose Very-verbose mode, will printout what rule is about to
be processed, the invalid rules, the reasons they are
invalid and all contents of the rule.
-f, --fail Fail mode, only prints messages about invalid rules.
-w, --warnings This mode will ignore warnings and proceed with other
behaviors if the rule is valid.
-s, --standard This prints the YARA standard to the screen.
-i, --in-place Modifies valid files in place, mutually exclusive with
-c.
-c, --create-files Writes a new file for each valid file, mutually
exclusive with -i.
```

3 changes: 2 additions & 1 deletion yara-validator/yara_validator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -509,7 +509,8 @@ def validation(self, rule_to_validate, rule_to_validate_string, generate_values=
if value.optional == MetadataOpt.REQ_PROVIDED:
valid.update_validity(False, key, 'Missing required metadata')
elif value.optional == MetadataOpt.REQ_OPTIONAL:
valid.update_validity(False, key, 'Missing metadata that could have been generated')
valid.update_validity(False, key, '⚙️ Missing metadata that could have been generated with the -i'
' or -c flag for the cli')
else:
if self.required_fields_index[value.position].count > value.max_count and value.max_count != -1:
valid.update_validity(False, key, 'Too many instances of metadata value.')
Expand Down
24 changes: 12 additions & 12 deletions yara_validator_cli.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,9 @@
# Defining the parser and arguments to parse so it be used both when called by the command line and with the git_ci
# function.
parser = argparse.ArgumentParser(description='CCCS YARA script to run the CCCS YARA validator, '
'if the -i or -c flags are not provided no changes '
'will be made to the files. '
'The default behavior without either of the -i or -c flags is to return '
'the validity of the file or files if the -i or -c flag had been used. '
'Use the -g flag to check the current validity of the file or files.')
'use the -i or -c flags to generate the id, fingerprint, version, '
'first_imported, or last_modified (if not already present) and add them '
'to the file.')
parser.add_argument('paths', nargs='+', type=str, default=[],
help='A list of files or folders to be analyzed.')
parser.add_argument('-r', '--recursive', action='store_true', default=False, dest='recursive',
Expand All @@ -46,9 +44,6 @@
help='This mode will ignore warnings and proceed with other behaviors if the rule is valid.')
parser.add_argument('-s', '--standard', action='store_true', default=False, dest='standard',
help='This prints the YARA standard to the screen.')
parser.add_argument('-g', '--generate-values', action='store_false', default=True, dest='generatevalues',
help='Generate-values, this is true by default use this flag to prevent values from being'
' generated.')

parser_group = parser.add_mutually_exclusive_group()
parser_group.add_argument('-i', '--in-place', action='store_true', default=False, dest='inplace',
Expand Down Expand Up @@ -182,17 +177,22 @@ def __call_validator(options):
y_file=yara_rule_path,
))

yara_file_processor = run_yara_validator(yara_rule_path, options.generatevalues)
what_will_be_done = 'make no changes'
yara_file_output = None

# handle if we want to overwrite or create new files
if options.createfile:
generate_values = True
yara_file_output = get_yara_file_new_path(yara_rule_path)
what_will_be_done = 'create a new file with the {} preface.'.format(YARA_VALID_PREFIX)
elif options.inplace:
generate_values = True
yara_file_output = yara_rule_path
what_will_be_done = 'modify the file in place.'
else:
generate_values = False
what_will_be_done = 'make no changes'
yara_file_output = None

yara_file_processor = run_yara_validator(yara_rule_path, generate_values)


# Prints the output of the validator.
file_message = '{message:39}{y_file}'
Expand Down

0 comments on commit c9759cd

Please sign in to comment.