Left: | ||
Right: |
OLD | NEW |
---|---|
(Empty) | |
1 # -*- coding: utf-8 -*- | |
aaronp
2017/06/23 01:34:48
Reviewed.
Joachim Metz
2017/06/24 16:40:45
Acknowledged.
| |
2 """The YARA rules CLI arguments helper.""" | |
3 | |
4 import yara | |
5 | |
6 from plaso.cli import tools | |
7 from plaso.cli.helpers import interface | |
8 from plaso.cli.helpers import manager | |
9 from plaso.lib import errors | |
10 | |
11 | |
12 class YaraRulesArgumentsHelper(interface.ArgumentsHelper): | |
13 """YARA rules CLI arguments helper.""" | |
14 | |
15 NAME = u'yara_rules' | |
16 DESCRIPTION = u'YARA rules command line arguments.' | |
17 | |
18 @classmethod | |
19 def AddArguments(cls, argument_group): | |
20 """Adds command line arguments to an argument group. | |
21 | |
22 This function takes an argument parser or an argument group object and adds | |
23 to it all the command line arguments this helper supports. | |
24 | |
25 Args: | |
26 argument_group (argparse._ArgumentGroup|argparse.ArgumentParser): | |
27 argparse group. | |
28 """ | |
29 argument_group.add_argument( | |
30 u'--yara_rules', u'--yara-rules', dest=u'yara_rules_path', | |
31 type=str, metavar=u'PATH', action=u'store', help=( | |
32 u'Path to a file containing Yara rules definitions.')) | |
33 | |
34 @classmethod | |
35 def ParseOptions(cls, options, configuration_object): | |
36 """Parses and validates options. | |
37 | |
38 Args: | |
39 options (argparse.Namespace): parser options. | |
40 configuration_object (CLITool): object to be configured by the argument | |
41 helper. | |
42 | |
43 Raises: | |
44 BadConfigObject: when the configuration object is of the wrong type. | |
45 """ | |
46 if not isinstance(configuration_object, tools.CLITool): | |
47 raise errors.BadConfigObject( | |
48 u'Configuration object is not an instance of CLITool') | |
49 | |
50 yara_rules_string = None | |
51 | |
52 path = getattr(options, u'yara_rules_path', None) | |
53 if path: | |
54 try: | |
55 with open(path, 'rb') as rules_file: | |
56 yara_rules_string = rules_file.read() | |
57 | |
58 except IOError as exception: | |
59 raise errors.BadConfigObject( | |
60 u'Unable to read Yara rules file: {0:s} with error: {1!s}'.format( | |
aaronp
2017/06/23 01:34:48
Cool, I didn't know you could do type conversion i
Joachim Metz
2017/06/24 16:40:45
Acknowledged.
Joachim Metz
2017/06/24 16:42:40
technically it is not 100% type conversion
https:
| |
61 path, exception)) | |
62 | |
63 try: | |
64 # We try to parse the rules here, to check that the definitions are | |
65 # valid. We then pass the string definitions along to the workers, so | |
66 # that they don't need read access to the rules file. | |
67 yara.compile(source=yara_rules_string) | |
68 | |
69 except yara.Error as exception: | |
70 raise errors.BadConfigObject( | |
71 u'Unable to parse Yara rules in: {0:s} with error: {1!s}'.format( | |
72 path, exception)) | |
73 | |
74 setattr(configuration_object, u'_yara_rules_string', yara_rules_string) | |
75 | |
76 | |
77 manager.ArgumentHelperManager.RegisterHelper(YaraRulesArgumentsHelper) | |
OLD | NEW |