#!/usr/bin/env python import json import logging import time import yara # type: ignore from functools import lru_cache import random from yara import SyntaxError import config from lib.ursadb import UrsaDb from lib.yaraparse import parse_yara, combine_rules from util import make_redis, setup_logging from typing import Any, Dict, List, Optional, Tuple redis = make_redis() db = UrsaDb(config.BACKEND) @lru_cache(maxsize=32) def compile_yara(job_hash: str) -> Any: yara_rule = redis.hget("job:" + job_hash, "raw_yara") logging.info("Compiling Yara") try: rule = yara.compile(source=yara_rule) except SyntaxError as e: logging.exception("Yara parse error") raise e return rule
import os import re from flask import Flask, render_template, send_from_directory, request, redirect, url_for, Response, jsonify, send_file from itsdangerous import BadSignature from werkzeug.exceptions import Forbidden from zmq import Again from lib.ursadb import UrsaDb from lib.yaraparse import YaraParser import plyara.interp as interp from util import make_redis, make_serializer import config redis = make_redis() app = Flask(__name__) s = make_serializer() db = UrsaDb(config.BACKEND) def get_saved_rules(): named_queries = redis.keys('named_query:*') saved_rules = [] for query in named_queries: qid = query.split(':')[1] name = redis.get(query) saved_rules.append({'id': qid, 'name': name}) return sorted(saved_rules, key=lambda x: x['name'])