def test_compilation(self): """Ensure all real YARA rules compile correctly.""" compile_rules.compile_rules('compiled_yara_rules.bin') rules = yara.load('compiled_yara_rules.bin') num_rules_files = sum(1 for _ in compile_rules._find_yara_files()) # The number of compiled YARA rules should be >= the number of YARA rule files. self.assertGreaterEqual(sum(1 for _ in rules), num_rules_files)
def _build_analyzer(target_directory: str) -> None: """Build the YARA analyzer Lambda deployment package.""" print('Creating analyzer deploy package...') pathlib.Path(os.path.join(ANALYZE_SOURCE, 'main.py')).touch() # Create a new copy of the core lambda directory to avoid cluttering the original. temp_package_dir = os.path.join(tempfile.gettempdir(), 'tmp_yara_analyzer.pkg') if os.path.exists(temp_package_dir): shutil.rmtree(temp_package_dir) os.mkdir(temp_package_dir) for py_file in glob.glob(os.path.join(ANALYZE_SOURCE, '*.py')): shutil.copy(py_file, temp_package_dir) # Compile the YARA rules. compile_rules(os.path.join(temp_package_dir, COMPILED_RULES_FILENAME)) # Extract the AWS-native dependencies into the package. with zipfile.ZipFile(ANALYZE_DEPENDENCIES, 'r') as deps: deps.extractall(temp_package_dir) # Make UPX and yextend executable for everyone. for executable in ['pdftotext', 'upx', 'yextend']: path = os.path.join(temp_package_dir, executable) os.chmod(path, os.stat(path).st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH) # Zip up the package and remove temporary directory. shutil.make_archive(os.path.join(target_directory, ANALYZE_ZIPFILE), 'zip', temp_package_dir) shutil.rmtree(temp_package_dir)
def _build_analyzer_callback(temp_package_dir: str) -> None: """Custom routine to execute before zipping up the analyzer package.""" compile_rules( os.path.join(temp_package_dir, 'lambda_functions', 'analyzer', COMPILED_RULES_FILENAME)) # Make UPX and yextend executable for everyone. for executable in ['pdftotext', 'upx', 'yextend']: path = os.path.join(temp_package_dir, executable) os.chmod( path, os.stat(path).st_mode | stat.S_IXUSR | stat.S_IXGRP | stat.S_IXOTH)
def _build_analyzer(): """Build the YARA analyzer Lambda deployment package.""" # Create a new copy of the core lambda directory to avoid cluttering the original. temp_package_dir = os.path.join(tempfile.gettempdir(), 'tmp_yara_analyzer.pkg') if os.path.exists(temp_package_dir): shutil.rmtree(temp_package_dir) os.mkdir(temp_package_dir) for py_file in glob.glob(os.path.join(ANALYZE_LAMBDA_SOURCE, '*.py')): shutil.copy(py_file, temp_package_dir) # Clone the YARA-rules repo and compile the YARA rules. compile_rules(os.path.join(temp_package_dir, COMPILED_RULES_FILENAME)) # Extract the AWS-native Python deps into the package. print('Creating analyzer deploy package...') with zipfile.ZipFile(ANALYZE_LAMBDA_DEPENDENCIES, 'r') as deps: deps.extractall(temp_package_dir) # Zip up the package and remove temporary directory. shutil.make_archive(ANALYZE_LAMBDA_PACKAGE, 'zip', temp_package_dir) shutil.rmtree(temp_package_dir)
def compile_rules() -> None: """Compile all of the YARA rules into a single binary file.""" compile_rules.compile_rules(COMPILED_RULES_FILENAME) print('Compiled rules saved to {}'.format(COMPILED_RULES_FILENAME))
def init(): global analyzer compile_rules.compile_rules(COMPILED_RULES_FILENAME) analyzer = yara_analyzer.YaraAnalyzer(COMPILED_RULES_FILENAME) return ("OK", 200)