本文整理汇总了Python中yara.SyntaxError方法的典型用法代码示例。如果您正苦于以下问题:Python yara.SyntaxError方法的具体用法?Python yara.SyntaxError怎么用?Python yara.SyntaxError使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类yara的用法示例。
在下文中一共展示了yara.SyntaxError方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: dotnet_resource_names
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def dotnet_resource_names(self):
"""
Read .NET Resources and return a list of resource names
:return: list
"""
try:
rules = yara.compile(source='import "dotnet" rule a { condition: false }')
except yara.SyntaxError:
print("Error using Yara DotNet did you enable it?")
resource_list = []
def modules_callback(data):
for i, resource in enumerate(data.get('resources', [])):
resource_list.append(resource['name'])
return yara.CALLBACK_CONTINUE
rules.match(data=self.file_data, modules_callback=modules_callback)
return resource_list 示例2: dotnet_resource_by_name
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def dotnet_resource_by_name(self, resource_name):
"""
Extract a .NET Resource by name
:param resource_name:
:return:
"""
try:
rules = yara.compile(source='import "dotnet" rule a { condition: false }')
except yara.SyntaxError:
print("Error using Yara DotNet did you enable it?")
def modules_callback(data):
for i, resource in enumerate(data.get('resources', [])):
if resource['name'] == resource_name:
offset = resource['offset']
length = resource['length']
self.res_data = self.file_data[offset:offset + length]
return yara.CALLBACK_CONTINUE
rules.match(data=self.file_data, modules_callback=modules_callback)
return self.res_data 示例3: dotnet_guids
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def dotnet_guids(self):
"""
Exrtract GUIDS from a .NET Binary
:return: list of guids
"""
try:
rules = yara.compile(source='import "dotnet" rule a { condition: false }')
except yara.SyntaxError:
print("Error using Yara DotNet did you enable it?")
guid_list = []
def modules_callback(data):
for i, guid in enumerate(data.get('guids', [])):
guid_list.append(guid.decode('utf-8'))
# Type lib is also valid as a GUID for nanocore so lets add that.
guid_list.append(data.get('typelib').decode('utf-8'))
return yara.CALLBACK_CONTINUE
rules.match(data=self.file_data, modules_callback=modules_callback)
return guid_list 示例4: elf_section_by_name
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def elf_section_by_name(self, resource_name):
"""
Extract an elf section by name
:param resource_name:
:return:
"""
try:
rules = yara.compile(source='import "elf" rule a { condition: false }')
except yara.SyntaxError:
print("Error using Yara ELF did you enable it?")
def modules_callback(data):
for i, section in enumerate(data.get('sections', [])):
if section['name'].decode('utf-8') == resource_name:
offset = section['offset']
length = section['size']
self.res_data = self.file_data[offset:offset + length]
return yara.CALLBACK_CONTINUE
rules.match(data=self.file_data, modules_callback=modules_callback)
return self.res_data 示例5: get_binary_search_result
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def get_binary_search_result(self, task: Tuple[bytes, Optional[str]]):
'''
:param task: tuple containing the yara_rules (byte string with the contents of the yara rule file) and optionally a firmware uid if only the contents
of a single firmware are to be scanned
:return: dict of matching rules with lists of (unique) matched UIDs as values
'''
with NamedTemporaryFile() as temp_rule_file:
yara_rules, firmware_uid = task
try:
self._prepare_temp_rule_file(temp_rule_file, yara_rules)
raw_result = self._get_raw_result(firmware_uid, temp_rule_file)
results = self._parse_raw_result(raw_result)
self._eliminate_duplicates(results)
return results
except yara.SyntaxError as yara_error:
return 'There seems to be an error in the rule file:\n{}'.format(yara_error)
except CalledProcessError as process_error:
return 'Error when calling YARA:\n{}'.format(process_error.output.decode()) 示例6: pe_resource_id
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def pe_resource_id(self, res_id):
"""
Read resource by its ID. Useful where normal pe file fails.
:return: list
"""
try:
rules = yara.compile(source='import "pe" rule a { condition: false }')
except yara.SyntaxError:
print("Error using Yara DotNet did you enable it?")
resource_list = []
def modules_callback(data):
for i, resource in enumerate(data.get('resources', [])):
if 'id' in resource:
if resource['id'] == res_id:
offset = resource['offset']
length = resource['length']
self.res_data = self.file_data[offset:offset + length]
elif 'name_string' in resource:
# Remove null bytes for a better comparison
res_name = resource['name_string'].decode('UTF-8').replace('\x00', '')
# Check both unicode and plain str versions of name
if res_name == res_id or resource['name_string'] == res_id:
offset = resource['offset']
length = resource['length']
self.res_data = self.file_data[offset:offset + length]
return yara.CALLBACK_CONTINUE
rules.match(data=self.file_data, modules_callback=modules_callback)
return self.res_data 示例7: dotnet_user_strings
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def dotnet_user_strings(self):
"""
Parse a list of User Strings from a .NET Binary file
:return: list of strings
"""
try:
rules = yara.compile(source='import "dotnet" rule a { condition: false }')
except yara.SyntaxError:
print("Error using Yara DotNet did you enable it?")
user_strings = []
def modules_callback(data):
for i, userstring in enumerate(data.get('user_strings', [])):
# Remove null bytes
userstring = userstring.replace(b'\x00', b'')
# Add string to list
try:
user_strings.append(userstring.decode('utf-8'))
except UnicodeDecodeError:
pass
return yara.CALLBACK_CONTINUE
rules.match(data=self.file_data, modules_callback=modules_callback)
return user_strings 示例8: __init__
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def __init__(self):
# Create the list of rules
try:
yara_path = os.path.join(os.path.dirname(__file__), 'yaraRules')
self.yara_rules = os.listdir(yara_path)
self.rule_file = os.path.join(yara_path, 'yaraRules.yar')
self.compiled_rules = yara.compile(self.rule_file)
self.rule_list = []
except yara.SyntaxError as e:
print("Unable to compile rules. Do you have dotnet enabled")
# Yara Scanner Returns the Rule Name 示例9: _compile_rules
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def _compile_rules(self):
"""Compile the YARA rules from command-line parameters.
