def test_clear(self): # instantiate parser parser = Plyara() # open a ruleset with one or more rules with data_dir.joinpath('test_ruleset_2_rules.yar').open('r') as fh: inputRules = fh.read() # parse the rules parser.parse_string(inputRules) # clear the parser's state parser.clear() # has lineno been reset self.assertEqual(parser.lexer.lineno, 1) # open a ruleset with one rule with data_dir.joinpath('test_ruleset_1_rule.yar').open('r') as fh: inputRules = fh.read() # parse the rules result = parser.parse_string(inputRules) # does the result contain just the rule from the second parse self.assertEqual(len(result), 1) self.assertEqual(result[0]['rule_name'], 'rule_one')
def issue_99(self): rules = list() plyara = Plyara() for file in data_dir.glob('issue99*.yar'): with open(file, 'r') as fh: yararules = plyara.parse_string(fh.read()) self.assertEqual(len(yararules), 1) rules += yararules plyara.clear() self.assertEqual(len(rules), 2)
def main(): parser = Plyara() ds = tcex.datastore('organization', DATASTORE_HOME) updates_table = id_lookup_table = {} # ds.add(rid=DATASTORE_UPDATES_TABLE, data=updates_table) # uncomment to wipe ds # ds.add(rid=DATASTORE_ID_LOOKUP_TABLE, data=id_lookup_table) # return try: updates_table = ds.get(rid=DATASTORE_UPDATES_TABLE)['_source'] except RuntimeError: ds.add(rid=DATASTORE_UPDATES_TABLE, data=updates_table) try: id_lookup_table = ds.get(rid=DATASTORE_ID_LOOKUP_TABLE)['_source'] except RuntimeError: ds.add(rid=DATASTORE_ID_LOOKUP_TABLE, data=id_lookup_table) try: mappings = ds.get(rid=DATASTORE_MAPPINGS)['_source'] if isinstance(mappings, str): mappings = json.loads(mappings) if 'data' in mappings: mappings = mappings['data'] if isinstance( mappings['data'], dict) else json.loads( mappings['data'] ) # probably not necessary but just to be safe except RuntimeError as e: print(e.args[1]) # tcex log return r = get_rulesets(limit=40) data = next(r) while data: for ruleset in data: modification_date = ruleset['attributes']['modification_date'] ruleset_name = ruleset['attributes']['name'] ruleset_id = ruleset['id'] last_update = updates_table.get(ruleset_id) # last_update = False # uncomment when testing if not last_update or modification_date > last_update: raw_rules = ruleset['attributes']['rules'] rules = parser.parse_string(raw_rules) create_rules_in_tc(rules, raw_rules.split('\n'), ruleset_name, id_lookup_table, mappings) print('{} Ruleset Processed'.format(ruleset_name)) updates_table[str(ruleset_id)] = modification_date parser.clear() data = next(r) ds.add(rid=DATASTORE_UPDATES_TABLE, data=updates_table) ds.add(rid=DATASTORE_ID_LOOKUP_TABLE, data=id_lookup_table)