def yara(self, signature, pids=None, regex=None): """Scans processes using provided YARA rule. Args: signature: YARA rule to run. pids: List of pids of processes to scan. regex: A regex to match against the process name. Returns: A list of YARA matches. """ if pids is None: pids = [] args = flows_pb2.YaraProcessScanRequest() args.yara_signature = signature args.ignore_grr_process = False if regex is not None: args.process_regex = regex args.pids.extend(pids) try: yara = self._client.CreateFlow(name='YaraProcessScan', args=args) except api_errors.AccessForbiddenError as e: raise errors.ApprovalMissingError(self.id, e) _timeout.await_flow(yara) return [_.payload for _ in yara.ListResults()]
def yara( self, signature: Text, pids: Optional[Sequence[int]] = None, regex: Optional[Text] = None, ) -> Sequence[flows_pb2.YaraProcessScanMatch]: """Scans processes using provided YARA rule. Args: signature: YARA rule to run. pids: List of pids of processes to scan. regex: A regex to match against the process name. Returns: A list of YARA matches. """ if pids is None: pids = [] args = flows_pb2.YaraProcessScanRequest() args.yara_signature = signature args.ignore_grr_process = False if regex is not None: args.process_regex = regex args.pids.extend(pids) try: yara = self._client.CreateFlow(name='YaraProcessScan', args=args) except api_errors.AccessForbiddenError as e: raise errors.ApprovalMissingError(self.id, e) _timeout.await_flow(yara) def yara_result( result: message.Message) -> flows_pb2.YaraProcessScanMatch: if not isinstance(result, flows_pb2.YaraProcessScanMatch): raise TypeError( f'Unexpected flow result type: {type(result)!r}') return result return [yara_result(result.payload) for result in yara.ListResults()]