@returns: a YARA object on which you can call 'match'
This function causes the plugin to exit if the YARA
rules have syntax errors or are not supplied correctly.
"""
rules = None
try:
if self._config.YARA_RULES:
s = self._config.YARA_RULES
# Don't wrap hex or regex rules in quotes
if s[0] not in ("{", "/"): s = '"' + s + '"'
# Option for case insensitive searches
if self._config.CASE: s += " nocase"
# Scan for unicode and ascii strings
if self._config.WIDE: s += " wide ascii"
rules = yara.compile(sources = {
'n' : 'rule r1 {strings: $a = ' + s + ' condition: $a}'
})
elif self._config.YARA_FILE and os.path.isfile(self._config.YARA_FILE):
rules = yara.compile(self._config.YARA_FILE)
else:
debug.error("You must specify a string (-Y) or a rules file (-y)")
except yara.SyntaxError, why:
debug.error("Cannot compile rules: {0}".format(str(why))) 示例10: clean
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def clean(self):
try:
yara.compile(source=self.pattern)
except (yara.SyntaxError, yara.Error) as e:
raise IndicatorValidationError(
"Yara compilation error: {}".format(e)) 示例11: check
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def check(self, file):
"""
Checks a given file against all available yara rules
:param file: Path to file
:type file:str
:returns: Python list with matched rules info
:rtype: list
"""
result = []
all_matches = []
for filerules in os.listdir(self.rulepaths):
try:
rule = yara.compile(os.path.join(self.rulepaths, filerules))
except yara.SyntaxError:
continue
matches = rule.match(file)
if len(matches) > 0:
for rulem in matches:
rule_family = "_".join([x for x in rulem.rule.replace("_", ".", 1).split("_")[:-1]])
if rule_family not in all_matches:
all_matches.append(rule_family)
for rule_family in all_matches:
rules_info_txt = requests.get('{}/family/{}'.format(self.baseurl, rule_family),
auth=HTTPBasicAuth(self.user, self.pwd))
rules_info_json = json.loads(rules_info_txt.text)
result.append({
'family': rule_family,
'common_name': rules_info_json['common_name'],
'description': rules_info_json['description'],
'attribution': rules_info_json['attribution'],
'alt_names': rules_info_json['alt_names'],
'urls': rules_info_json['urls']
})
return result 示例12: test_scan_invalid_rules
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def test_scan_invalid_rules(self) -> None:
s = Stoq(
plugin_dir_list=[self.plugin_dir],
plugin_opts={
self.plugin_name: {'worker_rules': f'{self.data_dir}/invalid_rules.yar'}
},
)
with self.assertRaises(yara.SyntaxError):
s.load_plugin(self.plugin_name) 示例13: _compile_rules
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def _compile_rules(self):
"""Compile the YARA rules from command-line parameters.
@returns: a YARA object on which you can call 'match'
This function causes the plugin to exit if the YARA
rules have syntax errors or are not supplied correctly.
"""
rules = None
try:
if self._config.YARA_RULES:
s = self._config.YARA_RULES
# Don't wrap hex or regex rules in quotes
if s[0] not in ("{", "/"): s = '"' + s + '"'
# Option for case insensitive searches
if self._config.CASE: s += " nocase"
# Scan for unicode and ascii strings
if self._config.WIDE: s += " wide ascii"
rules = yara.compile(sources = {
'n' : 'rule r1 {strings: $a = ' + s + ' condition: $a}'
})
elif self._config.YARA_FILE:
rules = yara.compile(self._config.YARA_FILE)
else:
debug.error("You must specify a string (-Y) or a rules file (-y)")
except yara.SyntaxError, why:
debug.error("Cannot compile rules: {0}".format(str(why))) 示例14: _compile_rules
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def _compile_rules(self):
"""Compile the YARA rules from command-line parameters.
@returns: a YARA object on which you can call 'match'
This function causes the plugin to exit if the YARA
rules have syntax errors or are not supplied correctly.
"""
rules = None
try:
if self._config.YARA_RULES:
s = self._config.YARA_RULES
# Don't wrap hex or regex rules in quotes
if s[0] not in ("{", "/"): s = '"' + s + '"'
# Scan for unicode strings
if self._config.WIDE: s += "wide"
rules = yara.compile(sources = {
'n' : 'rule r1 {strings: $a = ' + s + ' condition: $a}'
})
elif self._config.YARA_FILE:
rules = yara.compile(self._config.YARA_FILE)
else:
debug.error("You must specify a string (-Y) or a rules file (-y)")
except yara.SyntaxError, why:
debug.error("Cannot compile rules: {0}".format(str(why))) 示例15: compile
# 需要导入模块: import yara [as 别名]
# 或者: from yara import SyntaxError [as 别名]
def compile(self, rule):
try:
return yara.compile(source = rule)
except yara.SyntaxError as err:
print_console(err)
print_console("===============")
print_console(rule)
print_console("===============")